CryptoDB
Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency
| Authors: |
|
|---|---|
| Download: | |
| Abstract: | We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EUCMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA). |
Video from TOSC 2020
BibTeX
@article{tosc-2020-30575,
title={Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency},
journal={IACR Transactions on Symmetric Cryptology},
publisher={Ruhr-Universität Bochum},
volume={2020, Issue 3},
pages={367-391},
url={https://tosc.iacr.org/index.php/ToSC/article/view/8707},
doi={10.13154/tosc.v2020.i3.367-391},
author={Ethan Heilman and Neha Narula and Garrett Tanzer and James Lovejoy and Michael Colavita and Madars Virza and Tadge Dryja},
year=2020
}