Is a doublespending attack possible with IOTA?
The “inner circle” of IOTAs community and me had a few discussions about this sensitive topic. A lot of FUD’sters are using everything they can get and frankly, it’s not like we are caring too much about the price, but about the collateral damage that can be done by word of mouth marketing into the wrong direction.
I came to the conclusion, that I personally don’t like to see misinformation, although the long-term success of IOTA won’t be harmed anyway.
Still: too many people read the wrong things, and come to the wrong conclusion, following the questions:
Is there a doublespending threat in IOTA?
Is it true that a single GPU can outperform the overall hash power to carry out a doublespending at will?
This wrong assumption states that the technology IOTA can be manipulated to the benefit of a single person or a maliciously acting hacker group.
People eventually come to the question: Is IOTA safe to use?
We get to that answer.
First of all, let me ask you a question:
Is there any currency, asset, system, good, piece material on earth that can’t be misused or manipulated in any way?
Let’s not look at a baseball bat or a frying pan but at a few currencies.
We live in a world, where the global economy relies on the decision of the Federal Reserve, not to alter the key interest rate to their benefit, otherwise, the consequences can be harmful to everyone on the planet.
Same applies to the European central bank, The People’s Bank of China, the Bank of Russia and a few more.
Central coordinated institutes, that literally print money as they like, and change the key characteristics of its value.
A horror for blockchain and distributed ledger believers.
I’m not even referring to the possibilities of fraud and scam for third-parties that are not under the direct protection of these central institutes because a bank robbery can happen everywhere, anytime and no one can prevent that from happening again in the future.
Statistically spoken, it’s pretty sure that even today, somewhere on earth, a bank will be targeted.
Fiat money, on top of that, can be copied and counterfeit money can be found in every single city.
That also applies to the biggest Blockchains like Bitcoin, Ethereum, Litecoin etc.Doublespending in Bitcoin
The Consensus-model in Bitcoin relies on synchronicity, mining, and the block validation by the nodes in the network.
Theoretically a great and secure system.
But if attackers would get control over 51% of the hash-rate (majority attack), delivered by miners (image above), they can doublespend as they like, because:
“Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network, from whatever disadvantage.
No amount of confirmations can prevent this attack; however, waiting for confirmations does increase the aggregate resource cost of performing the attack, which could potentially make it unprofitable or delay it long enough for the circumstances to change or slower-acting synchronization methods to kick in. Bitcoin’s security model relies on no single coalition of miners controlling more than half the mining power. A miner with more than 50% hash power is incentivized to reduce their mining power and reframe from attacking in order for their mining equipment and bitcoin income to retain its value.” (Bitcoin Wiki)
That means if a person would able to compromise these 5 mining-farms: AntPool, BTC.TOP, Bixin, BTCC Pool, F2Pool, it could generate blocks and validate them with an equivalent number of nodes.
Until then, the honest miners are urged to change the mining pool if the hash rate is too big. We entrust them with this decision, but the reality is that no one can be stopped from building the biggest mining-farm and take over if he has the resources.
I don’t say it’s easy, I just say it is possible. Yet, no one freaks out or hinders Bitcoin from rising in value.
Critical voices, however, are increasing, because this “centralization” is not in accordance with Satoshi Nakamoto’s idea of a decentralized system.
In my opinion, mining acts as a Damocles’s sword, because the incentive to earn money for the security won’t work forever, especially when the scaling issues increase even more. Let alone the transaction fees.
But at this point, I won’t talk about the other big problems like scalability due to rising difficulty and block-size, but let’s keep that in mind.
To sum up: there is no 100% guarantee that money can’t be lost, and there is no 100% secure system.
Before I make a statement about IOTA, let’s look at the basics.IOTA
IOTA as a DLT also relies on synchronicity, proof of work for confirming transactions, a peer to peer, fully decentralized (later also distributed) network.
It’s targeting the Internet of Things, that has a few relevant differences in terms of network topology compared to the Internet. The former has mesh-net capabilities, that inherits some natural connection barriers and lots of different connection types.
These connections (image below) can be Bluetooth, Radio, GPS connection, 5G, TCP, FTP, HTTP, or even carrier-pidgeons with WLAN-repeater if that benefits the mesh-network.
Built on a directed acyclic graph, the Tangle, IOTA has a few more differences to Blockchains and their field of application.
There is no mining, no difficulty, no blocks, no permanent hash-rate, no decoupled consensus.
Consensus lies solely at the users, that have to approve 2 other transactions before they can send one.
To set up a node, the system demand that you look for neighbor nodes via mutual tethering.
People that see the advantage of setting up a full node, instead of using a light node, are therefore bound to mutual tethering. They manually have to look for neighbors IP’s in order to become a part of the network.
Usually, people use the #nodesharing channel in the slack for mutual tethering.Doublespending in IOTA
A doublespend is a successful attempt in winning the race (time) in confirming a transaction that uses the same balance that was promised to the original receiver but will be also sent to a second receiver to scam the former one.
While doing so, you pretend to complete a transaction, and it shows as confirmed in your wallet, but with time and the race about getting more weight, the transaction becomes invalid, in favor of the second transaction you did simultaneously.
That means, you could trade and receive the equivalent in value for your iotas of that doublespend transaction, but after a short time, you possess both: your own funds back plus the traded asset of your business partner.
This would also mean: IOTA doesn’t work, people never had 100% guarantee that they are in possession of their funds or of the traded assets they gave for iotas.
And as a result: IOTA would certainly fall in value, people and companies would lose trust and in the end, IOTA certainly would suffer from a lasting destroyed reputation.
This attack could be used in the common markets, to short IOTA and to perform a big doublespending, to make a big profit from the reaction of the markets.
A successful FUD attack. Is that so easy like a few self-claimed experts postulated?
No. Here is why:What conditions have to be set up to attempt a successful doublespending? Getting an “omnipresence in the tangle with “bad” nodes, formed as a sub tangle (or parasite chain). Your transactions need to be confirmed/referenced by these other nodes. The gained weight competes with the (older) weight in the main net. At some point, this parasitic chain needs to be synchronized back with the main tangle to approve their confirmation. Therefore, your transactions need more weight than transactions of already confirmed transactions in the main tangle. This attack needs to be conducted very fast. How can you achieve these conditions? Mutual tethering: For this purposes, it can only work when you own a full node and you need to find a substantial number of neighbors manually per mutual tethering. Becoming an omnipresence with mutual tethering is almost impossible. In coordinator times: get control over the coordinator. Is that possible? No. Except you are David Copperfield. It’s as realistic as finding an entry to Fort Knox. We know there is a way, but we don’t know where. If we leave out a few logical barriers and you would get control, the coordinator could be shut off in a second. Another node would act as the coordinator then, as long as we don’t have the Monte Carlo Random Walk algorithm integrated. You have to find the transaction that you want to doublespend in time (before it is confirmed by the main net if you are looking for a specific one) Even with the tangle-explorer, you would need to execute your attempt in a matter of seconds before it gets confirmed. Since IOTA is getting faster, the more users are using it, the confirmation-timings of a few minutes as of today, are decreasing even more You have to deal with the network topology (Mesh-network) A successful attack of any kind needs to overcome the natural barriers of different connections and connection types. That leads to an unknown variable, you cannot calculate your variable t as long as you don’t know every connection, latency, delay, and bandwidth. Since time is of the essence in a race attack, you have a factor x in your attack vector. To increase the weight of your transaction, you need to perform proof of work. Even if you have hundreds of GPU’s, it takes time and costs money. PoW while trying to win a (time-sensitive) weight race it not the best condition from the beginning.
To get a deeper understanding of a double-spending attack:
Please read Winstons comment about that:
In blockchains, as we all know, the most well-known attack vector is the “51% attack”. Research has been done in the years since that theoretical attack was postulated, and it was actually found that it would only take 34% of network hashing power to carry out the attack. So right off the bat, there is a fundamental public misunderstanding of this attack vector (people think that it requires having the majority of the network hash rate when it actually only requires 34% of it). But the exact percentage is semantics anyway – let’s move to how this attack applies to IOTA.
As you continue in this article, you’ll notice that “34% attack” is not actually “34%* attack”.
The most crucial first step to understanding all of this is that IOTA mesh net topology. This differs greatly from all other blockchain protocols. Mutual tethering and the future of IoT connectivity are the factors that make IOTA a mesh net, which has some very implications for network security, the most important of which is how this topology strengthens network resiliency against the 34%* attack.
IOTA mesh net: Each full node only sees one tiny part of the Tangle – through their handful of neighbors. No one has a list of all IPs of all nodes.
Now, let’s address the 34%* attack in IOTA. Because blockchains are not in mesh nets, the 34% attack in blockchains just means that if you get enough hash power, you can successfully conduct the attack. Percentage of network hash rate is the only variable in the block chain 34% attack. However, in IOTA, there are THREE variables required for this attack.
1. X percentage of network hash rate A sufficiently large portion of the network hashing rate (“X%” [any number]. We’ll establish the multivariate “gradient” concept later in this writeup): Just like in Bitcoin, the attacker would have to achieve a certain very large amount of network hashing power in order to overtake the network. But this is NOT the only variable in IOTA as you can see. There also isn’t an “all or nothing” network takeover in IOTA. This idea probably requires an entire article in and of itself, but suffice to say that 34%* attacks only take down layers of the Tangle, requiring an exponentially stronger 3 variable attack to propagate deeper and deeper into the Tangle.
2. Omnipresence Seeing the entire network topology at once. “Having an overview of the network” To deploy attack resources properly and efficiently, an attack would need to get a broad overview of every full node connection in the Tangle. This is obviously impossible since every connection is kept private, and no entity is able to map the network.
3. Y percentage of omnipotence Being paired with a certain % of all full nodes in the network. Neighboring with a sufficiently large portion of the network (Y% omnipotence): The attacker must be able to push their massive amount of hashing power (X% of the network’s hash power) through the tangle _suddenly_ (a non-sudden attack is not an attack, so suddenness *is a sub-category of this 3rd requirement).
For example: An attacker needs X% of network hashing rate and is paired with Y% of all neighbors in the Tangle. It would greatly help to be able to have an overview of every connection in the network in order to optimize the attacker’s attack propagation, but this is impossible so it can be ignored henceforth.
Let’s say that X = 25% and Y = 15%: The attacker would bring down a small number of “edge nodes” (the nodes that the attacker is connected to). This is where the “gradient” concept comes into play. The combination of X and Y will determine what percentage of edge nodes are taken down in the attack, and thus the effectiveness of the attack. X can be 99%, but without sufficient Y, the attack can only bring down a very small percentage of edge nodes (around Y%!). The edge nodes and nodes surrounding some of those edge nodes would be overwhelmed with the attack and restart or just blacklist the attacker so that their nodes can become functional again. The low latency nature of a mesh net means that there is a gradient of attack that depends on X and Y.
Now let’s say that the attacker wants to propagate their attack deeper into the Tangle. X = 40% and Y = 20%: The attacker would bring down many more edge nodes and be able to propagate the attack deeper than the attacker in the first example above. The bigger/better the X & Y combination, the deeper the attacker can propagate the attack into the Tangle. This would theoretically require exponential increases in both hash power AND neighbor finding & maintenance to make marginal increases in Tangle attack depth, making the Tangle orders of magnitude more resilient to such attacks than the non-mesh net topology block chains.What about accidental doublespendings, performed by users of the GUI?
The latest release 2.3.1 has a doublespending warning implemented, to warn users of the GUI not to spend the same value again:Conclusion
People claim that IOTA is unsafe because there is a theoretical threat of a doublespend.
There is also a theoretical threat with Fiat money, with Bitcoin, Ethereum and every other asset in the world.
There is even a theoretical threat of getting killed by an asteroid in 25 minutes.
No system is 100% safe. “100% safe” is almost nothing in the scientific world, most of the time it’s about significance. And IOTA is significantly safer than FIAT currency, and also significantly safer than blockchains, once the network is big enough to provide the Monte Carlo Random work tip selection.
Until then, the coordinator protects the network from 34% attacks.
To perform a successful majority attack, one had to overcome the impossibility of becoming an omnipresence in the tangle, per mutual tethering.
He also had to outperform the hash rate of the network, he had to win the weight race against the confirmations of the main network and he had to find a suitable transaction for a doublespending before it confirms.
The mesh-net characteristics would hinder him from getting access to every part of the network and furthermore, would increase his latency.
All these efforts for a system, that supports micro-transactions.
So if people want to send big amounts of money, they should use many small transactions instead of a big one.
Unlike Blockchains, with IOTA, this is possible.
I conclude that there is a tiny, statistically insignificant chance of falling prey to a doublespend.
In reality, there is none considering that it’s almost impossible to arrange the needed conditions.
I suspect that Blockchains have a bigger problem than IOTA once the miners have full control over a chain.
Up to this point, nobody was successful in attacking the tangle, in fact, the CTPS (confirmed transaction per second) were increased as an attacker tried to slow the network down in mid-June.
Thanks Winston, for your insights!
If you find an attack vector, please talk to the IOTA foundation and try to prove your point, otherwise be careful with FUD-connected claims: They are mostly wrong and aim for moving the price.
Have a nice week,
Pictures: miners: https://bitcoinworldwide.com/mining/pools/ mesh-network: http://thembsgroup.co.uk doublespend warnings: https://blog.iota.org/gui-wallet-release-v2-3-1-f84d1160845d featured image: https://www.tcmworld.org/testimonial-fork-in-the-road/