While it's probably not the main problem with IOTA I must say that the ternary logic is probably the most amusing and baffling thing about it. This kind of hubris is something I would expect from a very junior developer without much real world experience who already thinks he's got everything figured out.
How can one rationalize starting a super ambitious cryptocurrency project and on top of that decide to reimplement their own crypto using ternary logic for some vague theoretical benefits that would only pay out if IOTA ever becomes mainstream enough (and the benefits large enough) for people to create not only dedicated chips for it but entire industrial processes to make ternary logic silicon.
It's also completely misunderstanding the current state of IoT, chips capable of doing high grade (binary) cryptography in a reasonable amount of time nowadays are worth next to nothing and their consumption is almost negligible. It's not premature optimization, it's too-little-too-late optimization.
Doing that as a fun week end project to learn about ternary? Sure. As the foundation of your multi billion dollar cryptocurrency set to revolutionize IoT? Come on.
>It's a little overwhelming seeing IOTA do all of these things so far beyond other crypto projects. Blockchain tech is already bleeding edge but then add in ternary, quantum resistance, DAG, infinite scaling, free transactions, and AI resistance... It can be a lot to soak in for the average blockchain investor. But that just means time is even more on IOTA's side as it slowly proves itself :). This coin is going to turn the crypto space upside down.
>IOTA is thinking ahead into the future but people seem to think their decision to go Ternary is "stupid" not realizing they are just that far ahead in their vision.
It also ignores the fundamental realities of CMOS: binary is more energy efficient than trinary. You can save a few transistors (and thus die area) by using trinary, but you vastly increase your power use & heat dissipation to do so. It's not even optimization!
"Cryptocurrencies are nothing except the marketing power of inventors, financiers and others who love the idea of buying a black box (which is obviously empty) for the price of a Kia and dreaming that it will turn into a Mercedes. There have been times recently when this dream has materialized within hours. This is not just a bubble. It is not just a fraud. It is perhaps the outer limit, the ultimate expression, of the ability of humans to seize upon ether and hope to ride it to the stars." - Paul Singer, Elliott Management
IOTA's tech is shitty but they've convinced enough people that it's worth something that it's now worth something. Maybe that's all a crypto needs? I was honestly expecting all of this to crash and burn back in December- but it hasn't yet. Maybe these cryptocoins really are the future.
Those Singer quotes almost killed me: "limitless ignorance of swaths of the human race". He's absolutely correct, but, deep down, secretly a little upset he did not purchase Ripple at 2 cents
I think the biggest issue here is that even though this post is well researched, most people don't care, because they haven't invested in IOTA (or any other cryptocurrency for that matter) with the intention of using the features.
The large majority is in it for the trading. Unless there are huge issues such as the network crashing, they don't care. It's just a line chart on an exchange to them. That's also why there are no repercussions for people never delivering on ICO promises.
Whether or not IOTA’s ledger is “tamper-proof,” the entire
IOTA network went down in November, and was completely
inoperable for about three days. That this has never
happened in Bitcoin or Ethereum suggests the extent to
which the IOTA network relies on the “coordinator”—a
single point of failure—and is not truly decentralized.
The network did crash when IOTA pulled its centeral authoritative 'coordinator' server offline causing all other nodes and clients to go offline.
This was during a patch from an exploit discovered by MIT researchers. IOTA later denied the flaw existed, even though they took the network offline to patch it.
Exactly this, for me, what crypto represented, when I put money in it, was a way for me to take the skills I learned trading fake video game items in runescape, and apply it to something that people would pay real money for. It's been a rather profitable venture for me but I realize that is the exception rather than the rule.
Here we go again. Iota has never been one of the coins to answer any concerns without either saying "this is planned for the future" or creating sock puppets to try and drown the thread in low quality comments.
The main thing here is that IOTA is not a _decentralized_ cryptocurrency.
Given that there are centralized cryptocurrencies in circulation, it makes more sense to compare IOTA to something like Ripple or Stellar than to compare it to Bitcoin. In that light, most of the other objections go away -- censorship resistance is not an advertised feature; double-spends are only detectable when the coordinator milestone; fungibility is only effective after a milestone, etc.
The "post-quantum" cryptography is interesting to me personally not because of the quantum aspect, but because the tractability of discrete-log based cryptography is up in the air, and a vulnerability found in a year, or ten years, could have profound impact reaching back into the past. Hash-based one-time signature schemes seem to be a much more robust approach that will not fall to the discovery of better algorithms (even non-quantum) for approaching the discrete log problem.
The notion of using a DAG is also very interesting, and one of the nice things about IOTA is that it does not try to be anything other than a currency. Alternatives such as Byteball are, in my opinion, overreaching by attempting to be some sort of global computer that has the net effect of making clients much more complex and thus vulnerable to strange forking effects if client implementations diverge too much.
Not to mention that the central consensus mechanism is completely broken.
You cannot have a trustless consensus without a mining incentive:
Quoted from my post linked below:
o) Network hashrate is the overall power of the network - in bitcoin, this is the computing power needed to generate a block.
o) Bitcoin employs a mining reward which creates a competition between miners to produce a block and claim their reward for doing so. Slower miners lose out to faster miners, but they still participate in the competition to produce a block because they stand a chance of winning occasionally.
o) This mining subsidy provides a positive incentive to miners to play by the rules, and encourages them not try to double spending, because they might as well claim the mining reward instead of trying to double spend which is often much more difficult than producing a single block.
o) The mining subsidy also encourages all miners to participate in the mining process, which gives an overall metric for total network hashing power, which you can then use to give an estimate of when it is safe to accept a transaction of a given size, as confirmed, because (on average), the block reward is equal to the electricity cost of mining that block. That means that when your transaction has been buried under enough blocks that the mining subsidy equals the transactions size, it is more or less safe to accept that transaction as confirmed.
Now, imagine the situation with no mining reward.
o) Instead of participating in a competition to win the block reward, miners have no positive incentive to participate anymore. They now are left with the negative incentive to try and double spend.
o) Since these miners are not contributing their hashing power to the network anymore, the overall hashrate of the network in unmeasurable, since these miners are quite likely to leave their ASICs in sleep mode until they want to double spend
o) With the network hash rate unmeasurable, there is no way to put an estimate on when it is safe to accept a transaction as confirmed.
When there is no way to estimate when it is safe to accept a transaction as confirmed, that currency is now useless because any transaction can potentially be reversed.
This is why both byteball and iota use trusted third parties to secure the network, but at that point, you might as well be using VISA.
> You cannot have a trustless consensus without a mining incentive
This is not true, Proof-of-stake creates a suitable incentive to verify transactions and maintain the network. It's a legitimate alternative to proof-of-work.
> both byteball and iota use trusted third parties to secure the network
and Byteball looks more secure than IOTA you can have several witnesses that can bee different entities and you have to conclude more than half to change consensus state.
What do smart people think about NANO (Formerly Raiblocks)? It also uses a DAG scheme and has fast transactions with no fees, and it's already decentralized.
Important to note is that Nano isn't really a DAG, but rather a block lattice - essentially every account has it's own chain of transactions that are verified by nodes. Additionally, each transaction is actually two, a 'send' and a 'receive', each mentioning the other address, amount, and preceding block to prevent double sends/receives. The only problem in this article shared with Nano is the ability to spam the network, but there is a small PoW associated with each transaction to slow this down.
I want to critique one particular point made in this article, becuase it’s incorrect:
> IOTA uses cryptography that cannot be broken by quantum computers. The use of such cryptography, specifically Winternitz signatures, leaves IOTA users vulnerable to loss of funds if they ever reuse an address. This attack that has already been seen in practice, with one user reportedly losing $30,000 USD worth of IOTA.
As quantum computers large enough to threaten existing cryptosystems do not exist and may not exist for many decades, this use of post quantum cryptography comes with no tangible benefit.
“No tangible benefit” is a gross overstatement and simplification. I wholeheartedly agree that 1) novel cryptography should not be adopted before it has been well-studied, and 2) threat models for motivating novel cryptography should be rational and pass a cost-benefit analysis. However, if and when quantum computers can practically break classical cryptosystems, they will be able to do against everything cryptography is used to secure today, not just going forwards. This is a stonger argument for encryption and confidentiality, but it nevertheless also applies to signatures and authentication. As a tangential point: while they aren’t perfect (in terms of efficiency), Winternitz signatures are very well studied. Given what’s available, it’s not a bad choice.
I think a lot of IOTA’s specification is pretty suspect, especially since it does utilize novel cryptography without an apparent track record or notable expertise among its team. But I also absolutely believe new cryptocurrencies and blockchain projects should be preparing for quantum computation now, if it’s possible. More pertinently, I don’t agree with the way this point was presented, because it can be interpreted as the claim that post-quantum cryptography is a useful heuristic in determining if a project has “issues”. In reality all cryptography should be suspect, and the use of post-quantum cryptography should not be dismissed immediately as a waste. With IOTA in particular, I’m weakly on the side that they shouldn’t have bothered with Winternitz signatures. But in general, I’m happy to see any project at least giving it serious consideration.
Don't you think IOTA is trying to do too much at the same time? Maybe I'm underestimating the risk but it seems like practical quantum computer attacks are still a few decades away, maybe it would make more sense to focus on getting the rest of IOTA to work and plan to switch to different cryptographic algorithms later once things have settled a bit.
If I get this right IOTA is trying to:
* Move away from PoW
* Have a cryptocurrency that scales well to a very high transaction frequency
* Implement quantum-resistant cryptography
* Use ternary logic to theoretically minimize power consumption
I am somewhat of a layman in regards to the math of cryptography but could you solve this by using Winternitz signatures first then something like chacha?
When we post things like this, can we at least put a summary of what this thing is about? For those not already familiar with IOTA, there is nothing in the first paragraphs of the article that actually explains what it is and why I should care.
1.1 is a weird way of presenting that issue. Its discussed in length with explanations of why it exists now, and how they plan to remove it. It's not something required for the technology, just in its infancy.
The vast majority of entities currently trading IOTA are humans. The designers have claimed that it is somehow designed for IoT devices, but no such application currently exists, and it is unclear how their design is supposed to enable such a usage.
A mesh network that requires YOU to be online to receive funds. Also you must have funds to open a channel. So in order to receive funds you must have funds already.
It seems like a really big step backwards in big big scheme of things bitcoin. All of the above problems can be solved by increasing the block size. I'm not saying it's the definitive solution... but right now it is a better solution.
[+] [-] simias|8 years ago|reply
How can one rationalize starting a super ambitious cryptocurrency project and on top of that decide to reimplement their own crypto using ternary logic for some vague theoretical benefits that would only pay out if IOTA ever becomes mainstream enough (and the benefits large enough) for people to create not only dedicated chips for it but entire industrial processes to make ternary logic silicon.
It's also completely misunderstanding the current state of IoT, chips capable of doing high grade (binary) cryptography in a reasonable amount of time nowadays are worth next to nothing and their consumption is almost negligible. It's not premature optimization, it's too-little-too-late optimization.
Doing that as a fun week end project to learn about ternary? Sure. As the foundation of your multi billion dollar cryptocurrency set to revolutionize IoT? Come on.
[+] [-] throwawaylolx|8 years ago|reply
The two most voted comments are as follows:
>It's a little overwhelming seeing IOTA do all of these things so far beyond other crypto projects. Blockchain tech is already bleeding edge but then add in ternary, quantum resistance, DAG, infinite scaling, free transactions, and AI resistance... It can be a lot to soak in for the average blockchain investor. But that just means time is even more on IOTA's side as it slowly proves itself :). This coin is going to turn the crypto space upside down.
>IOTA is thinking ahead into the future but people seem to think their decision to go Ternary is "stupid" not realizing they are just that far ahead in their vision.
[+] [-] SAI_Peregrinus|8 years ago|reply
[+] [-] fathomit|8 years ago|reply
[+] [-] matthewbauer|8 years ago|reply
"Cryptocurrencies are nothing except the marketing power of inventors, financiers and others who love the idea of buying a black box (which is obviously empty) for the price of a Kia and dreaming that it will turn into a Mercedes. There have been times recently when this dream has materialized within hours. This is not just a bubble. It is not just a fraud. It is perhaps the outer limit, the ultimate expression, of the ability of humans to seize upon ether and hope to ride it to the stars." - Paul Singer, Elliott Management
IOTA's tech is shitty but they've convinced enough people that it's worth something that it's now worth something. Maybe that's all a crypto needs? I was honestly expecting all of this to crash and burn back in December- but it hasn't yet. Maybe these cryptocoins really are the future.
[+] [-] aje403|8 years ago|reply
[+] [-] MatekCopatek|8 years ago|reply
The large majority is in it for the trading. Unless there are huge issues such as the network crashing, they don't care. It's just a line chart on an exchange to them. That's also why there are no repercussions for people never delivering on ICO promises.
It kinda scares me.
[+] [-] nosuchthing|8 years ago|reply
This was during a patch from an exploit discovered by MIT researchers. IOTA later denied the flaw existed, even though they took the network offline to patch it.
https://www.media.mit.edu/posts/iota-response/
[+] [-] SimbaOnSteroids|8 years ago|reply
[+] [-] davidgerard|8 years ago|reply
When the network literally didn't work, the price went up.
(Because the "price" is a thing that happens inside individual exchanges, not on the public blockchain/tangle/whatever.)
[+] [-] lambdas|8 years ago|reply
[+] [-] enthd|8 years ago|reply
[+] [-] thisisit|8 years ago|reply
[+] [-] lowbloodsugar|8 years ago|reply
[+] [-] tim333|8 years ago|reply
[+] [-] izelkay|8 years ago|reply
[+] [-] andrewla|8 years ago|reply
Given that there are centralized cryptocurrencies in circulation, it makes more sense to compare IOTA to something like Ripple or Stellar than to compare it to Bitcoin. In that light, most of the other objections go away -- censorship resistance is not an advertised feature; double-spends are only detectable when the coordinator milestone; fungibility is only effective after a milestone, etc.
The "post-quantum" cryptography is interesting to me personally not because of the quantum aspect, but because the tractability of discrete-log based cryptography is up in the air, and a vulnerability found in a year, or ten years, could have profound impact reaching back into the past. Hash-based one-time signature schemes seem to be a much more robust approach that will not fall to the discovery of better algorithms (even non-quantum) for approaching the discrete log problem.
The notion of using a DAG is also very interesting, and one of the nice things about IOTA is that it does not try to be anything other than a currency. Alternatives such as Byteball are, in my opinion, overreaching by attempting to be some sort of global computer that has the net effect of making clients much more complex and thus vulnerable to strange forking effects if client implementations diverge too much.
[+] [-] veeti|8 years ago|reply
> Scalable, Decentralized, Modular, No Fees
[+] [-] wildbunny|8 years ago|reply
You cannot have a trustless consensus without a mining incentive:
Quoted from my post linked below:
o) Network hashrate is the overall power of the network - in bitcoin, this is the computing power needed to generate a block.
o) Bitcoin employs a mining reward which creates a competition between miners to produce a block and claim their reward for doing so. Slower miners lose out to faster miners, but they still participate in the competition to produce a block because they stand a chance of winning occasionally.
o) This mining subsidy provides a positive incentive to miners to play by the rules, and encourages them not try to double spending, because they might as well claim the mining reward instead of trying to double spend which is often much more difficult than producing a single block.
o) The mining subsidy also encourages all miners to participate in the mining process, which gives an overall metric for total network hashing power, which you can then use to give an estimate of when it is safe to accept a transaction of a given size, as confirmed, because (on average), the block reward is equal to the electricity cost of mining that block. That means that when your transaction has been buried under enough blocks that the mining subsidy equals the transactions size, it is more or less safe to accept that transaction as confirmed.
Now, imagine the situation with no mining reward.
o) Instead of participating in a competition to win the block reward, miners have no positive incentive to participate anymore. They now are left with the negative incentive to try and double spend.
o) Since these miners are not contributing their hashing power to the network anymore, the overall hashrate of the network in unmeasurable, since these miners are quite likely to leave their ASICs in sleep mode until they want to double spend
o) With the network hash rate unmeasurable, there is no way to put an estimate on when it is safe to accept a transaction as confirmed.
When there is no way to estimate when it is safe to accept a transaction as confirmed, that currency is now useless because any transaction can potentially be reversed.
This is why both byteball and iota use trusted third parties to secure the network, but at that point, you might as well be using VISA.
https://bitcointalk.org/index.php?topic=1799665.msg20108439#...
[+] [-] wyldfire|8 years ago|reply
This is not true, Proof-of-stake creates a suitable incentive to verify transactions and maintain the network. It's a legitimate alternative to proof-of-work.
[+] [-] elmar|8 years ago|reply
and Byteball looks more secure than IOTA you can have several witnesses that can bee different entities and you have to conclude more than half to change consensus state.
[+] [-] aje403|8 years ago|reply
It is a scam
[+] [-] cdiddy2|8 years ago|reply
[+] [-] rthomas6|8 years ago|reply
[+] [-] rileyphone|8 years ago|reply
[+] [-] dsacco|8 years ago|reply
> IOTA uses cryptography that cannot be broken by quantum computers. The use of such cryptography, specifically Winternitz signatures, leaves IOTA users vulnerable to loss of funds if they ever reuse an address. This attack that has already been seen in practice, with one user reportedly losing $30,000 USD worth of IOTA.
As quantum computers large enough to threaten existing cryptosystems do not exist and may not exist for many decades, this use of post quantum cryptography comes with no tangible benefit.
“No tangible benefit” is a gross overstatement and simplification. I wholeheartedly agree that 1) novel cryptography should not be adopted before it has been well-studied, and 2) threat models for motivating novel cryptography should be rational and pass a cost-benefit analysis. However, if and when quantum computers can practically break classical cryptosystems, they will be able to do against everything cryptography is used to secure today, not just going forwards. This is a stonger argument for encryption and confidentiality, but it nevertheless also applies to signatures and authentication. As a tangential point: while they aren’t perfect (in terms of efficiency), Winternitz signatures are very well studied. Given what’s available, it’s not a bad choice.
I think a lot of IOTA’s specification is pretty suspect, especially since it does utilize novel cryptography without an apparent track record or notable expertise among its team. But I also absolutely believe new cryptocurrencies and blockchain projects should be preparing for quantum computation now, if it’s possible. More pertinently, I don’t agree with the way this point was presented, because it can be interpreted as the claim that post-quantum cryptography is a useful heuristic in determining if a project has “issues”. In reality all cryptography should be suspect, and the use of post-quantum cryptography should not be dismissed immediately as a waste. With IOTA in particular, I’m weakly on the side that they shouldn’t have bothered with Winternitz signatures. But in general, I’m happy to see any project at least giving it serious consideration.
[+] [-] simias|8 years ago|reply
If I get this right IOTA is trying to:
* Move away from PoW
* Have a cryptocurrency that scales well to a very high transaction frequency
* Implement quantum-resistant cryptography
* Use ternary logic to theoretically minimize power consumption
That's a lot for a single project I think.
[+] [-] solotronics|8 years ago|reply
[+] [-] rodarmor|8 years ago|reply
[deleted]
[+] [-] aars|8 years ago|reply
"since The Coordinator is the current the arbiter of truth in the IOTA system"
"Similarly, transaction outputs that appear in a snapshot [6] are more valuable than those that have."
And a couple more like these.
[+] [-] rodarmor|8 years ago|reply
[deleted]
[+] [-] hn_throwaway_99|8 years ago|reply
[+] [-] momentmaker|8 years ago|reply
[+] [-] whataretensors|8 years ago|reply
Despite the negativity here I think iota will likely become production ready too, but the timeline will be longer.
[+] [-] bengale|8 years ago|reply
[+] [-] tree_of_item|8 years ago|reply
[+] [-] fathomit|8 years ago|reply
[+] [-] coinerone|8 years ago|reply
[+] [-] duskwuff|8 years ago|reply
[+] [-] granaldo|8 years ago|reply
[+] [-] tobiaswk|8 years ago|reply
It seems like a really big step backwards in big big scheme of things bitcoin. All of the above problems can be solved by increasing the block size. I'm not saying it's the definitive solution... but right now it is a better solution.
A good talk about really big blocks on bitcoin and what the ramifications are; https://www.youtube.com/watch?v=5SJm2ep3X_M
[+] [-] mulkbug|8 years ago|reply
[deleted]
[+] [-] onion-soup|8 years ago|reply
[deleted]