- Uses custom "ternary" crypto which has been shown to have vulnerabilities in the past.
- Has software that doesn't include the basic function of generating wallet addresses, instead having some users rely on shady 3rd party websites and getting their coins stolen.
- Does away with much of what made other cryptocurrencies like Bitcoin work in the first place in order to remove transaction limitations.
- Except that the changes required to make this work, at least in theory, are for the most part not actually implemented yet and there appears to be a lot of doubts that it can work at all. See for instance this comment on the article: https://medium.com/@comefrombeyond/thank-you-269640e794e7 ("in the future", "temporarily", "will be using",...). Also note that many replies in this comment actually deflect the original criticism without actually addressing it. I don't even understand what that person means by "You describe the internet", and how that has anything to do with the argument of TFA.
So basically you have a highly experimental technology (even by cryptocurrency standards) which is very much unproven (even by cryptocurrency standards) and yet apparently it has a market cap of $6 billions: https://coinmarketcap.com/currencies/iota/
So what's the other side of the story? Can a IOTA enthusiast explain what's missing from this picture?
While IOTA boosters probably have a story they believe that justifies the hype in their mind, just because it’s worth $6 billion in this market doesn’t mean they necessarily have a good one.
For what it’s worth, of all the crypto people I follow that I consider smart or savvy, none of them are IOTA bulls.
Also, the IOTA founder comes off as extremely immature on twitter each time someone trashes it. Even if all the criticism is FUD, his reaction alone is enough to keep me away.
Would it be possible to stop using crypto as a shorthand for cryptocurrency? It's already a term of art for the much older field of cryptography and things get confusing, especially as all the crypto(graphy) people I follow consider altcoins in general to be hype.
Not to mention it makes no sense, kryptós means "hidden" or "secret", which cryptocurrencies are not, the crypto- prefix comes solely from the underlying usage of cryptographic tools.
It's amazing how many scams are in the cryptocurrency space. To some extent even I personally even view Ripple and all the other completely pre-mined or tokenized cryptocurrencies (i.e. 100% centralized systems) as a scam. There's no guarantee manipulation of the underlying technology isn't happening. Essentially, removing the advantage of cryptocurrencies.
Twitter seems sadly popular among this crowd. Sadly because it lends itself to flamewars.
I know a fair bit about crypto. I would implement (and have implemented) higher order constructions like encrypted and authenticated protocols according to design patterns and principles put forward by competent cryptographers. I would never ever even attempt to design a cipher or a cryptographically strong hash unless I were just playing around, and would never label my work as anything other than such. Even trying to innovate on constructions (like how to combine a MAC with a cipher) would make me very nervous and I'd seek the advice of a pro.
Multiply that nervousness by ten if the system is a cryptocurrency, which has a big "hack me" sign on it with a massive cash bounty.
Actual deep cryptography such as cipher design is an area where truly extreme and very esoteric expertise is required to even get started, and where the consequences of a failure are pretty dire. Even people who can design ciphers are conservatives when they implement real secure systems, only using those ciphers that have been through years of academic cryptanalysis. This area is very different from other areas of computer science and math.
I hear this every time cryptography is brought up. I think I get that it's hard, but people make it sound like it's the hardest thing ever. Where does this extreme complexity stem from? And what's the field of knowledge required? (Mathematics I imagine)
What makes IOTA quantum-secure?
IOTA uses hash-based signatures (https://www.imperialviolet.org/2013/07/18/hashsig.html) instead of elliptic curve cryptography (ECC). Not only is hash-based signatures a lot faster than ECC, but it also greatly simplifies the overall protocol (signing and verification). What actually makes IOTA quantum-secure is the fact that we use Winternitz signatures. IOTA's ternary hash function is called Curl.)[1]
Curl is designed by Genetic Algorithm. I wonder how they could test this? Did they 'do the math'?
[1] https://learn.iota.org/faq/what-makes-iota-quantum-secure
[1] https://www.inowrx.de/iota-stolen-iota-stop-pending-unconfir...
So you, how want to discuss the details when people are just convinced without having knowledge themselves?
IOTA rebutted MIT here: https://blog.iota.org/official-iota-foundation-response-to-t...
They start by implying that the MIT Media Lab isn't really MIT (what the fuck) as an ad-hominem way to dodge their criticism. Later they whine "But Zcash rolled their own crypto, why can't we?!" which shows they really don't even understand the context of what they're doing.
2) The IOTA Foundation and the community expressly warned not to trust unaffiliated sites. Saying they relied on them is just shady. Would we hang TBL for inventing email because people had their money stolen by nigerian scammers? No, because shifting blame on the man would be even more stupid than wiring thousands of dollars to someone you don't know. Seedgeneration is, in this current non-feature-complete implementation simply not a priority. Creating a seed is not hard and if you can't muck one up, nobody is forcing anyone to try and feed their greed trying to "enter at the ground floor, lambo lol!!!" using IOTA. I would wait for a wallet implementation that comes with a generator.
3) IOTA is very very young by far not feature complete. Hanging it out to dry because it isn't yet isn't exactly fair. Everything had to start somewhere. Though, with all that in mind, it still works rather well in my experience and it scales. It solves a lot of problems inherent with blockchain and it has a future market goal it wants to service. The rest is speculation. As always, I guess.
They are trying to push the ternary to see if adoption can take off. All it needs is a few thousand logic gates on any traditional chip.if it doesn’t get adopted,they said they can always go back to binary.
Considering this, it doesn’t really make sense that the Iota founders made a decision to not only introduce a novel cryptocurrency system (the tangle), but to also try to push ternary adoption. That’s a monolithic amount of work from a research and business perspective, and it strains credulity that they could engage in this with a full understanding of what they’re doing. Their work is completely divorced from the rest of the academic community, which has many well-respected researchers with a vetted track record already.
Innovation usually happens in incremental steps forward, building from the (recent) work of others. Much more rarely, it manifests as a large leap forward without significant cumulative work. But it approximately never happens that a new state of the art combines several large and orthogonal leaps forward. It’s not impossible, but my outlook is strongly pesimisstic.
When you combine this with the frankly odd (and potentially unethical) behavior the founders are showing - rolling their own cryptography out of ignorance or to attempt to sabotage other open source projects - it becomes extremely hard to take the work seriously.
They're claiming this, for what operation? And similar question for the 10% usage claim.
I suspect storage will be the same when you get done packing into machine words and storing those, yes? Unless they're not using all the bits in a word...
Any independent references for ternary efficiencies for any operation?
2. If people are unable to generate a simple seed (password) on their own. How can they even begin to understand cryptocurrency or even new tech based on IoT? Still, yes it should be in the wallet and it will be added, but only for investors, I guess?!
3. Please read the following from their AMA: https://www.reddit.com/r/Iota/comments/7goul4/iota_founders_... and https://www.reddit.com/r/Iota/comments/7tltz2/live_interview...
Is their market cap justified? Is the entire crypto market cap justified? The whole idea is to invest in tech that can change the future. Who knows which party will be the winner. It's a dare to believe in something magical, like IOTA. Or put your luck into something more real like Bitcoin, for example. Alas, it's good to have doubts, but this blogpost is alarming and not IOTA.
PS: A small portion of my crypto investments are in IOTA, but never press your luck on a single coin.
“In 2017, leaving your crypto algorithm vulnerable to
differential cryptanalysis is a rookie mistake. It says
that no one of any calibre analyzed their system, and that
the odds that their fix makes the system secure is low,”
Bruce Schneier, renowned security technologist,
about IOTA when we shared our attack.
We discovered a vulnerability in IOTA after reviewing
their code on GitHub in July. We disclosed what we found
to the IOTA team on July 14th, and have been in contact
with them since then as we discovered new issues and
exploits. IOTA issued a patch that addresses the
vulnerabilities we found on August 7th. IOTA no longer has
the vulnerabilities we found, they have been fixed. To
learn more about the details of our attack, you can view
the full disclosure and review our attack examples.
https://github.com/mit-dci/tangled-curl
2. If every other cryptocurrency software team can impliment seed generation in their wallet software, why does IOTA refuse to?
3. Please read this comment from the CEO of IOTA, David Sønstebø on why he doesn't care if you lose money using IOTA: https://reddit.com/r/CryptoCurrency/comments/7gwl38/hello_gu...
I don't know man, the MIT Digital Currency Initiative found a pretty bad one last August:
https://medium.com/@neha/cryptographic-vulnerabilities-in-io...
> the IOTA developers had written their own hash function, Curl, and it produced collisions (when different inputs hash to the same output). Once we developed our attack, we could find collisions using commodity hardware within just a few minutes, and forge signatures on IOTA payments. We informed the IOTA developers, they patched their system, and we wrote a vulnerability report
1. Parts 1 and 2 were all fluff. Part 3 responds to the actual technical claims, and several paragraphs of fluff later, confirms the MIT claim that funds were transferred out of user accounts to an account controlled by the IOTA Foundation without user consent. (They had consent from some other network participants / the "community", and supposedly they had very good reasons for it.) I gave up by part 4, sorry.
Where I come from—which happens to be MIT, in fact—security protocols have a threat model, either stated or unstated, and a confused threat model is a legitimate criticism. One of the common unstated parts of the threat model of cryptocurrencies is that, unlike with a government-issued currency, the organization behind the currency should not be implicitly trusted and certainly should not be able to take your money for your own good. Is this part of the IOTA threat model? What exactly is required technically for this sort of transfer?
You can use a credit card without ever having to calculate your own Luhn checksum. You can send money to a bank account without having to untangle the rat's nest that is ACH.
It makes the IOTA team's priorities look skewed when they don't have basic wallet functionality, but they have time to implement ternary math and new cryptographic primitives that aren't useful with existing hardware.
>1. There have no vulnerabilities in the past. Please read: https://blog.iota.org/official-iota-foundation-response-to-t....
Let's have a look then. It's in 4 parts, the first two are not about the purported vulnerability but rather complaining that the people behind the discovery didn't disclose it properly and might have a hidden agenda. Fair enough I guess, but it's odd to start with that, it would make a much better point if it came after a strong rebuttal regarding the technical aspects of the vulnerability.
Then we get to the meat of the issue in the middle of page 3:
>2. IOTA Protocol Security and Tangle Reliability
So they start by addressing the "IOTA's coordinator is a single point of failure". Their reply is that... It's true but they never pretended that it was otherwise and that it's temporary:
>IOTA node operators, understanding the importance of the Coordinator’s role in securing the network while it is still young, voluntarily suspended operations during this time.
>The purpose of the Coordinator in the infancy stage of the IOTA network has been transparently communicated throughout the history of IOTA. As the team has explained at length, the Coordinator is a temporary measure to help bootstrap the network and protect it during its infancy. Once there are enough full nodes and transactions to secure and sustain the IOTA network, the Coordinator will be permanently removed from the network. The specific reasons for this are complicated; there is a more detailed explanation on page 19 of the white paper: “...this indicates the need for additional security measures, such as checkpoints, during the early days of a tangle-based system.”
So there's a solution in whitepaper form. As far as the current state of IOTA, they have not debunked any of DCI's claims. But that's still not really the main issue, the one about the broken hash function. They sure do take their time to get there.
Next they talk about whether or not IOTA devs can mess with IOTA accounts. Honestly I don't understand the issue well enough to pass a judgement but if I understand correctly they sort of forked IOTA "ethereum-style" in order to protect the users:
>Ultimately, in order to implement the preventative measures mentioned above, a special snapshot was scheduled wherein all funds vulnerable to theft were tagged with a key reuse marker.
They also say that "Importantly, these protective measures were only possible with the direct and active support of the IOTA community". Except that since they control the coordinator, what would happen if the community hadn't agreed? Can they go their own way without coordinator? Would they have to elect a new one?
Let's skip ahead and get to the vulnerability with the hash function, the last point of the last page in this document. This line stuck out to me:
>The answer is that the Coordinator was specifically designed, in addition to other purposes, to prevent precisely such an attack.
Ah, the coordinator again. Beyond that I don't understand the issue deeply enough to judge whether or not the vulnerability is as bad as DCI said so I can't decide who's right. I do find the justification behind the weakness rather... strange though:
>In summary, Curl-P was indeed deployed in the open-source IOTA protocol code as a copy-protection mechanism to prevent bad actors cloning the protocol and using it for nefarious purposes. Once the practical collisions were uncovered, its purpose as a copy-protection mechanism was of course rendered obsolete (it only works for as long as it remains unknown) and IOTA reverted to the industry standard KECCAK-384 cryptographic function.
So... there's nothing wrong with the function, it's just some kind of protection against people cloning the protocol (why is that a problem?) but even though everything is absolutely fine they decided to replace it anyway? It seems like such a weird decision, and also a bad precedent (you shouldn't have hidden functionality in your open source peer-to-peer cryptocurrency). It reminds me of Intel's "Spectre and Meltdown are the CPU operating exactly as designed" PR stunt.
Thank you. This article was useful for me, it showed what details of IOTA haven’t been highlighted yet. Below I list incorrect things from the article, if you find time it would be great if you paid more attention to them and shared your thoughts:
“IOTA has no limit on transactions and therefore, it has no limit on bandwidth requirements or disk space.” — In the future the majority of the nodes will be swarm nodes forming clusters and using Swarm Intelligence. A swarm can process more transactions than a single full node.
“This means, if you run a full IOTA node, anyone on the IOTA network can write data to your hard drive with just a small, extremely low cost proof-of-work.” — IOTA was created for the Internet-of-Things with network-bound PoW in mind, the current state of things is temporary.
“Over time, the IOTA transaction set size can grow unbounded, leaving only storage farms with the resources required to host the data.” — This is incorrect even for Bitcoin because of pruning techniques.
“My past experience working at companies that develop hardware products tells me this does not make sense in any other way but a marketing bullet.” — While this thing is likely correct I decided to list it here. IOTA team has experience working at companies developing hardware products too. Even more, I bet your smartphone contains a chip developed by one of our advisors.
“IOTA claims their Ternary-based Proof-of-Work function will work with IOT because it uses minimal power, but I contend that any power usage more significant than signing a transaction is too much because there is another alternative approach.” — As I already said, IOTA will be using network-bound PoW, which will be consuming less energy than required for a transaction signing.
“Contacting a central server run by the company that built the IOT device, announcing the need to submit a transaction at which point the centralized server will submit the transaction on the device’s behalf.” — You described the Internet, not the IoT. Please, refer to “Connectivity” section of https://iot.ieee.org/newsletter/march-2017/three-major-chall..., it explains why you are very wrong.
“In the case of IOTA the client software design intends to kick nodes off the network that do not participate enough, so being even just a passive listener is not an option.” — And again you talk about the Internet, not about the IoT. Googling for reasons of not using IP(v4/v6) should show you the mistake.
I don’t mention insignificant mistakes in your reasoning, all those seem to be caused by the lack of information about IOTA. This is an issue that the IOTA team is working on.
OP talks about what IOTA _is_. The response is: "You are wrong because we _hope that IOTA will be different in the future_". How does this response make any sense at all?
Getting a decentralized swarm to implement transaction processing is highly non-trivial, especially when (as the OP highlights) incentives are delicate and the entire system must be extremely secure.
I launched my wallet and saw a zero balance and zero transactions. I looked around and heard from some friends that I need to convert my funds or something, because there was a "snapshot" yesterday.
I clicked the "re-attach" button and waited for a few minutes. It failed, so I did it again and again and again. After half an hour and five times or so, it succeeded and I could see my balance.
I tried to send funds, the wallet said "sending" for around ten minutes, and then it finally said "success". I waited for the funds to confirm (there were three transactions, two of which were zero for some reasons), but 70 minutes later it still hadn't.
A friend told me I should "re-attach" the transaction and "promote" it. Apparently, "promoting" sends five transactions that reference yours, to confirm it. I imagine the transactions are zero-fund transactions that just spam the network to self-confirm your own one. Who confirms the confirmers?
This is absolutely insane and I can't believe this thing ever got traction. It feels like hacks upon hacks upon hacks. It doesn't even work right! Did any of the people who bought these coins try to ever use them for anything?
> This is absolutely insane and I can't believe this thing ever got traction.
It got traction because people--including yourself--bought into it without thinking much.
> It feels like hacks upon hacks upon hacks. It doesn't even work right! Did any of the people who bought these coins try to ever use them for anything?
Yeah, like yourself. You never actually tried to use the coins for anything until this point when you are now finally trying to "cash out".
An alternate (and correct) interpretation is that I bought IOTA as I thought I may end up using it in my IoT projects. I didn't (probably because nobody working for IOTA actually cares about IoT), and now I want to sell them for a more useful currency.
Not everyone wants coins for speculation, but you're forgiven for thinking otherwise.
To be honest, I don't think anybody's personal user experience has been much of a concern to the IOTA project up until now. The new wallets might change that, so you might want to hold on to your coins until then.
They promise to solve all of the issues that you mention: - Automatic node selection rather than the limited amount of nodes currently listed in the wallet software. - Automatic re-attaching and promoting transactions. - Address re-use detection.
Automatic and distributed snapshotting of the network is also on the roadmap, this would address your zero balance issue.
But like I said, if you have run out of patience and you have your eyes on other projects that do deliver what you are looking for, then by all means...
Combine that with the hand-waving of the vulnerabilities by the community, and it's not a good sign. However, I'm not really interested in speculating about the price (I've never bought more than $100ish worth of any cryptocurrency), it's just that I don't see IOTA being a useful currency for me to play with.
Imagine what it feels like when you have tens of thousands of dollars invested in something where the flamewars might actually have a real effect on whether you ten-double your investment or not
I think it’s gonna get much uglier than this down the road