IOTA's "Vulnerability"

in #iota7 years ago (edited)

You've probably seen the report by Neha Narula, director of the Digital Coin Initiative at MIT. You've probably seen the Forbes article by Amy Castor. 

But you may not have seen:

MIT-DCI's full report of the "vulnerability".

IOTA developer Sergey Ivancheglo's (known as Come-from-Beyond) response to the report.

IOTA founder David Sønstebø's response to the report.


The articles you may not have seen in fact contain important details as to why this "vulnerability" is a non-issue and has actually been around for a while. 

The "vulnerability" was first actually disclosed in a blog post from David Sønstebø. It's surprising that people were able to read the sentence "One of the cryptographers we reached out to months ago to review Curl has disclosed that he is worried there might be a potential vulnerability in Curl" and there was no media uproar like there is now. If anything, this is old news. But the media likes juicy stuff, so Forbes decided to take the report by MIT-DCI, released a month after the fact, and write about it as if it was new. The article and report both make several references to the expression "don't roll your own crypto", which at face value seems obvious. Why would you make your own crypto? If you believe that, then how will innovation ever happen? In the words of David Sønstebø, "when spearheading technology for a new paradigm this statement is no longer axiomatic. Progress must march on." If no one "rolls their own crypto" then cryptography will stay the same.


Analysis of the report itself

In other statements made by Come-from-Beyond, this "vulnerability" was actually intentional: it was there to prevent malicious people from copying IOTA's code and using it for their own copycat, and then scamming people with it. He has previously done this with his code in NXT. The key point is that it is not a vulnerability in IOTA, but a vulnerability in any copycat. IOTA uses proprietary code to run the "coordinator" which will protect the network against attacks. In the report by MIT-DCI, they mention that "the coordinator might prevent some problems caused by colliding transactions." This essentially means that the attacks presented in the report could not have worked on IOTA because of the coordinator. Any IOTA copycat is vulnerable to this attack, however, allowing those with technical experience to exploit the vulnerability. 

Even on an IOTA copycat the vulnerability is small, and the circumstances that allow it to be exploited are rare. In fact, Narula and her team actually allude to this in their full report when emphasizing "that to produce a signature on a msg2, our attacks require Alice to sign an innocent-looking related message, msg, of our choosing. This is a chosen message attack." Essentially, an attacker would need to convince a victim to sign a message. Currently, this message-signing is not possible in the IOTA wallet but in the APIs, meaning that an experienced user would have to be the victim in this case. No experienced user, however, would be convinced to sign a malicious message. This can be compared to convincing an IT professional to install software from a pop-up ad. The "vulnerability" not only requires another user to be involved, instead of the attacker being able to execute an attack by themselves, but the likelihood of the vulnerability even being exploitable is extremely slim and basically a non-issue. The "vulnerability" that MIT and thus Forbes have made a big deal about is not only non-existent on the IOTA network, but on any IOTA copycat the chances of an exploit are slim.

Analysis of ethics surrounding the reports

When writing the blog post, Narula and her team failed to disclose things that would have affected how people reacted. Aside from the small issue where Narula incorrectly mentioned that the bundle size of IOTA was 10KB and not 1.6KB (which was not relevant to the paper anyway), there are inaccuracies and misrepresentations throughout the report (and subsequently the Forbes article) and unprofessionalism from the MIT-DCI team.

1. Failure to disclose conflict of interest in blog post (and thus the Forbes article): It is only listed in the full report on GitHub that there are conflicts of interest that may have led the researchers to write about the vulnerabilities in an exaggerating way. Thaddeus Dryja has developed Bitcoin's Lightning Network, Madars Virza works for the Zcash company, and Ethan Heilman works with DAGlabs (associated with SPECTRE, an IOTA rival) and Commonwealth Crypto. This may have influenced the report and article's "mountain out of a molehill" nature. 

2. Failure to emphasize that the vulnerability cannot be exploited presently (or even in the past) in the IOTA network: the post and article fail to sufficiently emphasize that this vulnerability is now fixed, leading to an uneasy feeling about the current state of the IOTA network. Narula's post briefly talks about how the coordinator would have prevented this vulnerability from ever being exploited on the IOTA network, however Amy Castor's article fails to mention this at all. 

3. Biased nature of the blog post: Narula's post comments on how it is "worrisome" that IOTA's partners never noticed this "glaring vulnerability" and includes a section called "Trits and trytes and other red flags" which was entirely unnecessary. She comments on the supposed inefficiency and impracticality of IOTA, not maintaining the objective perspective that any responsible, professional researcher should maintain.

4. Lack of adequate information/incorrect information in the Forbes article: Castor mentions that "the project has not yet waved good-bye to its previous hash function" and still uses Curl in other places, but fails to mention that the use of Curl in these other places is perfectly safe. Additionally, she is outright incorrect when stating that IOTA has since switched to "a variant of...SHA-3". The SHA-3 algorithm (also known as Keccak) used in IOTA is actually the same as a traditional SHA-3 algorithm. She calls this supposed variant "Kerl" which the IOTA team has named because of the protocol's combination of Keccak and Curl. However, she does not realize that the name is only a nod to IOTA's previous use of Curl, instead misleading readers to believe that IOTA has since made another "homegrown hash function".

5. Lack of professionalism from the MIT-DCI team: for being associated with such a prestigious university, the team of researchers are acting surprisingly unprofessional. 

PhD candidate Ethan Heilman seems to enjoy gloating about his discovery:

"while self in hole: self.dig()"

--Ethan ✨ Heilman (@Ethan_Heilman) September 10, 2017


Madars Virza thinks that a GIF from the Muppets was appropriate:

Unclear how to parse https://t.co/qaIVhi1GlW ... Weak hash function is a "copy-protection measure" now? pic.twitter.com/GCcLTKHh72

--Madars Virza (@MadarsV) September 8, 2017

Such scholars who want their work to be taken seriously should not be acting so immature.


Overall, the representation of this issue by researchers and media has caused many to overreact to a very small issue. It is important that researchers maintain objectivity and professionalism in their work, and that journalists perform due diligence and proper research before writing an article that could potentially affect a volatile market such as that of cryptocurrency.

Sort:  

So many issues with IOTA

claiming to be open source when you have closed source centralized control via coordinator that decides which transactions are real, changing hash functions for "copy protection" to hurt others trying to review code for security or replicate - completely unprofessional

~~~ embed:CryptoCurrency/comments/6yom4o/we_found_and_disclosed_a_security_vulnerability/dmpeoyp/ reddit metadata:fENyeXB0b0N1cnJlbmN5fGh0dHBzOi8vd3d3LnJlZGRpdC5jb20vci9DcnlwdG9DdXJyZW5jeS9jb21tZW50cy82eW9tNG8vd2VfZm91bmRfYW5kX2Rpc2Nsb3NlZF9hX3NlY3VyaXR5X3Z1bG5lcmFiaWxpdHkvZG1wZW95cC98 ~~~

https://hacked.com/iota-update-tangled-web-home-rolled-cryptography/

There is still no evidence that the mistake was added on purpose.

lol, your name says it all! Your FUD is just completely unprofessional. You better take care of the eos problems

Give me a call when you have a working product ;)

me? I have nothing to do with it. I haven't even bought EOS yet.

As per working product, there's 2: you're using one right now

it's graphene and dpos with similar bandwidth and inflation model that processes tx faster than anything else and no fees. iota is controlled by a closed source dev node(s?) which apparently is also used as part of their plan to attack anyone who uses open source code of theirs.

That's so messed up.

sure, so stay away from it.
given the gravity of what they have undertaken, and the weight of all the constant and continuous attacks, a 'DAO hack' at this stage would have catastrophic consequences, and even more so at a later point.

This is a major issue. I have resteemed for the ridiculousness of these justifications and to implore everyone involved with Iota to rethink it and to make sure they are being prudent.

I wouldn't stress. We're going to have fake and biased news until we have some filter and cost associated with publishing poorly researched thought pieces. Anyway, in the end the cream always rises to the top and IoTa looks like a promising project.

This 'vulnerability' discussion is raising quite some dust in the IOTA community.

Therefore, I am pleased that there is also some good news: help the IOTA network with a tool to confirm more transactions.

See for more details: https://steemit.com/iota/@wekkel/iota-transaction-spammer-help-the-network

I am still a believer in the project. IOTA is still in beta, so things wont be perfect.

MadarsV Madars Virza tweeted @ 08 Sep 2017 - 13:42 UTC

Unclear how to parse reddit.com/r/Iota/comment… ... Weak hash function is a "copy-protection measure" now? https://t.co/GCcLTKHh72

Ethan_Heilman Ethan ✨ Heilman tweeted @ 10 Sep 2017 - 15:32 UTC

"while self in hole: self.dig()"

Disclaimer: I am just a bot trying to be helpful.

In cryptocurrencies, like in any other business, there are jelousy and big interest asking for no competetion. Do you think that if Microsoft and IBM are behind Blockchain, they would like another protocol to be created by anyone? Of course, not. So, there are also people in the media that have certain reputation and charge for doing special favor, like a good story for your company and a bad story for somebody else's company.

I agree. But anyone who associates themselves with MIT should maintain some level of professionalism. They're acting like little kids

Congratulations @rajivshah! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You got your First payout
Award for the total payout received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

I've had more trouble with the iota wallet than any other crypto wallet I've used. Downloading the wallet then looking for iri files and then trying to log in for 30 minutes then when you log in no coins. So you have to find out why. Then you have to download a new wallet then there is some sort of transition.. I have no confidence in iota

overreacting and unchecked information... it's everywhere now... can we believe to anything at all? >_<

When looking at Power Ledger and what they are trying to accomplish you ask yourself where would they fit into the puzzle that is Elon Musk. For instance: Elon Musk dreams to colonise Mars his ultimate challenge, however with this ambition he needs some key factors to fall into place before it could eventuate.
These key factors would be a

self sustainable energy system run on solar energy (Power Ledger)
a low energy un hackable and secure perfect working system that can scale, communicate with machines and technologies, link devices and basically run itself ( Iota)
obviously the machines and devices themselves (Tesla etc)
a supercomputer to be the brain of the system( Golem)
public approval ( so it will have to be tested first in just say Australia’s dessert and solar climate)
It might be me but these projects that have already began to spring up through ICO funding cryptos seem to fit into a puzzle that are endorsed by all the billionaires that have changed the world for the future such as Elon Musk, Bill Gates, Richard Branson and so on. Either this club of elites has already began turning the wheels or they need to catch up for a beer. 🍻

nice one man.
the part about the questionable ethics should really be raised louder, as it says quite a bit about some people.

Congratulations @rajivshah! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard:
SteemitBoard and the Veterans on Steemit - The First Community Badge.

Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @rajivshah! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!