This past weekend, multiple prominent security researchers and academic cryptographers took to Twitter to paint a big black mark on the cryptocurrency project, IOTA. The posts implore investors not to hold the currency and researchers not to collaborate on enhancing the security of the system.
An outcry was triggered shortly after a chain of private emails sent among the IOTA team and a group of external security researchers was made public, exposing the developers’ response to the disclosure of a critical flaw in one of their cryptographic building blocks. The correspondence, which ended with vague threats of legal action by IOTA founder, Sergey Ivancheglo, against a member of the Boston University security group, has prompted many academic researchers to denounce the entire project.
Among those speaking out against the IOTA team is Matthew Green, an applied cryptographer at Johns Hopkins University, who is himself one of the original architects of a popular cryptocurrency, Zcash.
The coin has been around since 2015. It has been marketed by its inventors as an improvement on blockchain architecture (in which there are, in fact, no blocks) that allows for free transactions at a larger scale than Bitcoin. Advocates for the technology have positioned it as a technological enhancement for the Internet of Things. They envision a future in which machines use the IOTA network to make microtransactions with one another.
However, there are many in the community who argue that the system, which today relies on the activities of a central operator called a “coordinator,” is not as decentralized as advertised. Those who adhere to this line of thinking—people like Rick Dudley, a blockchain architecture advisor and consultant in New York City—note that the team behind IOTA has made it especially difficult for outside researchers to evaluate the technology.
“Basically, what they have done is written some source and papers that only describe part of the system. The rest of the system is secret. Which is completely antithetical to blockchains,” says Dudley.
The most recent controversy began when Ethan Heilman, a security researcher at Boston University, disclosed to IOTA that the hash function they were using, which was an in-house concoction called Curl, was broken. Weeks later, Heilman, along with three other researchers from the Digital Currency Initiative at MIT, published the finding in an initial report.
Ultimately, IOTA developers took the advice of the academics by swapping out their own experimental cryptographic device for a vetted alternative.
However, the email chain among the IOTA team and the researchers at DCI reveal a tense and acrimonious unfolding of events behind the scenes. The upshot: IOTA disputed the researchers’ claims and ultimately suggested that their publication amounted to academic fraud.
Similar accusations have spilled out onto Twitter.
Since the emails were released, a debate has raged over social media about which side looks worse. Plenty of commenters are coming to the defense of IOTA, sometimes while fully acknowledging their positions as investors. IOTA issued a statement on Monday saying they "unequivocally condemn this leak" and that the vulnerability did not make users susceptible to any attack.
Regardless of which side wins in the court of public opinion, it is becoming clear that the IOTA team, by displaying antagonism to the process of responsible vulnerability disclosure, has lost the support of professional cryptographers and security analysts.
“I think the emails were extremely embarrassing for the IOTA project. They should convince anyone that IOTA lacks the technical leadership or, simply, the maturity to build their product,” says Dan Guido, the CEO of Trail of Bits, a security consulting firm with expertise in blockchain technology.
And this is not a great look for a cryptocurrency. The security of these systems depends at least in part, on participation by outside groups, who make an academic pursuit of finding vulnerabilities.
It would seem that IOTA will not be able to count on their help going forward. Several professional cryptographers, including Dionysis Zindros, a PhD candidate at the University of Athens, have signaled their intention to stay away from the project entirely.
One lingering question is whether the hostility demonstrated by IOTA team members will cause security researchers to reassess the risk of working with companies in the blockchain space altogether.
Guido, from Trail of Bits, says security consultants are well acquainted with the legal risks that come with giving companies bad news.
“As security researchers, we've had to deal with far more hostile companies and projects in the past,” he says.
In the case at hand, there are things the researchers at DCI could have done better, however. According to Guido, the whole process may have gone more smoothly had they used a third party to communicate with IOTA.
“DCI made some rookie mistakes too, and this is generally why, in other industries, security researchers will hand off bugs to a vulnerability coordinator, like a CERT, to report on their behalf,” says Guido.
But will his company shy away from blockchain clients simply because one deal in that space went rotten?
“I saw the whole thing, and no this does not change how we approach working in the space,” he says.
Editor's note: This story was updated on 28 February 2018 to clarify the sequence of events and add a link to IOTA's official statement.