The IOTA project has come under heavy scrutiny by security and cryptography researchers. Various flaws have been pointed out in recent weeks. Ethan Heilman, one of the people finding out some of these flaws, is now being threatened with legal action. As such, Charles Hoskinson is considering to cover his legal fees if push comes to shove.
The IOTA Debacle Explained
According to the letters published on Tangleblog, there are a few critical weaknesses in IOTA’s code. These flaws are discovered by members of the Digital Currency Initiative. In the letters, Ethan Heilman explains the flaws uncovered and how they came across them. The response by the IOTA team is cordial at first, but things quickly deteriorate from there on out.
A request for documentation on the IOTA signatures could not be provided by the Foundation either. This feature is still a work in progress as of right now. However, the gist is how IOTA’s signature scheme is potentially at risk due to their own in-house developed algorithm, Instead, Ethan Heilman advises the project moves to a vetted and peer-review hash function altogether. It is solid advice, yet it is falling on deaf ears.
Later discoveries include a viable attack on IOTA’s signature scheme altogether. The mention of making this weakness public seemingly irates the Foundation members first and foremost. More specifically, 09they don’t want this information to be revealed to the public. Addressing such problems would take weeks, at the least. Moreover, there is some back-and-forth communication indicating Heilman is growing more concerned by the lack of non-action on IOTA’s behalf.
The Conversation Begins to Escalate
Further communication indicates the IOTA team finally started taking these concerns more seriously. Even so, some of the replies seemingly quote StackExchange and Wikipedia for “remedies”. Ethan Heilman points out these are not exactly the most formal sources of valid information when it comes to code security. Further emails show a clear degree of personal attacks and allegations regarding the “sobriety” of the security researchers who pointed out these flaws first and foremost.
The latest email sent includes a clear threat from the IOTA Foundation. More specifically, Sergey Ivancheglo claims he will use a lawyer to potentially sue Ethan Heilman over the allegations made. Although this mail dates back to October of 2017, it is unclear where things stand right now. It does appear as if things have escalated beyond the point of repair. With this information now made public, it will be interesting to see how the community responds.
Charles Hoskinson, one of the co-creators of Ethereum, is not too amused. He even vows to cover Ethan’s legal fees if IOTA goes ahead with this plan. Whether or not the information presented by DCI is in fact correct, will remain a subject of debate. There are still people who feel the project’s code is not entirely optimal as of right now. Rest assured this is not the last we hear of this story either.