Moti Yung

Last updated
Moti Yung
Alma mater Columbia University
Awards
Scientific career
Fields
Institutions
Thesis Minimum-Knowledge Transfer Protocol  (1988)
Doctoral advisor Zvi Galil
Doctoral students

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

Contents

Career

Yung earned his PhD from Columbia University in 1988 under the supervision of Zvi Galil. [1] In the past, he worked at the IBM Thomas J. Watson Research Center, [2] CertCo, RSA Laboratories, and Google. [3] In 2016, Yung moved from Google to Snap Inc. [4] Yung is currently a research scientist at Google. [5]

Yung is an adjunct senior research faculty member at Columbia University, [5] and has co-advised PhD students including Gödel Prize winner Matthew K. Franklin, Jonathan Katz, and Aggelos Kiayias. [1]

Research

Yung research covers primarily the area of cryptography and its applications to information security and data privacy. He has worked on defining and implementing malicious (offensive) cryptography: cryptovirology [6] and kleptography, [7] and on various other foundational and applied fields of cryptographic research, including: user and entity electronic authentication, [8] [9] information-theoretic security, [10] [11] secure multi-party computation, [12] [13] [14] [15] threshold cryptosystems, [16] [17] and zero-knowledge proofs, [18] [19] [20]

Cryptovirology

In 1996, Adam L. Young and Yung coined the term cryptovirology to denote the use of cryptography as an attack weapon via computer viruses and other malware in contrast to its traditional protective role. [6] In particular, they described the first instances of ransomware using public-key cryptography. [21] [22]

Kleptography

In 1996, Adam L. Young and Yung introduced the notion of kleptography [7] to show how cryptography could be used to attack host cryptosystems where the malicious resulting system with the embedded cryptologic tool in it resists reverse-engineering and cannot be detected by interacting with the host cryptosystem, [23] [24] [25] [26] [27] as an argument against cryptographic systems and devices given by an external body as "black boxes" as was the Clipper chip and the Capstone program. [28]

After the 2013 Snowden affair, the NIST was believed to have mounted the first kleptographic attack against the American Federal Information Processing Standard detailing the Dual EC DRBG, [29] essentially exploiting the repeated discrete logarithm based "kleptogram" introduced by Young and Yung. [30]

Awards

Selected publications

Related Research Articles

<span class="mw-page-title-main">Ralph Merkle</span> American cryptographer (born 1952)

Ralph C. Merkle is an American computer scientist and mathematician. He is one of the inventors of public-key cryptography, the inventor of cryptographic hashing, and more recently a researcher and speaker on cryonics.

A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis where the cryptanalyst can gather information by obtaining the decryptions of chosen ciphertexts. From these pieces of information the adversary can attempt to recover the secret key used for decryption.

Articles related to cryptography include:

Kleptography is the study of stealing information securely and subliminally. The term was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology – Crypto '96. Kleptography is a subfield of cryptovirology and is a natural extension of the theory of subliminal channels that was pioneered by Gus Simmons while at Sandia National Laboratory. A kleptographic backdoor is synonymously referred to as an asymmetric backdoor. Kleptography encompasses secure and covert communications through cryptosystems and cryptographic protocols. This is reminiscent of, but not the same as steganography that studies covert communications through graphics, video, digital audio data, and so forth.

Authenticated Encryption (AE) is an encryption scheme which simultaneously assures the data confidentiality and authenticity. Examples of encryption modes that provide AE are GCM, CCM.

Cryptovirology refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.

Homomorphic encryption is a form of encryption that allows computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output that is identical to that produced had the operations been performed on the unencrypted data. Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This allows data to be encrypted and outsourced to commercial cloud environments for processing, all while encrypted.

Secure two-party computation (2PC) a.k.a. Secure function evaluation is sub-problem of secure multi-party computation (MPC) that has received special attention by researchers because of its close relation to many cryptographic tasks. The goal of 2PC is to create a generic protocol that allows two parties to jointly compute an arbitrary function on their inputs without sharing the value of their inputs with the opposing party. One of the most well known examples of 2PC is Yao's Millionaires' problem, in which two parties, Alice and Bob, are millionaires who wish to determine who is wealthier without revealing their wealth. Formally, Alice has wealth , Bob has wealth , and they wish to compute without revealing the values or .

A threshold cryptosystem, the basis for the field of threshold cryptography, is a cryptosystem that protects information by encrypting it and distributing it among a cluster of fault-tolerant computers. The message is encrypted using a public key, and the corresponding private key is shared among the participating parties. With a threshold cryptosystem, in order to decrypt an encrypted message or to sign a message, several parties must cooperate in the decryption or signature protocol.

<span class="mw-page-title-main">Moni Naor</span> Israeli computer scientist (born 1961)

Moni Naor is an Israeli computer scientist, currently a professor at the Weizmann Institute of Science. Naor received his Ph.D. in 1989 at the University of California, Berkeley. His advisor was Manuel Blum.

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with popular algorithms currently used in the market is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or even faster and less demanding alternatives.

Matthew Keith "Matt" Franklin is an American cryptographer, and a professor of computer science at the University of California, Davis.

Jonathan Katz is a professor in the Department of Computer Science at the University of Maryland who conducts research on cryptography and cybersecurity. In 2019–2020 he was a faculty member in the Volgenau School of Engineering at George Mason University, where he held the title of Eminent Scholar in Cybersecurity. In 2013–2019 he was director of the Maryland Cybersecurity Center at the University of Maryland.

<span class="mw-page-title-main">Amit Sahai</span> American cryptographer (born 1974)

Amit Sahai is an Indian-American computer scientist. He is a professor of computer science at UCLA and the director of the Center for Encrypted Functionalities.

Shai Halevi is a computer scientist who works on cryptography research at Amazon Web Services.

Bulent Yener is a Professor in the Department of Computer Science and in the Department of Electrical, Computer and Systems Engineering, and the founding Director of Data Science Research Center at Rensselaer Polytechnic Institute (RPI) in Troy, New York.

Dmitry Khovratovich is a Russian cryptographer, currently a Lead Cryptographer for the Dusk Network, researcher for the Ethereum Foundation, and member of the International Association for Cryptologic Research.

Aggelos Kiayias FRSE is a Greek cryptographer and computer scientist, currently a professor at the University of Edinburgh and the Chief Science Officer at Input Output Global, the company behind Cardano.

<span class="mw-page-title-main">Hugo Krawczyk</span> Argentine Israeli cryptographer

Hugo Krawczyk is an Argentine-Israeli cryptographer best known for co-inventing the HMAC message authentication algorithm and contributing in fundamental ways to the cryptographic architecture of central Internet standards, including IPsec, IKE, and SSL/TLS. In particular, both IKEv2 and TLS 1.3 use Krawczyk’s SIGMA protocol as the cryptographic core of their key exchange procedures. He has also contributed foundational work in the areas of threshold and proactive cryptosystems and searchable symmetric encryption, among others.

References

  1. 1 2 Moti Yung at the Mathematics Genealogy Project
  2. "IBM T.J. Watson: Cryptography Research". IBM Research. Retrieved October 29, 2020.
  3. Moti Yung page: Google Research
  4. Dave, Paresh (March 29, 2016), "This week in L.A. tech: Three Day Rule lands funding, Snapchat snags encryption expert and Surf Air flies north", Los Angeles Times
  5. 1 2 "Moti Yung". IEEE Computer Society. 8 September 2018. Retrieved 28 December 2019.
  6. 1 2 3 Young, A.; M. Yung (1996). "Cryptovirology: extortion-based security threats and countermeasures". Proceedings 1996 IEEE Symposium on Security and Privacy. IEEE Symposium on Security and Privacy. pp. 129–140. doi:10.1109/SECPRI.1996.502676. ISBN   0-8186-7417-2.
  7. 1 2 Infosecurity Magazine: The Dark Side of Cryptography: Kleptography in Black-Box Implementations https://www.infosecurity-magazine.com/magazine-features/the-dark-side-of-cryptography-kleptography-in/
  8. Ray Bird, Inder S. Gopal, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik Molva, Moti Yung: Systematic Design of Two-Party Authentication Protocols. CRYPTO 1991: 44-61
  9. John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, Moti Yung: Fourth-factor authentication: somebody you know. ACM Conference on Computer and Communications Security (CCS) 2006
  10. Carlo Blundo, Alfredo De Santis, Amir Herzberg, Shay Kutten, Ugo Vaccaro, Moti Yung: Perfectly-Secure Key Distribution for Dynamic Conferences. CRYPTO 1992: 471-486
  11. Danny Dolev, Cynthia Dwork, Orli Waarts, Moti Yung: Perfectly Secure Message Transmission. J. ACM 40(1): 17-47 (1993)
  12. R. Cramer, Introduction to Secure Computation http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.130.9163&rep=rep1&type=pdf
  13. Zvi Galil, Stuart Haber, Moti Yung: Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model. CRYPTO 1987: 135-155
  14. Matthew K. Franklin, Moti Yung: Communication Complexity of Secure Computation (Extended Abstract). STOC 1992: 699-710
  15. VentureBeat: Google’s Private Join and Compute gives companies data insights while preserving privacy
  16. Alfredo De Santis, Yvo Desmedt, Yair Frankel, Moti Yung: How to share a function securely. STOC 1994: 522-533
  17. NISTIR 8214: Threshold Schemes for Cryptographic Primitives -- Challenges and Opportunities in Standardization and Validation of Threshold Cryptography, by Luís T. A. N. Brandão, Nicky Mouha, and Apostol Vassilev
  18. Russell Impagliazzo, Moti Yung: Direct Minimum-Knowledge Computations. CRYPTO 1987: 40-51
  19. Gilles Brassard, Claude Crépeau, Moti Yung: Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols. Theor. Comput. Sci. 84(1): 23-52 (1991)
  20. Andrew Chi-Chih Yao, Moti Yung, Yunlei Zhao: Concurrent Knowledge Extraction in Public-Key Models. J. Cryptology 29(1): 156-219 (2016)
  21. Skeptical Experts and Smart Attackers. Feb. 2 2013 http://privacy-pc.com/articles/moti-yung-and-adam-young-on-kleptography-and-cryptovirology-5-skeptical-experts-and-smart-attackers.html
  22. Ransomware: The future of extortion By Jibu Elias September 04, 2017 https://www.techradar.com/news/ransomware-the-future-of-extortion
  23. Young, Adam; Yung, Moti (1996), "The Dark Side of "Black-Box" Cryptography or: Should We Trust Capstone?", Adam L. Young, Moti Yung: The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone? CRYPTO 1996: 89-103, Lecture Notes in Computer Science, vol. 1109, p. 89, doi: 10.1007/3-540-68697-5_8 , ISBN   978-3-540-61512-5
  24. Young, Adam; Yung, Moti (1997), "Kleptography: Using Cryptography Against Cryptography", Adam L. Young, Moti Yung: Kleptography: Using Cryptography Against Cryptography. EUROCRYPT 1997: 62-74, Lecture Notes in Computer Science, vol. 1233, p. 62, doi: 10.1007/3-540-69053-0_6 , ISBN   978-3-540-62975-7
  25. Young, Adam; Yung, Moti (1997), "The prevalence of kleptographic attacks on discrete-log based cryptosystems", Adam L. Young, Moti Yung: The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems. CRYPTO 1997: 264-276, Lecture Notes in Computer Science, vol. 1294, p. 264, doi: 10.1007/BFb0052241 , ISBN   978-3-540-63384-6
  26. Young, Adam; Yung, Moti (1998), "Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs", Adam L. Young, Moti Yung: Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs. FSE 1998: 122-133, Lecture Notes in Computer Science, vol. 1372, p. 122, doi: 10.1007/3-540-69710-1_9 , ISBN   978-3-540-64265-7
  27. Young, Adam; Yung, Moti (2001), "Bandwidth-Optimal Kleptographic Attacks", Adam L. Young, Moti Yung: Bandwidth-Optimal Kleptographic Attacks. CHES 2001: 235-250, Lecture Notes in Computer Science, vol. 2162, p. 235, doi: 10.1007/3-540-44709-1_20 , ISBN   978-3-540-42521-2
  28. How to Design — And Defend Against — The Perfect Security Backdoor, Bruce Schneier, Wired Magazine, 10/16/2013
  29. Larry Greenemeier (18 September 2013). "NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard". Scientific American.
  30. Green, Matt, presentation: From Heartbleed to Juniper and Beyond (PDF)
  31. IACR Distinguished Lectures, retrieved 2012-03-11
  32. ACM Names Fellows for Computing Advances that Are Transforming Science and Society Archived 2014-07-22 at the Wayback Machine , Association for Computing Machinery, accessed 2013-12-10
  33. http://homepages.laas.fr/esorics/ Esorics Awards
  34. IACR Moti Yung, IACR Fellow, 2014
  35. http://www.sigsac.org/award/sigsac-awards.html SIGSAC Awards
  36. IEEE fellows 2015
  37. EATCS fellows
  38. Moti Yung Received IEEE Computer Society 2018 W. Wallace McDowell Award, 8 September 2018
  39. Yiannis Tsiounis, Moti Yung: On the Security of ElGamal Based Encryption. Public Key Cryptography 1998 117-134. Lecture Notes in Computer Science 1431, Springer, 1998 |title= on the security of ElGamal Encryption.
  40. https://www.iacr.org/meetings/pkc/test_of_time_award/ PKC Test-of-Time Award
  41. IEEE 2020 Symp. on Security and Privacy Best Paper Awards.
  42. Moti Yung Award Recipient
  43. "New members". American Academy of Arts and Sciences. 2023. Retrieved 2023-04-21.
  44. François-Xavier Standaert, Tal Malkin, Moti Yung: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. EUROCRYPT 2009: 443-461
  45. https://iacr.org/testoftime/ IACR Test of Time Awards