And Why I Don’t Like It
- They’re essentially a centralized tech, pretending to be decentralized. They have failed to solve the theoretical problems, patchworking it with a central server (“the Coordinator”) that settles the transaction order. My guess is that they honestly tried to solve the essential problems with DAGs, but when they realized that it’s not gonna happen, they have invented their “Coordinator”, claiming that one day they will figure how to get rid of it… I wouldn’t believe them, because their tech is not built “from first principles” (like ZK-SNARKs in ZCash, as an example of some credible science) — I mean, there is no solid theoretical background, which is really required to solve the problems they faced. As far as I know, there is no coin yet that solves the “scalability trilemma”. If it was, it would be a major breakthrough. “Extraordinary claims require extraordinary evidence”!
- On the low level, they use ternary (base-3) for encoding their data structures, which is a complete nonsense unless you have a ternary computer (we don’t). It adds a significant overhead, unnecessarily complexifying the whole system. This is an extreme case of the so-called “NIH (not invented here) syndrome”.
- They rolled their own hash function — which is a major no-no in cryptography, unless you are an academic expert with a lifetime’s experience in (de)constructing hash functions and finding vulnerabilities in them. Needless to say, their hash function was cracked, putting all their system to risk. Good for them is that the crack was performed by MIT scientists — they’re “white hat hackers” so they reported the vulnerability instead of exploiting it for stealing the users’ money. Here’s a blog post about this (by the scientists who have found the vulnerability): https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
To me, these mistakes cannot be justified, when talking about multi-billion dollar business. We all make mistakes, but these ones are usually being made by young careless amateurs, who don’t really think about the reliability and security of their system — it is more important to them to explore things (by re-inventing the wheel) and to prove themselves (and the world) that they are competent in building complex stuff. This is perfectly OK when you’re young and inexperienced (in fact, we often become experienced by doing this), but I would not put a cent in this kind of “currency” — the risk is too high.
The funny thing is that V. Buterin and his creation (ETH) is also subject to this kind of criticism. They have their own hash function (Ethash) and also their own programming language (Solidity) — which is a mistake (NIH syndrome again).. But Vitalik is really a smart and wise person and he’s learning fast. Maybe I just like him because I’m also “Vitalik” :) But really the most important thing is that in contrast to IOTA creators, he doesn’t act like an asshole… Take a look at this, for example (if it’s true, then IOTA creators are complete assholes, and if it’s not, then they are pathetic liars — in either way, it doesn’t add credibility to them):
Next, and in my mind most damningly, Sergey Ivancheglo, Iota’s cofounder, claims that the flaws in the Curl hash function were in fact deliberate; that they were inserted as ‘copy protection’, to prevent copycat projects, and to allow the Iota team to compromise those projects if they sprang up.
See more here: https://hackernoon.com/why-i-find-iota-deeply-alarming-934f1908194b
UPD: see also the recently leaked internal IOTA Foundation conversation, which clearly reveals the immaturity of the key people behind IOTA.
About the Author
I’m a member of the developer team behind the open-source cross-language CCXT Library (available for JavaScript, Python or PHP). The library is used to connect and trade with more than 100 cryptocurrency exchanges worldwide.