(Note: the contents of this post refer exclusively to the security disclosure made public in Aug.-Sep., 2017. At the time of this writing, there are no known issues with the current protocol.)
If you have been following IOTA related news, you are probably aware of an ongoing topic of discussion — both within the IOTA community and the wider DLT community at large. Back in January, the IOTA Foundation released a four-part blog post detailing the technical considerations of a vulnerability report published on GitHub in September 2017 by the Digital Currency Initiative (DCI), an organization affiliated with MIT.
Unfortunately, and much to everyone’s surprise, the communications between the IOTA team and DCI that occured prior to this report were recently leaked, and published on an external blog.We at the IOTA Foundation unequivocally condemn this leak.These were private communications between parties who did not consent to such release — the release of these emails without consent is detrimental to the IOTA Foundation, to our community, to our friends at the DCI with whom we maintain ongoing conversation (heated at times, to be sure, but such is the nature of a vibrant academic discussion) and to the entire DLT space.
With all that being said, at this point we feel it is appropriate to share our view of events (without all of the technical overhead). First, to summarize what is evident throughout the emails, and where we are today:
- From day 1, the IOTA team responded promptly and courteously with technical details requested by DCI. IOTA even offered a bounty to reward the DCI team’s hard work and dedication, to which DCI never responded.
- We continue to maintain, as discussed in considerable detail in the blog post linked above, that the vulnerability described in this report never left users susceptible to theft or attack.
- The properties of the IOTA protocol discovered by DCI were in place by design as a copy-protection mechanism, and that DCI has not uncovered any actual vulnerability in the IOTA protocol.
- Nevertheless, out of an abundance of caution, we followed the DCI team’s advice and implemented their requested changes in August, 2017.
- To date, the IOTA team has not received any answers to questions posed, code demonstrating the attack, or other documentation elaborating on the vulnerability beyond what was seen in these emails.
- We would very much appreciate help finding actual vulnerabilities in the IOTA protocol, and as of November, 2017 we have been working with a team of cryptographers to obtain an accurate and objective assessment of this situation.
The detailed timeline of events is as follows. Emails are numbered according to the document published on The Tangler— most of the emails not mentioned here contain technical back-and-forth as both teams discuss the findings:
- #1 (7/15)— Ethan Heilman of the DCI contacts the IOTA team with: (1) notification of a vulnerability and intent to disclose following responsible disclosure procedure by waiting for 2 weeks before publication, (2) a description of the vulnerabilities and attack vectors, and (3) suggestions to improve the IOTA protocol to avoid these vulnerabilities.
- #2 (7/15)— Sergey Ivancheglo (IOTA core developer, a.k.a. Come-from-Beyond) writes a response thanking Ethan for his intent to follow responsible disclosure procedures, and his interest in understanding and helping improve the IOTA protocol. Sergey included a list of responses and further questions, and indicated the IOTA team’s intent to assess these vulnerabilities and address them promptly.
- #11 (7/22)— Ethan announces progress in developing the attacks, and affirms intent to publish within one week.
- #12 (7/23)— David Sønstebø (IOTA co-founder) requests that Ethan hold off on publication until both sides are in agreement regarding the vulnerability and mitigation procedures.
- #13 (7/23)— Sergey asks for clarification on questions he raised the week prior that were still unanswered.
- #16 (7/25)— Ethan emphasizes the original two week timeframe and requests clarification on steps that will be taken to mitigate the vulnerability.
- #17 (7/25)— Sergey informs Ethan of IOTA’s intended timeline: (1) patch the vulnerability via an upgrade on August 5th, (2) give users until August 10th to transfer their tokens to new addresses, and (3) disclose the details of the vulnerability report on August 12th.
- #22 (7/28)— Neha confirms that this timeline is acceptable to DCI, and that they will wait to publish until August 12th.
- #30 (7/31)— Sergey follows up a long chain of technical emails with 20 unresolved questions and asks for clarification on those issues.
- #31 (8/4)— David reiterates Sergey’s previous request for clarification on the 20 unresolved issues before DCI’s publication, so that the IOTA team would have time to prepare an appropriately detailed and technical response.
- #52 (8/7)— David shares the IOTA team’sblog postabout the upgrade.
- #73 (9/6)— Neha informs the IOTA team that their article is ready for publication, includes a copy of the text, and asks for any feedback or corrections.
- #74 (9/6)— Sergey responds with a list of corrections for the first section of the text.
- #75 (9/6)— Neha dismisses almost all of the corrections without offering any other path for resolution.
- #76 (9/7)— David finds out via a CoinDesk journalist asking for comment on the story that DCI is moving ahead with publication, and demands that Ethan retract the story until all of the issues can be resolved. David acknowledges his suspicion that the DCI team is compromised by a Conflict of Interest (due to ongoing work in a competing technology).
- #81 (9/7)— Neha informs IOTA of the DCI team’s intent to publish the following day, and makes a final request for any more comments from the IOTA team.
- #82 (9/7)— Sergey notes that his previous corrections were ignored and that if they were included there would not be anything worth publishing. He also questions how so many external parties apparently knew about the vulnerability prior to publication, and agrees to take the debate public since the DCI team is moving forward with publication before taking any further steps to resolve the remaining issues.
- #83 (10/21)— In the final correspondence, and in an attempt to remain transparent, Sergey informs Ethan of his intent to compel the release of proper disclosure documentation through reaching out to Boston University with the help of legal counsel.(n.b., Sergey lives in Belarus, is not proficient in spoken English — written English is his 3rd language, and found himself unable to make progress on this task without legal help.)
While the DCI team was initially very considerate and allowed extra time beyond the original agreed-upon schedule for disclosure, it was nevertheless reprehensible that DCI:
- informed multiple 3rd parties of the details of their report without notice, including journalists and IOTA competitors;
- moved forward with publication without resolving or even addressing any of the issues raised by the IOTA team;
- has not (to date) released any code or documentation to substantiate their claims.
Whether intentional or not, DCI’s report and subsequent refusal to follow proper disclosure procedure have caused misinformation about IOTA to continue circulating on social media. The latest round of attacks on Twitter attempts to undermine our recently announced corporate relationships — we find these attacks equally reprehensible. There is a reason why following proper disclosure protocols is so important, and we can only speculate as to why DCI refuses to comply.
We have spent much more time than we intended to on discussing this issue ad nauseum, and we would like to put it to bed. However, we can’t do that without help from the DCI team. To that end, we propose the following:
- We hereby formally request DCI to complete the proper disclosure protocols: we call on Ethan, Neha and their team to release any and all code, documentation, research, etc., they have developed in conjunction with their findings.
- If DCI are unable or unwilling to release all of the aforementioned documents, we call on them to retract their report fully and issue a brief apology, after which we will drop the subject entirely with no harm done.
- If DCI do clarify and disclose their results fully, and a substantial and legitimate vulnerability is found, we will happily eat a slice of humble pie. We will own up to our mistake and apologize for it, thank them for helping us to improve the IOTA protocol, and reiterate our offer of a bounty reward as a token of our gratitude.
We remain 100% committed to transparency with our community, and we continue to welcome discussion of the issues raised by the DCI team in a thoughtful and constructive manner. While 9 out of 10 social media posts on the topic contain well-thought-out discussion points, it is the remaining 1 out of 10 which is both the most uncouth and the most publicized. For the sake of the entire DLT space, we hope that these discussions will not dissolve into internet “flame wars,” and that we can stay somewhere within the realm of intelligent discussion.