Cryptocurrencies: a weird agglomerate of fascinating technology built by brilliant engineers; a whole new and potentially important form of economics; … and hype-machine puffed-up crazy-talk nonsense. So, as you might expect, they also combine state-of-the art resilient engineering and comical clown-car so-called security. Yes, that’s right — I want to talk about IOTA, and (to an extent) Bitcoin Cash.
Modern security practices include: an understanding of and commitment to responsible disclosure; making yourself available and accessible to third-party security researchers; offering bug bounties; fuzzing your code; etcetera. They also include valuable truisms such as “don’t roll your own crypto.” Here that’s crypto as in cryptography, and it means, always always always use tried and time-tested cryptographic algorithms and implementations. Do not try to build your own from scratch. You will regret it.
IOTA, currently the world’s tenth most valuable cryptocurrency, took an … assertively contrarian stance regarding this dictum. They didn’t just roll their own crypto, they rolled their own fundamental units, deciding that binary wasn’t good enough by half, and that trinary was where it’s at, that their trits and trytes were so much better than bits and bytes.
I confess part of me has a grudging respect for the surreality of this kind of whackadoodle performance art. Alas, this half-admiration doesn’t extend to the recent saga in which a) they rolled their own crypto; b) MIT and BU researchers found a flaw in it; c) IOTA first said that the flaw was intentional, and then, apparently, that it was created by an imperfect AI (!); d) a spectacular war of words (between those parties and several others) erupted. Then, yesterday, Neha Narula, the director of MIT’s Digital Currency Initiative, presented last year’s work in a talk at Black Hat — and even though that work stemmed from last year …