IOTA’s reusable address problem is regarded as one of the most polarizing subjects in the IOTA community so far. Olaf van Wijk, tech lead and board member at Altos-tech, published a blog entry detailing how IOTA-Pay could hold the key to the infamous reusable address problem of IOTA wallets.
The way an IOTA wallet works is that once a user issues a payment, certain parts of the private key belonging to the address are revealed in order to sign the transaction. This procedure is required by the quantum-resistant signature scheme. Therefore, using the same address more than once would compromise the security of the funds on that address.
Overview of the Reusable Address Problem
In fact, opting for a quantum-resisting signature scheme has been seen by some as the wrong strategic choice following a cost-benefit analysis. Critics of the feature claim that quantum attacks are not an existing threat nowadays since no quantum computer has the ability to crack present-day encryption. They also argue that should the problem arise, adjustments could be made accordingly in the future and that usability problems for current users make the extra layer of security uncalled for.
However, Hans Moog, a long-standing member of the IOTA community and a developer at the IOTA Foundation, explains the company’s choice by recalling IOTA’s mission. A Medium post published by Moog reads:
“IOTA aims to build the backbone for the next Industrial Revolution where machines exchange information and value independently of humans (the Internet of Things).”
He adds that IoT device logic is usually hardwired, and once deployed it will have to work exactly as built until the end of its life. Thus, considering tomorrow’s threats from the start is mandatory to ensure that the devices will securely operate in the future.
Nevertheless, Moog acknowledges that having the option of a reusable address would make IOTA wallets like any traditional bank account regarding regular payment settlements and address books that would allow users to save their contacts without the need of asking them for new receiving addresses every once in a while.
The Second Layer Approach as a Proposed Solution
Previous work has been done to address the reusable address problem, like introducing IOTA checks, along with other different second-layer approaches. Van Wijk, who is an IOTA community member, published a Medium post on Oct. 22, where he argued that many of the second-layer approaches existing so far lack one or more of the following six key elements he identified in order to tackle the issue. The elements are as follows:
- The solution should feature a single reusable and unforgeable reference or account address.
- The source of all information sent to this address must be verifiable.
- IOTA seeds should never leave their users under any circumstances.
- Two parties should never have access to the same funds.
- The software should be an open source one.
- The software should not rely on any back-end server other than IOTA nodes.
Van Wijk emphasizes that IOTA-Pay integrates these features into one single website, allowing users to generate an account address or public reference to be shared with others. The blog explains:
“By adding IOTA addresses to such a reference you essentially create a reusable address and therefore take away the need to communicate each time you need to send funds to someone. You can share this reference through a normal URL, as plain text or a QR code. All you (or your wallet) has to do is make sure there is at least one unspent address in the reference and you are good to go.”
Albeit being in the stage of development, IOTA-Pay’s current user interface seems to offer an ease of use and enables numerous features that go beyond only creating reusable references. The blog post enumerates address personalization, marking addresses as unavailable, selecting preferred nodes, rotating addresses, among others.
Speaking of how IOTA could reap the benefits out of IOTA-Pay, van Wijk conveys his belief that the most advantages can be obtained through wallet integration, which would make it possible to use IOTA wallets in automatic address management, address books, and private references, to name a few.
