Cryptocurrency is crawling with ambitious visions for the future.
cryptocurrency爬满了雄心勃勃的未来愿景。
Indeed, one of the most hyped ways in which the technology could come to proliferate is through its union with a concept called the internet of things (IoT), whereby nearly everything (think watches, refrigerators and automobiles) is connected to the internet and as such, “talks” to each other. For instance, a sensor on your milk carton in the refrigerator might notice that you’re down to the last cup and send out an order to the local grocery store.
事实上,其中一个最令人兴奋的技术可以扩散的方式是通过它与一个称为物联网的概念相结合,即几乎所有的东西(如手表、冰箱和汽车)都连接到互联网上,这样就互相“交谈”。例如,冰箱里的牛奶盒上的传感器可能会注意到你已经喝到最后一杯了,并向当地杂货店发出了订单。
The project IOTA is garnering quite a bit of attention for adding cryptocurrency-inspired technology to this use case, turning it into a more open market.
该项目也受到相当多的关注增加cryptocurrency激发技术使用案例,把它变成一个更加开放的市场。
Indeed, at tech meetups in New York City, it’s not uncommon to hear developers remark that IOTA’s underpinning technology, the “blockchainless blockchain,” or the so-called “tangle,” is the future of the blockchain space.
事实上,在 技术聚会在纽约,听开发商说丝毫的托换技术并不少见,“blockchainless blockchain,”或所谓的“纠结”是blockchain未来空间。
Not only is IOTA touted as a way to upend the silos of the current centralized system, streamlining business in terms of time and cost, but also as a way to rid the blockchain industry of all that plagues it – such as the technology’s scaling issues, which cause transaction backlogs and high fees and the massive amounts of energy the technology’s architecture consumes.
不仅有点被吹捧为一种方法来颠覆现有的集中式系统的孤岛,在时间和成本上的精简业务,而且还作为一种方法来摆脱所有的 blockchain工业瘟疫–如技术的结垢问题,导致交易的积压和高昂的费用和大量的能源消耗的建筑技术。
“The obvious thing is that [IOTA] is the first project that went beyond blockchain. Got rid of miners. In the process we solved the main pain points of transactions – no fees,” said IOTA co-founder David Sonstebo, in an interview with CoinDesk.
“最明显的一点是,[点]是第一个项目,超出了blockchain。除掉矿工。在 过程我们解决的主要痛点交易不收费,“说点 创始人David Sonstebo在接受采访时 CoinDesk。
These bold claims appear bolstered by partnerships with large enterprises and agencies, including Volkswagen and the City of Taipei in Taiwan.
这些大胆的言论出现了大企业和机构的合作伙伴关系,包括大众在台湾和台北市。
Yet, the IOTA team of 150 developers, cryptographers and others can’t always keep their stories straight, and have other times dealt poorly with criticism, especially as it relates to security holes in its architecture.
然而,150的开发团队也,密码别人无法永远保持他们的故事直,和有其他时间处理不良的批评,特别是因为它涉及到的安全漏洞,在其体系结构。
As such, experts question whether many of IOTA’s ideas will actually work in practice and if they don’t, whether current investors and users, which are supporting a $2.7 billion network by market cap, will be left out of luck.
因此,专家质疑,很多点的想法实际上在实践中,如果他们不工作,无论是现有的投资者和用户,这是由市值27亿美元的网络支持,将左倒霉。
“It’s pretty horrifying. The horrifying thing is their market cap is so high,” said Aviv Zohar, a crypto researcher and senior lecturer at The Hebrew University.
“太恐怖了。可怕的事情是他们的市值这么高,说:”特拉维夫Zohar,加密者和在希伯来大学高级讲师。
Since researchers have pointed out so many holes in IOTA already, he expects more to come, and the IOTA bashing to continue.
因为有研究人员指出,在点已经有很多洞,他希望更多的来,和丝毫的抨击继续。
Zohar told CoinDesk:
他告诉CoinDesk:
“IOTA is a currency I love to hate.”
“点是一种货币我爱恨。”
MIT head-to-head
麻省理工学院
Zohar isn’t alone there.
他不是独自一人。
The negativity surrounding IOTA’s tech started in September after an investigation by researchers from MIT’s Digital Currency Initiative (DCI) found what they argue is a vulnerability in the project’s code.
周围点的科技负面九月由麻省理工的数字货币主动研究人员调查后开始(DCI)发现了什么他们认为是项目代码的漏洞。
According to the researchers, IOTA developers used a hash function created in-house (called P-Curl) to secure data within the system, a huge no-no among cryptographers, who argue it’s preferred to use the highly studied and scrutinized functions that already exist today.
据研究人员介绍,点开发人员使用哈希函数创建的内部(称为p-curl)来确保数据在系统内,一个巨大的不 的密码专家,他们认为这是优先使用的高度研究和审查功能,今天已经存在。
But IOTA developers say, in fact, the decision was intentional – designed to prevent anyone from copying their open-source software.
但丝毫开发商说,事实上,这一决定是故意的设计是为了防止有人复制他们的开源软件。
Researchers, though, have shot back, arguing that doesn’t make much sense since the basis of open-source software is that it is given to the broader developer community to be freely copied.
尽管如此,研究人员还是反驳了这一观点,认为这没有多大意义,因为开源软件的基础是让更广泛的开发者社区自由复制。
“The IOTA developers haven’t been able to explain to me why they think their insecure hash function is safe,” tweeted Matthew Green, a cryptography professor at John Hopkins.
“点开发商没能向我解释为什么他们认为他们不安全的散列函数是安全的,”说马修·格连,一个密码学教授霍普金斯。
But things escalated even further from there.
但事情进一步升级。
“He should be scared, there are lawyers working on that already,” tweeted IOTA co-founder Sergei Ivancheglo, threatening Boston University’s Ethan Heilman, one of the researchers who reported the hash function vulnerability.
“他应该害怕,有律师的工作,已经 啾啾,“ 丝毫威胁联合创始人Sergei Ivancheglo,波士顿大学的Ethan Heilman,其中一位研究人员报道了Hash函数的脆弱性。
During the Financial Crypto 2018 conference at the end of February, Ivancheglo’s tweet was a major discussion point. While nerdy debates turning vicious is nothing new for the cryptocurrency space, security researchers argue that threatening lawsuits can severely undermine the industry.
在金融密码2018会议在二月结束,Ivancheglo的微博是一个主要的讨论点。而书呆子辩论转向恶性的cryptocurrency空间的新东西,安全研究人员认为,诉讼会严重破坏行业的威胁。
As UCL computer science researcher Sarah Azouvi told CoinDesk:
作为 UCL计算机科学研究员Sarah Azouvi告诉CoinDesk:
“The founder suing researchers is very, very concerning. Researchers try to measure and try to make things more secure. It could have a serious impact if people are afraid to report bugs.”
“起诉研究者的创始人非常非常关心。”。研究人员试图测量并设法使事情更加安全。如果人们害怕报告错误,可能会产生严重的影响。”
A $4 million hole
400万美元的洞
While it doesn’t appear any IOTA users have lost money because of the custom-made hash function, some IOTA users lost a substantial amount of their cryptocurrency – to the tune of $4 million – in what some industry observers argue is sheer incompetence on behalf of the IOTA team.
虽然它不 出现任何 点用户因为定制的哈希函数的钱丢了,有点用户丢失大量的cryptocurrency – 400万美元的调整在一些行业观察家认为是无能的点代表队。
IOTA’s official wallet didn’t have what’s called a “seed generator” to help users produce keys for controlling their coins.
点的官方钱包没有什么所谓的 种子生成器”来帮助用户控制他们的硬币产生密钥。
Although the IOTA Foundation detailed the most secure way to generate randomness, giving a list of all the websites that were secure for doing so, some users went to websites that weren’t on the list – one being a scam that stored keys created on its site and eventually used those to steal funds.
虽然点基础详细的最安全的方式产生的随机性,给所有的网站是安全的这样做,有些用户去网站上没有列出一个是一个骗局,密钥存储在其网站上创建并最终用那些盗取资金。
“A lot of naive people gave their private keys away to this individual. This was a very unfortunate event,” IOTA’s Sonstebo said, calling the perpetrator a “scumbag.”
许多天真的人把自己的私人钥匙留给了这个人。这是一个非常不幸的事件,”点的sonstebo说,要求行为人“人渣”。
Yet, critics argue IOTA is victim shaming when, in fact, the project’s foundation should have made sure its official wallet had a seed generator attached.
然而,批评者认为点是受害者的羞辱时,事实上,该项目的基础应该确信其官方的钱包有种子上的发电机。
“It’s past Hanlon’s razor for me,” tweeted Tadge Dryja, a lightning network developer and crypto enthusiast, pointing to the aphorism, “”Never attribute to malice that which is adequately explained by stupidity.”
“这是过去的Hanlon剃刀给我,”说Tadge Dryja,一个闪电网络开发者和密码爱好者,指着说,“不要归咎于恶意的充分解释的愚蠢。”
He continued, saying that he must “assume malice” since adding a seed generator is “absolutely trivial,” requiring only a single line of code.
他继续说,说他必须“承担恶意”自加入种子发生器是“绝对 琐碎,“只需要一行代码。
Speaking to the issues that arise when a cryptocurrency project doesn’t provide seed generation tools to their users, Heilman told CoinDesk, “Almost all cryptographic software is designed to generate secure random numbers for their users. Making users responsible for secure randomness generation is dangerous as users may use a bad source of randomness.”
来时产生的cryptocurrency项目不提供种子生成工具,用户的问题而言,海尔曼告诉CoinDesk, ”几乎所有的加密软件是设计来生成用户安全随机数。让用户负责安全随机性生成是危险的,因为用户可能使用了一个不好的随机性来源。
IOTA co-founders are mixed on their responses to this event though.
点的共同创始人和他们的反应,这一事件虽然。
Co-founder Dominik Schiener acknowledged that the user experience is far from ideal, but argued that IOTA shouldn’t get lambasted for it since the user experience throughout the crypto community is inferior as a whole. While Sønstebø argued that the project wants to leave randomness generation up to the user so they have more control.
联合创始人 Dominik Schiener承认,用户体验很不理想,但认为丝毫不应该谴责它从用户体验整个加密社区是下 作为一个整体。而Sønstebø认为项目想要离开的随机生成了用户,让他们有更多的控制。
“We leave it up to the individual to get their own randomness,” he said, adding:
他补充说:“我们把这个问题留给个人来解决他们的随机性问题。”:
“We give them the liberty to do that. You’re in crypto. The entire point is you don’t have to trust anyone.”
“我们给他们自由去做那件事。”。你是加密的。关键是你不必信任任何人。
That said, Sønstebø pointed out that IOTA would be launching a new wallet called Trinity in the coming weeks to address the issue. Not only will this wallet have a built-in random address generator, but the team is also planning to run its code through a security audit for good measure.
就是说, 的ønstebø指出,也将推出一个新的钱包 “三位一体”在未来几周内解决问题。这个钱包不仅有内置的随机地址生成器,而且团队还计划通过安全审计来运行它的代码。
“If your grandma smokes crack, then she should still be able to use it,” he said.
他说:“如果你奶奶抽烟,那么她应该还能用。”。
Unique isn’t always useful
独特并不总是有用的。
Another unique quirk of IOTA is it’s addressing scheme.
另一个独特之处是它的点的解决方案。
While the scheme was created to work even after the inception of quantum computers – powerful computers that could unwind much of the cryptography underlying cryptocurrency systems – it’s drawn criticism for the fact that users can only use an address once, otherwise it becomes susceptible to theft.
而计划创建工作,即使量子计算机的问世以来,许多功能强大的计算机密码学基础cryptocurrency系统-放松它的绘制的事实,用户只能使用一个地址一次批评,否则就容易被盗。
One Reddit user going by the name “guselbindel” even claims this type of hack happened to him a couple months ago, leading him to lose $30,000.
取名“guselbindel”甚至声称这种攻击发生的几个月前他有一位用户,导致他损失30000美元。
And actually, the exploit goes further than that. In fact, Willem Pinckaers, a researcher at security firm Lekkertech found that even without using the public keys, they can be exploited.
事实上,这种剥削远不止于此。事实上, 威廉Pinckaers,安全公司lekkertech发现即使不使用公共密钥的一位研究人员,他们可以利用。
“Still, the fact you can’t reuse public keys safely is still batshit crazy,” blockchain consultant Peter Todd tweeted.
“可是,事实上你不能重复使用的公共密钥的安全仍然是那疯狂的,”Peter Todd在blockchain顾问。
At their core, the criticisms of IOTA seem to be focused on the project’s lofty ambitions, but less than ideal execution on those promises.
在他们的核心,丝毫的批评似乎是集中在项目的远大抱负,但不理想的执行这些承诺。
While IOTA advertises itself as a “permissionless” and “scalable” solution, there is some subtlety in those terms.
同时也自称“无需许可的”和“可扩展性”的解决方案,有这方面的一些技巧。
For instance, IOTA is a bit more centralized – with its development team having more authority over the protocol – than most cryptocurrency enthusiasts might like. Some IOTA users even figured that out the hard way, actually, when the IOTA Foundation discovered a technical vulnerability that put user’s funds at risk, and as such, seized trillions (yes with a “T”) of IOTA coins from users.
例如,点是集中一点——它的开发团队有更多的权力管理协议-比大多数cryptocurrency爱好者可能会喜欢。有点用户即使发现硬盘的方式,实际上,当点基础上发现技术漏洞,让用户的资金风险,因此,抓住万亿(是一个“T”)丝毫硬币从用户。
The foundation eventually returned those coins after the vulnerability was patched, but the incident nonetheless left a lasting impression on some that IOTA’s developers have too much control.
地基最终返回那些硬币在漏洞被修补,但事件却留下了持久的印象在一些点的开发商有太多的控制。
Sonstebo even doesn’t really deny this – despite the claims of decentralization made on the IOTA website and its marketing material.
sonstebo甚至并不否认这一点——尽管在网站和营销材料的分权的要求。
“Currently it’s semi-centralized,” he said. “There’s a central coordinator node.”
“目前它是半集中式的,”他说。有一个中央协调器节点。”
IOTA nodes today can validate transactions without this coordinator node, but it’s less secure. As such, a significant amount of trust is put on the central coordinator node.
点节点今天可以验证交易没有这种协调器节点,但它是不安全的。因此,大量的信任被放在中央协调节点上。
That said, IOTA developers are working on it.
可以说,开发商正在对它丝毫。
Just as more bitcoin and other cryptocurrencies become more decentralized as adoption increases, so to will IOTA, Sonstebo said. And it’s important to note that IOTA isn’t the only cryptocurrency that has sought to project a message that change is coming, with time.
正如更多的比特币和其他cryptocurrencies作为采用的增加变得更加分散,所以会点, sonstebo说。重要的是要注意,也不是唯一的cryptocurrency,寻求项目信息,变化正在到来,随着时间的推移。
He concluded:
他得出的结论:
“You can’t create a fully decentralized network overnight. You have to start somewhere.”
“你不能一夜之间建立一个完全分散的网络。你必须从某处开始。”
Iota coin image via Shutterstock
点硬币通过其他Shutterstock图片