MultiversX Tracker is Live!

Paul Riegle, Chief Product Officer at Algorand, has commented on the article "Cryptanalysis of the Algorand Subset-Sum Hash Function" by Dmitry Khovratovich, Researcher at the Ethereum Foundation

All Cryptocurrencies

by COINS NEWS 06/15 182 Views

On June 14, Dmitry Khovratovich, Researcher at the Ethereum Foundation, published a "Cryptanalysis of the Algorand Subset-Sum Hash Function" with the conclusion that Algorand's subset-sum hash is not collision resistant.

Paul Riegle, Chief Product Officer at Algorand, has commented on the article (https://twitter.com/paulriegle/status/1537015779216003075):

hey Dmitry Khovratovich and Ethereum Foundation, let me say upfront that Algorand stands behind our science and we take concerns seriously. as it stands, however, the contents of the blog do not seem to support the hyperbolic tweet, nor the post’s main conclusion.

the conclusion ignores the cost of memory used by the attack: it stores ~296 words of 512 bits, totaling ~2105 bits. roughly, the (Area*Time) cost of the post's attack when accounting for memory is at least 2203, not 298. (not counting the cost of operating on the words.)

last summer, we did our own cryptanalysis of sumhash, slated to be used in our state proofs. we went beyond the attack from the blog post, because we wanted to estimate "post-quantum" security--and we found that sumhash seems to have at least 128 bits of (quantum) security.

for those interested, you can read our thorough cryptanalysis by the excellent Chris Peikert and team here: https://github.com/algorand/go-sumhash/blob/cryptanalysis/cryptanalysis/merging-trees-ss.pdf

What people are behind the analysis: Chris Peikert, Professor at the University of Michigan and Head of Cryptography at Algorand, and Xiong Fang, Cryptography Researcher at Algorand.

Edit: It seems that Dmitry Khovratovich did not know the analysis of Algorand Inc. Source: https://twitter.com/Khovr/status/1537026756250673152

Edit 2: Under the tweet, Jeff Burdges, Researcher at Web3 Foundation, also commented that Algorand's post-quantum lattice VRF sucks too. Paul responded that Algorand's VRF does not use lattices. Source: https://twitter.com/paulriegle/status/1537063365947838464

Edit 3: Jeff was mistaken in thinking that this paper was written by the Algorand team https://eprint.iacr.org/2020/1222

submitted by /u/cysec_
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Read more

Related Posts

Comments