Mordechai M. "Moti" Yung is a
cryptographer
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
and
computer scientist
A computer scientist is a person who is trained in the academic study of computer science.
Computer scientists typically work on the theoretical side of computation, as opposed to the hardware side on which computer engineers mainly focus (a ...
known for his work on
cryptovirology
Cryptovirology refers to the use of cryptography to devise particularly powerful malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, ...
and
kleptography
Kleptography is the study of stealing information securely and subliminally. The term was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology—Crypto '96.A. Young, M. Yung, "The Dark Side of Black-Box Cryptography ...
.
Career
Yung earned his PhD from
Columbia University
Columbia University (also known as Columbia, and officially as Columbia University in the City of New York) is a private research university in New York City. Established in 1754 as King's College on the grounds of Trinity Church in Manhatt ...
in 1988 under the supervision of
Zvi Galil.
In the past, he worked at the
IBM Thomas J. Watson Research Center
The Thomas J. Watson Research Center is the headquarters for IBM Research. The center comprises three sites, with its main laboratory in Yorktown Heights, New York, U.S., 38 miles (61 km) north of New York City, Albany, New York and wit ...
,
,
RSA Laboratories, and
Google
Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
. In 2016, Yung moved from Google to
Snap Inc. Yung is currently a research scientist at Google.
Yung is an adjunct senior research faculty member at Columbia University,
and has co-advised PhD students including
Gödel Prize
The Gödel Prize is an annual prize for outstanding papers in the area of theoretical computer science, given jointly by the European Association for Theoretical Computer Science (EATCS) and the Association for Computing Machinery Special Interes ...
winner
Matthew K. Franklin
Matthew Keith "Matt" Franklin is an American cryptographer, and a professor of computer science at the University of California, Davis.
Education and employment
Franklin did his undergraduate studies at Pomona College, graduating in 1983 with a ...
,
Jonathan Katz
Jonathan Paul Katz (born December 1, 1946) is an American actor and comedian best known for his starring role in the animated sitcom '' Dr. Katz, Professional Therapist'' as Dr. Katz. He also is known for voicing Erik Robbins in the UPN/Adult S ...
, and
Aggelos Kiayias
Aggelos Kiayias ( el, Άγγελος Κιαγιάς) FRSE is a Greek cryptographer and computer scientist, currently a professor at the University of Edinburgh and the Chief Science Officer at Input Output Global, the company behind Cardano.
...
.
Research
Yung research covers primarily the area of
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adv ...
and its applications to
information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of Risk management information systems, information risk management. It typically involves preventing or re ...
and
data privacy
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
. He has worked on defining and implementing malicious (offensive) cryptography:
cryptovirology
Cryptovirology refers to the use of cryptography to devise particularly powerful malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, ...
and
kleptography
Kleptography is the study of stealing information securely and subliminally. The term was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology—Crypto '96.A. Young, M. Yung, "The Dark Side of Black-Box Cryptography ...
,
and on various other foundational and applied fields of cryptographic research, including: user and entity
electronic authentication,
information-theoretic security
A cryptosystem is considered to have information-theoretic security (also called unconditional security) if the system is secure against adversaries with unlimited computing resources and time. In contrast, a system which depends on the computatio ...
,
secure multi-party computation,
threshold cryptosystem A threshold cryptosystem, the basis for the field of threshold cryptography, is a cryptosystem that protects information by encrypting it and distributing it among a cluster of fault-tolerant computers. The message is encrypted using a public key, ...
s,
and
zero-knowledge proofs,
Cryptovirology
In 1996, Adam L. Young and Yung coined the term cryptovirology to denote the use of cryptography as an attack weapon via
computer virus
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a comput ...
es and other
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
in contrast to its traditional protective role.
In particular, they described the first instances of
ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
using public-key cryptography.
Kleptography
In 1996, Adam L. Young and Yung introduced the notion of kleptography
[Infosecurity Magazine: The Dark Side of Cryptography: Kleptography in Black-Box Implementations https://www.infosecurity-magazine.com/magazine-features/the-dark-side-of-cryptography-kleptography-in/] to show how cryptography could be used to attack host cryptosystems where the malicious resulting system with the embedded cryptologic tool in it resists reverse-engineering and cannot be detected by interacting with the host cryptosystem, as an argument against cryptographic systems and devices given by an external body as "black boxes" as was the
Clipper chip
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, ...
and the
Capstone program.
After the 2013
Snowden affair, the
NIST
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
was believed to have mounted the first kleptographic attack against the American
Federal Information Processing Standard
The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American ...
detailing the
Dual EC DRBG
Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public crit ...
,
essentially exploiting the repeated discrete logarithm based "kleptogram" introduced by Young and Yung.
Awards
* In 2010 he was the annual Distinguished Lecturer of the
International Association for Cryptologic Research
International is an adjective (also used as a noun) meaning "between nations".
International may also refer to:
Music Albums
* ''International'' (Kevin Michael album), 2011
* ''International'' (New Order album), 2002
* ''International'' (The T ...
at
Eurocrypt.
* In 2013 he became a fellow of the
Association for Computing Machinery
The Association for Computing Machinery (ACM) is a US-based international learned society for computing. It was founded in 1947 and is the world's largest scientific and educational computing society. The ACM is a non-profit professional member ...
.
* In 2014 he received the ESORICS (European Symposium on Research in Computer Security) Outstanding Research Award.
* In 2014 he became a fellow of the
International Association for Cryptologic Research
International is an adjective (also used as a noun) meaning "between nations".
International may also refer to:
Music Albums
* ''International'' (Kevin Michael album), 2011
* ''International'' (New Order album), 2002
* ''International'' (The T ...
.
* In 2014 he received the ACM's SIGSAC Outstanding Innovation Award.
* In 2015 he became an
IEEE
The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operati ...
fellow.
* In 2017 Yung became a fellow of the
European Association for Theoretical Computer Science
The European Association for Theoretical Computer Science (EATCS) is an international organization with a European focus, founded in 1972. Its aim is to facilitate the exchange of ideas and results among theoretical computer scientists as well as ...
.
* In 2018 Yung received the
W. Wallace McDowell Award
The W. Wallace McDowell Award is awarded by the IEEE Computer Society for outstanding theoretical, design, educational, practical, or related innovative contributions that fall within the scope of Computer Society interest. This is the highest tec ...
by the
IEEE Computer Society
The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operation ...
.
* In 2020 Yung received the Public Key Cryptography Conference's Test of Time Award for his 1998 paper on the security of ElGamal Encryption.
* In 2020 Yung received the IEEE Symposium on Security and Privacy's Test of Time Award for his 1996 paper
on Cryptovirology.
* In 2021 Yung received the Women of the ENIAC
Computer Pioneer Award
The Computer Pioneer Award was established in 1981 by the Board of Governors of the IEEE Computer Society to recognize and honor the vision of those people whose efforts resulted in the creation and continued vitality of the computer industry. ...
Moti Yung Award Recipient
Selected publications
* 1989: ''Universal one-way hash functions and their cryptographic applications'' (with M. Naor; ACM’s STOC).
* 1990: ''Public-key cryptosystems provably secure against chosen ciphertext attacks'' (with M. Naor; ACM’s STOC).
* 1991: ''How to withstand mobile virus attack'' (with Ostrovsky; ACM’s PODC).
* 1992: ''Multi-Receiver/Multi-Sender Network Security: Efficient Authenticated Multicast/Feedback'' (with Desmedt and Frankel; IEEE's INFOCOM 1992)
* 1999: ''Non-Interactive CryptoComputing For NC1'' (with Sander and Young; IEEE's FOCS 1999).
* 2000: ''Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation'' (with Katz; Fast Software Encryption (FSE)).
* 2004: ''Malicious Cryptography: Exposing Cryptovirology'' (with A. Young; Wiley 2004: A book).
* 2009: ''Efficient and secure authenticated key exchange using weak passwords'' (with Katz and Ostrovsky; JACM 57(1)).
* 2009: ''A unified framework for the analysis of side-channel key recovery attacks'' (with Standaert and Malkin; Eurocrypt).
* 2017: ''Generic Semantic Security against a Kleptographic Adversary'' (with A. Russell, Q. Tang, and H-S Zhou; ACM's CCS)
References
External links
Home page at Columbia University
Google Scholar Page
Research Gate
Cryptovirology Labs website
{{DEFAULTSORT:Yung, Moti
Year of birth missing (living people)
Living people
Modern cryptographers
Columbia School of Engineering and Applied Science alumni
Fellows of the Association for Computing Machinery
Fellow Members of the IEEE
International Association for Cryptologic Research fellows
Google employees
IBM employees
IBM Research computer scientists
People associated with computer security
Computer security academics
Theoretical computer scientists