Professor Matthew Green of Johns Hopkins University posted an interesting, if not troubling, tweet about IOTA’s security:
The use of a broken hash function would have been a critical vulnerability if their network was actually decentralized, says Iota’s founder. https://t.co/8ZKiK5FQDp
— Matthew Green (@matthew_d_green) February 25, 2018
This is the first argument we’ve seen by which it made sense not to decentralize a cryptocurrency. Of course this is only because Curl, which is the hashing function at its core, allowed for collisions, which is like saying an automobile’s only problem is that its engine likes to randomly turn off while you’re driving.
IOTA’s vulnerabilities had been documented for months, with cryptography experts like Neha Narula weighing in. Her attitude towards the IOTA team has been praised in the cryptocurrency world, as her team notified IOTA of the vulnerability prior to going public with the disclosure, which is considered both elegant and ethical behavior by security researchers.
According to the official IOTA blog, there’s a reason why they chose Curl for the core hashing function:
The party that contacted us will be releasing a publication of these potential results after we together nail down the final details. We are thrilled about the upcoming publication as it will potentially provide deeper insight into Curl itself. Curl’s origins date back over 2 years, since then we have engaged numerous cryptographers, in particular experts in the domain of sponge family hash functions, which Keccak and Curl both belong in, in order to further optimize and audit the final incarnation of Curl. We are very excited about this aspect of IOTA. Curl is a hash function specifically tailored for IoT, that also happens to be the world’s first trinary one, so we spare no expense on this part of the project, as we deem it necessary for IOTA and IoT in general to realize its full potential.
So, why would the collisions have wrecked the system had it been decentralized?
It turns out that Neha Narula’s team had been able to not only find these collisions within a time frame of 10 minutes, but they were also able to craft transactions which collided with other existing ones. This means that the private key signature that authorizes a cryptocurrency transaction would not have been necessary in order to move money. In essence, had IOTA been a decentralized crypto, someone could have found this exploit and used it to steal funds secretly or outright wreck the whole network by spending everyone’s funds and moving them around at random. Of course, the more evil cracker would have been quietly moving MIOTA to exchanges and trading for other cryptos until the exploit had been found out. Since IOTA is minted centrally, this did not happen.
And then, there’s this.
I just got pwned by MIT undergraduates 🙂
— Matthew Green (@matthew_d_green) February 26, 2018