Not a IOTA: The Trouble With IOTA and How to Fix It

IOTA is one of the most ambitious cryptocurrency projects, yet it was met with harsh criticism on security and potential breeches by the Ethereum team and Vitalik Buterin himself.

The IOTA White Paper is one of the most complex explanations of a cryptocurrency network. IOTA does not have a regular blockchain, but a "tangle" of nodes connecting to each other to verify transactions. IOTA claims to be able to handle micro-transactions and maybe one day service the Internet of Things (IoT, hence the project's name).

But the way this idea is implemented was met with harsh criticism from the Ethereum community and Vitalik Buterin pointed out some of the security risks.

After an update, the current IOTA protocol does not have the same vulnerabilities to its hashing function, but experts still believe there is ground for improvement.

"Iota shows a lack of good technical judgement."

This was the plain message of Nick Johnson, core developer for the Ethereum team. Johnson meant that the IOTA protocol was built over good-sounding mathematical ideas, which do not work well with current hardware equipment. For instance, the IOTA system is built on a ternary counting system, as opposed to the binary system that is the native language of computers.

"I have nothing against the IOTA community, or DAG algorithms. I strongly disagree with many of IOTA's technical decisions (trinary, custom hash functions, POW on transactions), and find some of their behavior deeply egregious to the point where it goes beyond mere negligence," said Vitalik Buterin in a statement.

And the other major fault is that the IOTA team invented its own hashing algorithm, Curl. Unfortunately, inventing an attack-proof hash function is an overly difficult task, and the IOTA encryption mechanism has some known vulnerabilities.

As Neha Narula wrote for Merium,

" the IOTA developers had written their own hash function, Curl, and it produced collisions (when different inputs hash to the same output)."

This is not supposed to happen in hashing- and that is why finding the right hash function is not so easy. So IOTA is breaking some of the basic principles of good cryptography. Unfortunately, a hash function is way beyond the scope of computer wizz kids, so even Bitcoin and Ethereum rely on hash algorithms discovered by others.

"Though the technology is exciting, the due diligence required to make sound investments in the technology isn’t keeping up with the pace of the hype," wrote Narula. 

IOTA came to attention this summer, as the market price increased to above $1 for a brief period. Now, IOTA, or rather MIOTA, one million IOTA, trades for around 50 cents, pushed down by the generally negative market sentiment.

To the credit of IOTA, the company keeps improving. IOTA quickly replaced its Curl hash function with one based on a known and tested hashing algorithm, KECCAC.

And lately, the team has partnered with scientists to improve the system. The Imperial College of London will partner with the IOTA foundation to bring the IOTA protocol closer to real-world adoption. Currently, the Internet of Things is just a construct, planning for a future when physical objects and inventories would be traceable.

The involvement of IOTA with students and professors will bring distributed ledgers closer to becoming a mainstream part of technology.

"The IOTA protocol is an extremely exciting new approach to distributed ledger technology that promises huge scalability and economic improvements over traditional blockchains," said Dr Catherine Mulligan, Co-Director for Cryptocurrency Research and Engineering at Imperial.

The teams will stress-test the IOTA network to find the highest number of transactions it can process. But even with an efficient test network, in reality transactions would be slower, needing to communicate with other parts of the system to reach end users. Otherwise, the IOTA network is indeed capable of millions of transactions per second.

Despite the problems, the fast response of the IOTA team shows that the project holds enough dedication and is not swayed by the quick gains of overheated market prices. Yet we have to wait and see if IOTA becomes the technology of tomorrow.