ConsenSys Developers, take note: if things don’t work out with the blockchain, there’s still plenty of money on the Tangle. The IOTA Foundation is offering bounties totalling over 200,000€ to anyone who can crack their new trinary hashing algorithm, which will be used to secure transactions on the Internet-of-Things network.
The lightweight encryption function, dubbed “Troika,” replaces the homebrewed Curl-P function previously used to create addresses and sign transactions on the DAG. Troika was designed in collaboration with Cybercrypt A/S, a systems provider in robust cryptography commissioned by the IOTA foundation.
Older hash functions are unsuitable because IOTA uses ternary arithmetic, rather than binary, and the Foundation is currently developing new computer chips built around Base-3 logic. As the Foundation explained in a press release:
With the introduction of trinary-based hardware, trinary algorithms will run more efficiently, leading to significant reduction in computation and energy consumption. These energy gains underlie the choice of trinary architecture in the IOTA protocol, and are one of the main drivers behind the creation of Troika.
Troika will establish “world-leading security for the IOTA protocol.” said David Sønstebø, who co-founded the IOTA Foundation, in a statement. “We hope that this competition will bring the cryptographic community together on solving security in the Internet-of-Things.”
Can IOTA Repair Its Image?
The contest appears to be aimed at burnishing IOTA’s image: the company has previously been embarrassed by revelations about the Foundation’s slipshod work. Last year, a much-hyped partnership with Microsoft was revealed to be mostly hot air, while the IOTA software was extremely difficult to use.
But the biggest drama of all surrounded Curl-P, a prototype hashing algorithm specially designed for the IOTA’s machine-to-machine payments. Neha Narula, director of the MIT Digital Currency Lab, discovered a “serious vulnerability” which allowed the MIT team to “find collisions using commodity hardware within just a few minutes, and forge signatures on IOTA payments.”
The report added, “Please don’t roll your own crypto.”
For a function designed to securely encrypt transactions, discovering collisions is roughly equivalent to finding that your housekeys also work in the neighbors’ locks. The IOTA Foundation did not take the criticism gracefully, and the fallout turned the DAG-based network into the laughingstock of the cryptographic community.
Getting It Right
Since then, the IOTA Foundation seems to have learned its lesson, and outsourced the hard work to professionals. By publicizing the high bounties, the Foundation can both vet the new hash function, and signal its commitment to rigorous security.
“The goal has always been to develop the most secure lightweight hash function possible for IoT,” Sønstebø told followers in an IOTA Discord Group. “The problem with Curl was that we did not have hundreds of thousands laying around to hire world class cryptographers. That narrative is one of the most misunderstood in all of DLT history…”
Those days may be in the past, now that IOTA has the funds for serious cryptographic security. “Our team has extensive experience with the cryptanalysis of hash functions and evaluated Troika against all known cryptanalytic attacks over the last couple of months” said Peter Jerry Sørensen, COO of Cybercrypt. “Further, we had external reviewers conducting an independent analysis of the security of Troika.”
Troika still has to be thoroughly tested before being integrated to the Tangle, but with 200,000 euros on the line, any vulnerabilities will not remain undiscovered for very long.
The author is invested in digital assets, but none mentioned in this article.