The IOTA Leaks: Hostility at MIT - or Lack of Insight from IOTA? Rabobank in Netherland wants to integrate a Crypto Wallet into its Online Platform!

in #cryptocurrency6 years ago

q1.jpg

A leak of e-mails between IOTA developers and MIT's Digital Currency Initiative (DCI) shows how a factual discussion of possible bugs in a crypto-algorithm can escalate - and is an exciting read for anyone who finds cryptography and cryptocurrency interesting.

In early September, MIT's Digital Currency Initiative (DCI) released a report on bugs in the cryptocurrency IOTA. The IOTA community responded with extreme severity, accusing the researchers of conflicts of interest, and also accusing journalists who took this message of incompetence, as they had uncritically trusted MIT. The dispute between the DCI and IOTA continues until today.

One reason why this dispute escalated is the leak of a mail change between the DCI and the IOTA developers that preceded the release of the report. The 124 pages describe how an initially polite discussion of a cryptographic algorithm becomes ever sharper and finally ends in open dispute: the researcher Ethan Heilmann breaks off communication after accusing Sergei Ivancheglo of not sufficiently understanding basic cryptographic concepts; IOTA developer David Anderobo accuses Neha Narual of the DCI of exhibiting the most unprofessional behavior he has ever experienced from scientists. It ends with the disruption of communication - and all this before the DCI publishes its report, which first brings the dispute to the public.

Immediately after the leaks were released on Sunday, the IOTA community has spread its version of the truth online: the IOTA developers have been courteous and patient, while the DCI researchers have been unable to understand IOTA while being rude, unprofessional, and hostile. The only interpretation of these documents is that the DCI deliberately tries to harm IOTA, presumably because the researchers involved have a conflict of interest (for example, through their participation in Zcash or Paragon).

I have read all the correspondence and find the case far less clear. The correspondence is extremely exciting, it could be a great historical source for the history of cryptography and cryptocurrency. It shows how difficult it is even for experts to find a common language to talk about the details of cryptography, and it demonstrates how a polite, fact-based exchange of arguments gradually slides into a dispute.

Above all, it is a prime example of how difficult it is for non-initiates to understand what it's about. Forming a quick, emotional judgment on this basis, as the IOTA community seems to do, seems like an unerring path to disaster.

What the correspondence was about: A weakness in the hash function

It began when Ethan Heilman, a DCI cryptographer, contacted the IOTA developers to inform them of a weakness in IOTA's hashing algorithm Curl-P. And there are collision attacks and "second-preimage security" vulnerabilities. He appends a document demonstrating collisions and advises developers to drop the proprietary hash algorithm Curl-P and instead use familiar and established hash function like MD6.

Let's stop here for a moment and try to explain the many strange words. A hash function is a mathematical operation that transforms any sequence of characters (one word, one sentence, one random letter salad) into another string of a specific length. The most important features of a hash function are, first, that it is deterministic, which means that a given input always results in the same result (hash), regardless of how long it is, and secondly, that it is not possible from the result to the hash function To get input (which is why hash functions are also referred to as one-way functions). You can try it yourself on the website Hashgenerator.de.

For cryptocurrencies, hash functions are usually used for two things: firstly, not the transaction itself, but its hash is signed, and secondly, the hash is used to form the tasks of the mining or the proof of works, which at IOTA is necessary to send a transaction in the first place.

With every hash function, so-called collisions are possible that two different inputs lead to the same hash. This is unavoidable, since there are an infinite number of possible strings, but only a finite length of hashes due to their finite length. Strictly speaking, there are an infinite number of possible collisions. But the likelihood of encountering one is so small that one can neglect that danger.

However, if it is possible to intentionally cause a collision, the consequences are obviously devastating: one can manipulate the contents of a transaction without having to change the signature, and one can potentially falsify or shorten work proofs as well. This, according to the DCI researchers, is possible with IOTA's hash function.

Is the weakness relevant to IOTA at all?

Sergei Ivancheglo, the head of IOTA, answers at first very politely. He explains that one of the weaknesses was intentionally added to prevent copies of IOTA and points out that Curl-P is based on the well-known and tested Sponge function and has passed all standard tests. He suggests that the collision found by the researchers is not relevant to the way IOTA treats signatures, namely OWF (One Way Function) and not PRF (Pseudo Random Family).

Afterwards, an approximately 50-page exchange between Sergey and Ethan on this issue begins. Ethan demands documentation that confirms Sergei's claim, which he doubts that, to his knowledge, the Winternitz signature used by IOTA uses PRF rather than OWF. He also points out that in cryptography you should never use your own algorithm, and if it has to be, it's only after being thoroughly tested by other cryptographers. What is not the case with IOTA.

Sergej explains that IOTA uses signatures differently than other programs, and it is actually "one wayness" rather than PRF, but this is difficult to explain. Sergei urges Ethan to provide proof of a practical attack. Ethan reiterates that Curl-P is broken as a hash function, lacking documentation, and urging it to use a different, better-tested feature.

IOTA has actually changed the hash function. One might think that the discussion is over, and everyone walks in peace. In fact, at some point, the exchange escalates over the question of whether Curl, IOTA's self-written algorithm, is now broken or not. Although it no longer has practical significance, it deals with the question of who is right and how competent the IOTA developers are.

In the end, many pages of emails can be summarized by the fact that Ethan refers to academic requirements for cryptographic algorithms - which IOTA's hash function did not actually accomplish - while Sergei repeatedly tries to explain that the algorithm for the way How IOTA uses it is sufficiently safe. Ethan also appears to be able to prove that under special circumstances the algorithm can be exploited to steal iota tokens, while Sergei also seems to have good reason to argue that these circumstances are in fact the reality of the IOTA Wallets are more likely to be excluded.

Anyone who is right here, whether Ethan, Sergei or both, is extremely difficult to judge. At least I can not.

How the discussion escalates

At a certain moment, the discussion escalates. It starts with Sergei asking Ethan not to call the function "curl" but "curl-P". The "P" stands for "prototype". Ethan replies, "I'm shocked you call a hash function that's already in use a '$ 800 million bug bounty,' a prototype." These are the first openly rude words after more than 50 pages of correspondence.

In general, Ethan's e-mails give the impression that he is increasingly shocked at how little the IOTA developers fulfill their professionalism standards. So he repeatedly mentions the requirement that a crypto-algorithm must be "EU-CMA-safe", a term with which Sergej can not do so much, and which he finally looks up to Ethan's horror on Wikipedia and stackexchange.

Sergei, on the other hand, always remains polite and objective, but also insists somewhat stubbornly that there is no mistake. Ethan loses patience more and more because it is so obvious to him that Curl-P is broken in several ways. "That should not be an attack now, but the list of questions you ask shows that you do not quite understand the basic cryptographic elements and mechanisms we're talking about."

Meanwhile, there are parallel e-mails between Neha Narula of the DCI and Dominik Schiener and David Anderobo, which is about to exchange the documentation of the new algorithm and to agree on an appointment, as of the DCI researchers their results publish responsibly. These emails also begin in a polite and constructive manner, but they slip into conflict over time.

Neha finally writes to IOTA developers in early September that they will write a report on the bug. It gives developers the entire report for inspection. In this, she completely stays with the version of Ethan and ignores Sergei's objections: "We have developed practical attacks on the cryptographic functin curl used by IOTA, which allow us to form short colliding messages." It is possible to validate with these messages Make payments for IOTA.

Of course, Sergei does not leave it that way. He sends Neha a major fix that changes almost every single sentence and ultimately just lets the DCI find a copy protection implemented by IOTA that does not pose any threat to IOTA itself.

A mail from David finally marks the final escalation. After he was contacted by a Coindesk journalist who had somehow gotten wind of it before the report was released, he accuses Ethan of having a conflict of interest. "This is perhaps the biggest scandal I've ever heard about something that is portrayed as a professional, responsible revelation." Neha explains that the bug has been fixed and the deadline for publication has long since expired, which is why it is not reprehensible to go to the press. David asks her if she is sober and again accuses her of extreme unprofessionalism. Neha writes that she does not answer after these personal attacks.

The last mail of the leaks is from Sergei to Ethan. Sergei complains that Ethan ignores him and announces that he is complaining to the university. Not personally, but by a lawyer.


r1.jpg

Actually, Bitcoin's motto is "money without bank". The Dutch Rabobank may soon turn it into a "bank of crypto money" by offering its clients a wallet for cryptocurrencies, as discussed.

There are ideas that I have been waiting for for a long time. Just as it is normal for a fruit merchant to add new fruits to their assortment, it should be natural for a bank to bring new currencies and transaction systems into their online environment. So far, however, the interest of banks in cryptocurrencies is extremely limited. In the best-of-the-best case, they have tentatively begun to approach Bitcoin and other coins as an investment product in recent years.

It is possible that this will change in the near future. Because the Dutch Rabobank seems to have taken a first step to integrate a wallet for cryptocurrencies in their online platform. As part of a "Moonshot" internal innovation program, the bank's employees have developed various ideas to meet the needs of customers. One of 22 ideas in the race is Rabobit - an online cryptocurrency wallet that will be part of the bank's online environment. Currently, the team is still evaluating whether there is interest from customers. At the end of March, it will then be decided whether Rabobit will be shortlisted for the projects to be implemented.

r2.JPG
Image source: rabobank.nl

Confusingly, there is already a website called Rabobit.nl that offers an online cryptocurrency wallet on behalf of the bank. It promises to store cryptocurrencies in a wallet in the safe environment of the bank, to have bank and crypto accounts in the same place, to simply add cryptocurrencies to the banking apps already in use and to be able to use the coins directly from the bank account. Anyone attempting to sign up, however, apparently ends up only on the e-mail distribution list. This suggests that the site was set up to evaluate customer interest rather than, as many fear, a fraud.

Rabobank has written an article about cryptocurrencies in the past. When exactly, is unfortunately not on the website. For a bank, the institute expressed itself extremely positively about Bitcoin and Co.: "We are currently experiencing the beginning of a new phenomenon, which according to experts and investors can be compared with the Internet of the 90s. The formation of user-friendly applications has just begun. We see more than one occasion as a threat [...] The old and the new world will have to come closer to each other. "

Rabobank is the second largest bank in the Netherlands with 7.4 million Dutch customers. Until the beginning of 2016, it was still an association of local cooperative banks, after which the 106 cooperatives joined together to form a large cooperative. Rabobank is active primarily in the private customer business, but also as a financial service provider in the agricultural and food industry. What huge potential lies in the fact that Rabobank brings Bitcoin or other cryptocurrencies to its millions of customers does not have to be specifically mentioned.



Image Sources:

end.png
Have a nice day!

ⓁⓄⓥⒺ & ⓁⒾⒼⒽⓉ

Best regards
mylo.PNG

Sort:  

To hear the speech version of this post click the play image.

Brought to you by @tts. If you find it useful please consider upvote this reply.

It's very cool of you what you are doing would be cool if you can keep doing it :)

I hope this @tts stays around. Will solve a big problem for stoned people :)) Gonna dive in now

Lol you gave me a good laugh and I was waiting for someone to react to it I am glad it was you in that cool and funny way of yours!!! Yes it's really cool from him now you can roll one up, smoke and listen to what I wrote ;)
Have a nice weekend bro :)

haha you know me:) Yeah sounds like a plan, good thing that you told him to keep up!

Have a great weekend as well make sure to watch the UFC event!

Yes bro UFC for sure this weekend I never miss it :)
You too have fun watching it c ya next week!

Just wrote to him to keep doing it ;)

i appreciate your post..many information this post & cryptocurrency thanks for sharing...
@danyelk

This valuable post.
Thanks for sharing cryptocurrency update providing.
I appreciate your every post..

Thanks for great post..i appreciate this cryptocurrency...

This post has received gratitude of 13.65% from @appreciator courtesy of @danyelk!

Thanks for share the important post

Congratulations @danyelk, this post is the eighth most rewarded post (based on pending payouts) in the last 12 hours written by a Superuser account holder (accounts that hold between 1 and 10 Mega Vests). The total number of posts by Superuser account holders during this period was 1618 and the total pending payments to posts in this category was $11593.22. To see the full list of highest paid posts across all accounts categories, click here.

If you do not wish to receive these messages in future, please reply stop to this comment.

Coin Marketplace

STEEM 0.35
TRX 0.12
JST 0.040
BTC 70557.88
ETH 3560.83
USDT 1.00
SBD 4.75