IOTA Foundation Announces New Lightweight Hash Function, Sets €200,000 Bounty for Cracking It

Nuno Teodoro

The IOTA foundation has developed a new lightweight cryptographic hash function in collaboration with CYBERCRYPT, a world-leading system provider in robust cryptography and cybersecurity. The announcement was made via IOTA’s official blog.

The new hash function, entitled “Troika”, was developed by CYBERCRYPT’s expert cryptographers and will serve as a “strong cryptographic foundation for the final IOTA protocol”. Troika was built specifically for the trinary architecture of the Tangle (IOTA’s distributed ledger). It features low computational and energy consumption demands, making it perfect for the Internet of Things (IoT).

Security was also a significant factor when building the new hash function. The IOTA foundation claims that Troika has a significant security margin against all known cryptanalytic attacks. In order to test their rather bold claims, Troika is being presented to the public for evaluation.

The IOTA foundation and CYBERCRYPT will host a competition, rewarding those who are able to hack the system. A bounty reward of €200,000 ($227,600) will be shared among successful participants of the program. More information regarding the bounty program can be found here.

IOTA co-founder David Sønstebø showed his enthusiasm about the partnership:

“The IOTA Foundation is honored and excited to be collaborating with CYBERCRYPT, to ensure we achieve world-leading security for the IOTA protocol. We hope that this competition will bring the cryptographic community together on solving security in the Internet-of-Things,”

 IOTA’s Hash Functions

Troika will be the successor of Curl and Keccack-384, the previous hash functions of the IOTA Tangle. David Sønstebø has stated that the in-house algorithm called Curl was originally implemented because IOTA “did not have hundreds of thousands laying around to hire world-class cryptographers.”

It all started in July 2017, when a researcher from MIT’s Digital Currency Initiative informed the IOTA foundation that there were “serious cryptographic weaknesses” with the current implementation of Curl in IOTA. This lead to a series of controversial emails between the IOTA team and the MIT research team that were later leaked.

Regardless, the Curl hash algorithm was eventually substituted by Keccack-384 in August 2017, a month before the group of MIT published a report exposing the vulnerabilities. Now the IOTA team hopes Troika will be able to secure the digital ecosystem for future IoT applications. Troika has already been peer reviewed and the bounty program clearly shows the IOTA team is confident on the security of their new hash algorithm.