Security is paramount for our epoch of technological omnipresence where autonomous devices and machinery communicate ceaselessly and influence virtually every aspect of our society. The vast majority of devices that permeate this landscape are small sensors and actuators that act locally with very scarce resources; this necessitates new thinking and technology; in processing, bandwidth, battery, software, etc. but also cryptography. This realization has given birth to vibrant efforts to develop and establish lightweight cryptographic standards.
Currently, IOTA uses the relatively hardware-intensive NIST standard SHA-3/Keccak for crucial operations for maximal security.
Since the origin of the IOTA vision back in 2014, we — a diverse group of electrical engineers, cryptographers, and distributed ledger pioneers — started tackling the hardware side with new thinking in computational processing. The next generation of microprocessor architecture based on ternary logic for ultimate efficiency in IoT is the result. (A deep dive blog post on trinary’s superiority over binary will come soon). Then there is the software protocol and platform side which acts as the adhesive holding this new ubiquitous realm together (the IOTA project itself), and finally, the cryptographic requirements that this paradigm shift demands for optimal efficiency, which is what this announcement is centered around. Enter Curl-P, P = Prototype.
Creating a cryptographic primitive is not a trivial task and requires onerous input from the seminal thinkers and tinkers in the domain and thorough peer reviews. With the IOTA Foundation finally approved and established in Germany we are ramping up the efforts toward maturing Curl-P into a thoroughly vetted hash function. While Curl-P builds around the well-studied sponge construction and has gone through initial reviews and exploit attempts it is now time to mature this to the next step of a thorough audit and subsequent iterative improvements towards standardization.
IOTA Foundation is now hiring the world's leading lightweight cryptography and security company CYBERCRYPT ApS from Denmark to take Curl cryptography to its next maturation phase.
CYBERCRYPT provides strong cryptographic protection and digital security for every device, even if the computing base is untrusted, by means of patent-pending cryptographic technologies immune to key extraction. Among other industries, CYBERCRYPT delivers cybersecurity solutions for both IoT and FinTech.
Founded by expert cryptographers, CYBERCRYPT makes over 15 years of extensive experience in cybersecurity and cryptography from all over the world available to corporations, startups, governments, and other organizations. Their team of the world’s leading specialists constantly strives to provide the best and most cost-effective security solutions to their customers. Resource efficiency is a crucial feature required for cryptography deployed on IoT devices.
CYBERCRYPT’s founder Andrey Bogdanov has co-designed such prominent lightweight cryptographic algorithms as PRESENT and SPONGENT — both internationally standardized by ISO/IEC. SPONGENT is a leading lightweight hash function in the sponge family that Curl also belongs to. PRESENT is considered the lightweight cryptographic primitive with more than 1500 citations. He is also well-known for designing multiple other lightweight primitives schemes including Midori — the first symmetric crypto primitive specifically optimized for low energy consumption — and several dedicated lightweight schemes for authenticated encryption.
CYBERCRYPT is excited to work towards making IOTA’s Distributed Ledger technologies more secure. We are happy to bring our expertise from the field of cryptographic design and cryptanalysis to perform a security evaluation of Curl-P. An interesting technical feature of the Curl-P hash function is that it is ternary. That is, its thorough analysis will involve the adaptation of the standard cryptanalytic toolbox to the ternary case.
The IOTA Foundation is naturally excited to have world-leading cryptographers with specialized expertise in lightweight cryptography on board to ensure Curl’s viability. We welcome all cryptographers to participate in this historic development.