Nick Johnson, a developer at the Ethereum Foundation, has stated he finds IOTA – a currency with a current market cap of $1.5 billion – “deeply alarming.”
Johnson says they are reinventing “basic operations such as cryptographic hashing,” violating “rule 1 of cryptography: don’t roll your own crypto.” A basic and fundamental mistake which led to findings by Neha Narula of a number of significant vulnerabilities in their cryptography.
But Johnson’s biggest concern is that IOTA’s developer claims to have intentionally added these vulnerabilities so as to prevent others from copying their open source code by allowing them to compromise these projects if they wished. Johnson says:
“It honestly astounds me that anyone would think this justification redeems them; it’s an admission of hostile intent towards the open-source community, akin to publishing a recipe but leaving out a critical step, rendering the resulting dish poisonous to anyone who eats it.”
Sergey Ivancheglo, IOTA’s founder, says that he has “been working on techniques of open-source software protection” for more than a decade. He used these techniques in Nxt, he says, a currency that was once much hyped but now has fallen to 78th position.
He says he inserted three flaws in Nxt, “a serious, a critical and a fatal” flaw. Bounties were given for anyone who finds them, with all three found. He then says:
“Remembering how quickly Nxt protection was disarmed I was keeping in secret the fact of existence of such mechnism in IOTA. I was pretty sure that the protection would last long time because it was hidden inside cryptographical part and programming skills would be insufficient to disarm the mechanism. But nothing lasts forever and finally the copy-protection measure was found by Neha Narula’s team.”
Regarding the vulnerabilities that were found, after describing them at quite some length, Narula says of the potential consequences when exploited:
“We used our technique to produce two payments in IOTA (they call them “bundles”) which are different, but hash to the same value, and thus have the same signature. Using our techniques, a bad actor could have destroyed users’ funds, or possibly, stolen user funds.”
It appears, therefore, Ivancheglo is claiming he intentionally inserted code into IOTA which allows someone to steal users funds, and he did so as “copy protection,” even though people’s money was very much left unprotected.
Johnson then says IOTA is not secure because it would be trivial to 51% attack it. Elaborating on the point, Johnson states:
“Each transaction is secured using a proof of work, but this PoW function has a fixed difficulty. Since Iota is designed to run on low-power nodes, the difficulty is quite low, and it would not take much in the way of dedicated resources to outweigh the entire processing power of the Iota tangle.”
It may be the case Johnson is not aware of the mechanism that tries to prevent such attack because IOTA doesn’t quite mention it in any of their formal documents. Ivancheglo says:
“These days IOTA is still small and this opens it to the following attack: an adversary joins IOTA with his computers which take more than 1/3 of IOTA’s body and then makes the computers fail thus triggering IOTA’s collapse. To counteract this attack we are running a set of computers called Coordinator which issues milestones published on IOTA’s tangle. Computers not belonging to an adversary rely on these milestones to detect faulty computers. In this setup IOTA can survive even if 99% of the computers fail.”
And it can so survive because the currency is fully centralized into effectively just one node or “coordinator” that decides what transaction is valid or otherwise. Thus allowing them to claim they can handle tens of thousands of transactions.
In such centralized set-up, they most probably can handle millions of transactions as all they would need is more servers for their one coordinating node.