Coordinator. Part 4: An Open Source Coordinator

Today marks a milestone (pun intended!) for the IOTA project.

We are releasing the code for a new open source version of the coordinator that has been in the works since late last year. The code repository can be found at: https://github.com/iotaledger/compass.  

This open source coordinator has been in use on the public testnets for some time already. Our (admittedly optimistic) goal is to deploy it on mainnet in the next 6 months.

Let’s dive in a little bit and see what this means exactly. Hopefully we can clear up some common misunderstandings about the role a coordinator plays in a nascent DAG-based distributed ledger like the IOTA Tangle.

If you look into the open source coordinator repo, you will notice that the code does not actually do very much at all. It calls get Transactions To Approve at the specified interval, creates and signs a milestone transaction, and attaches the milestone to the tips received from IRI. No more, no less.  

In this way, it is the IRI nodes, not the coordinator, that are responsible for forming consensus and creating the Tangle. Or more precisely, it is not so much the coordinator itself that matters, but the efficient interaction between the coordinator and IRI. In order for us to switch to this lightweight, open source coordinator on mainnet, we first need a robust, battle-tested IRI that can consistently guarantee a healthy tangle. This is why over the last few months we have put a lot of effort into refactoring and improving IRI. Ideally, we would like to see:

  • a minimum of 3 months with no major bugs reported or incidents affecting the network;
  • a consistently healthy Tangle under normal operating conditions;
  • a thorough code audit by security experts.

Although we are still not quite there yet in terms of the desired performance of IRI, we have nevertheless decided to go ahead and release the open source coordinator code today, so that others can help scrutinize and debug it in parallel with the continued improvements of IRI. This will not only help to reduce the overall time-to-deployment of the open source coordinator on mainnet, but also enable users to create private tangles and testnets in the meantime.

It is important to stress that removing the need for any kind of coordinator remains our top research priority for the foreseeable future. But while the network is still reliant on a coordinator, there are some far-reaching consequences to making an open source coordinator available, both positive and negative.  

The positive outcomes are increased transparency, increased security and wider adoption, due to greater oversight of the code. Open sourcing also allows for the creation of private tangles; a request we have seen time and time again from businesses and academic researchers looking into the Tangle. Enabling interested third parties to fully-replicate the Tangle on their own will enhance understanding, improve security and increase adoption of the public tangle in the future. Instructions for setting up a private tangle can be found here: https://github.com/iotaledger/compass/blob/master/docs/HOWTO_private_tangle.md  

However, if multiple coordinators can now sign and publish milestones on mainnet, IOTA users must choose which coordinator to follow. Different coordinators would quickly create incompatible branches, resulting in what would essentially be a hard fork. Or, to put it simply: a single coordinator can only confirm transactions on a single branch. Furthermore, since addresses should only be used once, spending from the same address into different branches would mean that the address has been reused. As every IOTA user should know, reusing an address lowers security exponentially and should be avoided. It is therefore extremely important that IOTA users choose one coordinator and stick with it, to ensure the security of their tokens.  

Given the potential risks involved, it is important that making this coordinator publicly available does not create any problems for ordinary users. For the time being, the IOTA Foundation will continue to run a coordinator at an address that is hard-coded into IRI (link to source). This will ensure that ordinary users’ transactions do not “accidentally” end up in forked branches and/or become susceptible to double spend attacks by virtue of having unwittingly referenced a non-standard (i.e. non-IOTA Foundation) coordinator milestone. Since the vast majority of exchanges, public nodes and users follow the official IOTA Foundation coordinator, we strongly recommend that others continue to do the same as well, at least until we are ready for a coordinator-free Tangle.

The current approach to achieving a Coo-free Tangle has been outlined in the previous posts in this series. We will continue to provide regular updates about Coordicide as progress is made.

We have been piloting a bug bounty program on Trinity and the IOTA Hub for a while now and will soon be expanding this (first privately, then publicly) to the coordinator and IRI. It is our goal to get as many eyes on the code as possible over the next few months so that we can comfortably and safely transition to the new coordinator. As always, we also welcome GitHub issues and PRs, discussion on Discord, or contributions to the IOTA Stack Exchange.

We hope this overview provides some insight into the steps we are taking to be more transparent about the coordinator until it can be removed. It is incredibly exciting to embark on this next phase of IOTA’s evolution, together with our talented community around the world! As always, we encourage you to get involved, to contribute your expertise, and to follow our progress via the IOTA Foundation blog and the IOTA Engineering Team’s Twitter feed (@iota_dev).

This is a multi-part post. Links to the other parts can be found below:
Part 1
Part 2
Part 3
Part 4 (this article)