This page uses content from Wikipedia and is licensed under CC BY-SA.

Moti Yung | |
---|---|

Nationality | Israeli-American |

Alma mater | Columbia University |

Awards | |

Scientific career | |

Fields | |

Institutions | |

Thesis | "Minimum-Knowledge Transfer Protocol" (1988) |

Doctoral advisor | Zvi Galil |

Doctoral students |

**Mordechai M. “Moti” Yung** is an Israeli-American cryptographer and computer scientist with an extensive industrial research career.

Yung earned his Ph.D. from Columbia University in 1988 under the supervision of Zvi Galil.^{[1]} In the past, he worked at the IBM Thomas J. Watson Research Center, was a vice president and chief scientist at CertCo, was director of Advanced Authentication Research at RSA Laboratories, and a researcher at Snap Inc.^{[2]}; he is currently a research scientist with Google. In parallel to his work in industry, he has also held adjunct and visiting faculty appointments at Columbia through which he advised several Ph.D. students (see ^{[1]}) including Gödel Prize winner Matthew K. Franklin, and Jonathan Katz.
Yung received the 2018 IEEE Computer Society W. Wallace McDowell Award.^{[3]}

Yung's contributions span a broad range of areas, from theory and foundations of cryptography and related areas, via systems security basic new notions and mechanisms, to actual industrial innovations contributing to the frontier of technology advancement and development.

**Trust and Novel Attacks:**

- In a 1996 publication with Adam L. Young,
^{[4]}Yung coined the term cryptovirology to denote the use of cryptography (as an attack weapon rather than its traditional protective role) by computer viruses and other malware and discovered the secure attack (from the attacker's perspective) for kidnapping data known as ransomware; for a 20 years perspective, see.^{[5]}^{[6]}(For economic analysis of the attack, see^{[7]}). Young and Yung authored the book*Malicious Cryptography: Exposing Cryptovirology*(John Wiley & Sons, 2004).^{[8]}(See also.^{[9]}^{[10]})

- In 1996 Yung and Young introduced the notion of kleptography to show how to use cryptography to attack host cryptosystems where the malicious resulting system with the embedded cryptologic tool in it resists reverse-engineering.
^{[11]}^{[12]}^{[13]}^{[14]}^{[15]}The first such attack against a real system is believed (based on the Snowden affair) to have been mounted by NIST against the American Federal Information Processing Standard detailing the Dual_EC_DRBG, essentially exploiting the repeated discrete logarithm based "kleptogram" introduced in the above-mentioned Crypto 1997 paper by Young and Yung. (Note that an earlier direct approach by NIST to have access to encryption via the Clipper chip during the 1990s Crypto Wars era was shown to have flaws: one confirmed fundamental flaw was described in Yung's earlier work.^{[16]})

- The above notions are fundamental to understanding trust in computing systems, demonstrating that an attack on a system can only be completely understood/ reversed by an attacker which is outside the system (i.e., holder of a private portion of a public key), and cannot be understood or reversed within the acting system itself (a security boundary argument which goes beyond the `end to end' system security argument demonstrated by the seminal `Reflections on Trusting Trust' lecture by Ken Thompson
^{[17]}).

**Basic Research and Foundations:**

Yung has contributed extensively with numerous coauthors to the foundations and theory of basic cryptographic systems and protocols, and co-invented notions, constructions, and systems, some of which are very closely related to and influenced the practice of concrete cryptography and secure and private systems.

- His contributions include innovating the notion of public key cryptosystems secure against chosen-ciphertext attack, which is currently a major requirement from public-key encryption schemes operating on the Internet. Prior to the work in
^{[18]}it was unclear if such security level applies to public key systems, the work suggested a paradigm of `encrypt twice and show consistency of cleartext under the two ciphertexts' (now called the Naor-Yung paradigm) which was used to achieve non-adaptive chosen ciphertext security. Other contributions of his in this area include novel symmetric-key based investigations of security notions classifications, and chosen ciphertext via Authenticated encryption,^{[19]}^{[20]}as well as showing how to achieve this strong adaptive security notion in various public-key settings and systems.^{[21]}^{[22]}^{[23]}^{[24]}

- He has worked on design of various Digital signature schemes, and in particular, contributed to the foundations of signature schemes
^{[25]}where for general signature scheme it was shown that one does not need the trapdoor property of the underlying functions; the work introduces (as a central tool) the basic primitive of Universal one-way hash function. The work is central in understanding practical signature schemes within the Hash-based cryptography framework. - In the area of secure computation protocols, his early work presented the first robust multi-party secure scheme via the notion of `shares of shares',
^{[26]}as well as the multi secret (compact/ batched secret) sharing idea.^{[27]}

- His work further pioneered the basic notion of `mobile adversary' in multi-party protocols with proactive security fault-tolerance against such adversaries;
^{[28]}the work invented the basic underlying technique of Proactive secret sharing which is needed to cope with this strong adversary: this work was, perhaps, the first design in the general area known now as Proactive cyber defense: The method allows redundancy of distributed processors to withstand corruption, as long as in well defined short periods, majority of processors are not corrupted (but over time all processors may get corrupted): This is a substantial extension of the traditional basic notion of Byzantine fault tolerance where correctness and security is only assured if majority of processors remain uncorrupted throughout the entire lifetime of the system. The work invented the fundamental concept of ``share reconstruction`` which shows how availability of parts of a code word can correct shares (missing parts of the same codeword), and it gave, in fact, the first example of distributed storage repair (with error correcting codes and under secrecy constraints); this concept later became to be known in coding theory (over merely erasure codes) as ``regeneration codes,`` which, in turn, were employed in actual cloud storage systems. - Yung further worked on basic issues in Zero-knowledge proofs,
^{[29]}^{[30]}^{[31]}and Commitment schemes: in particular, the notion of interactive hashing for unconditionally hiding commitments from general complexity assumptions^{[32]}and functional commitment^{[33]}

- His work dealt heavily with proof techniques of cryptographic ciphers: symmetric key systems,
^{[34]}^{[35]}^{[36]}as well as numerous basic and advanced aspects public key systems,^{[37]}^{[38]}^{[39]}^{[40]}and digital signature schemes.^{[41]}His work also covered more involved protocols to perform these basic cryptographic tasks in various more complex and constrained settings: For example, the work that initiated the provable security treatment of the notion called Threshold cryptosystem,^{[42]}where a capability to perform a cryptographic function is shared (rather than sharing a value for one time reconstruction).

- Also notable is his early contributions to Homomorphic encryption over any logarithmic depth circuit
^{[43]}(an intermediate achievement that took over 20 years since the notion of homomorphic encryption over a set of operation which provides Functional completeness was suggested as an abstract idea in^{[44]}). - He also contributed to more basic primitives which are directly needed in communication networks, like key agreement and Authentication protocols, as well as to Password-authenticated key agreement protocols, specifically to the first efficient password-based such protocol shown secure without idealized Random oracle model assumption.
^{[45]}

- Yung's further practice-oriented work predicted early in the mid 1980s
^{[46]}that large scale networks, due to scale limitations, will employ public key technology with server only public-key certificates and interactive protocols; (this idea had been an` intellectual predecessor' of the way the most prevalent version of Transport Layer Security was implemented in the mid 1990s). Another practice-oriented foundational work which influenced engineering practices was presented in the area of cryptographic hardware design and side-channel analysis against key recovery attacks (e.g., explicitly adding a distribution learning stage on devices with known keys, prior to considering the attacked device).^{[47]} - In the area of Information-theoretic security Yung's work pioneered investigations of multicast key pre-distribution system,
^{[48]}perfectly secure message transmission,^{[49]}and multi-user authentication codes.^{[50]}Also, his Coding theory based work includes^{[51]}relating Reed–Solomon error correction codes and cryptographic hardness, which, in turn, led to interleaving decoding work of the same codes.^{[52]}

- His work further gave rise to numerous basic new cryptographic ideas in protocols implementing important special tasks like: voting schemes,
^{[53]}^{[54]}^{[55]}auctions,^{[56]}e-payments/ cryptocurrency/ ecash,^{[57]}^{[58]}special privacy preserving protocols,^{[59]}^{[60]}and Traitor tracing systems which protect leakage of keys from receivers of broadcast messages environment.^{[61]}^{[62]}

- In light of Snowden's revelations, making cryptographic designs robust to kleptographic attacks has become an area of investigation; Yung has worked on detecting and correcting cryptosystems that were subverted by their implementation, see.
^{[63]}^{[64]}^{[65]}

- Further, he worked on Algorithm design and analysis, in general, and specifically in the area of Distributed computing, primarily on Distributed algorithms and Computer networks algorithms,
^{[66]}^{[67]}^{[68]}as well as on Fault Tolerance^{[69]}^{[70]}including the invention of distributed algorithms' ``local detection`` mechanism in the context of Self-stabilization.^{[71]}

**Industrial Contributions:**

In addition to his extensive scientific contributions in basic and applied research, Yung has spent a career in industry working with engineers, developers, business experts, and other scientists, and concurrently contributed over the years to numerous innovative real-world constructions. These have led to practical implementations that were, in turn, deployed as part of actual systems and networks. His industrial contributions have enhanced the security and privacy of businesses infrastructure, and enabled new concrete applications. These include the following :

- Authentication and key exchange protocols for improvement of the network security of IBM Systems Network Architecture (in particular, the authentication within IBM LU6.2. see
^{[72]}This infrastructural work, as part of IBM Research and development project (which was adopted in IBM products, and for which he got the ``IBM Outstanding Innovation Award``). The work was also one of the intellectual predecessors to the cryptographic community's extensive work on cryptographic models for authentication and key exchange, and to works on concurrent sessions in cryptography; it further facilitated IBM engagement with the Internet security design.

- A joint project between IBM and GTE conducted an early exploration of security of data networks over a cellular phone infrastructure.
^{[73]}

- Certco's pioneering distributed certification authority.
^{[74]}Note that Certco pioneered an integrated Risk management approach to Information security.

- The design of the central engine behind the Greek electronic national lottery, run nationwide by OPAP and designed and implemented with a team from the Research Academic Computer Technology Institute, see.
^{[75]}The highly sensitive system employs numerous cryptographic systems and primitives such as: randomness and pseudorandomness extraction (e.g., Pseudorandom generators), commitment schemes, and signature scheme with Forward secrecy.

- Yung participated in RSA Inc.'s anti phishing business expansion efforts (see:
^{[76]}) and started research on extended authentication factors based on modern computing environments^{[77]}

- Yung's work dealt directly with the issue of User authentication and enhancement of the traditional authentication factors to modern computing environment (in particular, exploiting social relationships
^{[78]}). This works is employed in social networks for account recovery purposes as originally advocated.^{[79]} - Inventing, in Google, the universal two factor authentication based on public key technology in a mobile device.
^{[80]}This activity started what was followed by numerous efforts in the company which led to forming the FIDO Alliance. The notion is fundamentally different from earlier one-time password devices which rely on sharing a secret with a server or a hierarchies of servers (and secrets can be compromised without breaking individual devices^{[81]}); here, in contrast, due to the fact that now devices can apply public-key cryptographic operations, the entire secret remains always within the device itself, and universally, any server which trust the certifying authority of the public key can rely on this factor^{[82]}. His contributions were recognized as part of a Google founders' award given to the security team.

- Contributions within Google privacy efforts group: developments in Data anonymization (see, e.g.,
^{[83]}), and Google's user dashboard initiation (allowing users to have transparency and control, see;^{[84]}the work got recognized by a Google OC award.).

- Google's (Doubleclick's) Ad Exchange's (a pioneering platform for Real Time Bidding a prototypical deployed system of what is known generically as Ad exchange technology) which powers Display advertising Internet-wide: Yung contributed to the security and encryption aspects important for user privacy, including the heavily used (billions of transactions per day) multi-function multi-purpose encryption method.
^{[85]}

- Google's `privacy by design' protocols in various areas, like: data collection and its dynamic presentation, employing Differential Privacy in an industry setting,
^{[86]}and beacon's privacy based on Ephemeral IDs^{[87]}. - Snap's new approach to Distributed (Federated) Learning with Differential Privacy Assurance work
^{[88]}.

- Snap's basic security protocols for cloud storage encryption.
^{[89]}^{[90]}

- Notably, his work efforts to introduce and deploy, in an actual industry setting for the first time, Secure multi-party computation protocols based on advanced cryptography, led to the deployment of privacy preserving analytics technology (which is decisively on the side of user privacy) done routinely (in/ by Google and partners) as part of an established company's daily business. Deploying systems and technology developed with numerous internal collaborators, in an area which has been mainly a subject of theoretical and experimental studies since it started in the late 1970s (with the seminal mental poker research), has been considered a challenging task. For background see.
^{[91]}^{[92]}^{[93]}

**Software Security, Privacy, and Anonymity Research:**

Yung worked on software systems security
^{[94]}^{[95]}^{[96]} and further characterized the adversary to consider against software systems that are given to users, calling it MATE: `Man-at-the-End' attack (which became popular in the software obfuscation community^{[97]}). Yung has contributed to anonymity and privacy as well, working on cryptographic anonymous credentials such as Group signature,^{[98]}^{[99]}^{[100]} as well as group encryption protocols.^{[101]}^{[102]} Yung together with Adam L. Young cryptanalyzed the Reduced-Seat Buses Protocol for anonymous communication.^{[103]} In the same work they broke multiple anonymous communication protocols, such as Taxis, showing that the crucial property of key-anonymity was missing, they further proposed the Drunk Motorcyclists protocol for anonymous communication and proved that it is cryptographically secure.

- Yung received the 2018 W. Wallace McDowell Award by the IEEE Computer Society.
- In 2017 Yung became a fellow of the European Association for Theoretical Computer Science
^{[104]} - In 2015 he became an IEEE fellow
^{[105]} - In 2014 he received the ACM's SIGSAC Outstanding Innovation Award
^{[106]} - In 2014 he became a fellow of the International Association for Cryptologic Research
^{[107]} - In 2014, as well, he received the ESORICS (European Symposium on Research in Computer Security) Outstanding Research Award
^{[108]} - In 2013 he became a fellow of the Association for Computing Machinery
^{[109]}(See also^{[110]}) - In 2010 he was the annual Distinguished Lecturer of the International Association for Cryptologic Research at Eurocrypt, see
^{[111]}

- ^
^{a}^{b}Moti Yung at the Mathematics Genealogy Project **^**Dave, Paresh (March 29, 2016), "New member on Snapchat's cybersecurity team", This week in L.A. tech,*Los Angeles Times***^***Moti Yung Received IEEE Computer Society 2018 W. Wallace McDowell Award***^**Young, A.; M. Yung (1996).*Cryptovirology: extortion-based security threats and countermeasures*. IEEE Symposium on Security and Privacy. pp. 129–140. doi:10.1109/SECPRI.1996.502676. ISBN 0-8186-7417-2.**^**Adam L. Young, Moti Yung, Cryptovirology: The Birth, Neglect, and Explosion of Ransomware, Communications of the ACM, Vol. 60 No. 7, Pages 24-26 10.1145/3097347 [1]**^***Crypto Ransomware***^**Hernandez-Castro, Julio; Cartwright, Edward; Stepanova, Anna (2017), "Economic Analysis of Ransomware", arXiv:1703.06660 [cs.CR]**^**Whelan, Claire (8 October 2004), "It takes a cryptovirus to fight one",*Times Higher Education*. A book review of*Malicious Cryptography***^***Yes We Can't***^**Cryptolocker has you between a back up and a hard place**^**Young, Adam; Yung, Moti (1996), "The Dark Side of "Black-Box" Cryptography or: Should We Trust Capstone?",*Adam L. Young, Moti Yung: The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone? CRYPTO 1996: 89-103*, Lecture Notes in Computer Science,**1109**, p. 89, doi:10.1007/3-540-68697-5_8, ISBN 978-3-540-61512-5**^**Young, Adam; Yung, Moti (1997), "Kleptography: Using Cryptography Against Cryptography",*Adam L. Young, Moti Yung: Kleptography: Using Cryptography Against Cryptography. EUROCRYPT 1997: 62-74*, Lecture Notes in Computer Science,**1233**, p. 62, doi:10.1007/3-540-69053-0_6, ISBN 978-3-540-62975-7**^**Young, Adam; Yung, Moti (1997), "The prevalence of kleptographic attacks on discrete-log based cryptosystems",*Adam L. Young, Moti Yung: The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems. CRYPTO 1997: 264-276*, Lecture Notes in Computer Science,**1294**, p. 264, doi:10.1007/BFb0052241, ISBN 978-3-540-63384-6**^**Young, Adam; Yung, Moti (1998), "Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs",*Adam L. Young, Moti Yung: Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs. FSE 1998: 122-133*, Lecture Notes in Computer Science,**1372**, p. 122, doi:10.1007/3-540-69710-1_9, ISBN 978-3-540-64265-7**^**Young, Adam; Yung, Moti (2001), "Bandwidth-Optimal Kleptographic Attacks",*Adam L. Young, Moti Yung: Bandwidth-Optimal Kleptographic Attacks. CHES 2001: 235-250*, Lecture Notes in Computer Science,**2162**, p. 235, doi:10.1007/3-540-44709-1_20, ISBN 978-3-540-42521-2**^**Y. Frankel and M. Yung. Escrow Encryption Systems Visited: Attacks, Analysis and Designs. Crypto 95 Proceedings, August 1995**^***The Ken Thompson Hack (reflections of trusting trust)*.**^***Moni Naor, Moti Yung: Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks .STOC 1990: 427-437***^**Jonathan Katz, Moti Yung: Complete characterization of security notions for probabilistic private-key encryption. STOC 2000: 245-254 [2]**^**Jonathan Katz, Moti Yung: Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation. FSE 2000: 284-299 [3]**^**Benoît Libert, Moti Yung: Non-interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions. TCC 2012: 75-93 [4]**^**Benoît Libert, Thomas Peters, Marc Joye, Moti Yung: Non-malleability from Malleability: Simulation-Sound Quasi-Adaptive NIZK Proofs and CCA2-Secure Encryption from Homomorphic Signatures. EUROCRYPT 2014: 514-532 [5]**^**Benoît Libert, Marc Joye, Moti Yung, Thomas Peters: Concise Multi-challenge CCA-Secure Encryption and Signatures with Almost Tight Security. ASIACRYPT (2) 2014: 1-21 [6]**^**Eike Kiltz, Krzysztof Pietrzak, Martijn Stam, Moti Yung: A New Randomness Extraction Paradigm for Hybrid Encryption. EUROCRYPT 2009: 590-609 [7]**^***Moni Naor, Moti Yung: Universal One-Way Hash Functions and their Cryptographic Applications .STOC 1989: 33-43***^**Zvi Galil, Stuart Haber, Moti Yung: Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model. CRYPTO 1987: 135-155 [8]**^**Matthew K. Franklin, Moti Yung: Communication Complexity of Secure Computation (Extended Abstract). STOC 1992: 699-710 [9]**^**Rafail Ostrovsky, Moti Yung: How to Withstand Mobile Virus Attacks (Extended Abstract). PODC 1991: 51-59 [10]**^**Russell Impagliazzo, Moti Yung: Direct Minimum-Knowledge Computations. CRYPTO 1987: 40-51 [11]**^**Gilles Brassard, Claude Crépeau, Moti Yung: Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols. Theor. Comput. Sci. 84(1): 23-52 (1991)[12]**^**Andrew Chi-Chih Yao, Moti Yung, Yunlei Zhao: Concurrent Knowledge Extraction in Public-Key Models. J. Cryptology 29(1): 156-219 (2016)[13]**^**Moni Naor, Rafail Ostrovsky, Ramarathnam Venkatesan, Moti Yung: Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation. J. Cryptology 11(2): 87-108 (1998)[14]**^**Benoît Libert, Somindu C. Ramanna, Moti Yung: Functional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions. ICALP 2016: 30:1-30:14 [15]**^**Donghoon Chang, Mridul Nandi, Moti Yung: On the Security of Hash Functions Employing Blockcipher Postprocessing. FSE 2011: 146-166 [16]**^**Enrico Buonanno, Jonathan Katz, Moti Yung: Incremental Unforgeable Encryption. FSE 2001: 109-124 [17]**^**Donghoon Chang, Sangjin Lee, Mridul Nandi, Moti Yung: Indifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding. ASIACRYPT 2006: 283-298 [18]**^**Yiannis Tsiounis, Moti Yung: On the Security of ElGamal Based Encryption. Public Key Cryptography 1998: 117-134 [19]**^**Adam L. Young, Moti Yung: Auto-Recoverable Auto-Certifiable Cryptosystems. EUROCRYPT 1998: 17-31 [20]**^**Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, Moti Yung: Key-Insulated Public Key Cryptosystems. EUROCRYPT 2002: 65-82 [21]**^**Tal Malkin, Isamu Teranishi, Moti Yung: Efficient Circuit-Size Independent Public Key Encryption with KDM Security. EUROCRYPT 2011: 507-526 [22]**^**Ernest F. Brickell, David Pointcheval, Serge Vaudenay, Moti Yung: Design Validations for Discrete Logarithm Based Signature Schemes. Public Key Cryptography 2000: 276-292 [23]**^**Alfredo De Santis, Yvo Desmedt, Yair Frankel, Moti Yung. How to share a function securely. in STOC 1994: 522-533 [24]**^**Sander, Tomas; Young, Adam L.; Yung, Moti. "Non-Interactive CryptoComputing For NC1".*Focs1991*. IEEE.**^**R. L. Rivest, L. Adleman, and M. L. Dertouzos. On data banks and privacy homomorphisms. In*Foundations of Secure Computation*, 1978.**^**Jonathan Katz, Rafail Ostrovsky, Moti Yung: Efficient and secure authenticated key exchange using weak passwords. J. ACM 57(1): 3:1-3:39 (2009) [25]**^**Zvi Galil, Stuart Haber, Moti Yung: Symmetric Public-Key Encryption. CRYPTO 1985: 128-137 [26]**^**François-Xavier Standaert, Tal Malkin, Moti Yung: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. EUROCRYPT 2009: 443-461 [27]**^**Carlo Blundo, Alfredo De Santis, Amir Herzberg, Shay Kutten, Ugo Vaccaro, Moti Yung: Perfectly-Secure Key Distribution for Dynamic Conferences. CRYPTO 1992: 471-486 [28]**^**Danny Dolev, Cynthia Dwork, Orli Waarts, Moti Yung: Perfectly Secure Message Transmission. J. ACM 40(1): 17-47 (1993)[29]**^**Yvo Desmedt, Yair Frankel, Moti Yung: Multi-Receiver/Multi-Sender Network Security: Efficient Authenticated Multicast/Feedback. INFOCOM 1992: 2045-2054 [30]**^**Aggelos Kiayias, Moti Yung: Cryptographic Hardness Based on the Decoding of Reed–Solomon Codes. IEEE Trans. Inf. Theory 54(6): 2752-2769 (2008)[31]**^**Daniel Bleichenbacher, Aggelos Kiayias, Moti Yung: Decoding interleaved Reed-Solomon codes over noisy channels. Theor. Comput. Sci. 379(3): 348-360 (2007)[32]**^**Josh Cohen Benaloh, Moti Yung: Distributing the Power of a Government to Enhance the Privacy of Voters (Extended Abstract). PODC 1986: 52-62 [33]**^**Ronald Cramer, Matthew K. Franklin, Berry Schoenmakers, Moti Yung: Multi-Autority Secret-Ballot Elections with Linear Work. EUROCRYPT 1996: 72-83 [34]**^**Aggelos Kiayias, Moti Yung: Self-tallying Elections and Perfect Ballot Secrecy. Public Key Cryptography 2002: 141-158 [35]**^**Michael O. Rabin, Yishay Mansour, S. Muthukrishnan, Moti Yung: Strictly-Black-Box Zero-Knowledge and Efficient Validation of Financial Transactions. ICALP (1) 2012: 738-749 [36]**^**Matthew K. Franklin, Moti Yung: Secure and Efficient Off-Line Digital Money (Extended Abstract). ICALP 1993: 265-276 [37]**^**Alexandra Dmitrienko, David Noack, Moti Yung: Secure Wallet-Assisted Offline Bitcoin Payments with Double-Spender Revocation. AsiaCCS 2017: 520-531 [38]**^**Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung: Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications. Applied Cryptography and Network Security, 2011: 130-146 [39]**^**Aggelos Kiayias, Bülent Yener, Moti Yung: Privacy-Preserving Information Markets for Computing Statistical Data. Financial Cryptography 2009: 32-50 [40]**^**Aggelos Kiayias, Moti Yung: Self Protecting Pirates and Black-Box Traitor Tracing. CRYPTO 2001: 63-79 [41]**^**Aggelos Kiayias, Moti Yung: Traitor Tracing with Constant Transmission Rate. EUROCRYPT 2002: 450-465 [42]**^***Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou: Cliptography: Clipping the Power of Kleptographic Attacks, Asiacrypt 2016, Springer LNCS***^***Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou: Generic Semantic Security against a Kleptographic Adversary. CCS 2017: 907-922***^***Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Zhou: Correcting Subverted Random Oracles. CRYPTO (2) 2018: 241-271***^**Matthew K. Franklin, Zvi Galil, Moti Yung: Eavesdropping games: a graph-theoretic approach to privacy in distributed systems. J. ACM 47(2): 225-243 (2000) [43]**^**Xiangdong Yu, Moti Yung: Agent Rendezvous: A Dynamic Symmetry-Breaking Problem. ICALP 1996: 610-621 [44]**^**William Aiello, Ramarathnam Venkatesan, Moti Yung: Coins, Weights and Contention in Balancing Networks. PODC 1994: 193-205 [45]**^**Zvi Galil, Alain J. Mayer, Moti Yung: Resolving Message Complexity of Byzantine Agreement and beyond. FOCS 1995: 724-733 [46]**^**Spyros C. Kontogiannis, Grammati E. Pantziou, Paul G. Spirakis, Moti Yung: "Dynamic-Fault-Prone BSP": A Paradigm for Robust Computations in Changing Environments. SPAA 1998: 37-46 [47]**^**Yehuda Afek, Shay Kutten, Moti Yung: The Local Detection Paradigm and Its Application to Self-Stabilization. Theor. Comput. Sci. 186(1-2): 199-229 (1997)[48]**^**Bird, Ray; Gopal, Inder; Herzberg, Amir; Janson, Phil; Kutten, Shay; Molva, Refik; Yung, Moti (1992), "Systematic Design of Two-Party Authentication Protocols",*Ray Bird, Inder S. Gopal, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik Molva, Moti Yung: Systematic Design of Two-Party Authentication Protocols. CRYPTO 1991: 44-61*, Lecture Notes in Computer Science,**576**, p. 44, doi:10.1007/3-540-46766-1_3, ISBN 978-3-540-55188-1**^***Y. Frankel, A. Herzberg, P. A. Karger, H. Krawczyk, C. A. Kunzinger, M. Yung: Security issues in a CDPD wireless network. IEEE Personal Commun. 2(4): 16-27 (1995)*.**^***Visa and Mastercard have just announced the selection of two companies -- CertCo and Spyrus, 05/20/97*.**^**Konstantinou, Elisavet; Liagkou, Vasiliki; Spirakis, Paul; Stamatiou, Yannis C.; Yung, Moti (2004), "Electronic National Lotteries",*Elisavet Konstantinou, Vasiliki Liagkou, Paul Spirakis, Yannis, C. Stamatiou, Moti Yung, Electronic National Lotteries, Financial Cryptography 2004, Springer LNCS 3110*, Lecture Notes in Computer Science,**3110**, p. 147, doi:10.1007/978-3-540-27809-2_18, ISBN 978-3-540-22420-4.**^***Commerce Bank signs for RSA anti-phishing system, 09 August 2006***^***Applying Context to Web Authentication: RSA position paper, 03/2006*.**^**John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, Moti Yung: Fourth-factor authentication: somebody you know. ACM Conference on Computer and Communications Security 2006: 168-178 [49]**^**How to Use ‘Trusted Contacts’ to Recover a Hacked Facebook Account**^***Patent US 8532620: Trusted mobile device based security, 05/17/11***^**Schneier on Security: RSA Security, Inc Hacked**^**[lifehacker.com]**^**Searchengineland: Anonymizing Google’s Server Log Data — How’s It Going?[50]**^***Transparency, choice and control — now complete with a Dashboard! November 5, 2009***^***Patent US 9189638: Yung et al., Systems and methods for multi-function and multi-purpose cryptography,25 Aug 2013***^***Patent US 8909711: System and method for generating privacy-enhanced aggregate statistics,27 April 2011***^***Growing Eddystone with Ephemeral Identifiers: A Privacy Aware & Secure Open Beacon Format April 14, 2016***^***Differentially-Private "Draw and Discard" Machine Learning***^***My Eyes Only***^***RWC2017: my eyes only***^**Yung, Moti (2015).*From Mental Poker to Core Business: Why and How to Deploy Secure Computation Protocols?*. ACM SIGSAC Conference on Computer and Communications Security. pp. 1–2.**^***Patent US 9641332: Yung et al., Privacy-preserving measurements of a campaign, Jan 30, 2013***^**Google starts tracking offline shopping**^**Enriquillo Valdez, Moti Yung: Software DisEngineering: Program Hiding Architecture and Experiments. Information Hiding 1999: 379-394 [51]**^**US patent 5745678: Method and system for the secured distribution of multimedia titles, 1994 [52]**^**Mario Baldi, Yoram Ofek, Moti Yung: Idiosyncratic Signatures for Authenticated Execution of Management Code. DSOM 2003: 204-206 [53]**^**C. Collberg, Engineering Code Obfuscation (Eurocrypt 2016 invited talk).[54]**^**Aggelos Kiayias, Moti Yung: Extracting Group Signatures from Traitor Tracing Schemes. EUROCRYPT 2003: 630-648 [55]**^**Vicente Benjumea, Seung Geol Choi, Javier Lopez, Moti Yung: Fair Traceable Multi-Group Signatures. Financial Cryptography 2008: 231-246 [56]**^**Benoît Libert, Thomas Peters, Moti Yung: Group Signatures with Almost-for-Free Revocation. CRYPTO 2012: 571-589 [57]**^**Aggelos Kiayias, Yiannis Tsiounis, Moti Yung: Group Encryption. ASIACRYPT 2007: 181-199 [58]**^**Julien Cathalo, Benoît Libert, Moti Yung: Group Encryption: Non-interactive Realization in the Standard Model. ASIACRYPT 2009: 179-196 [59]**^**Young, A.; M. Yung (2014).*The drunk motorcyclist protocol for anonymous communication*. IEEE Conference on Communications and Network Security. pp. 157–165.**^**[60] EATCS fellows**^**[61] IEEE fellows 2015**^**[www.sigsac.org] SIGSAC Awards**^**IACR Moti Yung, IACR Fellow, 2014**^**[homepages.laas.fr] Esorics Awards**^**ACM Names Fellows for Computing Advances that Are Transforming Science and Society Archived 2014-07-22 at the Wayback Machine., Association for Computing Machinery, accessed 2013-12-10**^**Google research Blog, accessed 2013-12-11**^**IACR Distinguished Lectures, retrieved 2012-03-11