IOTA Updates

A new hash function called Curl based on SHA-3/Keccak’s sponge construction had to be implemented for IOTA.

Limitations of SHA-1 and SHA-2

A notable problem with SHA-1 and SHA-2 is that they both use the same engine, called Merkle-Damgard, to process message text. This means that a successful attack on SHA-1 becomes a potential threat on SHA-2.

Consider SHA-1 for instance. A brute force attack usually takes at least 280 rounds (a round is a single cycle of transformation of the interim hash value) to find a collision in a full-round SHA-1. But in February 2005, Xiaoyun Wang and colleagues used a differential path attack to break a full-round SHA-1, and it took only 269 cycles to succeed. That same attack was later corroborated by Martin Cochran in August 2008.

In 2012, Mark Stevens used a series of cloud servers to perform a differential path attack on SHA-1. His attack produced a near-collision after 258.5 cycles. He also estimated a modified attack can manage a full-collision after 261 cycles.

As to SHA-2, the only successful attacks were those against a limited round SHA-2 hash. The most effective attack was against a 46-round SHA-2 (512-bit variant) and against a 41-round SHA-2 (256-bit variant). It took 2253.6 cycles to break the 256-bit variant and 2511.5 cycles for the 512-bit variant.

The fact remains that, while no successful attacks against a full-round SHA-2 have been announced, there is no doubt that attack mechanisms are being developed in private. This is one reason why NIST sponsored the SHA-3 competition, which led to the development and recent adoption of Keccak.

Keccak uses an innovative "sponge engine" to hash the message text. It is fast, with a reported average speed of 12.5 cycles per byte on an Intel Core 2 processor. Its simple design lends well to hardware implementation.

Keccak can resists known attacks with a minimum complexity of 2n, where n is the hash size. It has a wide safety margin. To date, third-party cryptanalysis has shown no serious weaknesses in Keccak. Nevertheless, Keccak's creators have started the Crunchy Crypto Contest, challenging others to find and report successful and verifiable attacks on Keccak.

More Details - https://blog.iota.org/upgrades-updates-d12145e381eb