This helps protect our community. Learn more

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

9.87K subscribers

222 views 4 years ago

Paper by Ethan Heilman, Neha Narula, Garrett Tanzer, James Lovejoy, Michael Colavita, Madars Virza, Tadge Dryja presented at FSE 2020 See https://iacr.org/cryptodb/data/paper..... The conference program is at https://fse.iacr.org/2020/program.php

These chapters are auto-generated

Follow along using the transcript.

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

License

Chapters View all

Intro

Intro

Intro

Introduction In this talk: . We present our cryptanalysis of Curl-P-27 a hash function

Introduction In this talk: . We present our cryptanalysis of Curl-P-27 a hash function

Introduction In this talk: . We present our cryptanalysis of Curl-P-27 a hash function

Why is this interesting?

Why is this interesting?

Why is this interesting?

IOTA Background: Signatures

IOTA Background: Signatures

IOTA Background: Signatures

Breaking IOTA's Signature Scheme Consider two msgs m1 and m2 that hashes to the same value

Breaking IOTA's Signature Scheme Consider two msgs m1 and m2 that hashes to the same value

Breaking IOTA's Signature Scheme Consider two msgs m1 and m2 that hashes to the same value

Curl-P-27: A Cryptographic Hash Function

Curl-P-27: A Cryptographic Hash Function

Curl-P-27: A Cryptographic Hash Function

Curl-P-27 uses a Sponge-like Construction

Curl-P-27 uses a Sponge-like Construction

Curl-P-27 uses a Sponge-like Construction

How do we create collisions in Curl-P-27?

How do we create collisions in Curl-P-27?

How do we create collisions in Curl-P-27?

IACR

License

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

Chapters

Intro

Intro

Intro

Introduction In this talk: . We present our cryptanalysis of Curl-P-27 a hash function

Introduction In this talk: . We present our cryptanalysis of Curl-P-27 a hash function

Introduction In this talk: . We present our cryptanalysis of Curl-P-27 a hash function

Why is this interesting?

Why is this interesting?

Why is this interesting?

IOTA Background: Signatures

IOTA Background: Signatures

IOTA Background: Signatures

Breaking IOTA's Signature Scheme Consider two msgs m1 and m2 that hashes to the same value

Breaking IOTA's Signature Scheme Consider two msgs m1 and m2 that hashes to the same value

Breaking IOTA's Signature Scheme Consider two msgs m1 and m2 that hashes to the same value

Curl-P-27: A Cryptographic Hash Function

Curl-P-27: A Cryptographic Hash Function

Curl-P-27: A Cryptographic Hash Function

Curl-P-27 uses a Sponge-like Construction

Curl-P-27 uses a Sponge-like Construction

Curl-P-27 uses a Sponge-like Construction

How do we create collisions in Curl-P-27?

How do we create collisions in Curl-P-27?

How do we create collisions in Curl-P-27?

The transformation function uses a round function

The transformation function uses a round function

The transformation function uses a round function

Curl-P-27: Transformation function is very simple

Curl-P-27: Transformation function is very simple

Curl-P-27: Transformation function is very simple

Curl-P-27: Preventing diffusion in many rounds

Curl-P-27: Preventing diffusion in many rounds

Curl-P-27: Preventing diffusion in many rounds

Diffusion and collisions in Curl-P-27

Diffusion and collisions in Curl-P-27

Diffusion and collisions in Curl-P-27

Visualizing the collisions Normal difference propagation for Curl-P-27

Visualizing the collisions Normal difference propagation for Curl-P-27

Visualizing the collisions Normal difference propagation for Curl-P-27

Curl-P-27: Diffusion in the Transformation function

Curl-P-27: Diffusion in the Transformation function

Curl-P-27: Diffusion in the Transformation function

Curl-P-27: Finding Collisions

Curl-P-27: Finding Collisions

Curl-P-27: Finding Collisions

Eve uses Alice's signature on Msg1 for Msg2

Eve uses Alice's signature on Msg1 for Msg2

Eve uses Alice's signature on Msg1 for Msg2

Signature Forgery in more detail

Chapters

Chapters