Category: Background

Is a doublespending attack possible with IOTA?

Is a doublespending attack possible with IOTA?

The “inner circle” of IOTAs community and me had a few discussions about this sensitive topic.
A lot of FUD’sters are using everything they can get and frankly, it’s not like we are caring too much about the price, but about the collateral damage that can be done by word of mouth marketing into the wrong direction.

I came to the conclusion, that I personally don’t like to see misinformation, although the long-term success of IOTA won’t be harmed anyway.

Still: too many people read the wrong things, and come to the wrong conclusion, following the questions:

Is there a doublespending threat in IOTA?

Is it true that a single GPU can outperform the overall hash power to carry out a doublespending at will?

This wrong assumption states that the technology IOTA can be manipulated to the benefit of a single person or a maliciously acting hacker group.

People eventually come to the question: Is IOTA safe to use?

We get to that answer.

First of all, let me ask you a question:

 

Is there any currency, asset, system, good, piece material on earth that can’t be misused or manipulated in any way?

Let’s not look at a baseball bat or a frying pan but at a few currencies.

We live in a world, where the global economy relies on the decision of the Federal Reserve, not to alter the key interest rate to their benefit, otherwise, the consequences can be harmful to everyone on the planet.

Same applies to the European central bank, The People’s Bank of China, the Bank of Russia and a few more.

Central coordinated institutes, that literally print money as they like, and change the key characteristics of its value.

A horror for blockchain and distributed ledger believers.

I’m not even referring to the possibilities of fraud and scam for third-parties that are not under the direct protection of these central institutes because a bank robbery can happen everywhere, anytime and no one can prevent that from happening again in the future.

Statistically spoken, it’s pretty sure that even today, somewhere on earth, a bank will be targeted.

Fiat money, on top of that, can be copied and counterfeit money can be found in every single city.

That also applies to the biggest Blockchains like Bitcoin, Ethereum, Litecoin etc.

Doublespending in Bitcoin

The Consensus-model in Bitcoin relies on synchronicity, mining, and the block validation by the nodes in the network.

Theoretically a great and secure system.

But if attackers would get control over 51% of the hash-rate (majority attack), delivered by miners (image above), they can doublespend as they like, because:

 

“Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage.

No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could potentially make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in.

Bitcoin’s security model relies on no single coalition of miners controlling 
more than half the mining power. A miner with more than 50% hash power is incentivized to reduce their mining power and reframe from attacking in order for their mining equipment and bitcoin income to retain its value.” (Bitcoin Wiki)

 

That means if a person would able to compromise these 5 mining-farms: AntPool, BTC.TOP, Bixin, BTCC Pool, F2Pool, it could generate blocks and validate them with an equivalent number of nodes.

Until then, the honest miners are urged to change the mining pool if the hash rate is too big. We entrust them with this decision, but the reality is that no one can be stopped from building the biggest mining-farm and take over if he has the resources.

I don’t say it’s easy, I just say it is possible. Yet, no one freaks out or hinders Bitcoin from rising in value.

Critical voices, however, are increasing, because this “centralization” is not in accordance with Satoshi Nakamoto’s idea of a decentralized system.

In my opinion, mining acts as a Damocles’s sword, because the incentive to earn money for the security won’t work forever, especially when the scaling issues increase even more. Let alone the transaction fees.

But at this point, I won’t talk about the other big problems like scalability due to rising difficulty and block-size, but let’s keep that in mind.

To sum up: there is no 100% guarantee that money can’t be lost, and there is no 100% secure system.

Before I make a statement about IOTA, let’s look at the basics.

IOTA

IOTA as a DLT also relies on synchronicity, proof of work for confirming transactions, a peer to peer, fully decentralized (later also distributed) network.

It’s targeting the Internet of Things, that has a few relevant differences in terms of network topology compared to the Internet. The former has mesh-net capabilities, that inherits some natural connection barriers and lots of different connection types.

These connections (image below) can be Bluetooth, Radio, GPS connection, 5G, TCP, FTP, HTTP, or even carrier-pidgeons with WLAN-repeater if that benefits the mesh-network.

Built on a directed acyclic graph, the Tangle,  IOTA has a few more differences to Blockchains and their field of application.

There is no mining, no difficulty, no blocks, no permanent hash-rate, no decoupled consensus.

Consensus lies solely at the users, that have to approve 2 other transactions before they can send one.

To set up a node, the system demand that you look for neighbor nodes via mutual tethering.

People that see the advantage of setting up a full node, instead of using a light node, are therefore bound to mutual tethering. They manually have to look for neighbors IP’s in order to become a part of the network.

Usually, people use the #nodesharing channel in the slack for mutual tethering.

Doublespending in IOTA

A doublespend is a successful attempt in winning the race (time) in confirming a transaction that uses the same balance that was promised to the original receiver but will be also sent to a second receiver to scam the former one.

While doing so, you pretend to complete a transaction, and it shows as confirmed in your wallet, but with time and the race about getting more weight, the transaction becomes invalid, in favor of the second transaction you did simultaneously.

That means, you could trade and receive the equivalent in value for your iotas of that doublespend transaction, but after a short time, you possess both: your own funds back plus the traded asset of your business partner.

This would also mean: IOTA doesn’t work, people never had 100% guarantee that they are in possession of their funds or of the traded assets they gave for iotas.

And as a result: IOTA would certainly fall in value, people and companies would lose trust and in the end, IOTA certainly would suffer from a lasting destroyed reputation.

This attack could be used in the common markets, to short IOTA and to perform a big doublespending, to make a big profit from the reaction of the markets.

A successful FUD attack. Is that so easy like a few self-claimed experts postulated?

No. Here is why:

What conditions have to be set up to attempt a successful doublespending?

  • Getting an “omnipresence in the tangle with “bad” nodes, formed as a sub tangle (or parasite chain).
    Your transactions need to be confirmed/referenced by these other nodes. The gained weight competes with the (older) weight in the main net.
  • At some point, this parasitic chain needs to be synchronized back with the main tangle to approve their confirmation.
  • Therefore, your transactions need more weight than transactions of already confirmed transactions in the main tangle.
    This attack needs to be conducted very fast. 

How can you achieve these conditions?

  • Mutual tethering: For this purposes, it can only work when you own a full node and you need to find a substantial number of neighbors manually per mutual tethering.
    Becoming an omnipresence with mutual tethering is almost impossible.
  • In coordinator times: get control over the coordinator.
    Is that possible? No. Except you are David Copperfield. It’s as realistic as finding an entry to Fort Knox. We know there is a way, but we don’t know where.
    If we leave out a few logical barriers and you would get control, the coordinator could be shut off in a second. Another node would act as the coordinator then, as long as we don’t have the Monte Carlo Random Walk algorithm integrated.
  • You have to find the transaction that you want to doublespend in time (before it is confirmed by the main net if you are looking for a specific one)
    Even with the tangle-explorer, you would need to execute your attempt in a matter of seconds before it gets confirmed.
    Since IOTA is getting faster, the more users are using it, the confirmation-timings of a few minutes as of today, are decreasing even more
  • You have to deal with the network topology (Mesh-network)
    A successful attack of any kind needs to overcome the natural barriers of different connections and connection types.
    That leads to an unknown variable, you cannot calculate your variable t as long as you don’t know every connection, latency, delay, and bandwidth.
    Since time is of the essence in a race attack, you have a factor x in your attack vector.
  • To increase the weight of your transaction, you need to perform proof of work.
    Even if you have hundreds of GPU’s, it takes time and costs money. PoW while trying to win a (time-sensitive) weight race it not the best condition from the beginning.

To get a deeper understanding of a double-spending attack:


Please read Winstons comment about that:

 

In blockchains, as we all know, the most well-known attack vector is the “51% attack”. Research has been done in the years since that theoretical attack was postulated, and it was actually found that it would only take 34% of network hashing power to carry out the attack. So right off the bat, there is a fundamental public misunderstanding of this attack vector (people think that it requires having the majority of the network hash rate when it actually only requires 34% of it). But the exact percentage is semantics anyway – let’s move to how this attack applies to IOTA.

As you continue in this article, you’ll notice that “34% attack” is not actually “34%* attack”.

The most crucial first step to understanding all of this is that IOTA mesh net topology. This differs greatly from all other blockchain protocols. Mutual tethering and the future of IoT connectivity are the factors that make IOTA a mesh net, which has some very implications for network security, the most important of which is how this topology strengthens network resiliency against the 34%* attack.

IOTA mesh net: Each full node only sees one tiny part of the Tangle – through their handful of neighbors. No one has a list of all IPs of all nodes.

Now, let’s address the 34%* attack in IOTA. Because blockchains are not in mesh nets, the 34% attack in blockchains just means that if you get enough hash power, you can successfully conduct the attack. Percentage of network hash rate is the only variable in the block chain 34% attack. However, in IOTA, there are THREE variables required for this attack.

1. X percentage of network hash rate
A sufficiently large portion of the network hashing rate (“X%” [any number]. We’ll establish the multivariate “gradient” concept later in this writeup): Just like in Bitcoin, the attacker would have to achieve a certain very large amount of network hashing power in order to overtake the network. But this is NOT the only variable in IOTA as you can see. There also isn’t an “all or nothing” network takeover in IOTA. This idea probably requires an entire article in and of itself, but suffice to say that 34%* attacks only take down layers of the Tangle, requiring an exponentially stronger 3 variable attack to propagate deeper and deeper into the Tangle.

2. Omnipresence
Seeing the entire network topology at once. “Having an overview of the network
To deploy attack resources properly and efficiently, an attack would need to get a broad overview of every full node connection in the Tangle. This is obviously impossible since every connection is kept private, and no entity is able to map the network.

3. Y percentage of omnipotence
Being paired with a certain % of all full nodes in the network.
Neighboring with a sufficiently large portion of the network (Y% omnipotence): The attacker must be able to push their massive amount of hashing power (X% of the network’s hash power) through the tangle _suddenly_ (a non-sudden attack is not an attack, so suddenness *is a sub-category of this 3rd requirement).

For example: An attacker needs X% of network hashing rate and is paired with Y% of all neighbors in the Tangle. It would greatly help to be able to have an overview of every connection in the network in order to optimize the attacker’s attack propagation, but this is impossible so it can be ignored henceforth.

Let’s say that X = 25% and Y = 15%: The attacker would bring down a small number of “edge nodes” (the nodes that the attacker is connected to). This is where the “gradient” concept comes into play. The combination of X and Y will determine what percentage of edge nodes are taken down in the attack, and thus the effectiveness of the attack. X can be 99%, but without sufficient Y, the attack can only bring down a very small percentage of edge nodes (around Y%!). The edge nodes and nodes surrounding some of those edge nodes would be overwhelmed with the attack and restart or just blacklist the attacker so that their nodes can become functional again. The low latency nature of a mesh net means that there is a gradient of attack that depends on X and Y.

Now let’s say that the attacker wants to propagate their attack deeper into the Tangle. X = 40% and Y = 20%: The attacker would bring down many more edge nodes and be able to propagate the attack deeper than the attacker in the first example above. The bigger/better the X & Y combination, the deeper the attacker can propagate the attack into the Tangle. This would theoretically require exponential increases in both hash power AND neighbor finding & maintenance to make marginal increases in Tangle attack depth, making the Tangle orders of magnitude more resilient to such attacks than the non-mesh net topology block chains.


What about accidental doublespendings, performed by users of the GUI?

The latest release 2.3.1 has a doublespending warning implemented, to warn users of the GUI not to spend the same value again:

Conclusion

 

People claim that IOTA is unsafe because there is a theoretical threat of a doublespend.

There is also a theoretical threat with Fiat money, with Bitcoin, Ethereum and every other asset in the world.

There is even a theoretical threat of getting killed by an asteroid in 25 minutes.

No system is 100% safe. “100% safe” is almost nothing in the scientific world, most of the time it’s about significance.
And IOTA is significantly safer than FIAT currency, and also significantly safer than blockchains, once the network is big enough to provide the Monte Carlo Random work tip selection.

Until then, the coordinator protects the network from 34% attacks.

To perform a successful majority attack, one had to overcome the impossibility of becoming an omnipresence in the tangle, per mutual tethering.

He also had to outperform the hash rate of the network, he had to win the weight race against the confirmations of the main network and he had to find a suitable transaction for a doublespending before it confirms.

The mesh-net characteristics would hinder him from getting access to every part of the network and furthermore, would increase his latency.

All these efforts for a system, that supports micro-transactions.

So if people want to send big amounts of money, they should use many small transactions instead of a big one.

Unlike Blockchains, with IOTA, this is possible.

 

I conclude that there is a tiny, statistically insignificant chance of falling prey to a doublespend.

In reality, there is none considering that it’s almost impossible to arrange the needed conditions.

 

I suspect that Blockchains have a bigger problem than IOTA once the miners have full control over a chain.

Up to this point, nobody was successful in attacking the tangle, in fact, the CTPS (confirmed transaction per second) were increased as an attacker tried to slow the network down in mid-June.

Thanks Winston, for your insights!

If you find an attack vector, please talk to the IOTA foundation and try to prove your point, otherwise be careful with FUD-connected claims: They are mostly wrong and aim for moving the price.

 

 

Have a nice week,

Limo


 

 

 

 

 

Pictures:
miners: https://bitcoinworldwide.com/mining/pools/
mesh-network: http://thembsgroup.co.uk
doublespend warnings: https://blog.iota.org/gui-wallet-release-v2-3-1-f84d1160845d
featured image: https://www.tcmworld.org/testimonial-fork-in-the-road/

 

The incentive to run a full node for IOTA and to perform PoW without monetary compensation

The incentive to run a full node for IOTA and to perform PoW without monetary compensation

Lately, a lot of voices came up that expressed skepticism.

“IOTA will not work because there is no incentive to run a full node nor an incentive to provide hash power for a secured distributed ledger.
That leads to a low overall hash power and lots of opportunities to attack the Tangle.”
-some people say.

Is that true?

While this is a valid question to ask, my answer is no.

Let me talk about this incentive first.

Homo oeconomicus

Humans are often described as economical creatures, that act only in their best interest, not necessarily malicious, but in accordance to their needs.

If you give them a few options for a decision (either an economic decision or a decision while playing a game like Monopoly), they will likely choose the one that doesn’t benefit everyone but themselves at first.

This game theory of the Homo oeconomicus does not describe a person as an opportunist but as rational proceeding Agent.

When we think about mining Bitcoin, people do mine Bitcoin as long as they get rewarded.
Sometimes they choose the selfish model of being a miner, like block-withholding or like pool hopping, and sometimes they are loyal and as good miners, they stay at one mining pool and accept the terms of rewards.

These pool rewards could be:

a) Pay-per-share     or     b) proportional paid

And sometimes, people decide to try a double-spend, because the incentive still is money.

Either way: the decision making is important since we usually don’t want to miss revenue and we want to flatten our costs, especially while mining.

From a miner’s PoV, the incentive is not just giving the blockchain more hash power and security, because then he could do it for free.

Mining, of course, is incentivized by earning money alone.

Something like working for free is not even an option, hence the skepticism. 

Now, IOTA seems to be different in many ways.

There is no mining, there are no fees.

And as a result, we don’t have the incentive to earn money with mining at all.

The first initial thought of people, naturally, is that we cannot provide enough hash power.

The difference

What people miss here, is that we have a significant difference at hand.

IOTA is a perfect technology to enable new markets and business models.

The intrinsic value of the tech does not need to satisfy people in exchange of hash power.

Blockchains can only perform transactions, when a block is found and when the fees are paid.

IOTA does function without it, why would we conclude that we need that same incentive for IOTA like we need for Blockchains, where the very basic functionalities are quite different then IOTAs.

The incentive is, therefore: If I want to use IOTA, because the tech is incredibly helpful for my company, then I conduct a transaction and reference two other transactions per proof of work automatically.

This alone is enough to provide the needed hash power because companies want to use IOTA.

Another difference is that IOTA is not for human applications alone, like Bitcoin with its currency replacement-model.

Of course, there is a variety of other applications, but the main field of Bitcoin remains: People store money and send it to other people.

IOTA instead, can function as such a currency replacement, but its main use-case is enabling the machine to machine economy.

It is so much more than a currency replacement, that the comparison alone seems like a dysphemism.

This is about data-integrity, interoperability, real decentralization, e-health, e-governance, giving the consensus back to the people.

And ultimately, building a new economy.

It’s no surprise that big companies have already shown interest and on top of that, formed foundations with IOTA.

Reference: Trusted ID AllianceDLT Research and Innovation Network (e-health),  Decentralized Identity Foundation

We also have use-cases that will be enabled rather early, so they are not just an article on someone’s desk.

Innogy and Dr. Carsten Stöcker are experimenting with such a system right now and considering their latest article, it won’t take that long.

The longer IOTA is in development, the more companies will work with it, because there is just no competitor that can provide the same functionalities and possibilities.

Personal motives to run a full node

Another key point of my argumentation is that there are still some people that believe in the technology IOTA and decide to run a full node nonetheless, even if there is no monetary incentive.

The arguments for running a full node for private persons are therefore still mentionable.

  • You are aware of the fact that running the full-node is beneficial for the tangle topology and you want to help. (Yes, that exists)
  • You have lots of transactions to make and don’t want to rely on a light node-server, as there is no guarantee that they are online when you need them.
  • You have a web app running and need the stable connection
  • You want to have maximum speed, so you choose the full-node
  • You want to have a copy of the Tangle database, that is generated when using a full-node. (good for several reasons)
  • In the future, maybe you provide a service and earn money for a full node.The only financial argument would be:
  • You invested and want to support the Tangle as much as possible

Conclusion

I conclude, that IOTA will work as intended. Like it already does today.

The founders had enough time to think about a reliable system, that solves the problems of tomorrow.

Not just on the Internet, but in the Internet of Things.

Using IOTA is not about making money with your graphic card, it’s about solving real world issues and enabling a new stage of development: the fourth industrial revolution.

As I repeatedly wrote, the 4th industrial revolution will be a disruptive time. It’s still unclear where we are heading, but the fusion of automation and online technologies will change almost everything.

Eventually, some companies won’t keep up, because similar to the “dot.com bubble”, the 4th industrial revolution does not only generate winners.

Only the innovative firms will survive.

People and customers will have a plethora of more opportunities due to the distributed ledger technology, due to no fees and due to new markets and technologies that grow on top of that.

And since customers keep companies alive, everyone will benefit. This incentive is way more important than mining.

If they want to use IOTA, they set up an army of full nodes and server farms in a matter of weeks.

Inside of the mesh-net of the Internet of things, this PoW and the stream of nano-payments will ensure that there is no way that we have a shortage of hash power or that the missing incentive “money” would become a problem.

If the game theory around the Homo oeconomicus would apply to the decisions of the industry, IOTA (in comparison to Blockchains) would still be the better choice in hindsight of the challenges of the future.

A snake doesn’t need feet to move. The tangle doesn’t need an incentive for mining or mining at all.
Companies and people will use this important technology anyway.

Feel free to give me your thoughts in the comment section.

Have a nice week,

Limo.

If you are interested in the latest news, look at my video section for “Sunday Banter” or in German: “Sonntagsplausch” and subscribe to my Youtube channel and my Twitter Page to get the latest updates.

 

 

 

 

Images were taken from:
https://themerkle.com
http://ilmenterrante.altervista.org/
https://www.rtinsights.com
https://www.ophtek.com

 

The Tangle is safe. A Commentary

The Tangle is safe. A Commentary

Preamble

This is my personal opinion, my personal blog and my personal intention to stop misinformation. Cryptoland has the habit of using every piece of information in their best interest. If you read opinions about some technological flaws and a sudden conclusion, be aware that it has been written for a reason and a purpose.
The only way to obtain an objective PoV on these things is to join slack and watch conversations and questions like the following with your own eyes.

IOTA started as a “camouflaged” project, many people argue. While this is not true (press) lot’s of people claim we have a manipulated market, a too high price and therefore many people that would like to see a lower price.
It’s just a wrong assessment because they ignore the last 3-4 years of development, of public relations, of legit companies collaborating with IOTA, a great vision, a fantastic demonstration of the scalability while stress testing the Tangle and a huge ecosystem around it. People that are claiming the latter, are denying the efforts of dozens of people over a timespan of a few years.

Read about everything and come to your own conclusion. Everything else is trivial, pointless banter of investors, doing their job.

Cryptoland-Investors don’t have judgment, they have intent.
I suggest you assess the intentions of all articles, that will come out in the next 72 hours, which are written in layman’s terms because this can’t be broken down to a few simple arguments. 


Commentary

With the Bitfinex listing of IOTA and a “sudden” positioning on #6 on Coinmarketcap.com, thousands of new people were flying into the ecosystem IOTA, asking questions and discussing the tech on every level.

Slack and Reddit have been overrun.

While it is true that IOTAs concept is not easy to comprehend in the beginning, it’s untrue, that IOTA has a vulnerability that was mentioned in a few Reddit threads.

Information of this magnitude is spreading like a wildfire, especially in cryptoland, where investors take every little piece to improve their position and to react as fast as possible.

Naturally, people with an interest in lowering the price via fear, uncertainty and doubt, FUD, to rebuy at a lower point, are already spreading their hypothesis everywhere.

As a logical result, some people already used these claims in a wrong context.

So in order to prevent this wildfire to prevail, I wrote a small summary of what has happened in Slack and how the developers addressed their solutions.

Still: It’s good and important to have solid criticism from everyone like this, and IOTA and the founders are doing good in answering all questions concerning this not too easy to understand technology.

The origin of these statements that “IOTA is vulnerable to attacks” is summarized here:

 

Concerns that MUST be addressed. from Iota

The real discussion didn’t take place on Reddit, though, but in the official IOTA slack in the #tanglemath channel.

As a sidenote: The discussed (presumably impossible) attack cannot be performed right now anyway, because the coordinator, a node that sets the milestones, is preventing anyone from attacking the tangle.
And I’d like to add here, that this is all in accordance with the roadmap to give the tangle a good start. The coordinator will be shut off in July (or when the tangle overcomes its infancy status, to prevent a 34% attack).
So no, IOTA is not a centralized ledger.

To be able to make up your own mind, you have to read the full conversation of ~80 pages.

PDF of the insightful discussion: unfiltered_convo_tangle_security_june_17

Also, the scenario was discussed “under certain conditions”. The certain conditions demand a thorough understanding of math, computational engineering, cryptography and the way the Tangle works.

The dense, hard to comprehend dialogue, had problems to get off the ground, because the definition of a global mesh-net, the availability of a supercomputer and the purpose of the attack were unclear and needed adjustment, that took over an hour time before the actual attack was more or less discussed.

These two sides were addressing their points and it wasn’t always easy to follow this constructive meant dialogue but it turned out good and will continue to do so.

David Sønstebø (Founder of IOTA, Jinnlabs), Come-from-beyond (Founder, Lead Dev of the Tangle), Dr. Popov (Founder, mathematician, and brain behind the Tangle),  Sunny Aggarwal (Berkeley Student) and Micah Zoltuh (Computer Engineer), as well as a few other developers, were discussing several specific points on the agenda: “Is a malicious person/group able to perform an attack on the tip selection algorithm, because it is possible to direct proof of work on certain tips, to pursue a double spend or to slow it down.”

The questions/statements that were derived out of this conversation are written in the Reddit post above. Again, I suggest you read the actual conversation in the given PDF.

Summary

CFB addressed the Reddit statements in a short manner (delivered by Winston because CFB is not on Reddit)

“Thanks for the questions.”

Q                      Potential for tangle orphaning as a result of tip selection, particularly by way of maliciously increased own weight.

 A                     “This is not possible since own weight is always 1. (See white paper)”

The potential necessity for fee market resulting from above concern.

  “Concern #1 is invalid, and therefore concern #2 does not apply.”

Potential for attacks during periods of low transaction volume. Potential for attack by abandoning Monte Carlo Markov Chain tip selection, and/or maliciously selecting tips.

“The tip selection algorithm doesn’t affect transactions with passed adaptation period. Before that period is over, a merchant may refuse to accept a payment (as we see now with some merchants refusing to accept Bitcoin payments with less than 3 confirmations).”

An incentive for network attacks resulting from the disparity between the growth rate of PoW and growth of network value. (Linear vs O(n2 ))

“To do a sudden 34% attack, the adversary must be omnipresent (impossible in real IoT network, impossible in our current network because it mimics IoT with mutual tethering). We assume the normal operational mode of IOTA where bandwidth is utilized at near 100% (even 90% is very improbable, bandwidth is always scarce). So, the sudden attack will affect only edge nodes which may stop being operational. In practice, the owners of the affected edge nodes will just reset them and re-adjust their blacklist table to filter out the adversary.”

“NOTE: A non-sudden “attack” is not an attack. Those transactions will be absorbed by tangle like legitimate transactions, and help to improve throughput and time to finality.”

The general weakness of Iota PoW algorithm.

“Does not apply.”


CFB added:

“Other news to report: Someone attempted a 300% attack on main net yesterday. The Tangle easily absorbed it within a few minutes and we got a nice increase in network functionality while those transactions percolated through the Tangle.

Here’s to hoping that an attacker is kind enough to hit us with a bigger attempt tomorrow so that we don’t have to pay for our 1,000 cTPS stress-test.”


 

My conclusion

The discussion was an interesting and insightful dialogue about the intrinsic functionalities and security measurements of the Tangle, although not always easy to understand. Why would I jump to conclusions then? Why would you?

It turned out, that neither under the present conditions nor under future conditions such an attack is feasible according to the devs.
The “attacker-side” didn’t present a way for an attack and furthermore, they had zero proof.

So, if anyone is losing his mind right now. Stay calm, everything is fine 🙂

If you have more issues and questions, feel free to join slack and engage a constructive discussion, which is always welcomed.

Limo

 

 

 

AMA – Answers for newcomers!

AMA – Answers for newcomers!

Hello, newcomers!

As dozens of people are flying into our great big family every hour, I think it makes sense to provide you with a little bit of help.

This guide won’t be fancy with pictures, this guide will be “first aid”.

 


You want to understand IOTA?

Read this Reddit post and follow the links! That should be a good basis.

Also a good source: https://learn.iota.org/faqs

For any other things I started an AMA:

Just press F3 or press search in your browser if you’re looking for a specific keyword because I won’t sort the answers. 

 

Questions:

1)Why do I have to generate addresses to see my balance in my wallet?

IOTA does not save a local wallet file (like wallet.dat for BTC) so your seed is basically your “password”. If you generate addresses the system iterates through the database and checks if there is balance connected to your used addresses.

That way, you can access your funds all over the world, as long as you have your seed and a connected and synched wallet.

2)Why is my node not syncing?

Different reasons. First, it’s a difference if you use a light or a full node.

  • Do you have a synched server node for your light wallet? (www.iotasupport.com)
  • Do you have opened all your ports in your router?
    • Important are the ports you see behind the server node address (mostly 14265, 15600, etc)
  • Same applies for the full node
  • Are you fully synched?
    • GUI: click on View -Status
      • compare milestones with the milestones in #botbox of the main slack (not YDX)
    • Do you have enough synched neighbors? (Get neighbors in #nodesharing)
    • Are the ports, that your neighbors are using, opened in your environment (port forwarding is what you’re looking for)?
  • Do you have the latest version?
  • Do you have a good connection?

3)Should I spam with my light wallet, and if not why?

The light node is connected to a full node. Don’t do spamming with a light node, because it doesn’t make sense resource-wise as you reduce the connectivity of the light node server.

4)My transaction has been pending for over an hour, what should I do?

Try to replay(should work for 99% of all transactions). If it doesn’t work, try a new transaction from scratch. Spamming the network is always good for everyone, including you.

5)How do I keep my IOTA safe?

Your iotas are bound to your seed only.
First, make sure you have a secure + unique seed, so either you generate a seed over the seed generator in the GUI or you come up with 81 letters long, Latin, CAPITAL phrase, with a few 9’s included.

Don’t use a phrase like HERE9DO9I9STORE9MY9IOTA9DONT9HACK9ME.
Good example:  (no, there is no money on that seed and you should never use THAT seed for you.)

QXAWCPVROVGJKWGMAVTQCGWXVHHQGJIROSLGVGWKNXXPJAYJNEBPWYANPUOWJWVSCMXSLMJP9RPQLSNIW

Since the seed is valuable, you can just print and secure it, offline, printed on paper, on diverse USB sticks, encrypted with KeePass.
With your seed, you are able to access your tokens everywhere on the planet with an internet connection and a fresh wallet.

Don’t lose it, it’s basically your money.
If you lose the seed, you will never restore the iotas, so make sure that is never going to happen!

6)Can I reuse addresses?

The help section of the GUI tells us:

“You can use an address for receiving as long as you have not used it for any outgoing transaction. What this means is that once you have sent a transaction with a specific address as input, you should never use it again. This is because IOTA uses Winternitz one-time signatures which degrade security exponentially after each reuse.”

7)Why do I have to replay transactions and how to do this?

Because sometimes, your transaction didn’t get referenced by the network. There is a good chance to get it confirmed but not all transaction get confirmed. Like about 2/3, so in all other cases you should try replay once.
If it never confirms, you can try a new transaction from scratch.

8)How comes when I enter my (old) seed into an updated wallet, my balance is zero? What can I do?

You need to generate addresses. See question 1

9)Since there’s a huge incentive at gaining control of more than 34% of the nodes, to steal money from the network, where’s the incentive for people to run full nodes thus creating a long-term, stable and wide community? 

Getting control over 34% of the nodes is hard to accomplish with mutual tethering. You had to look manually for all these nodes. A logistical nightmare.

  • The incentive to run a full node is: you believe in the tangle and you want to support it
  • You have a project on top of IOTA, so you need a secure connection
  • You don’t want to rely on the availability of a Lightnodeserver, so you run a full node.

10)Why must I attach an address to the tangle before using it, and what happens if I don’t?

edit: You can use the address already. Nothing happens, but you won’t see it in the history.

11)How can I check my transaction on the network? Are there any explorers?

There are some explorers.

Explorer with some features: iota.cool

  • Current transactions
  • Address details
  • Tangle graph
  • Network load

Unofficial IOTA Explorer #1: tangler.iotabr.com

Unofficial IOTA Explorer #2: iota.tips

 

12)Can we see recent distribution charts somewhere?

If you analyze the addresses in the tangle, or if you look at this assessment: https://medium.com/@IngoFiedler_96862/the-distribution-of-iota-tokens-dc70ea49b148 you can get an idea of how

the iota are distributed.

Keep in mind that we have thousands of new users since March, so the distribution has HUGELY increased

13)Why did YDX stop trading?

IOTA will be listed starting with 13th June on known exchanges.
YDX stopped because they are preparing for a possible IPO and they need to upgrade their systems.
YDX is not connected to the IOTA foundation so their actions are independent

 

14)Do I need to set up a new address, every time I receive iotas?

Nope, not every time, see question 6

15)What would happen if I send out a new transaction before my previous transaction confirms(with a GUI)?

Before sending a new transaction, wait for the previous transaction to be confirmed.

16)How many % of iotas total supply are already distributed?

See question 12

17)When should I re-broadcast and when should I replay?

From www.iota.learn.org/FAQ:

“Rebroadcasting is basically sending the exact same transaction to all of your neighbors again. Most of the time, apart from a situation where you’re sure that your neighbors didn’t get your transactions, Replay is more useful to get your transaction accepted by the network.

Replay is the process by which you “re-attach” your transactions to a different part of the Tangle, in the hopes of getting your transaction accepted. As such, you are completely redoing the transaction process (tip selection and Proof of Work).”

 

18)Why does my transaction, my address not confirm?

Maybe a connection problem, maybe the coordinator is offline, under maintenance right now (today, June 5th. In coming times, it won’t be shut off without announcement)

Check question 2

19)All my transactions are pending and don’t confirm, what can I do?

Check question 2 or replay.

20)Do we get another snapshot? What does that mean?

Yes, we get another snapshot before the 13th June.
A snapshot is a method to reduce the size of the tangle database.

You possibly need to claim your tokens, once the snapshot is successfully performed.

21)What is claiming?

Claiming means, that you transfer your tokens from the old databases (before the snapshot) into the new database (after the snapshot)

If you forget that, you will never be able to get access to your tokens again, so always stay in touch and claim if necessary.

This is your duty, so don’t blame the IOTA foundation if you didn’t keep track of the recent developments.

Not every snapshot has a claiming period, the ones that have it will be announced accordingly.

22)Is it right that I should use an adresse to receive only once? What if I did use it twice or more?

You can use an address as long as you want. If you use that address for an outgoing transaction once, you should generate and use a new one from then on. Look at question 6.

23)What does the network spammer do exactly?

It conducts zero-value transactions.
Since IOTA has the condition that you have to confirm two other transactions before you can send one yourself, you give more than you take and help other transactions to confirm.

Your node does Proof of work, similar to hashcash, to confirm the two other transactions.

Spamming is therefore good for confirmation timings.

24)Is there a new IOTA wallet for android too?

Yes. see: https://play.google.com/store/apps/details?id=org.iota.wallet


http://iotawallet.info/ is responsible for that. Keep an eye on that or contact the developers in the main slack.

 

25)Is it wise to share the node addresses you’re connected to? Or is it wise to keep that private?

You shouldn’t share your neighbors with everyone. Mutual tethering should happen in private messages.

26)If a transaction never confirms, is it possible to “cancel” it?

No, just ignore it.

27)When will IOTA be on other exchanges like Bittrex?

Starting from 13th June, many exchanges gonna list IOTA.
We can expect a lot more announcements in the following days and weeks as IOTA is a highly appreciated asset for them.

28)Should I keep my iota on YDX or on other exchanges or transfer them to my wallet. 

Always keep them in your own hands!

29)What is the max amount of transaction per second?

Almost infinite.

IOTA theoretically is only hindered by physical and infrastructural bottlenecks.  IOTA scales as much as the internet and future storage systems allow it to.

So we can expect a lightning fast transaction settlement system that overcomes almost every problem of existing systems.

30)If IOTA is for IoT how will the bots deal with volatility? 

There is a solution on the way, but I don’t have the pay-grade to know details.

31)What features does it have? What about smart contracts or is just made to be fast?

From www.reddit.com/r/IOTA

“IOTA is a new distributed ledger. Both its technological underpinnings and unique features open up new use cases which were never before possible with old blockchain technologies. IOTA was created as an open source distributed ledger software project. While it was inspired by the immutability of blockchain technology, it solves nearly every problem inherent in blockchain protocols. Instead of a blockchain, a directed acyclic graph (DAG), the Tangle, is used. IOTA is mostly made for the IoT as the interoperability technology for data integrity and industrial appliances. Furthermore pay on demand, micro-payments, and machine to machine communication like sensor technology, smart cities, adaptive systems. To make it short: as the backbone for the Internet of Things.

Features:

Infinite scalability, lightweight design, quantum secure, no transaction fees, no blocks, no mining, POW for transaction approval, JINN-processor-supported in the future, ternary (not binary).
Smart contracts will be enables soon. On top of that, Oracles will be implemented. We get more info about that in the following months.

32)When will IOTA be on Azure (Windows) and also on IBM cloud?

IOTA is part of the testing lab for Azure and I’m pretty sure that IBM also is looking into it, but I guess most of that is behind NDA’s and I have not more information about that.

 

33)Will IOTA be traded in iota, Miota or Giota?

IOTA will be traded in Miota

 



I will possibly add other questions but these are all for now.

May Report #2: The Silence Before The Storm

May Report #2: The Silence Before The Storm

Development Update

Since a few weeks we are waiting for the new version. Just now, a small hint arrived that this may soon™ be over:

I’ll give you a short list of what we can expect and as an addition, a small summary of the biggest things you might have missed. The May Report 2.


The most important piece first: In a few days, IOTA will show its capabilities.

 

Right now, a day after Doms small update (above), the Coordinator is online again, but not attached to the Tangle.
That means:

  • An update of the new IRI is imminent.
  • As Dom pointed out: There will be no snapshot, for now.
  • We can expect big announcements in the following days (Maybe also when and where IOTA will be listed).
  • The wait is finally over!
  • With the new version, the spammers can be used for the main net again.
  • Countless new full nodes will be set up, mine including (Let’s meet in #nodesharing when the new IRI/GUI is here).
  • After the update the Tangle and the confirmation timings will be faster than ever.
  • YDX can withdraw all iota.
  • We’re getting closer to the “liberation of the Tangle”, when the Coordinator will be shut down in July. Then, the Monte Carlo Random Walk algorithm will be activated instead.
    That way, the tip-selection and protection of the network will be ensured, while the scalability can unfold perfectly.

Take a look in our slack in the next days to catch the next instructions and announcements. That way, we can build the Tangle topology, again, -in no time.

If you are a developer, please take a minute of your time and look at the ecosystem fund, if you want to work with and for IOTA:


Consensus 2017

Cryptocurrencies, in general have come very far.
Consensus 2017 was held nowhere else than on the New York Broadway. Hundreds of participants, CEO’s, thousands of enthusiasts were there, to share their knowledge and to show the world that Blockchains (and the Tangle) are here to stay.

As a part of Dominik Schieners US-journey, He also participated in the “IoT & Blochchain: Powering the Connected Device Economy“-Panel on Monday 22th.

 

 

David Sønstebø wanted to participate, but due to an unforeseen accident he stayed in Norway and sent Dominik Schiener instead.

Dom did a great job in describing his vision to the plenum, while the content of the discussion were not actually focused on a comparison of IOTA to Blockchains.

Instead, the discussion were hold on a meta-level and the experts shared their thoughts and insights about the chances of collaborations of banks and Blockchains, their personal vision and the problems and chances they may face in the future.


Also part of Consensus 2017 was Dr. Carsten Stöcker who took part in a panel discussion about “Energy Markets“.

Carsten, as always, did a great job in explaining his vision and afterwards, he also found a moment of his time to explain why he didn’t get into IOTA’s details. -For a good reason.

He furthermore announced that IOTA is on the testing roadmap for “Share&Charge” where IOTA is used to tag IoT devices.

 

 

 

David added: “We’ll unveil more info on the ‘Digital Twin project’ together next week, so stay tuned for that”

Exciting times!


DIF

The next announcement is a “medium heavy” sensation.

The “Decentralized Identity Foundation” formed around IOTA and Microsoft, Bigchain DB, Blockstack, Accenture and a lot more known companies.

The DIF is aiming for progress in the field of identification.

The different workgroups concentrate on the following fields:

 

More info on the workgroups you can find here:

https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2016/blob/master/draft-documents/DID-Spec-Implementers-Draft-01.pdf

https://github.com/decentralized-identity/hubs/blob/master/explainer.md

https://tierion.com/chainpoint

For now, it’s unclear how and where these researches take place and what will be achieved, but considering the big list of known companies on the list, we can expect some interesting projects and fruitful results.

 


If you need a good comprehensive blog-post by Dominik Schiener, with an up-to-date overview of IOTA, I recommend this:


Wilfried Pimenta, IOTA Foundation member was also diligent in presenting IOTA:

Furthermore:

With the keynote: “Introduction to the IOTA Foundation and the Tangle, the next generation distributed ledger / blockchain for the Internet of Things


Upcoming presentations


Mentionable Articles

 

  • [German] Der Altcoinspekulant ist zurück! Ich werde ab und an als Gastautor mitwirken und freue mich, dass der Altcoinspekulant von Lukas Fiedler und einer Reihe an Experten fortgeführt wird.


These are the most important updates for now.

This week will presumably open a lot of doors, so stay tuned!

Have a nice week,

Limo

Advertisment ad adsense adlogger