Grants

At the moment, IOTA uses Proof of Work as a spam-prevention mechanism. However, with specialized hardware such as FPGAs, users can complete Proof of Work too easily for it to prevent spam. As a result, we are researching alternatives to proof of work such as the following:

• Verifiable delay functions

• Admission control strategies such as filtering transactions by node reputation

Nodes use their resources such as bandwidth to process transactions and forward them to their neighbors. At the moment, this use of resources is not optimized and puts a limit on the network's number of transactions per second. To improve scalability and to make the network more efficient, we are researching the following strategies:

• Optimize the gossip layer to prevent nodes from forwarding redundant messages to neighbors

• Allow nodes to route and process transactions only in predefined sections (shards) of the network

In our Coordicide proposal, we introduce global identities for nodes. To discourage counterfeit identities, the network needs an anti-Sybil mechanism, such as node reputations. To build this mechanism, we need to analyze such a reputation system from both an economic and a game-theoretical perspective. Potential aspects that may affect the node reputation are the following:

• Amount of tokens transferred

• Time the node is active

• Active or passive participation in the network activity such as voting

Nodes must reach a consensus on which messages can be included in the ledger and which cannot. For example, in the case of a double spend, only one message should be included at most. To enable an efficient voting system for the inclusion state of messages, we leverage the DAG data structure of IOTA (also known as the Tangle).

In addition, under certain strong Byzantine conditions, it may be possible that metastable states are created, where nodes are locked in a vote for an extensive time. To overcome this, we integrate a metastability-breaking mechanism similar to fast probabilistic consensus (FPC) (FPC-BI: Fast Probabilistic Consensus within Byzantine Infrastructures (PDF).

Although this approach has the potential to drastically increase the performance of consensus finding, it is a complex topic that requires efficient algorithms to distribute and count the votes. Furthermore, theoretical and numerical results on the safety and efficiency of these consensus components are important for an optimal implementation. This includes robustness towards variations of the network topologies, Byzantine resistance, effective implementation of reputation-based systems, and game-theoretic aspects.

The existence of credible timestamps has several key advantages for the protocol. For example, by comparing timestamps we can define a global criterion for when a transaction becomes “too old” and can be safely removed in a snapshot. They also enable us to establish a fully ordered Tangle – a big step towards smart contracts.

The objective of this project is to investigate the feasibility of reaching a consensus on the global ordering of the Tangle through timestamps, i.e., declared and signed values attached to each transaction. As a fundamental requirement, such an ordering should require a low network overhead (e.g., low number of votes or even require no voting system). Furthermore, this mechanism must be robust to attacks that target the delay to consensus finding.

Making the Tangle scalable is fundamental to fulfilling IOTA's vision. The network layer optimization and reputation system projects help improve scalability. However, these projects cannot help the network exceed its intrinsic physical limitations. To confirm a larger number of transactions per second, we envision two strategies:

• Nodes probabilistically validate only a subset of transactions that they receive

• Each transaction carries a shard marker to partition the database

To make sure that the Coordicide solution is resistant to attacks, we need to theorize and simulate the behavior of the system. For example, we can do the following:

• Develop new attacking scenarios that could use artificial intelligence.

• Analyze the cost and feasibility of the proposed attacks.

• Propose new security improvements to the protocol.

We are also interested in studying how IOTA is and can be used. There are many open questions surrounding each of the applications being developed internally by IOTA, including:

• Our Digital Identity Solution

• IOTA Streams

• IOTA Access

• Our Permanode Solution

We are also interested in projects that study new use cases of IOTA and DLTs. This could range anywhere from studying specific new applications that would run on top of IOTA or looking at how DLTs can solve a use case coming from Industry. Moreover, we can support entrepreneurs or researchers who wish to build a proof of concept demonstrating the utility of IOTA. 

Cryptography intersects DLT research and IOTA-related topics in a variety of ways. Specifically, we are interested in the following topics: 

• We are interested in adding a quantum resistance digital signature scheme that can be used in the near future as a mechanism to protect the network against potential attacks from quantum computers. We have concluded that the most suitable scheme is one of the NIST post-quantum cryptography finalists: the Dillitium digital signature scheme. 

• The use of zero-knowledge proofs in smart contracts and other applications continues to grow. One critical example is zk_SNARks which allows, among other things, a blind verifiable evaluation of polynomials. The exact specifics of this zero-knowledge-based technology is something we investigate on an algorithmic level. 

• Vector and polynomial commitment schemes. Those schemes are becoming increasingly important in the smart contract implementations and distributed random number generations. We collaborate with the VDF Alliance team on the specific uses of polynomial commitment, as well as we investigate the possibility of creating a paring-free polynomial commitment that can be considerably more efficient than the schemes based on BLS pairing over elliptic curves. 

• RSA key generation. The main obstacle to the widespread use of VDFs is the slow generation of shared RSA keys. We recently published an article showcasing how this process can be substantially sped up. There are additional improvement opportunities that we investigate at the moment.

• One of the most time-consuming components of the VDF schemes is the use of multi-exponentiations. We have performed extremely detailed investigations on the specific computational primitives needed for the execution of this particular operation. Our findings have been submitted for a possible journal publication and, more to the point, we work on further possible improvements and, in particular, on a radically new multi-exponentiation algorithm. These findings can be used not only in VDF applications but also in various commitment schemes (e.g. Pedersen or Feldman) verifiable secret sharing schemes.