IOTA uses hash-based signatures (https://www.imperialviolet.org/2013/07/18/hashsig.html) instead of elliptic curve cryptography (ECC). Not only is hash-based signatures a lot faster than ECC, but it also greatly simplifies the overall protocol (signing and verification). What actually makes IOTA quantum-secure is the fact that we use Winternitz signatures. IOTA's ternary hash function is called Curl.)[1]
Curl is designed by Genetic Algorithm. I wonder how they could test this? Did they 'do the math'?
In the original article linked it talks about how people found a flaw in the cryptographic hash function. When it was pointed out to the founder he basically said "Yeah we knew it was not secure. We put it in there so if anyone copied our code we could undermine them."
That smells fishy to me. Whether his statement is true or not he cannot be trusted. And the fact that they are using unproven in-house cryptography again supports my view of IOTA as a science project rather that something serious and dependable.
IOTA does not use traditional asymmetrical (public-key) cryptography algorithms which depend on not being able to efficiently computing discrete logarithms or factoring numbers (which are believed to be easy on a quantum computer).
Instead, its signatures are based on the Winternitz signature scheme (slightly modified for ternary) which only depend on the impossibility of reversing hash functions (Kerl in case of IOTA which is a ternary version of Keccak), which is believed not to be that as easy on a quantum computer as factoring a number (although any reversing of a (hash) function can be done more easily on a quantum computer than a traditional computer).
Disadvantage of Winternitz scheme is that signatures are one-time (every signature reveals parts of your key); therefore users have to be careful not to reuse addresses that have been spent.
I also found something about 'the length of the computation of the hash function' somewhere as making it more quantum resistant but can no longer find the reference.
Doesn't explain using your own hash function, though. SHA-3 doesn't depend on the security of the discrete logarithm or integer factoring problems. Finding SHA-3 collisions on a quantum computer is only quadratically faster than a classical computer.
What makes IOTA quantum-secure?
IOTA uses hash-based signatures (https://www.imperialviolet.org/2013/07/18/hashsig.html) instead of elliptic curve cryptography (ECC). Not only is hash-based signatures a lot faster than ECC, but it also greatly simplifies the overall protocol (signing and verification). What actually makes IOTA quantum-secure is the fact that we use Winternitz signatures. IOTA's ternary hash function is called Curl.)[1]
Curl is designed by Genetic Algorithm. I wonder how they could test this? Did they 'do the math'?
[1] https://learn.iota.org/faq/what-makes-iota-quantum-secure