If you hadn’t made this significant change to the signing algorithm, then the fact that your hash function was not collision resistant would not have produce a vulnerability. But you did.
-
-
Replying to @matthew_d_green @c___f___b and
So to be clear, the problems are: 1. Use of non-standard hash function 2. Non-standard implementation of Winternitz signatures that becomes insecure due to (1) Why you’re still beefing about this is beyond me. Go spend your time removing the coordinator.
2 replies 3 retweets 14 likes -
Replying to @matthew_d_green @Ethan_Heilman and
You forgot about the Coordinator. Will you change anything in your proof with that in mind?
2 replies 1 retweet 13 likes -
Replying to @c___f___b @Ethan_Heilman and
So if you’re saying that the consensus protocol was insecure, but your centralized server somehow makes it secure, they didn’t make any claims to the contrary. Here’s what they said — in full.pic.twitter.com/csh1pzYOsN
1 reply 0 retweets 2 likes -
Replying to @matthew_d_green @Ethan_Heilman and
Come-from-Beyond Retweeted Come-from-Beyond
Come-from-Beyond added,
Come-from-Beyond @c___f___bReplying to @veorq @matthew_d_green and 10 othersRight now I aim for the easier part - showing that#IOTA had no a vulnerability. If necessary, I'll spend money on independent experts to show that the signature scheme wasn't broken.@Ethan_Heilman used a flawed definition, etc., so I assess my chance for success as very high.1 reply 1 retweet 10 likes -
Replying to @c___f___b @Ethan_Heilman and
I don’t understand why you’re linking to some vague tweet about hiring experts. Aren’t you an expert? You designed your own hash function. Just answer my questions and stop obfuscating.
2 replies 0 retweets 3 likes -
Replying to @matthew_d_green @c___f___b and
You guys (incl. CfB) are talking about different things. Here is the problem: Curl is broken (and that's true) but no funds of IOTA holders were ever in danger, because in this particular situation, thanks to the coo it didn't matter if Curl wasn't as secure.
2 replies 1 retweet 3 likes -
Replying to @luca__moser @matthew_d_green and
You can't break collision resistance if a hash function wasn't supposed to be collision resistant. This is why
@neha and@Ethan_Heilman kept sticking to usage of "cryptographic" in front of "hash function".1 reply 1 retweet 14 likes -
Replying to @c___f___b @luca__moser and
The scientists were *extremely* clear what their results implied (collision finding) and that they did not test to COO so they can’t attest to what this meant for the network. The only people throwing confusion around this are on the Iota side.
2 replies 0 retweets 2 likes -
Replying to @matthew_d_green @luca__moser and
Do CTRL+F for "vuln" in
@neha's blogpost, this should make my point clear.1 reply 2 retweets 15 likes
there are 25 matches for “vuln” in that blogpost, including the not-so subtle title. but the instance in the conclusion is very strong and *glaring*. i’m just pointing it out. now carry on with your convo. $IOTA #StoreOfDrama 

pic.twitter.com/JZDDtNRwrt
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.