Ethan Heilman: Breaking IOTA's Curl Hash Function

Check out live stream here (https://www.youtube.com/watch?v=yLbKCY8PXxY)

Now that all parties are out of stealth mode, I can formally announce that Ethan Heilman will be demonstrating how he, along with three researchers from MIT Digital Currency Initiative (DCI), broke IOTA's nonstandard "Curl" hash function.

By doing so, they revealed in a $2B cryptocurrency a serious security flaw that could have allowed a hacker to steal user funds. (IOTA has since lost about 25 percent (https://coinmarketcap.com/currencies/iota/) of its value, according to Coin Market Cap.)

This is a powerful lesson in the dangers of homebrew crypto as well as the importance of peer review.

Here is my article (https://www.forbes.com/sites/amycastor/2017/09/07/mit-and-bu-researchers-uncover-critical-security-flaw-in-2b-cryptocurrency-iota)in Forbes detailing what happened.

Here is the vulnerability report (https://github.com/mit-dci/tangled-curl/blob/master/vuln-iota.md) by the four researchers (Ethan Heilman, Neha Narula, Tadge Dryja, and Madars Virza) who have been steadily working on this issue since July.

And here is a blog post (https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367) by Neha, director of MIT DCI, with her thoughts.

More info on our presenter:

Ethan, (http://cs-people.bu.edu/heilman/)if you have not already had the pleasure of meeting him at one of our prior meetups, is a security buff.

These days, Ethan is buried in work around his start up Commonwealth Crypto (http://commonwealthcrypto.com/).

He is also in the process of completing his PhD in computer science at Boston University. And he is the creator of the bitcoin mixing solution TumbleBit (https://eprint.iacr.org/2016/575.pdf). (Aaron van Wirdum at Bitcoin Magazine wrote a terrific article on TumbleBit here (https://bitcoinmagazine.com/articles/with-tumblebit-bitcoin-mixing-may-have-found-its-winning-answer-1477423607/).)

More recently, Ethan worked on an idea for gambling on a hard fork, which I covered here (https://www.coindesk.com/gambling-hard-fork-will-roger-ver-take-high-stakes-bitcoin-wager/). (If you read the story, be sure to scroll down to the very bottom of the page to see Roger Ver's comments.)

Agenda:

6:30pm - 7pm: Networking and settling in (BYO munchies)

7:00pm - 8pm: Presentation followed by Q&A

8pm - midnight: Late night discussions at (to be announced)

# # #

The MIT Bitcoin Club is hosting the event. Sign up for their newsletter (http://mit.us8.list-manage1.com/subscribe?u=406b2cc09818db20e09fc2f62&id=e805ca0f6e) to receive weekly updates on the cryptocurrency space starting in the fall.

Join the Decentralize Boston Slack: https://decentralize-boston-slackin.now.sh/

# # #

About Alley powered by Verizon: Alley powered by Verizon locations are developed by Verizon, the world’s leading technology company, in collaboration with Alley, a membership-only community workspace for creators. Each location is a curated community powered by the emerging technologies and thought-leadership of Verizon.