IOTA has been criticized for making design choices that are fundamentally different to others in the distributed ledger field.
One of those choices was to use a quantum-resistant signature scheme, which (while being safe from quantum computers) does not allow spending multiple times from the same address, without putting the funds on that address at risk.
Most critics of this feature argue that issues like quantum computing are not an imminent threat and that adjustments can be made when vulnerable signature algorithms become a real problem. Especially if the alternative creates usability problems for current users.
To understand our choice however, it’s important to understand what IOTA is trying to achieve:
IOTA aims to build the backbone for the next Industrial Revolution where machines exchange information and value independently of humans (the Internet of Things).
IoT devices usually make use of technologies like FPGAs (field-programmable gate arrays) and ASICs (application-specific integrated circuits), which are not easily patchable. Their logic is normally hard-wired to make them as energy-efficient as possible. But once deployed they will have to work exactly as they were built until the end of their life. In this context, it does indeed make sense to think about the threats of tomorrow, so that device manufacturers can ensure that their devices will operate securely for years to come.
Taking today’s problems into consideration
The future we envision requires us to think ahead and often take the “difficult route.” But we are of course humans ourselves, that share the same concerns and needs as others. It would be nice to have the option of at least one reusable address (like a traditional bank account) that can safely be used for things like:
- regular payments (donations, salaries or contracts with other businesses)
- “address books” in wallets that allow us to save a contact without having to ask that particular person or machine for a new receiving address over and over again
In the past we have seen a number of creative workarounds, such as this proposal from Eric Hop to introduce cheques for sending and receiving donations. Others have suggested a second-layer approach for exchanging up-to-date addresses. But so far all of these ideas have significant disadvantages when compared to reusable addresses:
- Automatic negotiation of new receive addresses requires the recipient to be “online” at all times to answer any requests. Alternatively, they must hand over their seed or private keys to a machine, that can then manage the addresses on their behalf (insecure).
- Cheque sweeping has to be done manually, or, if automated, would require that the recipient is online at the time of sweeping. At the very least, it slows down the time until the funds safely arrive in their wallet.
Furthermore, race conditions can occur when the sending party does not receive the updated receiving address in time (due to network latency or delays in manual communication). They may then accidentally send funds to an old address (which has been spent in the meantime) despite having good intentions.
We are currently investigating a possible solution to these problems on the protocol level, which requires only minor adjustments to the IOTA protocol. This may allow us to reuse special addresses an unlimited amount of times without reducing security, or even breaking quantum-resistance.
We describe this solution in the second part of this article, which we will post tomorrow to the blog, and welcome ongoing discussion with the community on our Discord server.