Cryptographic vulnerabilities identified in IOTA

IOTA, a cryptocurrency without a blockchain, currently listed under top 10 cryptocurrency has recently been reported of serious vulnerability by Neha Narula, Director, Digital Currency Initiative at the MIT Media Lab.

The IOTA network was launched on July 11, 2016 and its token was listed on Bitfinex on June 14, 2017. A fixed supply of 2.77 Billion MIOTA (currency units) was created when the network was launched. 1 MIOTA (mega/million IOTA) is equal to 1,000,000 IOTA. As of September 8, 2017 IOTA has a market capitalization of $1.5B making it, at the time of writing, the 9th most valuable blockchain based cryptocurrency by market cap.

Vulnerabilities were disclosed to the IOTA developers over a month before publishing the detailed report "Cryptanalysis of the Curl Hash Function Enabling Practical Signature Forgery Attacks on the IOTA Cryptocurrency" to patch their system. In response the IOTA developers have updated IOTA to no longer use the Curl hash function to hash transactions as part of the IOTA signing process also. The current version of IOTA does not have the vulnerabilities found by MIT Media Lab team (Neha Narula, Ethan Heilman, Tadge Dryja, Madars Virza), they had been fixed on Aug 7, 2017. But the fact that none of IOTA’s partners raised these concerns about a glaring vulnerability in an approx. $2B cryptocurrency, or spoke about the other red flags, is worrisome.

According to the post, "The digital currency space is still new, and we are confident that robust, useful technologies will continue to emerge and gain adoption."

"While one of the most important features of blockchains is removing the need for trusted third parties, most people don’t have the time or background to thoroughly evaluate the software, which means that trust is still needed: trust in the developers of the project, or someone else capable of evaluating the software.

I think it’s important that the public is aware of our investigation and what we found. In this space, extraordinary claims warrant extraordinary evidence; there’s a need to temper large claims with rigorous due diligence, and right now, that is not happening nearly enough. Large organizations and well-known individuals should not lend their names and reputation to technology they have not vetted," says Neha Narula.

For more updates, technical blogs and general discussion on Blockchain Technology and Ethereum, please join us at our Website, reddit, Facebook, Medium, steemit and follow us at Twitter. Please feel free to share this post, email us with your suggestions and connect at LinkedIn.

blockchain #IOTA #Tangle #DLT #cryptonews #IOT

Subscribe to EtherWorld.co