Moti Yung

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

Moti Yung
Alma mater	Columbia University
Awards	Computer Pioneer Award McDowell Award ACM Fellow EATCS Fellow IEEE Fellow IACR Fellow
Scientific career
Fields	Computer science Cryptography Information security Network security Privacy-enhancing technologies
Institutions	IBM Research CertCo RSA Laboratories Snap Inc. Google
Thesis	Minimum-Knowledge Transfer Protocol  (1988)
Doctoral advisor	Zvi Galil
Doctoral students	Matthew K. Franklin Jonathan Katz Aggelos Kiayias

Career

Yung earned his PhD from Columbia University in 1988 under the supervision of Zvi Galil.^[1] In the past, he worked at the IBM Thomas J. Watson Research Center,^[2] CertCo, RSA Laboratories, and Google.^[3] In 2016, Yung moved from Google to Snap Inc.^[4] Yung is currently a research scientist at Google.^[5]

Yung is an adjunct senior research faculty member at Columbia University,^[5] and has co-advised PhD students including Gödel Prize winner Matthew K. Franklin, Jonathan Katz, and Aggelos Kiayias.^[1]

Yung is a former trustee of the International Association for Cryptologic Research (IACR). In November 2025, he resigned from the position after the IACR's annual leadership election was nullified and rerun when he was unable to provide the required cryptographic key.^[6][7]

Research

Yung research covers primarily the area of cryptography and its applications to information security and data privacy. He has worked on defining and implementing malicious (offensive) cryptography: cryptovirology^[8] and kleptography,^[9] and on various other foundational and applied fields of cryptographic research, including: user and entity electronic authentication,^[10][11] information-theoretic security,^[12][13] secure multi-party computation,^{[14][15][16][17]} threshold cryptosystems,^[18][19] and zero-knowledge proofs,^[20][21][22]

Cryptovirology

In 1996, Adam L. Young and Yung coined the term cryptovirology to denote the use of cryptography as an attack weapon via computer viruses and other malware in contrast to its traditional protective role.^[8] In particular, they described the first instances of ransomware using public-key cryptography.^[23][24]

Kleptography

In 1996, Adam L. Young and Yung introduced the notion of kleptography^[9] to show how cryptography could be used to attack host cryptosystems where the malicious resulting system with the embedded cryptologic tool in it resists reverse-engineering and cannot be detected by interacting with the host cryptosystem,^{[25][26][27][28][29]} as an argument against cryptographic systems and devices given by an external body as "black boxes" as was the Clipper chip and the Capstone program.^[30]

After the 2013 Snowden affair, the NIST was believed to have mounted the first kleptographic attack against the American Federal Information Processing Standard detailing the Dual EC DRBG,^[31] essentially exploiting the repeated discrete logarithm based "kleptogram" introduced by Young and Yung.^[32]

Awards

• In 2010 he was the annual Distinguished Lecturer of the International Association for Cryptologic Research at Eurocrypt.^[33]
• In 2013 he became a fellow of the Association for Computing Machinery.^[34]
• In 2014 he received the ESORICS (European Symposium on Research in Computer Security) Outstanding Research Award.^[35]
• In 2014 he became a fellow of the International Association for Cryptologic Research.^[36]
• In 2014 he received the ACM's SIGSAC Outstanding Innovation Award.^[37]
• In 2015 he became an IEEE fellow.^[38]
• In 2017 Yung became a fellow of the European Association for Theoretical Computer Science.^[39]
• In 2018 Yung received the W. Wallace McDowell Award by the IEEE Computer Society.^[40]
• In 2020 Yung received the Public Key Cryptography Conference's Test of Time Award for his 1998 paper^[41] See.^[42]
• In 2020 Yung received the IEEE Symposium on Security and Privacy's Test of Time Award for his 1996 paper^[8] on Cryptovirology.^[43]
• In 2021 Yung received Computer Pioneer Award honoring the Women of the ENIAC^[44]
• In 2023 Yung was elected a fellow of the American Academy of Arts and Sciences^[45]
• In 2024 Yung received the IACR Test of Time Award for his 2009 paper^[46] See^[47]
• In 2025 Yung received the 2026 IEEE Innovation in Societal Infrastructure Award^[48]

Selected publications

• 1989: Universal one-way hash functions and their cryptographic applications (with M. Naor; ACM’s STOC).
• 1990: Public-key cryptosystems provably secure against chosen ciphertext attacks (with M. Naor; ACM’s STOC).
• 1991: How to withstand mobile virus attack (with Ostrovsky; ACM’s PODC).
• 1992: Multi-Receiver/Multi-Sender Network Security: Efficient Authenticated Multicast/Feedback (with Desmedt and Frankel; IEEE's INFOCOM 1992)
• 1999: Non-Interactive CryptoComputing For NC1 (with Sander and Young; IEEE's FOCS 1999).
• 2000: Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation (with Katz; Fast Software Encryption (FSE)).
• 2004: Malicious Cryptography: Exposing Cryptovirology (with A. Young; Wiley 2004: A book).
• 2009: Efficient and secure authenticated key exchange using weak passwords (with Katz and Ostrovsky; JACM 57(1)).
• 2009: A unified framework for the analysis of side-channel key recovery attacks (with Standaert and Malkin; Eurocrypt).
• 2017: Generic Semantic Security against a Kleptographic Adversary (with A. Russell, Q. Tang, and H-S Zhou; ACM's CCS)