Cryptology ePrint Archive: Report 2019/344

Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency

Ethan Heilman and Neha Narula and Garrett Tanzer and James Lovejoy and Michael Colavita and Madars Virza and Tadge Dryja

Abstract: We present attacks on the cryptography formerly used in the IOTA blockchain, including under certain conditions the ability to forge signatures. We developed practical attacks on IOTA's cryptographic hash function Curl-P-27, allowing us to quickly generate short colliding messages. These collisions work even for messages of the same length. Exploiting these weaknesses in Curl-P-27, we broke the EU-CMA security of the former IOTA Signature Scheme (ISS). Finally, we show that in a chosen-message setting we could forge signatures and multi-signatures of valid spending transactions (called bundles in IOTA).

Category / Keywords: public-key cryptography / cryptocurrencies, digital signatures, hash functions, cryptanalysis

Original Publication (with minor differences): IACR-FSE-2020

Date: received 31 Mar 2019, last revised 27 Feb 2020

Contact author: ethan r heilman at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20200227:212552 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]