
IOTA: The Brave Little Toaster That Couldn’t - kushti
https://casey.github.io/iota/
======
simias
While it's probably not the main problem with IOTA I must say that the ternary
logic is probably the most amusing and baffling thing about it. This kind of
hubris is something I would expect from a very junior developer without much
real world experience who already thinks he's got everything figured out.

How can one rationalize starting a super ambitious cryptocurrency project and
_on top of that_ decide to reimplement their own crypto using ternary logic
for some vague theoretical benefits that would only pay out if IOTA ever
becomes mainstream enough (and the benefits large enough) for people to create
not only dedicated chips for it but _entire industrial processes_ to make
ternary logic silicon.

It's also completely misunderstanding the current state of IoT, chips capable
of doing high grade (binary) cryptography in a reasonable amount of time
nowadays are worth next to nothing and their consumption is almost negligible.
It's not premature optimization, it's too-little-too-late optimization.

Doing that as a fun week end project to learn about ternary? Sure. As the
foundation of your multi billion dollar cryptocurrency set to revolutionize
IoT? Come on.

~~~
throwawaylolx
This is even more amusing when coupled with the thoughts of IOTA followers:
[https://www.reddit.com/r/Iota/comments/73w6i7/why_ternary_ar...](https://www.reddit.com/r/Iota/comments/73w6i7/why_ternary_arithmetic_in_iota_by_using_a_ternary/)

The two most voted comments are as follows:

>It's a little overwhelming seeing IOTA do all of these things so far beyond
other crypto projects. Blockchain tech is already bleeding edge but then add
in ternary, quantum resistance, DAG, infinite scaling, free transactions, and
AI resistance... It can be a lot to soak in for the average blockchain
investor. But that just means time is even more on IOTA's side as it slowly
proves itself :). This coin is going to turn the crypto space upside down.

>IOTA is thinking ahead into the future but people seem to think their
decision to go Ternary is "stupid" not realizing they are just that far ahead
in their vision.

~~~
siruncledrew
In other words, people are trying to pump up the price of IOTA.

~~~
wmf
Less cynically, the reason we have to warn people about crackpots is that it's
human nature to believe them.

------
matthewbauer
This quote applies especially to IOTA:

"Cryptocurrencies are nothing except the marketing power of inventors,
financiers and others who love the idea of buying a black box (which is
obviously empty) for the price of a Kia and dreaming that it will turn into a
Mercedes. There have been times recently when this dream has materialized
within hours. This is not just a bubble. It is not just a fraud. It is perhaps
the outer limit, the ultimate expression, of the ability of humans to seize
upon ether and hope to ride it to the stars." \- Paul Singer, Elliott
Management

IOTA's tech is shitty but they've convinced enough people that it's worth
something that it's now worth something. Maybe that's all a crypto needs? I
was honestly expecting all of this to crash and burn back in December- but it
hasn't yet. Maybe these cryptocoins really are the future.

~~~
aje403
Those Singer quotes almost killed me: "limitless ignorance of swaths of the
human race". He's absolutely correct, but, deep down, secretly a little upset
he did not purchase Ripple at 2 cents

~~~
tim333
There is perhaps a bit more to cryptocurrencies that Singer gives them credit
for. I've recently been reading some of the original stuff from Szabo /
Satoshi eg [http://unenumerated.blogspot.com/2005/12/bit-
gold.html](http://unenumerated.blogspot.com/2005/12/bit-gold.html) and
[https://bitcoin.org/bitcoin.pdf](https://bitcoin.org/bitcoin.pdf) that partly
explain why they have worked and not collapsed 9 years later. A lot of it is
much clearer than the hype which has followed.

~~~
aje403
There are several thousand of those articles with the same points scrambled,
filled with millions of comments with the same points scrambled.

It's bait for people to jump in a pool with sharks. People like Singer and
Buffett are driving by in a boat and looking in with binoculars. Hopefully
enough people do not jump in that there ends up being a tidal wave.

~~~
ShorsHammer
Szabo is not another cryptocurrency talking head. He proposed smart contracts
a decade before they became a reality.

~~~
lowbloodsugar
Who hasn't proposed smart contracts decades ago? We used to talk about
formalizing the legal system so it could be processed by computer while
sitting around the undergrad common room. You can't read, e.g. Asimov, without
being exposed to such ideas. Not to mention the numerous times such an idea
came up on usenet, slashdot, or here whenever some corrupt human-in-authority
abused some legal system. Every one of those discussions, however, ended with
the lightbulb that, unless you have AI that can comprehend _intent_ , it is as
impossible to write a smart contract as it is to write code without bugs. And
if you have an AI, then laws written in English are all you need anyway.
Coming up with the idea of smart contracts isn't a sign of unrecognized
genius, but believing it to be a valid solution is a definite
disqualification.

~~~
ShorsHammer
I'd love to see some formalised non sci-fi works on smart contracts that
existed before the mid 90's if you can point me in the direction?

------
MatekCopatek
I think the biggest issue here is that even though this post is well
researched, most people don't care, because they haven't invested in IOTA (or
any other cryptocurrency for that matter) with the intention of using the
features.

The large majority is in it for the trading. Unless there are huge issues such
as the network crashing, they don't care. It's just a line chart on an
exchange to them. That's also why there are no repercussions for people never
delivering on ICO promises.

It kinda scares me.

~~~
nosuchthing

      Whether or not IOTA’s ledger is “tamper-proof,” the entire 
      IOTA network went down in November, and was completely 
      inoperable for about three days. That this has never 
      happened in Bitcoin or Ethereum suggests the extent to 
      which the IOTA network relies on the “coordinator”—a   
      single point of failure—and is not truly decentralized.
    
    

The network did crash when IOTA pulled its centeral authoritative
'coordinator' server offline causing all other nodes and clients to go
offline.

This was during a patch from an exploit discovered by MIT researchers. IOTA
later denied the flaw existed, even though they took the network offline to
patch it.

[https://www.media.mit.edu/posts/iota-
response/](https://www.media.mit.edu/posts/iota-response/)

------
lambdas
Is this the same coin that has both incredibly rude developers and one that
claims to have invented time travel?

~~~
enthd
Wow, really? Do you happen to have any sources? I'd be curious to see. Thanks!

~~~
lambdas
Yeah it was on his domain at [http://come-from-beyond.com](http://come-from-
beyond.com), unfortunately since last month he's not renewed it and wayback
just loads a blank page.

Shame, I'm going to see if it's available anywhere as it was a riot.
Technology NASA is making him keep secret until this countdown he had going.

~~~
fru2013
There are some snapshots on archive.is. One is of the about page and another
is of a blog post.

1\. [http://archive.is/GebOA](http://archive.is/GebOA)

2\. [http://archive.is/KoPRm](http://archive.is/KoPRm)

~~~
sannee
That's surely some attempt at humour, I mean, noone can be _this_ insane
right?

------
thisisit
Here we go again. Iota has never been one of the coins to answer any concerns
without either saying "this is planned for the future" or creating sock
puppets to try and drown the thread in low quality comments.

~~~
lowbloodsugar
Ok, so it'll be huge, like Mongo then?

------
tim333
There is also a somewhat amusing IOTA write up on shitcoin.com "IOTA: Cannot
be used for IoT. Loss of funds may occur." [https://shitcoin.com/iota-cannot-
be-used-for-iot-loss-of-fun...](https://shitcoin.com/iota-cannot-be-used-for-
iot-loss-of-funds-may-occur-e45b1ed9dd6b)

~~~
izelkay
The writer of the article essentially admitted it was bullshit and wrote it
just to manipulate the market:
[https://twitter.com/ShitcoinDotCom/status/965910847645212672](https://twitter.com/ShitcoinDotCom/status/965910847645212672)

~~~
verroq
Where is the part where he admitted it was bullshit?

~~~
tim333
Indeed "Our short of #IOTA on @bitfinex has closed at a profit of over 30%.
Who said writing doesn't pay?" could open him to criminal prosecution if it
was bullshit. It's legal to short something and make legitimate criticisms but
spreading lies to drop the price is not.

~~~
QML
Article probably didn't have a dent on price; the whole market dropped.

------
andrewla
The main thing here is that IOTA is not a _decentralized_ cryptocurrency.

Given that there are centralized cryptocurrencies in circulation, it makes
more sense to compare IOTA to something like Ripple or Stellar than to compare
it to Bitcoin. In that light, most of the other objections go away --
censorship resistance is not an advertised feature; double-spends are only
detectable when the coordinator milestone; fungibility is only effective after
a milestone, etc.

The "post-quantum" cryptography is interesting to me personally not because of
the quantum aspect, but because the tractability of discrete-log based
cryptography is up in the air, and a vulnerability found in a year, or ten
years, could have profound impact reaching back into the past. Hash-based one-
time signature schemes seem to be a much more robust approach that will not
fall to the discovery of better algorithms (even non-quantum) for approaching
the discrete log problem.

The notion of using a DAG is also very interesting, and one of the nice things
about IOTA is that it does not try to be anything other than a currency.
Alternatives such as Byteball are, in my opinion, overreaching by attempting
to be some sort of global computer that has the net effect of making clients
much more complex and thus vulnerable to strange forking effects if client
implementations diverge too much.

~~~
veeti
[https://iota.org/](https://iota.org/)

> Scalable, Decentralized, Modular, No Fees

~~~
andrewla
Hmm... I did not mean for my reply to be an apology for IOTA, though reading
it now I can easily see how it looks like it.

I'm not trying to rewrite history and say that "IOTA was never intended to be
decentralized". I'm saying, as the article points out, that IOTA is
effectively centralized, and the plan for moving to being decentralized is
fatally and irretrievably flawed.

I also think the rhetoric about being a currency for the "Internet of Things"
is a nonsensical claim at best. The fact that the coins does not deliver on
anything it promises does not mean that it is worthless, because it still
delivers on other things that people find useful.

I'm not sold on IOTA (I have no holdings myself) just as I am not sold on the
other big centralized competitors (Ripple or Stellar), but I don't think it's
significantly worse than either of those in terms of what it delivers.

~~~
fathomit
IOTA is centralized

IOTA is more decentralized than any blockchain crypto that relies on 5 pools
of miners, all largely based overseas. Furthermore, coordinator isn’t a
central server all transactions pass through, contrary to popular
misconception. It is just normal actor who adds transactions to the tangle,
which other nodes can use as milestones, if they wish. It’s a shepherd, you
could say, which the herd can follow so they don’t go astray (following some
malicious nodes or whatnot). The Monte Carlo Random Walk algorithm is what
will create consensus in the herd when there is no shepherd any more. It will
be comparable to every sheep calling out while also following the sound of the
call of the rest of the herd. That way they can all tangle up together.

Referencing the coordinator is also optional.

Also, if you research and understand how IOTA intends to work without the
coordinator, it’s easier to accept it for now as training wheels. I suggest
reading pg 15 and on of the white paper analyzing in great depth how the
network will defend different attack scenarios without a coordinator. For the
past several months, IOTA foundation has been using St Petersburg college’s
super computer to stress test IOTA and learn when they can turn the
coordinator off. There will likely be a blog about the results soon.

This is another great read covering double spends on IOTA without a
coordinator: www.tangleblog.com/2017/07/10/is-double-spending-possible-with-
iota/

This too:
[http://www.reddit.com/r/Iota/comments/7eix4a/any_iota_guru_t...](http://www.reddit.com/r/Iota/comments/7eix4a/any_iota_guru_that_can_explain_what_this_guy_is/dq5ijrm)

Also this correspondence with Vitalik and Come_from_Beyond
[https://twitter.com/DavidSonstebo/status/932510087301779456](https://twitter.com/DavidSonstebo/status/932510087301779456)

At the end of the day, outstanding claims require outstanding evidence and
folks approaching IOTA with a “I’ll believe it when I see it” attitude is
completely understandable. It’s all about your risk tolerance.

------
wildbunny
Not to mention that the central consensus mechanism is completely broken.

You cannot have a trustless consensus without a mining incentive:

Quoted from my post linked below:

o) Network hashrate is the overall power of the network - in bitcoin, this is
the computing power needed to generate a block.

o) Bitcoin employs a mining reward which creates a competition between miners
to produce a block and claim their reward for doing so. Slower miners lose out
to faster miners, but they still participate in the competition to produce a
block because they stand a chance of winning occasionally.

o) This mining subsidy provides a positive incentive to miners to play by the
rules, and encourages them not try to double spending, because they might as
well claim the mining reward instead of trying to double spend which is often
much more difficult than producing a single block.

o) The mining subsidy also encourages all miners to participate in the mining
process, which gives an overall metric for total network hashing power, which
you can then use to give an estimate of when it is safe to accept a
transaction of a given size, as confirmed, because (on average), the block
reward is equal to the electricity cost of mining that block. That means that
when your transaction has been buried under enough blocks that the mining
subsidy equals the transactions size, it is more or less safe to accept that
transaction as confirmed.

Now, imagine the situation with no mining reward.

o) Instead of participating in a competition to win the block reward, miners
have no positive incentive to participate anymore. They now are left with the
negative incentive to try and double spend.

o) Since these miners are not contributing their hashing power to the network
anymore, the overall hashrate of the network in unmeasurable, since these
miners are quite likely to leave their ASICs in sleep mode until they want to
double spend

o) With the network hash rate unmeasurable, there is no way to put an estimate
on when it is safe to accept a transaction as confirmed.

When there is no way to estimate when it is safe to accept a transaction as
confirmed, that currency is now useless because any transaction can
potentially be reversed.

This is why both byteball and iota use trusted third parties to secure the
network, but at that point, you might as well be using VISA.

[https://bitcointalk.org/index.php?topic=1799665.msg20108439#...](https://bitcointalk.org/index.php?topic=1799665.msg20108439#msg20108439)

~~~
wyldfire
> You cannot have a trustless consensus without a mining incentive

This is not true, Proof-of-stake creates a suitable incentive to verify
transactions and maintain the network. It's a legitimate alternative to proof-
of-work.

~~~
andrewla
I have yet to see a convincing argument that proof-of-stake can be made
trustless. The only designs that I've seen that seem realistic rely on some
notion of checkpointing to prevent large scale chain rewrites.

While it may be possible to make that checkpointing distributed, the only way
that I'm aware of is to use proof of work. The easier path is to just
checkpoint in the client, so that the trust comes from the github repository
that pushes the client, or gets trusted updates from some trusted authority.

That's not to say that trustless consensus is necessary for a currency. I used
to be a very strong believer that that was a necessary component, but I've
begun to question that belief. The notion of censorship-resistance is an
important part of why I liked Bitcoin in the first place, but may turn out not
to be sufficiently valuable to people to impact coins that don't have that
property.

~~~
tim333
"Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol" ?

([https://eprint.iacr.org/2016/889.pdf](https://eprint.iacr.org/2016/889.pdf)

[https://news.ycombinator.com/item?id=13134363](https://news.ycombinator.com/item?id=13134363)

[https://www.reddit.com/r/ethereum/comments/52qfwl/provably_s...](https://www.reddit.com/r/ethereum/comments/52qfwl/provably_secure_proof_of_stake_algorithm/))

~~~
wildbunny
It requires a majority of trustworthy nodes to be online - it cannot deal with
a force majeure, such as a massive power cut.

~~~
seanwilson
What can though? If a large fraction of Bitcoin miners went down you'd need
less hash rate to double spend.

------
aje403
There are a lot of letters in that article. Here is a lot less:

It is a scam

~~~
cdiddy2
damn so did Bosch get scammed too? [http://www.businessinsider.com/robert-
bosch-bets-on-iota-201...](http://www.businessinsider.com/robert-bosch-bets-
on-iota-2017-12)

~~~
Hurdy
Bosch just wants to have press releases that contain the word "blockchain". It
doesn't make the technology any less broken.

~~~
cdiddy2
as far as I know Bosch is a private company. A lot less for them to gain from
PRs with 'blockchain' in them.

From the AMA Bosch did[1] it certainly seems like its more than just a
blockchain PR and that they are actually putting resources towards this, but
its hard to tell from the outside

[1][https://www.reddit.com/r/Iota/comments/7sxgx0/bosch_ama_janu...](https://www.reddit.com/r/Iota/comments/7sxgx0/bosch_ama_january_25th/)

------
rthomas6
What do smart people think about NANO (Formerly Raiblocks)? It also uses a DAG
scheme and has fast transactions with no fees, and it's already decentralized.

~~~
rileyphone
Important to note is that Nano isn't really a DAG, but rather a block lattice
- essentially every account has it's own chain of transactions that are
verified by nodes. Additionally, each transaction is actually two, a 'send'
and a 'receive', each mentioning the other address, amount, and preceding
block to prevent double sends/receives. The only problem in this article
shared with Nano is the ability to spam the network, but there is a small PoW
associated with each transaction to slow this down.

------
dsacco
I want to critique one particular point made in this article, becuase it’s
incorrect:

 _> IOTA uses cryptography that cannot be broken by quantum computers. The use
of such cryptography, specifically Winternitz signatures, leaves IOTA users
vulnerable to loss of funds if they ever reuse an address. This attack that
has already been seen in practice, with one user reportedly losing $30,000 USD
worth of IOTA.

As quantum computers large enough to threaten existing cryptosystems do not
exist and may not exist for many decades, this use of post quantum
cryptography comes with no tangible benefit._

“No tangible benefit” is a gross overstatement and simplification. I
wholeheartedly agree that 1) novel cryptography should not be adopted before
it has been well-studied, and 2) threat models for motivating novel
cryptography should be rational and pass a cost-benefit analysis. However, if
and when quantum computers can practically break classical cryptosystems, they
will be able to do against everything cryptography is used to secure today,
not just going forwards. This is a stonger argument for encryption and
confidentiality, but it nevertheless also applies to signatures and
authentication. As a tangential point: while they aren’t perfect (in terms of
efficiency), Winternitz signatures are very well studied. Given what’s
available, it’s not a bad choice.

I think a lot of IOTA’s specification is pretty suspect, especially since it
does utilize novel cryptography without an apparent track record or notable
expertise among its team. But I also absolutely believe new cryptocurrencies
and blockchain projects should be preparing for quantum computation now, if
it’s possible. More pertinently, I don’t agree with the way this point was
presented, because it can be interpreted as the claim that post-quantum
cryptography is a useful heuristic in determining if a project has “issues”.
In reality all cryptography should be suspect, and the use of post-quantum
cryptography should not be dismissed immediately as a waste. With IOTA in
particular, I’m weakly on the side that they shouldn’t have bothered with
Winternitz signatures. But in general, I’m happy to see any project at least
giving it serious consideration.

~~~
simias
Don't you think IOTA is trying to do too much at the same time? Maybe I'm
underestimating the risk but it seems like practical quantum computer attacks
are still a few decades away, maybe it would make more sense to focus on
getting the rest of IOTA to work and plan to switch to different cryptographic
algorithms later once things have settled a bit.

If I get this right IOTA is trying to:

* Move away from PoW

* Have a cryptocurrency that scales well to a very high transaction frequency

* Implement quantum-resistant cryptography

* Use ternary logic to theoretically minimize power consumption

That's a lot for a single project I think.

~~~
dsacco
Right, so there’s the problem. I consider post-quantum cryotography to be more
important than everything else on that list aside from transaction frequency.
It should be, at the least, a serious consideration for any new
cryptocurrency, even if they don’t ultimately move forward with it after a
cost-benefit analysis.

The threat model is more nuanced than “decades away.” The attacks may be
decades away, but their targets will not necessarily be. Assets and
communications secured today will be fully seizable and transparent in the
future, you just don’t know exactly when. In other words, old ciphertexts have
to be disposed of or re-encrypted, and addresses need to upgrade to pq-secure
signature schemes.

This all takes for granted the idea that quantum computers will ever feasibly
break classical cryptosystems (I’m weakly pessimistic it will happen in the
next 100 years). But if you do accept that premise, you either implement post-
quantum cryptography now if you can afford it, or you implement it on top of
legacy software in the indeterminate future. The latter option is a legitimate
decision, to be clear. But I can also virtually guarantee that some
cryptocurrencies will footgun themselves in the process of upgrading when
they’re more established.

I agree with you that IOTA is taking on a lot, but I really don’t think
Winternitz signatures are exactly the deciding factor in that, based on how
packed that list is already :)

------
aars
Nice writeup. Though you might want to proof read it a few (more) times.

"since The Coordinator is the current the arbiter of truth in the IOTA system"

"Similarly, transaction outputs that appear in a snapshot [6] are more
valuable than those that have."

And a couple more like these.

------
hn_throwaway_99
When we post things like this, can we at least put a summary of what this
thing is about? For those not already familiar with IOTA, there is nothing in
the first paragraphs of the article that actually explains what it is and why
I should care.

------
momentmaker
What about NANO then if they share the same kind of tech as IOTA? Any thoughts
on that?

~~~
whataretensors
Completely different project. Nano seems closer.

Despite the negativity here I think iota will likely become production ready
too, but the timeline will be longer.

------
bengale
1.1 is a weird way of presenting that issue. Its discussed in length with
explanations of why it exists now, and how they plan to remove it. It's not
something required for the technology, just in its infancy.

~~~
tree_of_item
Sorry, but that sounds like bullshit from the IOTA team to me. "We're totally
gonna be decentralized in the future, honest!"

------
fathomit
Time for some FUD Copy Pastas:
[https://www.reddit.com/r/Iota/comments/7j81tq/fud_copy_pasta...](https://www.reddit.com/r/Iota/comments/7j81tq/fud_copy_pastas/)

------
coinerone
Isnt it correct that IOTA is not meant to be tradet by humans?

~~~
duskwuff
The vast majority of entities currently trading IOTA are humans. The designers
have claimed that it is somehow designed for IoT devices, but no such
application currently exists, and it is unclear how their design is supposed
to enable such a usage.

------
granaldo
as interesting iota is so they claim, my bet is on lightning network for high
scalability transaction and machine to machine payment

~~~
tobiaswk
A mesh network that requires YOU to be online to receive funds. Also you must
have funds to open a channel. So in order to receive funds you must have funds
already.

It seems like a really big step backwards in big big scheme of things bitcoin.
All of the above problems can be solved by increasing the block size. I'm not
saying it's the definitive solution... but right now it is a better solution.

A good talk about really big blocks on bitcoin and what the ramifications are;
[https://www.youtube.com/watch?v=5SJm2ep3X_M](https://www.youtube.com/watch?v=5SJm2ep3X_M)

~~~
45h34jh53k4j
No, you dont need funds to receive them. An unfunded node can receive and
transact over a peer funded channel.

There are services like strike that offer custodial lightning channels, and
will aggregate and send onchain tx's: [https://medium.com/@ACINQ/introducing-
strike-a-stripe-like-a...](https://medium.com/@ACINQ/introducing-strike-a-
stripe-like-api-for-lightning-c84762f4f634)

While the network has such low fees as today, there is no need to increase the
blocksize. Increasing the blocksize (or time) effects scalability in epic ways
-- ie: Ethereum requires at least 500GB SSD to run -- so the minimum cost of
entry is at least $300. Meanwhile 10m/1MB blocks still runs on $20 RPis.

I am not against mods to consensus to increase the block size, but there are
more critical problems like solving tx malleability and new tx format (segwit)
that provide more value today.

Dont be an ignorant big blocker. Look at the smartest people in this space.
The real technical folk. What are they saying?

~~~
davidgerard
> Dont be an ignorant big blocker. Look at the smartest people in this space.
> The real technical folk. What are they saying?

I'm seeing them zoom in on the key technical problem: at no point has LN fixed
the key technical issue, how to route.

 _Every transaction invalidates the routing path, because it changes the
amount of liquidity available in the channels._

Rick Falkvinge nails this point. Key bit from 10:00 on, though the rest is
well worth your time (and I say that as someone who hates watching videos on
YouTube):

[https://youtu.be/Ug8NH67_EfE?t=600](https://youtu.be/Ug8NH67_EfE?t=600)

LN proponents explicitly compare it to BGP - but BGP is a completely _trust-
based_ protocol, where a lot of telecoms engineers have an agreement that
they'll keep the network going no matter what, and bad actors are dealt with
by hand.

Trust-based and fixing problems by hand is the diametric opposite of the
cryptocurrency model.

