Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions...

Full description

Saved in:
Bibliographic Details
Published inIACR Transactions on Symmetric Cryptology Vol. 2020; no. 3
Main Authors Ethan Heilman, Neha Narula, Garrett Tanzer, James Lovejoy, Michael Colavita, Madars Virza, Tadge Dryja
Format Journal Article
LanguageEnglish
Published Ruhr-Universität Bochum 01.01.2020
Subjects
cryptanalysis
cryptocurrencies
cryptographic hash functions
signature forgeries
Online AccessGet full text
ISSN2519-173X
DOI10.13154/tosc.v2020.i3.367-391

Cover

More Information
Summary:We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EUCMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).
ISSN:2519-173X
DOI:10.13154/tosc.v2020.i3.367-391