Source repost MIT Media Lab by Thomas Hawk
Dec 23, 2017
On Friday, MIT Technology Review published an article on the cryptocurrency IOTA. The headline stated that the currency “could outperform Bitcoin.” However, we here at the MIT Media Lab have issues with the story. Specifically, my colleagues in the Digital Currency Initiative (DCI) recently uncovered a gaping hole in IOTA’s software. And while that flaw has now been patched, we certainly disagree with reporter Michael Orcutt’s assertion that IOTA is “secure.” As the Director of the MIT Media Lab, I felt it important we outline our specific concerns.
“The rally began in late November, after the IOTA Foundation, the German nonprofit behind the novel cryptocurrency, announced that it was teaming up with several major technology firms to develop a ‘decentralized data marketplace.’” The article goes on to say: “And the high-profile names participating in its data market pilot—including Microsoft, Deutsche Telekom, and Fujitsu—suggest IOTA is onto something.”
IOTA’s relationships with top-tier companies continue to be nebulous.
In the Technology Review article, Orcutt linked to a November 28, 2017 blog post from IOTA that gave the perception that Microsoft was a partner in the marketplace. However, after a flurry of media reports making this claim, IOTA corrected their relationship status with top-tier companies like Microsoft, Cisco, and Huawei in a blog post dated December 16. That the MIT Tech Review story links to IOTA’s initial blog post instead of the later version is misleading.
Though IOTA tokens can be used like any other cryptocurrency, the protocol was designed specifically for use on connected devices, says cofounder David Sønstebø. Organizations collect huge amounts of data from these gadgets, from weather tracking systems to sensors that monitor the performance of industrial machinery (a.k.a. the Internet of things). But nearly all of that information is wasted, sitting in siloed databases and not making money for its owners, says Sønstebø.
IOTA’s system can address this in two ways, he says. First, it can assure the integrity of this data by securing it in a tamper-proof decentralized ledger.
Whether or not IOTA’s ledger is “tamper-proof,” the entire IOTA network went down in November, and was completely inoperable for about three days. That this has never happened in Bitcoin or Ethereum suggests the extent to which the IOTA network relies on the “coordinator”—a single point of failure—and is not truly decentralized.
Also troubling, IOTA developers were able to transfer funds out of users’ IOTA accounts. The user was then required to participate in a “reclaim” process to request their funds. We believe IOTA’s developers should not have access to such funds; it’s rife with risk.
Second, it enables fee-less transactions between the owners of the data and anyone who wants to buy it—and there are plenty of companies that want to get their hands on data.
Now, here’s where things get really interesting. Instead of a blockchain, IOTA uses a “tangle,” which is based on a mathematical concept called a directed acyclic graph. Sønstebø says his team pursued an alternative approach after deciding that blockchains are too costly—it has recently cost as much as $20 per Bitcoin transaction because of high demand—and inefficient to operate at the scale required for the Internet of things.
Orcutt’s claim that IOTA is free of fees is misleading. Though perhaps not immediately obvious, IOTA transactions are “zero fee” in exactly the same way that Bitcoin transactions are. An important difference is that Bitcoin has miners who can perform the proof of work for you, while IOTA users do the proof of work on their own devices, per transaction. However, a Bitcoin user can also mine their own block to get their transactions accepted into the blockchain without paying fees. To put it another way, most people wouldn’t be interested in buying a refrigerator operated by a hand crank, even if the advertisement said “No electricity required!”
It’s true that transactions with Bitcoin and other digital currencies, even when amortized over a block with thousands of other transactions, require much more work than transactions in IOTA. However, the claim is not that IOTA transactions are easier—the claim appears to be that IOTA transactions are free.
Semantics aside, this claim, which appears in IOTA marketing materials, is deceptive; the work required is a fee, whether or not it requires a monetary payment. Restricting the ways in which the fee can be paid—requiring that the work be done on a user’s own device—doesn’t make it go away.
“In August, researchers from MIT and Boston University reported that they discovered a “serious vulnerability” in a novel cryptographic technique IOTA was using. IOTA has patched the vulnerability, and Sønstebø says that security measures in place would have prevented anyone from losing funds. The foundation has hired a third-party firm to help it continue to develop the technique, which Sønstebø says represents the kind of “lightweight cryptography” needed for low-power connected devices, like sensors.”
Once the Digital Currency Initiative published the break in IOTA’s curl hash function, its author, Sergey Ivancheglo, offered two conflicting explanations for the vulnerability.
The first explaining was that the flaw was intentional—that it was meant to serve as a form of “copy protection.” If anyone used this code in their own work, he said, the IOTA developers would be able to exploit the flaw and damage other systems that were using the hash function. However, later, he offered a conflicting explanation that he didn’t write the curl at all, but that an AI wrote it.
We do not find either of these explanations convincing, even in isolation. That they contradict each other makes them even less so.