IOTA: know what a tangle means
Before putting a new cryptocurrency on our SuiQiu cryptocurrency exchange, it is our duty to understand what's really going on and where risks lie at its fundamental level. IOTA draws even more interest since an innovative concept - DAG (Directed acyclic graph) is implemented in its backbone, the tangle. Unfortunately, while investigating IOTA, we are convinced that this implementation is immature. The tangle and therefore IOTA have too much risk.
IOTA: know what a tangle means
As stated in IOTA's white paper, the tangle is the technology used as a backbone of IOTA. Like other tangles, this technology qualify as a messy mass of things. It is therefore inherently difficult to make sense out of it. Such efforts are admirable. Everyone should take a look at their white paper. On the other hand, pointing out some concerns and flaws are relatively easy. In this article, we shall see the tangle lacks incentive, privacy and security. We hope people will have a better idea what a tangle means by then as well as how to fix the tangle in the future.
Incentive
No transaction fee is the charm of IOTA. But, Who do NOT need to pay? Lazy nodes benefit actually. Who do not really verify another transaction, who just vote for transactions seems to be verified, who leaves the number of tips grow unlimitedly do NOT need to pay.
On the opposite, a good node will need to verify two transactions. Sounds like not a big deal? Think twice. Transactions are related to each other. For example, if we try to determine whether a transaction is conflicting we should check all the other transactions to see whether there is a transaction conflicting with this one. According to the white paper, a good node should use a MCMC (Markov Chain Monte Carlo) algorithm to select the two tips to verify to prevent a parasite chain attack; And runs the tip selection algorithm many times, for example 100 runs. That's just a start. We can tell tip selection algorithms will keep evolving and complicating things to prevent other attacks, if not failed to. After knowing what you are paying (make sure you do) let's say you still want to be a good node, just like miners verify other people's transactions in Bitcoin. But wait another second, do you still recall that IOTA do NOT reward you anything and other people do NOT pay you transaction fees?
As stated in the white paper, they do not impose any rule for choosing the transactions to approve. Hence, lazy nodes survive. Nevertheless, a network full of lazy nodes means unlimited forks, no efficiency, vulnerable to all kinds of attack. So, the last resort the white paper turns to is a reputation system, namely, ' If one particular node is "too lazy", it will be dropped by its neighbors.' This leads to the second topic.
Privacy
So, one should build up a good reputation by letting people know all the good transactions and verifications one made. Once you decide to use a new node for some privacy, the reputation gone. Then again, lazy nodes benefit.
Security
Let's start with an attack scenario to double spend target transaction T with T'.
1.T has been broadcasted.
2.A lot of micro-payments are broadcasted as a distraction from T.
3.Attackers vote for T' to out weight T.
Usually, attackers need 51% of network power to out race target T in a blockchain. However here, computing power are extremely distracted in the tangle. People just don't have to verify T. They can get caught by micro-payments which IOTA is proud of (without even try to draw a line between micro-payments and spamming). Or, they can be lazy. Then, when T' and T are getting close, good nodes will not approve both T' and T directly or indirectly since their reputation and their chance to get approved is on the stake. So, stay out of the dispute watching T' out weight T clearly, and then, approve T'.
Moreover, since IOTA has an asynchronous network, attackers can pre-prepare their PoW (Proof of Work). For example, they can solve the cryptographic puzzle as PoW in advance and wait for the "right time" to broadcast their transactions.
One cannot point out all the concerns in the tangle. But we shall at least ask : When can I confirm that I get the money? In Bitcoin, it is about 6 blocks after your transaction is included into a block, which means approximately 60 minutes. Not bad. Now, in the tangle, how long should I wait?
Well, this is a crucial question to our exchange. We cannot tell our clients that we have no idea when you can safely trade your IOTA; Plus the unsolved privacy issue; Plus the concerns that IOTA will be paralyzed by innocent lazy nodes. In conclusion, IOTA will not be traded on our SuiQiu cryptocurrency exchange.
Blockchain Researcher Yushi
yushi@chaobi.la8/10/2017
