Internet Archive Scholar

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

Ethan Heilman, Neha Narula, Garrett Tanzer, James Lovejoy, Michael Colavita, Madars Virza, Tadge Dryja
2020 IACR Transactions on Symmetric Cryptology  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (634.9 kB)
https://web.archive.org/web/20201006010436/https://tosc.iacr.org/index.php/ToSC/article/download/8707/8299

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA's cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EUCMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message
more » ... tting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).
doi:10.13154/tosc.v2020.i3.367-391 dblp:journals/tosc/HeilmanNTLCVD20 fatcat:4flxxmbivbf5pdbe5l4k5hck4q
DOAJ OJS
Citation

Ethan Heilman, Neha Narula, Garrett Tanzer, James Lovejoy, Michael Colavita, Madars Virza, Tadge Dryja. "Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency." IACR Transactions on Symmetric Cryptology (2020) Issue 3