Litcius/Paper detail

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

Ethan Heilman, Neha Narula, Garrett Tanzer, James Peter Thomas. Lovejoy, Michael Colavita, Madars Virza, Tadge Dryja

2020IACR Transactions on Symmetric Cryptology34 citationsDOIOpen Access PDF

Abstract

We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EUCMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).

Topics & Concepts

Hash functionCryptanalysisComputer scienceCryptographyComputer securityCryptographic hash functionCryptocurrencySignature (topology)Curl (programming language)Theoretical computer scienceMathematicsWorld Wide WebGeometryCryptography and Data SecurityBlockchain Technology Applications and SecurityCoding theory and cryptography
Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency | Litcius