IOTA is an innovative idea with deep systemic flaws that undermine the project. A number of events have raised serious questions about the long term security and viability of the project.
IOTA is an innovative cryptocurrency that aims to move beyond the blockchain. In December of 2015 IOTA hosted an ICO during which the entire supply of MIOTA tokens was issued. The event raised around 1,337 Bitcoin for the future development of the project. After the crowdsale the community agreed to donate 5% of the total supply of IOTA towards the non-profit IOTA foundation. This foundation was designed for the betterment of the IOTA community and subsequently funded “The Big Deal” which aimed to acquire corporate collaborations for IOTA.
Despite its lofty aims to make a viable cryptocurrency solution for the Internet of Things (IoT) IOTA has been plagued by crisis and scandal for the last few years. Some of their problems stem from technical errors and others are mostly down to poor PR management, one thing is certain, there are some big problems with IOTA.
The Tangle Is An Interesting Solution
The big challenge facing many cryptocurrencies is the scalability problem. As cryptocurrencies like Bitcoin and Ethereum have become more popular transactions have become slower and more expensive on the network. This makes microtransactions prohibitively expensive. One of the obstacles that an IoT focused cryptocurrency needs to overcome is how to ensure that microtransactions are viable.
IOTA’s solution to this is The Tangle. The tangle is a Directed Acyclic Graph (DAG) that is composed of sites and nodes. Nodes are the users of the Tangle who are able to issue transactions. Sites contain one or more transactions that link together. In order for a few transaction to be processed it has to process two previous transactions. This theoretically allows the network to grow infinitely and even allows for faster processing when more devices are connected to the tangle.
The Tangle is theoretically a very elegant solution to the cryptocurrency scaling problem. Not only does it eliminate the need for miners, and thus the cost of transactions, it also dramatically reduces the energy required to process transactions, allowing the Tangle to be used on low power IoT devices. The Tangle also theoretically allows for near infinite scaling. Rather than processing them in “blocks” it processes them one after another, with each transaction needing to process two others before continuing.
This sounds great in theory but there are some deep problems in practice.
Never Roll Your Own Crypto
The first real warning signs for IOTA came in September of 2017. A team from MIT and Boston University investigated the hash function, Curl, written by the IOTA team. They found that the hash produced collisions (when different inputs hash to the same output). This allowed the MIT team to develop an attack.
The team was able to forge signatures on the Tangle, this meant that they could create fake transactions, essentially printing MIOTA tokens. The team patched it quickly IOTA developer Sergey Ivancheglo argued that the MIT team led by Neha Nurala had found a form of copy protection in the source code. In other words that the IOTA team had deliberately built a vulnerability into their system. This was so that they could exploit the vulnerability if anybody attempted to copy their system and activate a “kill-switch”.
This solution is inadequate for a number of reasons. As Ethereum developer Nick Johnson has argued, IOTA’s defence is actually incredibly hostile towards the open source community. If you don’t want somebody to be able to copy your project you should make it open source and not publish “A recipe, leaving out the critical step, rendering the resulting dish poisonous”
Setting aside the suspect reasoning the IOTA team broke one of the cardinal laws of cryptography, don’t roll your own crypto. It is notoriously difficult to design your own cryptocurrency and most systems undergo years of rigorous tests before they are allowed to go live. This is the reason that most projects will use established cryptography algorithms, yes, others use them, but they’re a proven concept.
IOTA didn’t do this and when renowned technology Bruce Schneier was told about the vulnerability his response was utterly scathing. He argued that:
“In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any caliber analyzed their system, and that the odds that their fix makes the system secure is low,”
In other words, even if the flaw was deliberate the fact that the MIT team was able find the flaw is a big red flag. The security of any system is important but this is doubly true in the case of a system like IOTA. If Schneier is right then the cryptography IOTA is using is not secure and this could be a huge problem in the future.
IOTA Is An Innovative But Deeply Flawed Idea
The IOTA team has also had a few other uncomfortable scandals. In December 2017. A number of media outlets announced that IOTA was partnering with a number of tech giants, including Microsoft. This led to 90% surge in the value of IOTA. It quickly became clear that these claims had been exaggerated and IOTA was forced to issue a lengthy retraction. The IOTA foundation stated that any exaggeration was the fault of individual journalists and not their PR team. That being said they handled the fallout very poorly and the event underscores the underlying problems facing IOTA.
The fact is that the technology behind IOTA is new and fairly experimental. The problems facing the project are largely down to the actions of individual team-members rather than the Tangle itself. That being said the deep flaws in IOTA’s cryptography are fairly unforgivable. If it was an attempt to “copyright” the code then the move is deeply hostile towards the open source community. If it was a general mistake then the cryptography was not properly tested before it was released. In either scenario things don’t look good for IOTA.