A blogger who made the allegation on Twitter was the one who detected the error. In 2018, IOTA had to change its algorithm when detecting that it caused collisions.
Twitter user @SoatokDhole presented a study on the Kerl crypto algorithm on his blog website. He shows that he currently uses IOTA to encrypt his operations. However, he found that it causes collisions on the output.
A collision occurs when an encryption algorithm produces equal outputs after receiving different inputs. This is especially sensitive if people use the algorithm to create wallet addresses, where they store their funds.
If two people have access to the same address due to a collision, either person can use the funds associated with it. The fact that an algorithm causes collisions does not make sense in the field of cryptography.
Saotok explains in his post that Kerl is a variation of another encryption algorithm: Keccak-384. Keccak has proven to be effective but, in the case of IOTA, it has a collision problem.
This happens because IOTA has the feature of encoding its inputs in a ternary numeral system {-1, 0, 1} instead of a binary system {0,1}. In balanced ternary numeral systems, like the one that IOTA uses, the smallest unit of information is called “trit” (trinary digit), equivalent to a bit in a binary system.
According to the blogger, the collisions seem to be a consequence of always resetting the last “trit” before passing the input to Keccak-384. Then he posts a set of inputs that produce the error, but there may be many more.
IOTA Representative’s Response to the Error
The IOTA Foundation, through its Director of Alliances, Holger Köther, has responded to these allegations. Wolfgang Welz, a user who is a “Senior Computational Scientist”, provides an explanation
According to Welz, the algorithm Kerl has resistance against pre-images, since it runs on a traditional Keccak function. However, Kerl is not a general cryptographic hash function. Therefore, no one should use it for general purposes outside of the IOTA Protocol.
Who Found the Crypto Error?
Soatok wrote on his Twitter account that one reason not to use IOTA is that these two inputs to its Kerl hash functions collide.
The blogger considers this to be an important of a pattern that IOTA developers have. In this regard, Soatok provides three possible explanations:
1. It is a back door intended for those who designed the IOTA network to exploit it, as happened with its previous algorithm, the Curl-P-27.
2. They made a critical error in the design of the algorithm Kerl, which Kerl users may exploit.
3. The justification that IOTA representatives give is true and there is no way to exploit this vulnerability.
Soatok insists that it is impossible to exploit this error within IOTA. However, he says that it is still a major flaw in the design of Kerl.
IOTA has received complaints of vulnerability since 2018. That year, a group of researchers discovered that the Curl-P-27 algorithm, which IOTA originally used, had collisions on the output. IOTA had changed its algorithm and offered rewards to those who were able to breach its network.
This year, hackers attacked the network again and it was disconnected for almost a month. The project continues to have defenders and detractors. However, it has not been able to recover from the 2018 reputation crisis.
By Alexander Salazar
