• Stars
    star
    173
  • Rank 220,124 (Top 5 %)
  • Language
    Python
  • Created over 7 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

IOTA's hash function curl is broken

Vulnerability report on IOTA and code to create collisions

Read our full paper Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency.

Read the original report here.

See examples for the original colliding bundles we released in 2017.

See valueattack, collide, and template for the code to create colliding bundles.

Make sure to set your GOPATH and check out this repo to $GOPATH/src/github.com/mit-dci/tangled-curl. For example, the following sets GOPATH to a directory named go inside your home directory and clones the repo there:

export GOPATH=$HOME/go
mkdir -p $GOPATH/src/github.com/mit-dci
cd $GOPATH/src/github.com/mit-dci
git clone https://github.com/mit-dci/tangled-curl

Afterwards, clone the IOTA libraries:

go get -u github.com/getlantern/deepcopy
go get -u github.com/iotaledger/giota

The latter line will emit a harmless warning (package github.com/iotaledger/giota: no Go files in ...). As iotaledger changed the implementation since we wrote our cryptanalysis code, make sure that iotaledger is at the right commit:

pushd $GOPATH/src/github.com/iotaledger/giota/
git checkout 7e48a1c9b9e904f07e1fc82815e5b302873a6dec
popd

Install pypy (our code hardcodes pypy executable name but it is likely that pypy3 would work with small changes).

Finally, try out our attack:

cd $GOPATH/src/github.com/mit-dci/tangled-curl/valueattack
CGO_LDFLAGS_ALLOW='-msse2' go build
./valueattack

(The CGO_LDFLAGS_ALLOW environment variable enables cgo flag whitelisting required by iotaledger at the commit we use.)

More Repositories

1

opencbdc-tx

A transaction processor for a hypothetical, general-purpose, central bank digital currency
C++
899
star
2

lit

Lightning Network node software
Go
551
star
3

mas.s62

MAS.S62 Spring 2018 course website
Go
331
star
4

utreexo

accumulator for bitcoin utxo set
Go
317
star
5

opencx

An open-source cryptocurrency exchange toolkit for implementing experimental exchange features
Go
201
star
6

CryptoKernel

A SDK for implementing blockchain-based digital currencies
C++
173
star
7

6.892-public

Course information for 6.892 (Spring 2017)
110
star
8

zkledger

Privacy-preserving auditing for distributed ledgers
Go
65
star
9

rustreexo

Utreexo in rust
Rust
43
star
10

resources

Resources for getting started
42
star
11

zksigma

A library for generating non-interactive proofs of knowledge without trusted setup
Go
29
star
12

litpay

Lightning Network Payment Gateway
JavaScript
21
star
13

libutreexo

library for utreexo accumulator in c++
C++
20
star
14

Dictionary

A lisiting of terminology for internal consistent use at the DCI, but published to serve as reference externally. PR's welcome!
17
star
15

dlc-oracle-nodejs

A library for making Discreet Log Contracts oracles in NodeJS
TypeScript
14
star
16

utxohunt

utxohunt assignment for 6.892
Go
12
star
17

CryptoCurrency

Uses the CryptoKernel library to create a modular cryptocurrency.
C++
12
star
18

dlcspec

specification for discreet log contracts
11
star
19

pooldetective

Go
10
star
20

artistry

direct artist payments using blockchain
JavaScript
9
star
21

SmartSolar

Smart contracts to finance and orchestrate energy payments of solar PV systems.
C++
9
star
22

dlcoracle

Go
7
star
23

dlc-oracle-go

Library for making Discreet Log Contract Oracles in Go
Go
7
star
24

terraform-aws-opencbdc-tctl

terraform infrastructure for opencbdc-tctl
HCL
6
star
25

opencbdc-tctl

A large-scale, on-demand test orchestrator for opencbdc-tx
Go
6
star
26

Smart-Property

JavaScript
6
star
27

firmitas

A cryptocurrency market conditions simulator for testing algorithmic interest rate, quantitative easing and block reward changes
C++
5
star
28

cash-disclosure

5
star
29

dlc-oracle-go-samples

Samples of using the Discreet Log Contracts Oracle library
Go
4
star
30

research-guide

3
star
31

go-bverify

B-Verify in Go
Go
3
star
32

ck-wallet

React-native CK wallet
JavaScript
3
star
33

dlc-oracle-nodejs-samples

JavaScript
3
star
34

opencbdc-js

node-js module to interact with opencbdc-tx
JavaScript
2
star
35

lit-rpc-client-dotnet

Client for LIT's RPC server in .NET Core
C#
2
star
36

dlc-oracle-dotnet

Library for making Discreet Log Contract Oracles in .NET Core
C#
2
star
37

TransThunder

music streaming with micropayments
2
star
38

opencbdc-ui

a demo, browser-based wallet for opencbdc
Vue
1
star
39

lit-rpc-client-nodejs-samples

Samples of using the LIT RPC Client for NodeJS
JavaScript
1
star
40

lit-tracker

A node tracker for lit
JavaScript
1
star
41

config-files-archive

Archive of config files used for OpenCBDC instantiation, and tests
1
star
42

poolmonitor

Mining pool monitor
1
star
43

litvending

Making old vending machines Lit compliant
Python
1
star
44

lit-rpc-client-go-samples

Samples of using the LIT RPC Client for Go
Go
1
star
45

lit-rpc-client-nodejs

Client for LIT's RPC server in NodeJS (Typescript)
TypeScript
1
star