IOTA is currently in what should be considered a ‘transition period’ towards large scale deployment and standardization. Like Bitcoin, Ethereum and all other distributed consensus protocols before it, the IOTA network need an onboarding mechanism to provide 34% attack protection in its early days. Due to the unique underlying architecture of IOTA this takes the shape of a ‘Coordinator’. The ‘Coordinator’ or ‘Coo’ for short, is essentially training wheels for the network until the amount of organic activity on the ledger is sufficient to where it can evolve unassisted, at which point the Coo is permanently shut off. This does not mean that the IOTA ledger is currently in any way centralized, the network is 100% decentralized, every node verifies that the Coo is is not breaking consensus rules by creating iotas out of thin air or approving double-spendings. In fact any talented programmer could replace Coo logic in IRI with Random Walk Monte Carlo logic and go without its milestones right now, so technically even at present the Coo is entirely optional. The only role the Coordinator serves is to protect against attacks in this temporary infancy stage of the Tangle ledger, if we shut the Coo down the network would continue to evolve as it will in the future when it is unassisted by these ‘training wheels’.
This is crucial information that should have been presented to users long before the Bitfinex listing. It is good that you’ve now made this information available. Unfortunately, the information you have published is not factual. Simply stating that IOTA is 100% decentralized because the milestones are validated does not make it so. I present my rationale below:
A) Transactions in IOTA cannot be confirmed unless they are extended by the Coordinator. Thus, IOTA is not censorship-resistant, nor is it decentralized.
B) If the Coordinator private key is leaked, anyone could spam the network with milestones and make the network unusable. You would have to get everyone to install new binaries. Thus, the usability of the network relies on a single point not being compromised. Systems that rely entirely on a single point to function are by definition not decentralized.
C) If IOTA was already 100% decentralized, why would the Coordinator be a temporary solution? (Clarification; if IOTA is 100% decentralized with the Coordinator, why is it merely a temporary solution? Where is the transparency concerning its drawbacks?)
There is also the risk of the Coordinator double-spending through a partitioning attack by issuing different milestones to different users. As the risk stands, no IOTA transaction can currently be assumed safe until a longer time has passed (~20 minutes). Currently, transactions show up as confirmed in full nodes after a matter of seconds when they are in fact not safe at all.
EDIT: Here is a scary thought: What if the Coordinator private key is leaked and an attacker launches a milestone partitioning attack while simultaneously ensuring its persistence through a 34% attack (which the network is by definition vulnerable to since the need for the Coordinator)? At current hashpower, achieving a double-spend this way is a damning possibility.
Lastly, the premise of IOTA relies on the notion that the hashpower of the IoT devices’ sporadic transactions in the network will become sufficient to withstand a focused attacker. This is an unrealistic premise. IoT devices have CPUs in the lower range of 100s of MHz and often run on battery which they want to last as long as possible. There are also no incentives for IoT devices to minimize J/GHs cost (mining efficiency) since they are not in the market for a block reward. Withstanding an attacker with specialized hardware attacking the network at a constant speed is wishful thinking.
I will make the prediction that IOTA will fail to disable the Coordinator in 2018. Even if it is made optional at some point, it won’t be safe — meaning it won’t really be optional at all (in fact, it will be just like Ripple’s provided UNL is “optional”).
Thank you for writing up this article. I will include it in my post.