Publication

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

June 30, 2020

People
Groups

By Ethan Heilman (Boston Uni), Neha Narula (MIT Media Lab), Garrett Tanzer (Harvard), James Lovejoy (MIT Media Lab), Michael Colavita (Harvard), Madars Virza (MIT Media Lab), and Tadge Dryja (MIT Media Lab). Accepted at the FSE (Fast Software Encryption) Conference , which is organized by the International Association for Cryptologic Research (IACR), 2020

Abstract

 We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA’s cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EU-CMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).

Keywords: cryptocurrencies, signature forgeries, cryptographic hash functions, cryptanalysis

Related Content
Publication Research

A Lower Bound for Byzantine Agreement and Consensus for Adaptive Adversaries using VDFs

BibTeX Citation: @misc{dryja2020lower, title={A Lower Bound for Byzantine Agreement and Consensus for Adaptive Adversaries using VDFs}, author={Thaddeus Dryja and Quanquan C. Liu and Neha Narula}, year={2020}, eprint={2004.01939}, archivePrefix={arXiv}, primaryClass={cs.DC}
Publication Research

ClockWork: An Exchange Protocol for Proofs of Non Front-Running

Cline, D., Narula, N., & Dryja, T. (2020). ClockWork: An Exchange Protocol for Proofs of Non Front-Running. Stanford, CA: The Stanford Blockchain Conference.
Publication Research

zkLedger: Privacy-Preserving Auditing for Distributed Ledgers

Presented at the 15th USENIX Symposium on Networked Systems Design and Implementation in 2018
Publication Research

A High Performance Payment Processing System Designed for Central Bank Digital Currencies

Brownworth, Anders, et al. "A High Performance Payment Processing System Designed for Central Bank Digital Currencies." MIT Media Lab Digital Currency Initiative and the Federal Reserve Bank of Boston, 2022.