A Cryptanalysis of IOTA ’ s Curl Hash Function

In this paper, we analyze the security of IOTA’s now-deprecated cryptographic hash function Curl. We independently reproduce and formalize the results of Heilman et al. [7] by demonstrating a secondpreimage attack, a related digest attack, and a constructive full-state collision. We conclude that Curl is not a secure cryptographic hash function.