Why I find Iota deeply alarming
When I first learned about Iota, at Hack The Valley in January, my initial interest was quickly tempered by scepticism when I learned about some of its basic design choices — which we’ll get into in a moment — and I largely ignored it as a hobbyist project writ large.
Its continuing popularity, and recent news surrounding its choice of hash function has caused me to think more deeply about why I find Iota alarming, and why that should matter.
My motivation here is to highlight what I see as critical technical and social issues with Iota, which I consistently see downplayed and ignored by many. I have no financial stake in the success or failure of Iota; if it seems that I have animus against it, it’s purely because I believe good systems should succeed, and bad systems should fail, in each case on their own merits. In the interests of full disclosure, I am a core developer of Ethereum.
Iota shows a lack of good technical judgement
One of the first things you learn on investigating Iota further is that it uses balanced ternary, a numeral system with 3 digits, -1, 0 and 1. The authors have various arguments as to why they made this decision, but they come down to two main ones:
- Ternary processors are theoretically more efficient than binary processors.
- Certain mathematical constructs are more cleanly represented in balanced ternary.
Unfortunately, neither of these are relevant in a practical system. Iota is by necessity built to run on existing hardware, which is exclusively binary, as are the communication networks it uses. As a result, all of its internal ternary notation has to be encapsulated in binary, resulting in significant storage and computational overhead. Math must either be performed on individual ‘trits’ or first converted from binary-wrapped-ternary encoding into the machine’s native number representation, and back again afterwards — in either case imposing a large computational overhead.
Likewise, the theoretical benefits of a balanced ternary notation, such as not needing a sign bit, are more than outweighed by the practical disadvantages, since every processor Iota will run on is already equipped to perform math on twos-complement numbers, but requires software emulation to operate on balanced ternary.
This combination of not invented here syndrome and the Dunning-Kruger effect has led to a situation where the authors of Iota have decided that their affection for the tidyness of balanced ternary must outweigh all practical considerations in system design, and leads to a system that is needlessly complex.
Iota disregards cryptographic best-practices
Iota’s novel choice of numeral system also requires them to reinvent basic operations such as cryptographic hashing. This violates rule 1 of cryptography: don’t roll your own crypto. The predictable result of this has already been demonstrated, with a team led by Neha Narula demonstrating a number of significant vulnerabilities in Iota’s hash function, Curl.
IOTA’s authors argue that these flaws are not material to Curl’s use in Iota, and that collision resistance is not required, only preimage resistance. Personally, I don’t find this persuasive; cryptographic attacks always get better, never worse, and the first collision attacks against MD5 and SHA1 were what prompted the cryptographic community to start moving off those functions, even for applications where only preimage resistance is required.
Source/More: Why I find Iota deeply alarming – Hacker Noon