Yung's contributions span a broad range of areas, from theory and foundations of cryptography and related areas, via systems security basic new notions and mechanisms, to actual industrial innovations contributing to the frontier of technology advancement and development.
Trust and Novel Attacks:
In a 1996 publication with Adam L. Young, Yung coined the term cryptovirology to denote the use of cryptography (as an attack weapon rather than its traditional protective role) by computer viruses and other malware and discovered the secure attack (from the attacker's perspective) for kidnapping data known as ransomware; for a 20 years perspective, see. (For economic analysis of the attack, see ). Young and Yung authored the book Malicious Cryptography: Exposing Cryptovirology (John Wiley & Sons, 2004). (See also.)
In 1996 Yung and Young introduced the notion of kleptography to show how to use cryptography to attack host cryptosystems where the malicious resulting system with the embedded cryptologic tool in it resists reverse-engineering. The first such attack against a real system is believed (based on the Snowden affair) to have been mounted by NIST against the American Federal Information Processing Standard detailing the Dual_EC_DRBG, essentially exploiting the repeated discrete logarithm based "kleptogram" introduced in the above-mentioned Crypto 1997 paper by Young and Yung. (Note that an earlier direct approach by NIST to have access to encryption via the Clipper chip during the 1990s Crypto Wars era was shown to have flaws: one confirmed fundamental flaw was described in Yung's earlier work.)
The above notions are fundamental to understanding trust in computing systems, demonstrating that an attack on a system can only be completely understood/ reversed by an attacker which is outside the system (i.e., holder of a private portion of a public key), and cannot be understood or reversed within the acting system itself (a security boundary argument which goes beyond the `end to end' system security argument demonstrated by the seminal `Reflections on Trusting Trust' lecture by Ken Thompson).
Basic Research and Foundations:
Yung has contributed extensively with numerous coauthors to the foundations and theory of basic cryptographic systems and protocols, and co-invented notions, constructions, and systems, some of which are very closely related to and influenced the practice of concrete cryptography and secure and private systems.
His contributions include innovating the notion of public key cryptosystems secure against chosen-ciphertext attack, which is currently a major requirement from public-key encryption schemes operating on the Internet. Prior to the work in  it was unclear if such security level applies to public key systems, the work suggested a paradigm of `encrypt twice and show consistency of cleartext under the two ciphertexts' (now called the Naor-Yung paradigm) which was used to achieve non-adaptive chosen ciphertext security. Other contributions of his in this area include novel symmetric-key based investigations of security notions classifications, and chosen ciphertext via Authenticated encryption, as well as showing how to achieve this strong adaptive security notion in various public-key settings and systems.
He has worked on design of various Digital signature schemes, and in particular, contributed to the foundations of signature schemes where for general signature scheme it was shown that one does not need the trapdoor property of the underlying functions; the work introduces (as a central tool) the basic primitive of Universal one-way hash function. The work is central in understanding practical signature schemes within the Hash-based cryptography framework.
In the area of secure computation protocols, his early work presented the first robust multi-party secure scheme via the notion of `shares of shares', as well as the multi secret (compact/ batched secret) sharing idea.
His work further pioneered the basic notion of `mobile adversary' in multi-party protocols with proactive security fault-tolerance against such adversaries; the work invented the basic underlying technique of Proactive secret sharing which is needed to cope with this strong adversary: this work was, perhaps, the first design in the general area known now as Proactive cyber defense: The method allows redundancy of distributed processors to withstand corruption, as long as in well defined short periods, majority of processors are not corrupted (but over time all processors may get corrupted): This is a substantial extension of the traditional basic notion of Byzantine fault tolerance where correctness and security is only assured if majority of processors remain uncorrupted throughout the entire lifetime of the system. The work invented the fundamental concept of ``share reconstruction`` which shows how availability of parts of a code word can correct shares (missing parts of the same codeword), and it gave, in fact, the first example of distributed storage repair (with error correcting codes and under secrecy constraints); this concept later became to be known in coding theory (over merely erasure codes) as ``regeneration codes,`` which, in turn, were employed in actual cloud storage systems.
His work dealt heavily with proof techniques of cryptographic ciphers: symmetric key systems, as well as numerous basic and advanced aspects public key systems, and digital signature schemes. His work also covered more involved protocols to perform these basic cryptographic tasks in various more complex and constrained settings: For example, the work that initiated the provable security treatment of the notion called Threshold cryptosystem, where a capability to perform a cryptographic function is shared (rather than sharing a value for one time reconstruction).
Also notable is his early contributions to Homomorphic encryption over any logarithmic depth circuit  (an intermediate achievement that took over 20 years since the notion of homomorphic encryption over a set of operation which provides Functional completeness was suggested as an abstract idea in).
Yung's further practice-oriented work predicted early in the mid 1980s that large scale networks, due to scale limitations, will employ public key technology with server only public-key certificates and interactive protocols; (this idea had been an` intellectual predecessor' of the way the most prevalent version of Transport Layer Security was implemented in the mid 1990s). Another practice-oriented foundational work which influenced engineering practices was presented in the area of cryptographic hardware design and side-channel analysis against key recovery attacks (e.g., explicitly adding a distribution learning stage on devices with known keys, prior to considering the attacked device).
His work further gave rise to numerous basic new cryptographic ideas in protocols implementing important special tasks like: voting schemes, auctions, e-payments/ cryptocurrency/ ecash, special privacy preserving protocols, and Traitor tracing systems which protect leakage of keys from receivers of broadcast messages environment.
In light of Snowden's revelations, making cryptographic designs robust to kleptographic attacks has become an area of investigation; Yung has worked on detecting and correcting cryptosystems that were subverted by their implementation, see.
In addition to his extensive scientific contributions in basic and applied research, Yung has spent a career in industry working with engineers, developers, business experts, and other scientists, and concurrently contributed over the years to numerous innovative real-world constructions. These have led to practical implementations that were, in turn, deployed as part of actual systems and networks. His industrial contributions have enhanced the security and privacy of businesses infrastructure, and enabled new concrete applications. These include the following :
Authentication and key exchange protocols for improvement of the network security of IBM Systems Network Architecture (in particular, the authentication within IBM LU6.2. see This infrastructural work, as part of IBM Research and development project (which was adopted in IBM products, and for which he got the ``IBM Outstanding Innovation Award``). The work was also one of the intellectual predecessors to the cryptographic community's extensive work on cryptographic models for authentication and key exchange, and to works on concurrent sessions in cryptography; it further facilitated IBM engagement with the Internet security design.
A joint project between IBM and GTE conducted an early exploration of security of data networks over a cellular phone infrastructure.
Yung participated in RSA Inc.'s anti phishing business expansion efforts (see:) and started research on extended authentication factors based on modern computing environments
Yung's work dealt directly with the issue of User authentication and enhancement of the traditional authentication factors to modern computing environment (in particular, exploiting social relationships). This works is employed in social networks for account recovery purposes as originally advocated.
Inventing, in Google, the universal two factor authentication based on public key technology in a mobile device. This activity started what was followed by numerous efforts in the company which led to forming the FIDO Alliance. The notion is fundamentally different from earlier one-time password devices which rely on sharing a secret with a server or a hierarchies of servers (and secrets can be compromised without breaking individual devices ); here, in contrast, due to the fact that now devices can apply public-key cryptographic operations, the entire secret remains always within the device itself, and universally, any server which trust the certifying authority of the public key can rely on this factor. His contributions were recognized as part of a Google founders' award given to the security team.
Contributions within Google privacy efforts group: developments in Data anonymization (see, e.g.,), and Google's user dashboard initiation (allowing users to have transparency and control, see; the work got recognized by a Google OC award.).
Google's (Doubleclick's) Ad Exchange's (a pioneering platform for Real Time Bidding a prototypical deployed system of what is known generically as Ad exchange technology) which powers Display advertising Internet-wide: Yung contributed to the security and encryption aspects important for user privacy, including the heavily used (billions of transactions per day) multi-function multi-purpose encryption method.
Google's `privacy by design' protocols in various areas, like: data collection and its dynamic presentation, employing Differential Privacy in an industry setting, and beacon's privacy based on Ephemeral IDs .
Snap's new approach to Distributed (Federated) Learning with Differential Privacy Assurance work .
Snap's basic security protocols for cloud storage encryption.
Notably, his work efforts to introduce and deploy, in an actual industry setting for the first time, Secure multi-party computation protocols based on advanced cryptography, led to the deployment of privacy preserving analytics technology (which is decisively on the side of user privacy) done routinely (in/ by Google and partners) as part of an established company's daily business. Deploying systems and technology developed with numerous internal collaborators, in an area which has been mainly a subject of theoretical and experimental studies since it started in the late 1970s (with the seminal mental poker research), has been considered a challenging task. For background see.
Software Security, Privacy, and Anonymity Research:
Yung worked on software systems security
 and further characterized the adversary to consider against software systems that are given to users, calling it MATE: `Man-at-the-End' attack (which became popular in the software obfuscation community). Yung has contributed to anonymity and privacy as well, working on cryptographic anonymous credentials such as Group signature, as well as group encryption protocols. Yung together with Adam L. Young cryptanalyzed the Reduced-Seat Buses Protocol for anonymous communication. In the same work they broke multiple anonymous communication protocols, such as Taxis, showing that the crucial property of key-anonymity was missing, they further proposed the Drunk Motorcyclists protocol for anonymous communication and proved that it is cryptographically secure.
^Jonathan Katz, Moti Yung:
Complete characterization of security notions for probabilistic private-key encryption. STOC 2000: 245-254 
^Jonathan Katz, Moti Yung:
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation. FSE 2000: 284-299 
^Benoît Libert, Moti Yung:
Non-interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions. TCC 2012: 75-93 
^Benoît Libert, Thomas Peters, Marc Joye, Moti Yung:
Non-malleability from Malleability: Simulation-Sound Quasi-Adaptive NIZK Proofs and CCA2-Secure Encryption from Homomorphic Signatures. EUROCRYPT 2014: 514-532 
^Benoît Libert, Marc Joye, Moti Yung, Thomas Peters:
Concise Multi-challenge CCA-Secure Encryption and Signatures with Almost Tight Security. ASIACRYPT (2) 2014: 1-21 
^Eike Kiltz, Krzysztof Pietrzak, Martijn Stam, Moti Yung:
A New Randomness Extraction Paradigm for Hybrid Encryption. EUROCRYPT 2009: 590-609 
^Moni Naor, Moti Yung: Universal One-Way Hash Functions and their Cryptographic Applications .STOC 1989: 33-43
^Zvi Galil, Stuart Haber, Moti Yung:
Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model. CRYPTO 1987: 135-155 
^Matthew K. Franklin, Moti Yung: Communication Complexity of Secure Computation (Extended Abstract). STOC 1992: 699-710 
^Rafail Ostrovsky, Moti Yung: How to Withstand Mobile Virus Attacks (Extended Abstract). PODC 1991: 51-59