Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » Analysis » Take The New IOTA Hash Function For A Spin: Win €200,000

Take The New IOTA Hash Function For A Spin: Win €200,000

by
IOTA spins up a new hash function

Share this article

ConsenSys Developers, take note: if things don’t work out with the blockchain, there’s still  plenty of money on the Tangle. The IOTA Foundation is offering bounties totalling over 200,000€ to anyone who can crack their new trinary hashing algorithm, which will be used to secure transactions on the Internet-of-Things network.

The lightweight encryption function, dubbed “Troika,” replaces the homebrewed Curl-P function previously used to create addresses and sign transactions on the DAG. Troika was designed in collaboration with Cybercrypt A/S, a systems provider in robust cryptography commissioned by the IOTA foundation.

Older hash functions are unsuitable because IOTA uses ternary arithmetic, rather than binary, and the Foundation is currently developing new computer chips built around Base-3 logic.  As the Foundation explained in a press release:

With the introduction of trinary-based hardware, trinary algorithms will run more efficiently, leading to significant reduction in computation and energy consumption. These energy gains underlie the choice of trinary architecture in the IOTA protocol, and are one of the main drivers behind the creation of Troika.

Troika will establish “world-leading security for the IOTA protocol.” said David Sønstebø, who co-founded the IOTA Foundation, in a statement. “We hope that this competition will bring the cryptographic community together on solving security in the Internet-of-Things.”

Can IOTA Repair Its Image?

The contest appears to be aimed at burnishing IOTA’s image: the company has previously been embarrassed by revelations about the Foundation’s slipshod work. Last year, a much-hyped partnership with Microsoft was revealed to be mostly hot air, while the IOTA software was extremely difficult to use.

But the biggest drama of all surrounded Curl-P, a prototype hashing algorithm specially designed for the IOTA’s machine-to-machine payments. Neha Narula, director of the MIT Digital Currency Lab, discovered aserious vulnerability which allowed the MIT team to “find collisions using commodity hardware within just a few minutes, and forge signatures on IOTA payments.” 

The report added, “Please don’t roll your own crypto.”

For a function designed to securely encrypt transactions, discovering collisions is roughly equivalent to finding that your housekeys also work in the neighbors’ locks. The IOTA Foundation did not take the criticism gracefully, and the fallout turned the DAG-based network into the laughingstock of the cryptographic community.

Getting It Right

Since then, the IOTA Foundation seems to have learned its lesson, and outsourced the hard work to professionals. By publicizing the high bounties, the Foundation can both vet the new hash function, and signal its commitment to rigorous security.

“The goal has always been to develop the most secure lightweight hash function possible for IoT,” Sønstebø told followers in an IOTA Discord Group. “The problem with Curl was that we did not have hundreds of thousands laying around to hire world class cryptographers. That narrative is one of the most misunderstood in all of DLT history…”

Those days may be in the past, now that IOTA has the funds for serious cryptographic security. “Our team has extensive experience with the cryptanalysis of hash functions and evaluated Troika against all known cryptanalytic attacks over the last couple of months” said Peter Jerry Sørensen, COO of Cybercrypt. “Further, we had external reviewers conducting an independent analysis of the security of Troika.”

Troika still has to be thoroughly tested before being integrated to the Tangle, but with 200,000 euros on the line, any vulnerabilities will not remain undiscovered for very long.

The author is invested in digital assets, but none mentioned in this article. 

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.