Frequently asked questions

Most common questions are covered below.

Your question not answered? Please contact for support.


What is IOTA?

IOTA is a revolutionary new transaction settlement and data transfer layer for the Internet of Things (IoT). It is based on a new distributed ledger technology, the Tangle, which overcomes the inefficiencies of current Blockchain designs and introduces a new way of reaching consensus in a decentralized peer-to-peer system. Using IOTA, for the first time ever, people and machines can transfer money and/or data without any transaction fees in a trustless, permissionless, and decentralized environment. This means that even nano-payments are possible without the need for a trusted intermediary of any kind.

IOTA is the missing puzzle piece for the Machine Economy to fully emerge and reach its true potential. IOTA is envisaged to be the public and permissionless backbone protocol for the IoT that enables true interoperability between all devices.

What is the IOTA Foundation?

The IOTA Foundation is the non-profit, open-source driven organization behind the IOTA distributed ledger technology (DLT) and other related technologies. The IOTA Foundation houses the academic researchers, developers, industry experts, and other engineering and business professionals working on the development and adoption of the IOTA protocol for the machine economy and the IoT industry. Apart from research and development, the Foundation also fosters the adoption of its technologies into real-world production use-cases at scale by providing an open, collaborative ecosystem where companies, startups and developers alike can innovate with the technologies and build proof-of-concepts, case studies and pilots together. The IOTA Foundation is organized into five divisions:

  • General administration: Operations, communications, finance, human resources, and legal.
  • Social & Public Policy: Social initiatives, collaborations with Governments and NGOs, and governmental regulations advocacy.
  • Research & Development: Academic research, IOTA core protocol development, theory to working code, protocol standardization, and new technologies.
  • Ecosystem: Community development, developer resources and advocacy, educational material, events and hackathons.
  • Business & Industry Streams: Industry adoption, key account management, proof-of-concept development, strategic development, alliance management.
Why create a non-profit Foundation?

The potential of distributed ledger technologies can only be unlocked if they are deployed freely and openly, enabling global ecosystems to be formed and giving anyone the opportunity to participate and innovate. Even just a cursory glance at the history of the internet corroborates this fact. In the 1980’s commercial Local Area Networks (LANs) depended on highly proprietary protocols with rampant vendor lock-ins. But it didn’t take long for the commercial world to appreciate the benefits of open interconnectivity protocols being used by academics in the research and development community. The open-source and interoperable TCP/IP protocol soon after came to be the dominant internet protocol, and remains so to this day.

With this in mind, the IOTA founders have decided to register a non-profit foundation ("gemeinnützige Stiftung") in Germany which will act as a neutral and independent entity to further research and develop the IOTA protocol and other open-source platforms, and to setup a framework for the open ecosystem around the IOTA protocol to grow and prosper.

Why establish the IOTA Foundation in Germany?

The ultimate goal for the IOTA project is it to achieve mainstream adoption of the IOTA protocol, and establish IOTA as the main currency for machines. As such, being headquartered and regulated in an environment which enables and further accelerates this adoption is of utmost importance. Germany offers the right environment for the IOTA Foundation for multiple reasons:

  • Regulations. Germany is one of the most highly regulated countries, and is largely taking the lead for establishing regulations of digital ledger technologies on both national and EU-wide levels. This gives the IOTA Foundation a unique opportunity to work closely with regulators to help shape smart and effective policies and quickly adopt them.
  • Business. Many of the largest industrial, automotive and retail companies are headquarterd in Germany giving the IOTA Foundation a unique opportunity to work closely with them to integrate the IOTA core protocol into their businesses and invite them to participate in the IOTA Foundation and Ecosystem.
  • Growth. A thriving startup ecosystem, especially in Berlin and Munich.
  • Non-profit mentality. Germany is also one of the countries which has pioneered the concept behind cooperatives. Many large German corporations are owned by non-profit foundations, and as such have a radically different mindset that is not driven by pure profits, but by the greater good for society.

Even though the IOTA Foundation is headquartered in Berlin, Germany, it is a global organization which operates in more than 10 countries already including Israel, Brazil, Norway, United Kingdom, USA, Taiwan and Singapore.

If there are no fees with IOTA, how does the IOTA Foundation make money?

IOTA is simply an open-source protocol which enables trustless and decentralized transaction settlement and secure data transfer, and will serve as the foundational protocol for the future machine economy and IoT industry. You can think of it like the open-source Hyper-Text Transfer Protocol (HTTP) which enables distributed, collaborative, and hypermedia information systems and serves as the foundational protocol for the World Wide Web. No organization owns these open-source protocols because they cannot be owned. A protocol is simply a shared language - a commonly agreed upon set of rules to share information, and in the case of IOTA, also value. They are public knowledge and there is no profit-model behind them.

The IOTA Foundation was mandated to further develop the open-source IOTA protocol, bring the protocol to production-readiness and enable a pathway for its full-scale adoption. The initial funding for the non-profit IOTA Foundation came from the IOTA community in the form of IOTA token donations. It is worth noting that these initial IOTA token donations still constitute a significant portion of the Foundation's assets. Because the IOTA total token supply will forever remain fixed, basic economics would dictate that if the demand for IOTA tokens increases as the protocol is adopted into the machine economy and IoT industries, the value of these tokens will rise. However, this is clearly not a sustainable source of funding. Additional and more sustainable funding streams will be procured from public grants and contributions from corporations and individuals.

To learn more about the IOTA Foundation's sources of funding, see The The IOTA Foundation.

What can I do with IOTA? What are some potential use-cases?

IOTA currently does two things really well: transactional settlement (especially feeless and fast micropayments) and data integrity. With these two features a plethora of potential use cases are possible for the very first time. Real-time streaming payment services for data and energy, immutable data history tracking for supply chains, computational resource sharing (for bandwidth, CPU, and storage) and more, IOTA enables entire new business models which were previously impossible with the legacy financial system and other Distributed Ledger Technologies built on Blockchain. More open-source platforms (such as Oracles, Smart Contracts, Q, etc.) are on our roadmap and will be added in the near future.

The main focus of IOTA is to enable the emerging IoT, but beyond this IOTA plans to be the transaction settlement and data integrity layer for the Internet of Everything. This includes smart cities, smart grids, infrastructure, supply chain, financial services, peer-to-peer payments, insurance, and much much more. On the IOTA Blog and the Verticals tab you can read about more concrete examples on the different use-cases the IOTA technology can enable.

Get started

Where can I download the wallet?

IOTA's official wallet, Trinity, is available on Mobile and Desktop here. Simply choose the right option for your operating system.

What is the difference between a Light Node and Full Node?

The IOTA GUI makes it possible to choose between a Full Node and Light Node. The Full Node automatically runs an IRI instance in the background, which in turn means that you need neighbors in order to participate in the Peer-to-Peer network to synchronize with the Tangle. If you run the Full Node, you have no "trust requirements", as you are completely and independently participating in the network.

The Light Node makes it possible to connect to a remote Full Node (whether it is your own Full Node, or someone else's publicly provided), in order to get the latest state of the network, most importantly fetching two transactions for validation which are required for issuing a transaction. When running a Light Node, it should be noted that your seed never leaves your wallet, you are still required to perform the Proof-of-Work, and all the sensitive work (such as signing) is done client-side. It also should be noted that the public Full Node providers are often overwhelmed with Light Node requests, so in order to reap the full benefits of the IOTA feeless and fast transaction settlement and data integrity technology, it is recommended to run a Full Node and not have to rely on the public Full Node providers (think of it like hitchhiking vs. having your own car).

Light Node vs Fullnode

What is needed to issue a transaction?

Making a transaction can be simplified into a 4-step process:

  1. Signing of inputs and/or constructing a message: In IOTA there are two types of transactions: transactions where you transfer IOTA tokens (and thus a digital signature is required to prove ownership of the IOTA tokens), and 'zero-value' transactions which simply broadcast a message or data (and thus a digital signature is not necessarily needed). For transactions including transfers of IOTA tokens, it is necessary to form what is called a transaction bundle (see advanced questions for further details). 
  2. Tip selection and validation: In the Tangle a tip is a transaction which has not been validated previously by any other transactions. Tip selection is a process whereby two tips are selected at random using a specific algorithm (specifically a Markov Chain Monte Carlo Random Walk tip selection algorithm, see advanced questions for further details). Once two tips have been selected they must be validated to check that their two respective histories (the sub-tangle cone referenced by these two respective transactions) are consistent - meaning there are no double spends or other forms of cheating. 
  3. Proof-of-Work: Once the tips are selected and validated for consistency, a tiny amount of Proof-of-Work is required where some computational resources must be spent to find the answer to a simple cryptographic puzzle.  
  4. Broadcast: After all these 3 steps are completed, the transaction(s) can be broadcasted to neighboring nodes in the peer-to-peer network who will pass the information along to their neighbors and so on using a standard P2P gossip protocol.

Once these four steps are completed, and assuming the transaction is valid, some other transactions in the network will with high probability randomly choose it for validation, either directly or indirectly. Once a significant proportion of newly issued transactions (i.e. tips) are indirectly referencing it, the transaction can safely be considered confirmed. 

Is my seed sent to the server with the libraries or wallet?

When interacting with any of the libraries or wallets which are supported by the IOTA Foundation, you can be sure that your seed will never leave your side. All the essentials, such as signature generation, validation and so forth are done client-side, meaning that it's done locally. As such, your seed is never sent to your remote node and you don't have to worry about any security issues by only using the Light Wallet.

My transaction has been pending for a long time, what is the problem?

New transactions choose two tips to validate randomly, so sometimes transactions, through no fault of their own, are simply unlucky and not selected for validation. This is a natural, expected and indeed important behavior of the Tangle. Because the algorithm for choosing tips favors fresh (newly issued) tips, if your transaction was not confirmed in the first few minutes, it is very likely it will never be confirmed without doing one or more of these three actions: Rebroadcast, Reattach, and Promote.

Rebroadcast, Reattach and Promote, what is the difference?


Rebroadcasting is sending the exact same transaction to all of your neighbors again. It is only necessary to rebroadcast a transaction in very rare edge cases where your neighbors did not recieve your initial broadcast (because your internet disconnected, for example).


Reattaching a transaction is issuing the same original transaction in the Tangle, but in a different location, by finding two new tips to validate and performing the Proof-of-Work again. When you reattach a transaction to a new location in the Tangle, you do not need to re-sign your transaction bundle (and you should never re-sign your transaction bundle). You only need to find two new transactions to approve and perform the necessary Proof-of-Work again. Technically reattaching constitutes a "double-spend" because the reattached transaction is using the same inputs as the original. Thus only one of these transactions will ultimately be "confirmed". However, because there are now two, the time and probability of confirmation (of one or the other) increase. Also worth noting, because no signatures are necessary to reattach a transaction, anyone can reattach anyone else's transaction by finding a new place in the Tangle and performing the Proof-of-Work (FYI, just in case you would like to help out a stranger). image2018-4-13 19-45-33


Promoting is the process by which you issue 'zero-value' transactions which directly (or indirectly) reference your transaction, as well as reference a randomly chosen newly issued tip. In contrast to reattach, you do not move the original transaction but rather issue new transactions on top of it in an effort to increase its chances of being validated by the network.


Generally, if your transaction has not confirmed, promoting is more effective than reattaching. Rebroadcasting is hardly ever needed except in rare circumstances.

Developer Questions

Where can I download the client?

At the time of writing, IOTA has a reference implementation written in Java which is available here, together with all installation instructions: C++ and Rust are currently under development.

Can I run a private Tangle?

You are able to create your own Private Tangles by using the following software: Compass

Where can I find neighbors in order to run a Full Node?

You can look for neighbors in our community Discord chat room.

What are the system requirements for running a Full Node?
  • 4+ GB of RAM
  • 8+ GB of Storage
  • Java 1.8.0_151 or higher.
  • For Windows, download and install the latest Visual C++ redistributable from here.
What is the difference between a Seed and Private Key in IOTA?

Normally with asymmetrical cryptography there is a unique public address which may be disseminated widely, and a unique and secret private key which is known only to the owner. Given the private key, the public address can be generated trivially and deterministcally by what is known as a hash function (i.e. secure hashing function, sha256), but given the public address, there is no feasible way to determine what the private key is (e.g. there is no inverse function of sha256).

Trivial and deterministic:

sha256(Private Key) = Public Address

Does not exist:

inverseSha256(Public Address) = Private Key

A hashing function has a message digest (or output) which is always the same size, 256 bits in the case of sha256. Because there is no discernable correlation between the input into the hashing function, and the message digest, (e.g. it appears completely random, despite the fact that it is completely deterministic), this means that in order to guess a private key given a public address, it would take on average 2^256 guesses, or close to as many guesses as there are hydrogen atoms in the observable universe. To put this number in perspective, this video by 3Blue1Brown does a great job.

In IOTA, because a variation of the Lamport One-Time signature scheme is employed, it works a little differently. Instead a unique and secret seed, combined with an index (any positive integer including zero), determines a unique and secret private key, which in turn determines a unique public address which may be disseminated widely. This gives a sequence of private keys and public addresses all associated with the same secret seed. This series of private keys and public addresses comprises an IOTA wallet. The hashing function used in IOTA is called Curl.

  • Index 0: Curl(secret seed + 0) = Private Key 0 → Curl(Private Key 0) = Public Address 0
  • Index 1: Curl(secret seed + 1) = Private Key 1 → Curl(Private Key 1) = Public Address 1
  • Index 2: Curl(secret seed + 2) = Private Key 2 → Curl(Private Key 2) = Public Address 2
  • Index 3: Curl(secret seed + 3) = Private Key 3 → Curl(Private Key 3) = Public Address 3
  • .... and so on.

To send IOTA tokens associated with a public address in the Tangle, the private key is used to digitally sign the message proving ownership of the tokens on that address, but in doing so part of the private key (50% on average) is revealed. Thus, once a private key associated with a public address is used to digitally sign a message, this public address should never be used again for any purpose. When sending IOTA from an address, any remainder balance is automatically moved to a next public address by incrementing the index and sending the remainder IOTA tokens to the next public address in the wallet.

One time signature use

For more information on the IOTA signature scheme see, How Addresses Are Used. For more information regarding how to buy and secure IOTA, see Buy and secure IOTA

What are transaction bundles?

The reason transaction bundles are necessary has to do with the one-time-signature scheme described in the previous question. Because an account cannot securely sign more than one transaction, it must completely empty its balance on every transaction, and any remainder balance must be deposited into a different address index in the wallet. Once two transactions have been selected for approval, they are added to the bundle construct and are called the trunkTransaction and branchTransaction, respectively. In order for a transaction bundle to be considered valid the sum of inputs and outputs in the bundle must sum to zero. Let's say Alice has 100 IOTA and wants to send Bob 10, a typical transaction bundle may look like the following (note on notation: Transactions in a bundle are indexed from 0 to N. Tx(M, N) denotes transaction M of N in bundle):

  • Tx(3, 3): Subtract 100 IOTA from Alice's address A; Reference outside two external transactions, branch tip and trunk tip.
  • Tx(2, 3): Add 10 IOTA to Bob's address B; The trunkTransaction references Tx(3, 3), the branchTransaction references the external trunk tip.
  • Tx(1, 3): Add 90 IOTA to Alice's new address A'; The trunkTransaction references Tx(2, 3), the branchTransaction references the external trunk tip.
  • Tx(0, 3): Bundles have the additional useful property of signing metadata attached to payments, which may be provided in additional zero-valued transactions in the bundle. Tx(0, 3) would include just such metadata; The trunkTransaction references Tx(2, 3), the branchTransaction references the external trunk tip.

1 HJOW0 3bSrSf0-T1T0XNhA


How is IOTA different from Blockchain?

It is helpful to first have a good understanding of how Blockchain works. This video by 3Blue1Brown is an excellent place to start.

When it comes to comparing IOTA (or more specifically, the Tangle) with Blockchain, there are many differences, as well as many similarities.

Data Structure

A Blockchain is a sequential chain of blocks where each block references its chronological predecessor, similar to a linked list. Blocks contain multiple transactions, and are added in more-or-less regular, discrete time intervals. In the Tangle each transaction (rather than a block of transactions) references two previous transactions, forming not a linked list, but a complex web structure known in mathematics as a Directed Acyclic Graph, or DAG for short. Directed because all the reference pointers point in the same direction, acyclic because you cannot follow the path from any one transaction and arrive back at the same transaction (in other words, no loops), and a graph because the reference pointers and transactions form a graph of edges and vertices. Importantly, this DAG structure allows transactions to be issued simultaneously, asynchronously, and continuously, as opposed to the discrete time intervals and linear expansion of a Blockchain. image2018-4-14 12-59-23


By parallelizing transaction issuance and validation, IOTA is able to achieve a significantly higher transaction throughput. In a Blockchain, because many miners are working to add the next block to the chain, with significant overlap between the transactions included in their respective blocks, transactions are forced through a bottleneck by design - this is how the double-spend problem is resolved and how consensus is ultimately achieved. However, the vast majority of transactors are not trying to cheat by double-spending their coins, yet they are forced through this bottleneck nonetheless. Instead IOTA lets all transactions through and cleans up any conflicting transactions using the "heaviest Tangle" rule described below.

image2018-4-14 12-58-0

image2018-4-14 12-57-36

image2018-4-14 14-33-28


One common misunderstanding about the differences between Blockchain and the Tangle is how consensus is achieved. Blockchain achieves consensus through the "longest chain" rule. Miners are incentivized to add the next block to the chain with block rewards and transaction fees. Which miner gets to add the next block is determined by a fair and decentralized lottery-like system known as Proof-of-Work where computational resources must be spent to solve a cryptographic puzzle. The only way to solve this puzzle is by brute force, also known as "guess and check." Because two or more miners may find the answer to this puzzle at almost exactly the same time, thus simultaneously creating new blocks which may contain conflicting transactions, the network needs a consensus-building rule to determine which chain should be accepted as valid. This is where the "longest chain" rule comes in to play.

When a miner sees two valid blocks referencing the same parent block, this is known as a fork. The miner then has to choose onto which side of the fork of the chain to try and add the next block. The probability that miners working on either side of the two competing chains continue to find blocks at roughly the same time decreases exponentially for each subsequent block. Consensus around which chain should be accepted as valid is achieved by saying the "longest chain" wins. However, this means that a transaction cannot be considered confirmed until a significant number of blocks have been built on top of it. The rule of thumb for Bitcoin, for example, is after 6 blocks, or on average 60 minutes, a transaction can be safely considered "confirmed".

Conflicting Transactions

Note: The arrows to blocks with conflicting transactions in the Blockchain, or arrows to conflicting transactions in the Tangle, does not mean they are conflicting with eachother in each respective picture, but rather with some other transaction(s) which are part of "true history" on which there is consensus (in teal).

With IOTA, consensus follows the heaviest Tangle rather than the longest chain. In the Tangle, because transaction issuance is tightly coupled with network validation, transaction finality (commonly called "confirmation") can be achieved in a fraction of the time it takes for Blockchain. The more activity there is in the Tangle, the more validations occur, and the faster transaction finality becomes. The vast majority of users in either system, Blockchain or the Tangle, are not actively trying to double-spend or cheat because the majority in either system are assumed to be honest. When double-spends or other forms of cheating do occur, just as in the case with Bitcoin, the 'invalid' branch of the Tangle is ultimately orphaned into oblivion.


With IOTA, to issue a transaction, a tiny amount of Proof-of-Work is required. Unlike Blockchain where Proof-of-Work is employed as a decentralized lottery of sorts, in the Tangle this serves merely as a spam and sybil prevention measure. As more and more transactions occur, more and more cumulative Proof-of-Work is added to the system making it more secure against attacks. The Tangle grows more secure as more activity is added. This is because requiring a tiny amount of Proof-of-Work makes it costly for an attacker to "outpace" the throughput of honest transactions. The cost to issue a transaction for an honest user is inmaterial, but the cost for an attacker to overwhelm the aggregate throughput of honest transactions would be forbiddingly high.

Transaction Fees

Because there are no miners in the Tangle, and the responsibility for validation is an intrinsic part of issuing a transaction, there are no transaction fees. The value sent is always equal to the value received. This enables feeless micro and even nano-payments which the emerging machine-to-machine sharing economy will require to operate at scale.

In IOTA, every participant in the network making a transaction also actively participates in the consensus. Unlike as it is in the case of Blockchain where there is a bifurcation of roles between the miners and the users of the system whose interests are diometrically opposed (miners want slower transaction confirmation times and higher fees, whereas users want the exact opposite), in the Tangle the incentives of all participants are perfectly aligned.

Feeless microtransactions

You mentioned a Markov Chain Monte Carlo Random Walk algorithm for tip selection, what is that?

What is a Markov Chain?

A Markov chain is "a stochastic model describing a sequence of possible events in which the probability of each event depends only on the state attained in the previous event."

In probability theory and related fields, a Markov process, named after the Russian mathematician Andrey Markov, is a stochastic process that satisfies the Markov property (sometimes characterized as "memorylessness"). Roughly speaking, a process satisfies the Markov property if one can make predictions for the future of the process based solely on its present state just as well as one could knowing the process's full history, hence independently from such history; i.e., conditional on the present state of the system, its future and past states are independent.

Roughly speaking, a process satisfies the Markov property if one can make predictions for the future of the process based solely on its present state just as well as one could knowing the process's full history, hence independently from such history; i.e.,conditional on the present state of the system, its future and past states are independent. Source: Wikipedia

What is a Monte Carlo algorithm? From Wikipedia:

In computing, a Monte Carlo algorithm is a randomized algorithm whose output may be incorrect with a certain (typically small) probability. Source: Wikipedia

What is a Random Walk? From Wikipedia:

A random walk is a mathematical object, known as a stochastic or random process, that describes a path that consists of a succession of random steps on some mathematical space such as the integers (or graphs). Source: Wikipedia

What is a tip?

What is a tip? A tip in the Tangle is simply a transaction which has not yet been validated by another transaction. Keep in mind there is time delay between the moment another node in the network selects two transactions for validation and the time this information is broadcasted through the network (i.e. latency).

Put these three things together and what you have is a "memoryless" randomized succession of steps that describes a path on a mathematical space (in our case the Directed Acyclic Graph of the Tangle consisting of transactions and reference pointers) towards a tip (a transaction which does not look like it has been approved yet, but may have been due to latency). To learn more about how the IOTA Markov Chain Monte Carlo Random Walk tip selection algorithm works, see this mini-series of blog posts and simulations: The Tangle: an illustrated introduction.

How can the Markov Chain Monte Carlo Randow Walk tip selection algorithm be enforced?

It cannot be enforced.

The outcome of the algorithm is inherently random, so it is impossible to know what strategy was employed for selecting the transactions to validate, and moreover, it is not even possible to enforce tip selection at all because it is impossible to know what the other node knew at the time a transaction was issued (such as whether a transaction was known to still be a tip or not). What is needed is a default algorithm which avoids laziness, greediness and cheating, where no other possible tip selection algorithm could make a node better off than the default tip selection algorithm. This is what is known as a Nash Equilibrium, but because Nash Equilibrium assumes rational actors, it is also necessary to protect against irrational actors trying to attack the system (see next question). For more information see: Equilibria in the Tangle.

What is the Coordinator and why is it needed?

The security of IOTA relies on an assumption that is an intrinsic feature of all decentralized, distributed and permissionless technologies: the ability for an attacker to exert undue influence over the network is infeasible because the resources required to do so are too great. In a Blockchain, the cumulative Proof-of-Work of all the miners secures the network against attacks. IOTA works fundamentally differently. In IOTA because each transaction requires a tiny amount of Proof-of-Work and/or requires a tiny amount of bandwidth, the communalitive throughput of transactions is what secures the network. The more transactions which occur, the more secure the network becomes. A more detailed explanation can be found in Section 4 of the Tangle White Paper (P. 19):

From the above discussion it is important to recognize that the inequality λ > µ should be true for the system to be secure. In other words, the input flow of “honest” transactions should be large compared to the attacker’s computational power. Otherwise, the estimate (12) would be useless. This indicates the need for additional security measures, such as checkpoints, during the early days of a Tangle-based system.

Currently, however, the low transaction throughput renders the above assumption false, and the estimate (12) above is indeed useless as a result. The additional security measures, such as checkpoints, which are needed to secure the Tangle in its early days as referenced by the White Paper come in the form of 'milestone' transactions issued by The Coordinator, a special node which digitally signs transactions it issues in the Tangle, as well as their location. The Coordinator issues transactions by the same method as any other node, the only difference being that it also signs the location so that they cannot be subsequently reattached to a different location. It is recommended for other nodes to not consider a transaction confirmed until referenced directly or indirectly by the Coordinator's milestone transactions.

When will IOTA be able to remove the Coordinator?

The IOTA Foundation has an amazing team of researchers with backgrounds in mathematics, economics, game theory, graph theory, probability theory, physics, computer science and more asking the difficult questions about the complex assumptions regarding the security and incentives of the Tangle. The questions all revolve around how to ensure that IOTA is the most secure, scalable, distributed, permissionless and decentralized technology possible. This necessitates the removal of the Coordinator - any other outcome would be completely unacceptable to the IOTA Foundation and everyone involved in the project. While the IOTA Foundation hopes to be able to remove the Coordinator soon, these are complex problems with uncertain timelines which also somewhat depend on factors outside the IOTA Foundation's control.

The most critical factor needed for the removal of the Coordinator, for example, is the greater adoption of the IOTA technology increasing the throughput of transactions on the network to meet the fundamental security assumption - that the cumulative throughput of honest transactions is large compared to that which an attacker could feasibly produce.

Why is there no automatic peer-discovery with IOTA and instead requires manual tethering?

Another security feature of IOTA, aside from the inability for a malicious actor to issue a substantial proportion of the transactions on the network, is the inability for a single malicious actor to be able to see a substantial portion of the network (what is called 'omnipresence'). IOTA was designed for the IoT environment where most devices will form wireless ad-hoc networks. In this environment the ability to peer with anyone outside the range of the wireless network employed is impossible.

This mesh network environment is (admittedly imperfectly) emulated over the internet by requiring Full Node operators to manually find neighboring peers. This feature prevents any malicious actor to have un-due influence over the network by limiting the ability to 'see' the whole network in addition to limiting the ability to issue more transactions than the whole network which the Proof-of-Work accomplishes.

What are Snapshots?

The IOTA network supports a very large number of transactions. All IOTA Full Nodes must process and store all these transactions, leading to an ever-increasing storage requirement. To keep the amount of storage needed to a reasonable size, a Snapshot is performed on occasion (appoximately every two months). This is essentially a “pruning” of the ledger - it removes all events and addresses on the ledger which do not have a positive balance. At the end of this pruning we are left with a basic ledger, comprising a list of all addresses that contain IOTA, and their respective balances.

Following the Snapshot a new Tangle builds on top of this basic ledger, until it grows so big that another Snapshot is required.

In the future, the snapshots will occur locally with nodes deciding for themselves when to do a Local Snapshot (see next question). However at the moment this is still a synchronized operation:

  1. The snapshot ledger is prepared by the IOTA Foundation.
  2. The ledger is verified by the IOTA community of Full Node operators ensuring the IOTA Foundation has processed all the transaction history correctly and the IOTA balances in the respective addresses is consistent.
  3. Only when the consensus on the snapshot data is achieved, the green light is given and nodes can switch to this new ledger, via a new release of the IOTA Reference Implementation (IRI).

Full Nodes do not get informed automatically - there is no "secret" API call, thus a Full Node can also choose to continue to run the old version and still be a part of the network. To reiterate, a Full Node can choose to leave its database as is and keep the history (assuming storing all this data is not an issue), or the old data can be removed.

What are Local Snapshots?

Because this synchronized Snapshotting organized by the IOTA Foundation is disruptive to the continuity of the network as well as not completely decentralized (due to the fact it is administered by the IOTA Foundation), in the future it will be necessary for Full Nodes to perform this task locally at their own discretion as the storage required for saving the entire Tangle history becomes too burdensome. The Full Node must be careful not to Snapshot locally too frequently, however, because if it Snapshots too quickly it risks building on a sub-Tangle which may fall out of the consensus. This would be like a miner only storing information contained in the last Block in Blockchain - it is possible that this Block does not ultimately become part of the longest chain and this miner would be building on an abandoned fork.

Local Snapshots are being actively developed by the IOTA core development team.

What are Permanodes?

Permanodes are nodes which store the entire history of the Tangle. Because the amount of data that will be passing through the Tangle will become too burdensome to save for most nodes, and because there is no real incentive to do so, Permanodes will be needed for storing the Tangle history over longer periods of time.

At its core, IOTA is a protocol for securely, trustlessly, costlessly, and quickly transferring data and/or value in the form of IOTA tokens. Like any Distributed Ledger Technology it works because it is all about incentives. Storing arbitrary amounts of data for other people is not well incentivized, thus it will not happen without some benefit for doing so. Although it is purely speculative to imagine all the potential future business models with IOTA, basic economics would dictate that to dedicate an arbitrary amount of resources towards storing other people's data, an economic incentive is necessary.

How would a Permanode work?

Usually it is helpful to draw a parallel to the Bitcoin Blockchain. The rule of thumb in Bitcoin is that once a block is greater or equal to six blocks deep it can be safely considered forever part of consensus. Imagine a new miner showing up to the Bitcoin Blockchain. Does this miner need to know about all the information contained in all blocks deeper than six or more (once it confirms block headers from the genesis)? No, this miner just need to know which addresses own which Bitcoin as of six blocks deep ago (or more precisely, which addresses have UTXOs). The newly arrived miner does not need to know how they got there. So, the miner just summarizes which addresses owns which Bitcoins as of six blocks ago, deletes any information stored in the Blockchain deeper than that (to clean up space in its memory) and begins building new blocks on the current longest chain checking transactions are valid using the history of only the last six blocks.

Now, imagine every single Bitcoin miner does this, with just one "perma-miner" which stores the entire Bitcoin Blockchain back to the very first block in 2009. This perma-miner does this because there are some scenarios where people would like to audit a particular transaction and/or piece of data from a long time ago. The perma-miner can provide this service for a price (the precise business model is anyone's guess), demonstrating hash-pointers all the way to present decentralized Blockchain, and if the hashpointers tie out with current decentralized Blockchain, the customer can know the data was not tampered with.

This would work very similarly in the Tangle. Because the Tangle will process orders of magnitude more confirmed transactions per unit of time than the Blockchain, storing the entire Tangle history for most devices will be infeasible and illogical. Instead Full Nodes will occasionally use Local Snapshots to prune data which is no longer needed. Permanodes will simply, by definition, not take Local Snapshots and store the entire Tangle history allowing a transaction from any point in time to be audited.

A Permanode prototype is being actively developed by the IOTA core development team.

What is the total IOTA token supply?

The total supply of IOTA is (3^33 - 1) / 2 = 2,779,530,283,277,761 tokens. This value is optimized for ternary computation - it is the largest possible 33-digit ternary number:

111,111,111,111,111,111,111,111,111,111,111 (base-3) = 2,779,530,283,277,761 (base-10)

The total IOTA token supply was "minted" on the genesis transaction and will never change. It is now impossible for anyone to "mint" or "mine" new IOTA tokens.

IOTA uses the International System of Units (or SI units): IOTA Units Reference

Why does IOTA use ternary based logic?

Whilst the binary number system is the most commonly used numerical representation scheme in implementing the basic computer arithmetic operations, there is a large spectrum of alternative number systems, that can be very successfully used in computational algorithms. The question 'What is the most efficient base?' has been posed many times, but perhaps the most convincing argument in favor of ternary number system is the one provided by Henry S. Warren in his seminal book 'Hacker's Delight' (pp.233-234). His analysis is important in that he is considering both arithmetic and power-consumption resources optimizations as the function of the radix of the number system used. His conclusion - that ternary arithmetic is about 5.6% more efficient than binary - is rather instructive. What is more interesting about ternary arithmetic is the fact that one can consider as the set of digits allowed {-1,0,1}. In this case every representation of integers is unique and, more to the point, for the representation of negative numbers one does not need to use some artificial trick like the 2's complement notation, needed in binary. The advances in the field of multiple-level logic will make the design of ternary circuits more and more popular.

Further reading:

American Scientist Vol. 89, No. 6 - Computing Science: Third Base, (B. Hayes, 2001):

"People count by tens and machines count by twos - that pretty much sums up the way we do arithmetic on this planet. But there are countless other ways to count. Here I want to offer three cheers for base 3, the ternary system. The numerals in this sequence - beginning 0,1,2,10,11,12, 20, 21, 22,100,101 - are not as widely known or widely used as their decimal and binary cousins, but they have charms all their own. They are the Goldilocks choice among number ing systems: When base 2 is too small and base 10 is too big, base 3 is just right."

The Art of Computer Programming, (D. Knuth, 2014):

"Perhaps the prettiest number system of all is the balanced ternary notation.”

International Journal of Computer Science and Information Technologies, Vol. 5, No. 4 - Balanced-Ternary Logic for Improved and Advanced Computing, (S. Ahmad, M. Alam, 2014):

"This paper is meant to present balanced ternary logic as the most suitable logical system for our modern computing machines in terms of performance, simplicity, cost and the future prospects that it can bestow upon our modern computing machines."

Radix Economy Wikipedia | Balanced Ternary Wikipedia | Ternary Neural Networks for Resource-Efficient AI Applications

Does IOTA need ternary based processors to function?

No. Currently IOTA full nodes run the IOTA Reference Implementation on primarily, if not exclusively, binary based processors. However, because IOTA is built specifically for the emerging IoT industry where trustlessly identitfying a device, securing its data, and allowing it to buy and sell resources without the need for a trusted intermediary will be of paramount importance, it makes perfect sense that a dedicated microcontroller will become a standard component for any IoT device. Advances in software programs necessitated the addition of GPUs into every display enabled device as consumers demanded more interactive applications, and advances in computer and mobile phone display technologies became capable of producing increasingly higher definition resolutions. A similar need will become apparent for IoT devices as they will need to be able to securely identify themselves, exchange encrypted data, and buy and sell scarce resources with untrusted devices in their proximity. Resources such as computational resources they will all produce and depend on such as data, electricity, CPU, bandwidth and memory, as well as the scarce resources specific to the device itself such as parking spaces for cars, air space for drones, etc.

Additionally, the dedicated microcontroller component which would be required for these tasks - tasks including digitially signing messages, encrypting and decrypting data, and performing a minimal amount of Proof-of-Work - could be accomplished with as little as a few hundred logic gates. It would thus be smaller than the human eye could see and consume a negligiable amount of energy from the device. In light of the dusk of Moore's Law and because it would not require any additional hardware upgrades from any existing binary components, a microcontroller based on ternary logic would be the most powerful and energy efficient integrated circuit possible and indeed some are already being actively developed. For this reason, IOTA decided to design a ternary based transactional settlement and data transfer layer protocol to be run on dedicated ternary based microcontroller components which will inevitably become a standard for the emerging IoT industry.

What makes IOTA quantum-secure?

It is known that a sufficiently large quantum computer could be very efficient for handling problems that rely on trial and error to find a solution. The process of finding a nonce in order to generate a Bitcoin block is a good example of such a problem. But, as explained in Section 5 of the White Paper, the number of nonces that one needs to check in order to find a suitable hash for issuing a transaction in the Tangle is not unreasonably large. The algorithm used in the current IOTA implementation is structured such that the time to find a nonce is not much larger than the time needed for other tasks that are necessary to issue a transaction. Thus, the efficiency gain for even an 'ideal' quantum computer would not be a risk to the security assumptions of the Tangle whereas with Bitcoin it could potentially be fatal as the fundamental security and fairness assumption that no single actor can mine blocks any faster, relative to the computational resources dedicated to it, than anyone else would be violated.

Additionally, IOTA uses hash-based signatures instead of elliptic curve cryptography (ECC). Not only are hash-based signatures a lot faster than ECC, but it also greatly simplifies the overall protocol (signing and verification). What actually makes the IOTA signature scheme quantum-secure is the fact that it uses Winternitz signatures. The IOTA ternary hash function is called Curl.

What is Curl?

As the dawn of the IoT emerges, the assumptions behind legacy architectures are being revisited. Multi-valued logic is already employed in communication, and asynchronous designs that move past the dating Von Neumann and Harvard architectures must embrace this progress in kind as they optimize for efficiency. To this end, IOTA, and its hash function, Curl, are tailored to be used by devices that are emerging for the most optimal usage of the integer maximum radix economy.

Curl is a hash function based on the sponge construction. It was designed to meet the needs of the IoT: a small and efficient hash function. Its very simple round-function allows for easy algebraic analysis of its structure. This is important because lower bounds on the number rounds necessary for different use-cases is needed. The fixed point H(0)=0 is a design constraint for optimization in its role in the construction of the Directed Acyclic Graph of the Tangle architecture on which IOTA is built.

What is Network-Bound Proof-of-Work?

Let us return to the fundamental security assumption of the Tangle: The flow of "honest transactions" must be large compared to that which an attacker could feasibly produce. The primary purpose of Proof-of-Work is to impose an arbitrary cost, albeit a small one, on issuing a transaction, e.g. finding a nonce for some given level of difficulty such that a hash of the transaction combined with the nonce takes a certain form. This makes it costly for a malicious actor to generate a substantial proportion of the total transactions occuring on the IOTA network. This is because computation power is a scarce resource, an attacker cannot amass more computational power than the cumulative computational power of the honest transactors because the honest are many and attackers are few. It is simply power in numbers.

However, computational power is not the only scarce resource. Bandwidth is also a scarce resource. The scarcity of bandwidth is already becoming apparent as the world moves from 4G to 5G, and in the heated debates over net-neutrality. It is a basic economic law that when a scarce resource increases in demand faster than its supply, its price will rise. If a network's total available bandwidth is saturated, bandwidth will become costly. Thus, in the future, instead of requiring an arbitrarily determined computational cost using Proof-of-Work, the natural scarcity of bandwidth due to the physical laws of the world in which we live will effectively accomplish the same thing - that is make it infeasibly costly for an attacker to issue more transactions than the cumulative flow of honest transactions.

What is Qubic?

For more information about Qubic please see: Qubic

Contact Us

Get in contact with the IOTA Foundation.