While it's probably not the main problem with IOTA I must say that the ternary logic is probably the most amusing and baffling thing about it. This kind of hubris is something I would expect from a very junior developer without much real world experience who already thinks he's got everything figured out.<p>How can one rationalize starting a super ambitious cryptocurrency project and <i>on top of that</i> decide to reimplement their own crypto using ternary logic for some vague theoretical benefits that would only pay out if IOTA ever becomes mainstream enough (and the benefits large enough) for people to create not only dedicated chips for it but <i>entire industrial processes</i> to make ternary logic silicon.<p>It's also completely misunderstanding the current state of IoT, chips capable of doing high grade (binary) cryptography in a reasonable amount of time nowadays are worth next to nothing and their consumption is almost negligible. It's not premature optimization, it's too-little-too-late optimization.<p>Doing that as a fun week end project to learn about ternary? Sure. As the foundation of your multi billion dollar cryptocurrency set to revolutionize IoT? Come on.
This quote applies especially to IOTA:<p>"Cryptocurrencies are nothing except the marketing power of inventors, financiers and others who love the idea of buying a black box (which is obviously empty) for the price of a Kia and dreaming that it will turn into a Mercedes. There have been times recently when this dream has materialized within hours. This is not just a bubble. It is not just a fraud. It is perhaps the outer limit, the ultimate expression, of the ability of humans to seize upon ether and hope to ride it to the stars." - Paul Singer, Elliott Management<p>IOTA's tech is shitty but they've convinced enough people that it's worth something that it's now worth something. Maybe that's all a crypto needs? I was honestly expecting all of this to crash and burn back in December- but it hasn't yet. Maybe these cryptocoins really are the future.
I think the biggest issue here is that even though this post is well researched, most people don't care, because they haven't invested in IOTA (or any other cryptocurrency for that matter) with the intention of using the features.<p>The large majority is in it for the trading. Unless there are huge issues such as the network crashing, they don't care. It's just a line chart on an exchange to them. That's also why there are no repercussions for people never delivering on ICO promises.<p>It kinda scares me.
Here we go again. Iota has never been one of the coins to answer any concerns without either saying "this is planned for the future" or creating sock puppets to try and drown the thread in low quality comments.
There is also a somewhat amusing IOTA write up on shitcoin.com "IOTA: Cannot be used for IoT. Loss of funds may occur." <a href="https://shitcoin.com/iota-cannot-be-used-for-iot-loss-of-funds-may-occur-e45b1ed9dd6b" rel="nofollow">https://shitcoin.com/iota-cannot-be-used-for-iot-loss-of-fun...</a>
The main thing here is that IOTA is not a _decentralized_ cryptocurrency.<p>Given that there are centralized cryptocurrencies in circulation, it makes more sense to compare IOTA to something like Ripple or Stellar than to compare it to Bitcoin. In that light, most of the other objections go away -- censorship resistance is not an advertised feature; double-spends are only detectable when the coordinator milestone; fungibility is only effective after a milestone, etc.<p>The "post-quantum" cryptography is interesting to me personally not because of the quantum aspect, but because the tractability of discrete-log based cryptography is up in the air, and a vulnerability found in a year, or ten years, could have profound impact reaching back into the past. Hash-based one-time signature schemes seem to be a much more robust approach that will not fall to the discovery of better algorithms (even non-quantum) for approaching the discrete log problem.<p>The notion of using a DAG is also very interesting, and one of the nice things about IOTA is that it does not try to be anything other than a currency. Alternatives such as Byteball are, in my opinion, overreaching by attempting to be some sort of global computer that has the net effect of making clients much more complex and thus vulnerable to strange forking effects if client implementations diverge too much.
Not to mention that the central consensus mechanism is completely broken.<p>You cannot have a trustless consensus without a mining incentive:<p>Quoted from my post linked below:<p>o) Network hashrate is the overall power of the network - in bitcoin, this is the computing power needed to generate a block.<p>o) Bitcoin employs a mining reward which creates a competition between miners to produce a block and claim their reward for doing so. Slower miners lose out to faster miners, but they still participate in the competition to produce a block because they stand a chance of winning occasionally.<p>o) This mining subsidy provides a positive incentive to miners to play by the rules, and encourages them not try to double spending, because they might as well claim the mining reward instead of trying to double spend which is often much more difficult than producing a single block.<p>o) The mining subsidy also encourages all miners to participate in the mining process, which gives an overall metric for total network hashing power, which you can then use to give an estimate of when it is safe to accept a transaction of a given size, as confirmed, because (on average), the block reward is equal to the electricity cost of mining that block. That means that when your transaction has been buried under enough blocks that the mining subsidy equals the transactions size, it is more or less safe to accept that transaction as confirmed.<p>Now, imagine the situation with no mining reward.<p>o) Instead of participating in a competition to win the block reward, miners have no positive incentive to participate anymore. They now are left with the negative incentive to try and double spend.<p>o) Since these miners are not contributing their hashing power to the network anymore, the overall hashrate of the network in unmeasurable, since these miners are quite likely to leave their ASICs in sleep mode until they want to double spend<p>o) With the network hash rate unmeasurable, there is no way to put an estimate on when it is safe to accept a transaction as confirmed.<p>When there is no way to estimate when it is safe to accept a transaction as confirmed, that currency is now useless because any transaction can potentially be reversed.<p>This is why both byteball and iota use trusted third parties to secure the network, but at that point, you might as well be using VISA.<p><a href="https://bitcointalk.org/index.php?topic=1799665.msg20108439#msg20108439" rel="nofollow">https://bitcointalk.org/index.php?topic=1799665.msg20108439#...</a>
What do smart people think about NANO (Formerly Raiblocks)? It also uses a DAG scheme and has fast transactions with no fees, and it's already decentralized.
I want to critique one particular point made in this article, becuase it’s incorrect:<p><i>> IOTA uses cryptography that cannot be broken by quantum computers. The use of such cryptography, specifically Winternitz signatures, leaves IOTA users vulnerable to loss of funds if they ever reuse an address. This attack that has already been seen in practice, with one user reportedly losing $30,000 USD worth of IOTA.<p>As quantum computers large enough to threaten existing cryptosystems do not exist and may not exist for many decades, this use of post quantum cryptography comes with no tangible benefit.</i><p>“No tangible benefit” is a gross overstatement and simplification. I wholeheartedly agree that 1) novel cryptography should not be adopted before it has been well-studied, and 2) threat models for motivating novel cryptography should be rational and pass a cost-benefit analysis. However, if and when quantum computers can practically break classical cryptosystems, they will be able to do against everything cryptography is used to secure today, not just going forwards. This is a stonger argument for encryption and confidentiality, but it nevertheless also applies to signatures and authentication. As a tangential point: while they aren’t perfect (in terms of efficiency), Winternitz signatures are very well studied. Given what’s available, it’s not a bad choice.<p>I think a lot of IOTA’s specification is pretty suspect, especially since it does utilize novel cryptography without an apparent track record or notable expertise among its team. But I also absolutely believe new cryptocurrencies and blockchain projects should be preparing for quantum computation now, if it’s possible. More pertinently, I don’t agree with the way this point was presented, because it can be interpreted as the claim that post-quantum cryptography is a useful heuristic in determining if a project has “issues”. In reality all cryptography should be suspect, and the use of post-quantum cryptography should not be dismissed immediately as a waste. With IOTA in particular, I’m weakly on the side that they shouldn’t have bothered with Winternitz signatures. But in general, I’m happy to see any project at least giving it serious consideration.
Nice writeup. Though you might want to proof read it a few (more) times.<p>"since The Coordinator is the current the arbiter of truth in the IOTA system"<p>"Similarly, transaction outputs that appear in a snapshot [6] are more valuable than those that have."<p>And a couple more like these.
When we post things like this, can we at least put a summary of what this thing is about? For those not already familiar with IOTA, there is nothing in the first paragraphs of the article that actually explains what it is and why I should care.
1.1 is a weird way of presenting that issue. Its discussed in length with explanations of why it exists now, and how they plan to remove it. It's not something required for the technology, just in its infancy.
Time for some FUD Copy Pastas: <a href="https://www.reddit.com/r/Iota/comments/7j81tq/fud_copy_pastas/" rel="nofollow">https://www.reddit.com/r/Iota/comments/7j81tq/fud_copy_pasta...</a>