Bitcoin Forum
June 15, 2024, 02:02:37 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Bitcoin Forum > Alternate cryptocurrencies > Altcoin Discussion > Epic fail - IOTA's new hash function is vulnerable to collisions
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Epic fail - IOTA's new hash function is vulnerable to collisions  (Read 86 times)
hatshepsut93 (OP)
Legendary
*
Offline Offline

Activity: 2996
Merit: 2148


View Profile
July 15, 2020, 06:46:41 PM
 #1
https://soatok.blog/2020/07/15/kerlissions-trivial-collisions-in-iotas-hash-function-kerl/


Quote
As a consequence of their weird ternary obsession, the following inputs all produce the same Kerl hash:

GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFE IZ
GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFE IH
GYOMKVTSNHVJNCNFBBAH9AAMXLPLLLROQY99QN9DLSJUHDPBLCFFAIQXZA9BKMBJCYSFHFPXAHDWZFE IQ
This is a consequence of always zeroing out the last “trit” before passing the input to Keccak-384.

TL;DR - IOTA's previous hash function was backdoored, and after some controversy they changed it to their own version of SHA-3, but it's vulnerable to hash collisions because of their strange choice of encoding.


I don't track what's going on with IOTA too much, but they have a strong tendency of doing these huge security mistakes and introducing critical design flaws, and people who get caught in their hype need to be aware of it.
Pages: [1]
  Print  
Bitcoin Forum > Alternate cryptocurrencies > Altcoin Discussion > Epic fail - IOTA's new hash function is vulnerable to collisions
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!