@tangleblog I'm going to put aside every single past iota problem (the demonstrably flawed cryptography, that time they couldn't encrypt the number 13, and I'm even going to ignore the general conduct of their fan base), let's pretend all of those don't exist, and focus on co-ordicide.

@tangleblog This is science, so we start with a hypothesis. IOTA's ostensible hypothesis is there exists a system that is fundamentally decentralized in nature (all interactions are between local entities) but that can reach global consensus, in a secure manner, in a reasonable time frame.

@tangleblog This presents us, the scientists, with a problem. Given an arbitrary transaction from a local peer (alice buys a coffee) we have to determine if the transaction is valid within the overall context of the network, ideally before the coffee goes cold (poor bitcoin coffee drinkers)

@tangleblog This problem has a long history, too much to cover in a tweetstorm so I will skip the what scientists call a "literature review" and please just replace this tweet with a number of gushing references to Leslie Lamport, and maybe shoutout to James Mickens's The Saddest Moment.

@tangleblog OK so, in the middle of that literature review, Bitcoin came along and was like "I've solved sybils, let's just increase the total energy use of the planet by .1%-.5%" and everyone was like "woah, that's amazing"

But everyone's coffee is still cold.

@tangleblog That's because even with all that energy use, consensus still takes the same amount of time because we have to delicately balance the incentives to attack the bitcoin network with the cost to do so.

This has everyone looking for another way. Now back to iota.

@tangleblog IOTAs -current- tangle is fundamentally dependent on something called a coordinator, The coordinators job is to sit on the network and create milestones which reference transactions. This allows IOTA's current system to reach consensus in the presence of malicious actors.

@tangleblog Centralization! I hear you cry. Yes, without those milestones very bad things would happen very quickly, and IOTAs would be double spent all over the place (if iota had any actual value or liquidity)

So this year, the foundation finally presented a plan to fix it. Coordicide!

@tangleblog The astute among you, likely those of you who got my Mickens reference without googling, will have noticed a small flaw in that plan.

The reputation flow, flows over the same network that transactions do. It is also subject to byzantine faults.

@tangleblog But, dear reader, not to fear. All we need is some globally verifiable randomness, and a complete list of iota nodes and we can use an algorithm to wash away those faults....

It's not like those are fundamentally hard problems in distributed systems or anything, right?

@tangleblog Ok first we need a complete list of iota nodes. We could have everyone ping a centralized node every time they come online (hmm we want to be decentralized), what if we hardcoded a list in the source code? (ah damn same problem), what if we multicast across the internet?! (hmm)

@tangleblog I've been informed by the iota community that the solution to this is "gossiping", and at this point in my paper I'm going to assume you didn't read my literature review on gossiping.

@tangleblog So, gossiping....I could link you to this review (cs.cornell.edu/projects/Quick…) or you could go literally any distributed systems paper - but what you need to understand before we progress is this:

Gossips are as secure as the consensus mechanism. Not the other way around.

@tangleblog If you have a secure consensus mechanism you can build a robust gossiping protocol that minimizes malicious distribution.

You can't build a secure consensus mechanism from a gossip network...because...say it with me...

You need to agree on the number of nodes!

@tangleblog Why is agreeing on # of nodes important? Because if you don't agree on the number of nodes, then you have no basis on which to trust a) the total size of the network b) the distribution of conflicting information to verify against c) your security parameters.

@tangleblog Every other claim in the iota coordicide paper, extends from this implicit assumption.

If you have a complete list of nodes, you can build some amazingly secure & fast systems.

The challenge is in doing that in a decentralized manner.

@tangleblog I want be nice to iota, and turn to another facet of the system - we are going to assume that a complete list of nodes is magically available. Is the iota system sound given this, admittedly huge, assumption?

@tangleblog Let's do another science thing, a Gedankenexperiment or "thought experiment", and return to Alice buying her coffee from a coffee shop. Except this time it is her girlfriend Mallory, who is an anti-capitalist and would like some free coffee.

@tangleblog Mallory creates two iota transactions, one for buying the coffee, and another where she sends the same funds to herself (Mallory doesn't care about her private key).

Can Mallory position herself within the network such that she can distort or delay consensus (& get free coffee)

@tangleblog Mallory doesn't care about your network, and will happily block packets, hijack bgp routes and otherwise disrupt communications - but that doesn't matter right, because we are decentralized? We can make local decisions without the rest of the network?

@tangleblog So the coffee shop here has a couple of options. They can't seem to reach many of their verified random other parts of the tangle. There may even be a few transactions confirming Mallory's transaction, but it seems slower than usual.

Do they give Mallory the coffee?

@tangleblog I've written a fuller outline of the trade-offs involved with the above scenario here: fieldnotes.resistant.tech/dags-and-decen… tl;dr you either delegate trust to supernodes, or you wait a (long) while.

Or you can assume the network is untamperable. I'm not a cop, assume what you want.

@tangleblog Let us not forget that we skipped over the "no seriously, to build a robust gossip network you really need to know all the nodes in advance, you can't build sybil resistance from nothing"

So let's pop the stack, and conclude.

@tangleblog Have iota proposed any mechanism for building a robust -decentralized- gossip network given everything we know about byzantine faults and distributed consensus? No.

@tangleblog Do iota, and their "independent" associates, have a history of harassing researchers who point out flaws in their technology? Yes.

You can just go google this one.

@tangleblog Now, let me be serious, @tangleblog, please do publish that article about me, if only so that I recover the modicum of dignity I sacrificed to dance your jig to write a thread that will hopefully steer more people away from a miserable little scamcoin.

I'm secure in my integrity

@tangleblog If you like this thread, please consider donating to @OpenPriv to support our nonprofit, working with marginalized communities to build consentful tech.

We now have commemorative t-shirts to celebrate the time we helped destroy e-voting in Switerzland.

openprivacy.ca/blog/2019/08/0…

@tangleblog @OpenPriv Finally, I must address the threats. It's laughable for many reasons (the main one being that Open Privacy has no organizational supporters to threaten, no one will fund marginalized privacy anyway, all the support we get is independent), but in another way, it's disgusting.

@tangleblog @OpenPriv Throughout my life I've been threatened by bullies who sought to use whatever they considered a weakness of mine. I've been threatened with lawsuit oblivion by multi national corporations. I was once chased down a street for holding my partners hand.

@tangleblog @OpenPriv I've spent years of my life, shaping it such that my morals, my ethics and my work were aligned. I'm entirely happy in who I am and the decisions I made that got me here.

So understand that your threats ring hollow, but also understand that I won't stop until they cease to ring.