The Tangle is safe. A Commentary

The Tangle is safe. A Commentary

Preamble

This is my personal opinion, my personal blog and my personal intention to stop misinformation. Cryptoland has the habit of using every piece of information in their best interest. If you read opinions about some technological flaws and a sudden conclusion, be aware that it has been written for a reason and a purpose.
The only way to obtain an objective PoV on these things is to join slack and watch conversations and questions like the following with your own eyes.

IOTA started as a “camouflaged” project, many people argue. While this is not true (press) lot’s of people claim we have a manipulated market, a too high price and therefore many people that would like to see a lower price.
It’s just a wrong assessment because they ignore the last 3-4 years of development, of public relations, of legit companies collaborating with IOTA, a great vision, a fantastic demonstration of the scalability while stress testing the Tangle and a huge ecosystem around it. People that are claiming the latter, are denying the efforts of dozens of people over a timespan of a few years.

Read about everything and come to your own conclusion. Everything else is trivial, pointless banter of investors, doing their job.

Cryptoland-Investors don’t have judgment, they have intent.
I suggest you assess the intentions of all articles, that will come out in the next 72 hours, which are written in layman’s terms because this can’t be broken down to a few simple arguments. 


Commentary

With the Bitfinex listing of IOTA and a “sudden” positioning on #6 on Coinmarketcap.com, thousands of new people were flying into the ecosystem IOTA, asking questions and discussing the tech on every level.

Slack and Reddit have been overrun.

While it is true that IOTAs concept is not easy to comprehend in the beginning, it’s untrue, that IOTA has a vulnerability that was mentioned in a few Reddit threads.

Information of this magnitude is spreading like a wildfire, especially in cryptoland, where investors take every little piece to improve their position and to react as fast as possible.

Naturally, people with an interest in lowering the price via fear, uncertainty and doubt, FUD, to rebuy at a lower point, are already spreading their hypothesis everywhere.

As a logical result, some people already used these claims in a wrong context.

So in order to prevent this wildfire to prevail, I wrote a small summary of what has happened in Slack and how the developers addressed their solutions.

Still: It’s good and important to have solid criticism from everyone like this, and IOTA and the founders are doing good in answering all questions concerning this not too easy to understand technology.

The origin of these statements that “IOTA is vulnerable to attacks” is summarized here:

 

Concerns that MUST be addressed. from Iota

The real discussion didn’t take place on Reddit, though, but in the official IOTA slack in the #tanglemath channel.

As a sidenote: The discussed (presumably impossible) attack cannot be performed right now anyway, because the coordinator, a node that sets the milestones, is preventing anyone from attacking the tangle.
And I’d like to add here, that this is all in accordance with the roadmap to give the tangle a good start. The coordinator will be shut off in July (or when the tangle overcomes its infancy status, to prevent a 34% attack).
So no, IOTA is not a centralized ledger.

To be able to make up your own mind, you have to read the full conversation of ~80 pages.

PDF of the insightful discussion: unfiltered_convo_tangle_security_june_17

Also, the scenario was discussed “under certain conditions”. The certain conditions demand a thorough understanding of math, computational engineering, cryptography and the way the Tangle works.

The dense, hard to comprehend dialogue, had problems to get off the ground, because the definition of a global mesh-net, the availability of a supercomputer and the purpose of the attack were unclear and needed adjustment, that took over an hour time before the actual attack was more or less discussed.

These two sides were addressing their points and it wasn’t always easy to follow this constructive meant dialogue but it turned out good and will continue to do so.

David Sønstebø (Founder of IOTA, Jinnlabs), Come-from-beyond (Founder, Lead Dev of the Tangle), Dr. Popov (Founder, mathematician, and brain behind the Tangle),  Sunny Aggarwal (Berkeley Student) and Micah Zoltuh (Computer Engineer), as well as a few other developers, were discussing several specific points on the agenda: “Is a malicious person/group able to perform an attack on the tip selection algorithm, because it is possible to direct proof of work on certain tips, to pursue a double spend or to slow it down.”

The questions/statements that were derived out of this conversation are written in the Reddit post above. Again, I suggest you read the actual conversation in the given PDF.

Summary

CFB addressed the Reddit statements in a short manner (delivered by Winston because CFB is not on Reddit)

“Thanks for the questions.”

Q                      Potential for tangle orphaning as a result of tip selection, particularly by way of maliciously increased own weight.

 A                     “This is not possible since own weight is always 1. (See white paper)”

The potential necessity for fee market resulting from above concern.

  “Concern #1 is invalid, and therefore concern #2 does not apply.”

Potential for attacks during periods of low transaction volume. Potential for attack by abandoning Monte Carlo Markov Chain tip selection, and/or maliciously selecting tips.

“The tip selection algorithm doesn’t affect transactions with passed adaptation period. Before that period is over, a merchant may refuse to accept a payment (as we see now with some merchants refusing to accept Bitcoin payments with less than 3 confirmations).”

An incentive for network attacks resulting from the disparity between the growth rate of PoW and growth of network value. (Linear vs O(n2 ))

“To do a sudden 34% attack, the adversary must be omnipresent (impossible in real IoT network, impossible in our current network because it mimics IoT with mutual tethering). We assume the normal operational mode of IOTA where bandwidth is utilized at near 100% (even 90% is very improbable, bandwidth is always scarce). So, the sudden attack will affect only edge nodes which may stop being operational. In practice, the owners of the affected edge nodes will just reset them and re-adjust their blacklist table to filter out the adversary.”

“NOTE: A non-sudden “attack” is not an attack. Those transactions will be absorbed by tangle like legitimate transactions, and help to improve throughput and time to finality.”

The general weakness of Iota PoW algorithm.

“Does not apply.”


CFB added:

“Other news to report: Someone attempted a 300% attack on main net yesterday. The Tangle easily absorbed it within a few minutes and we got a nice increase in network functionality while those transactions percolated through the Tangle.

Here’s to hoping that an attacker is kind enough to hit us with a bigger attempt tomorrow so that we don’t have to pay for our 1,000 cTPS stress-test.”


 

My conclusion

The discussion was an interesting and insightful dialogue about the intrinsic functionalities and security measurements of the Tangle, although not always easy to understand. Why would I jump to conclusions then? Why would you?

It turned out, that neither under the present conditions nor under future conditions such an attack is feasible according to the devs.
The “attacker-side” didn’t present a way for an attack and furthermore, they had zero proof.

So, if anyone is losing his mind right now. Stay calm, everything is fine 🙂

If you have more issues and questions, feel free to join slack and engage a constructive discussion, which is always welcomed.

Limo

 

 

 

3 Replies to “The Tangle is safe. A Commentary”

  1. Great summary of a long discussion, I join The Tangler encouraging anybody interested to read it. I am not yet sure the issue has been completely covered / closed in the June 14-15 conversation. The whole supercomputer thing was not necessary (any computer would do) and paved the way to sentences like “come back when you have a supercomputer”; the connectivity issue was widely misunderstood: nobody can deny that the Tangle will have multiple broadband connections to the Internet (all that time spent talking about a worldwide meshnet, what a waste of energy!), which makes it actually possible to flood the Tangle with a massive amount of pre-built Txs which could be supporting one or more malicious ones. Nobody actually made the point about whether or not in IOTA there is (or will be) a mechanism to actually check the correctness of a Tx from a semantic point of view (do I have those MIotas I am spending?). Neither was addressed another fundamental issue: who and how checks that an IoT device generates correct data? If I have a malicious temperature sensor feeding the Tangle with fake data, this seems to be a problem completely external to the Tangle, which may only guarantee that that piece of info came to the network as it is, and it was never modified. A whole new category of problems that an IoT-dedicated architecture cannot ignore… anyway we are still in the phase of technical development and settlement, so there will be time to address all those issues. A little curiosity about Txs verifications and attacks still remains though…

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisment ad adsense adlogger