## Find us on Google Scholar

We have many papers published on Google Scholar with more being added regularly from our distinguished researchers.

## Coordicide Papers

### Tangle 2.0 Leaderless Nakamoto Consensus on the Heaviest DAG

Sebastian Müller, Andreas Penzkofer, Nikita Polyanskii, Jonas Theis, William Sanders, Hans Moog

Abstract

We introduce the theoretical foundations of the Tangle 2.0, a probabilistic leaderless consensus protocol based on a directed acyclic graph (DAG) called the Tangle. The Tangle naturally succeeds the blockchain as its next evolutionary step as it offers features suited to establish more efficient and scalable distributed ledger solutions. Consensus is no longer found in the longest chain but on the heaviest DAG, where PoW is replaced by a stake- or reputation-based weight function. The DAG structure and the underlying Reality-based UTXO Ledger allow parallel validation of transactions without the need for total ordering. Moreover, it enables the removal of the intermediary of miners and validators, allowing a pure two-step process that follows the \emph{propose-vote} paradigm at the node level and not at the validator level. We propose a framework to analyse liveness and safety under different communication and adversary models. This allows providing impossibility results in some edge cases and in the asynchronous communication model. We provide formal proof of the security of the protocol assuming a common random coin.

### Reality-based UTXO Ledger

Sebastian Müller, Andreas Penzkofer, Nikita Polyanskii, Jonas Theis, William Sanders, Hans Moog

Abstract

The Unspent Transaction Output (UTXO) model is commonly used in the field of Distributed Ledger Technology (DLT) to transfer value between participants. One of its advantages is that it allows parallel processing of transactions, as independent transactions can be added in any order. This property of order invariance and parallelisability has potential benefits in terms of scalability. However, since the UTXO Ledger is an append-only data structure, this advantage is compromised through the presence of conflicting transactions. We propose an extended UTXO Ledger model that optimistically updates the ledger and keeps track of the dependencies of the possible conflicts. In the presence of a conflict resolution mechanism, we propose a method to reduce the extended ledger back to a consistent UTXO Ledger.

### Access Control for Distributed Ledgers in the Internet of Things: A Networking Approach

Andrew Cullen, Pietro Ferraro, William Sanders, Luigi Vigneri, Robert Shorten

IEEE Internet of Things Journal, 2021

Abstract

In the Internet of Things (IoT) domain, devices need a platform to transact seamlessly without a trusted intermediary. Although Distributed Ledger Technologies (DLTs) could provide such a platform, blockchains, such as Bitcoin, were not designed with IoT networks in mind, hence are often unsuitable for such applications: they offer poor transaction throughput and confirmation times, put stress on constrained computing and storage resources, and require high transaction fees. In this work, we consider a class of IoT-friendly DLTs based on directed acyclic graphs, rather than a blockchain, and with a reputation system in the place of Proof of Work (PoW). However, without PoW, implementation of these DLTs requires an access control algorithm to manage the rate at which nodes can add new transactions to the ledger. We model the access control problem and present an algorithm that is fair, efficient and secure. Our algorithm represents a new design paradigm for DLTs in which concepts from networking are applied to the DLT setting for the first time. For example, our algorithm uses distributed rate setting which is similar in nature to transmission control used in the Internet. However, our solution features novel adaptations to cope with the adversarial environment of DLTs in which no individual agent can be trusted. Our algorithm guarantees utilisation of resources, consistency, fairness, and resilience against attackers. All of this is achieved efficiently and with regard for the limitations of IoT devices. We perform extensive simulations to validate these claims.

### Coordicide

Serguei Popov, Hans Moog, Darcy Camargo, Angelo Capossele,Vassil Dimitrov, Alon Gal, Andrew Greve, Bartosz Kusmierz, Sebastian Mueller, Andreas Penzkofer, Olivia Saa, William Sanders, Luigi Vigneri, Wolfgang Welz, Vidal Attias

Abstract

The Coordicide project focuses on the removal of the Coordinator through the implementation of several network components, as discussed in this working paper. Despite these additional components, all existing fundamental design features of the Tangle remain in place.

### IOTA Smart Contracts

Evaldas Drąsutis

Abstract

The document introduces IOTA Smart Contracts, a distributed ledger technology (DLT) and a multi-blockchain smart contract framework with ability to transact cross-chain in a trustless and scalable manner on the IOTA UTXO ledger on layer 1. The main goal is to present the reasoning behind the concept and the architectural elements. The style of the whitepaper is informal

### Secure Access Control for DAG-based Distributed Ledgers

Lianna Zhao, Luigi Vigneri, Andrew Cullen, William Sanders, Pietro Ferraro, Robert Shorten

IEEE Internet of Things Journal, 2021

Abstract

Access control is a fundamental component of the design of distributed ledgers, influencing many aspects of their functionality, such as fairness, efficiency, traditional notions of network security, and adversarial attacks such as Denial-of-Service (DoS) attacksAttackers attempt to put stress on the network by sending a large amount of transactions to other nodes.. In this work, we consider the security of a recently proposed access control protocol for Directed Acyclic Graph-based distributed ledgers. We present a number of attack scenarios and potential vulnerabilities of the protocol and introduce a number of additional features which enhance its resilience. Specifically, a blacklisting algorithm, which is based on a reputation-weighted threshold, is introduced to handle both spamming and multi-rate malicious attackers. A solidification request component is also introduced to ensure the fairness and consistency of the network in the presence of attacks. Finally, a timestamp component is also introduced to maintain the consistency of the network in the presence of multi-rate attackers. Simulations to illustrate the efficacy and robustness of the revised protocol are also presented.

### Salt-based autopeering for DLT-networks

Sebastian Müller, Angelo Capossele, Bartosz Kuśmierz, Vivian Lin, Hans Moog, Andreas Penzkofer, Olivia Saa, William Sanders, Wolfgang Welz

3rd Conference on Blockchain Research Applications for Innovative Networks and Services (BRAINS), 2021

Abstract

The security of any Distributed Ledger Technology (DLT) depends on the safety of the network layer. Much effort has been put into understanding the consensus layer of DLTs. However, many network layer designs seem ad-hoc and lack a careful analysis of the influence of the design decisions on the whole DLT system. We propose a salt-based automated neighbor selection protocol that shows the inherent tradeoffs of certain design decisions and allows a quantitative treatment of some network topology requirements. This example may serve as a design framework and facilitate future research. We provide a selection of results from simulations to highlight some tradeoffs in the design decisions.

### Robustness of the Tangle 2.0 Consensus

Bing-Yang Lin, Daria Dziubałtowska, Piotr Macek, Andreas Penzkofer, Sebastian Müller

Abstract

In this paper, we investigate the performance of the Tangle 2.0 consensus protocol in a Byzantine environment. We use an agent-based simulation model that incorporates the main features of the Tangle 2.0 consensus protocol. Our experimental results demonstrate that the Tangle 2.0 protocol is robust to the bait-and-switch attack up to the theoretical upper bound of the adversary's 33% voting weight. We further show that the common coin mechanism in Tangle 2.0 is necessary for robustness against powerful adversaries. Moreover, the experimental results confirm that the protocol can achieve around 1s confirmation time in typical scenarios and that the confirmation times of non-conflicting transactions are not affected by the presence of conflicts.

### IOTA: Feeless and Free

Serguei Popov

IEEE Blockchain Technical Briefs, 2019

### Achieving Fairness in the Tangle through an Adaptive Rate Control Algorithm

Luigi Vigneri, Wolfgang Welz, Alon Gal, Vassil Dimitrov

2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)

Abstract

Throughput is a key property for any distributed ledger technology. However, limited resources, such as bandwidth or node computational power, can lead to network congestion when nodes try to issue more transactions than the network can handle. Consequently, priority criteria are necessary to determine whether a transaction should be accepted or not. In this paper, we present a novel adaptive rate control algorithm for the Tangle, a new-generation distributed ledger allowing large throughput. Our approach combines various concepts, such as resource tests and Proof-of-Work with dynamic difficulty. Our algorithm not only serves as an anti-spam mechanism, but also achieves fair representation. This is to be contrasted with pure Proof-of-Work blockchains, which lead to wasteful mining races.

### On the Fairness of Distributed Ledger Technologies for the Internet of Things

Luigi Vigneri, Wolfgang Welz

2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)

Abstract

Distributed networks have been widely studied in literature. However, the blockchain paradigm has inspired to revisit some of the results under a different point of view. In this paper, we analyze the “classic” spam protection problem applied to the IOTA Tangle, a distributed ledger technology which addresses Bitcoin’s (monetary and energy) efficiency issues through the absence of mining pools. However, the lack of miners makes the network vulnerable to denial of service attacks. We propose an anti spam mechanism based on the solution of a cryptographic puzzle: When a node wants to generate a new transaction, it dynamically adapts the difficulty of the puzzle depending on its target throughput and on its reputation score. Specifically, the adaptive difficulty property guarantees that any node, even with low hashing power, can achieve similar throughput for a given reputation. In the paper, we prove this claim both analytically and through simulations, and we show that fairness between low- and high-power nodes is indeed reached.

### Fast Generation of RSA Keys using Smooth Integers

Vassil Dimitrov, Luigi Vigneri, Vidal Attias

IEEE Transactions on Computers, 2021

Abstract

Primality generation is the cornerstone of several essential cryptographic systems. The problem has been a subject of deep investigations, but there is still a substantial room for improvements. Typically, the algorithms used have two parts trial divisions aimed at eliminating numbers with small prime factors and primality tests based on an easy-to-compute statement that is valid for primes and invalid for composites. In this paper, we will showcase a technique that will eliminate the first phase of the primality testing algorithms. The computational simulations show a reduction of the primality generation time by about 30% in the case of 1024-bit RSA key pairs. This can be particularly beneficial in the case of decentralized environments for shared RSA keys as the initial trial division part of the key generation algorithms can be avoided at no cost. This also significantly reduces the communication complexity. Another essential contribution of the paper is the introduction of a new one-way function that is computationally simpler than the existing ones used in public-key cryptography. This function can be used to create new random number generators, and it also could be potentially used for designing entirely new public-key encryption systems.

### Report on the energy consumption of the IOTA 2.0 prototype network (GoShimmer 0.8.3) under different testing scenarios

Louis Helmer, Andreas Penzkofer

Abstract

The high energy consumption of proof of work-based distributed ledgers has become an important environmental concern. Bitcoin, for example, consumes as much energy in a year as a developed country. Alternative consensus mechanisms, such as proof of stake, have been shown to use drastically less energy than proof of work-based DLTs. For example, the IOTA DLT, built upon a directed acyclic graph (DAG) architecture, uses an alternative consensus mechanism that requires significantly less energy than other DLTs. Because the (DLT) space is constantly and rapidly evolving, the question of how much energy DLTs actually consume demands to be continuously studied and answered. Studying the energy consumption of alternative DLTs is important as it contributes to improving the understanding of the general public that not all cryptocurrencies use excessive energy resources. Previous research into the energy consumption of the IOTA network has shown that an optimization in the overall protocol correlates to an optimization in energy consumption. The planned IOTA 2.0 update, built upon the GoShimmer research prototype, promises to further optimize the protocol by removing the network's centralized Coordinator. This report presents the results of measuring the energy consumption of a private GoShimmer network while comparing these findings to previous research into the current mainnet, which is called Chrysalis. The main findings of this report are that the IOTA 2.0 research prototype shows both improvements and increase in the energy consumption metrics compared to the Chrysalis network. Additionally, this report defines a model to estimate the total annual energy consumption of an IOTA network. This model should be significant for future research as it enables a way to estimate the total cost of running the IOTA network as well as its carbon emissions. Moreover, having an annual power consumption metric allows for better objective comparisons to different DLTs.

### On the Decentralized Generation of the RSA Moduli in Multi-Party Settings

Vidal Attias, Luigi Vigneri, Vassil Dimitrov

Abstract

RSA cryptography is still widely used. Some of its applications (e.g., distributed signature schemes, cryptosystems) do not allow the RSA modulus to be generated by a centralized trusted entity. Instead, the factorization must remain unknown to all the network participants. To this date, the existing algorithms are either computationally expensive, or limited to two-party settings. In this work, we design a decentralized multi-party computation algorithm able to generate efficiently the RSA modulus.

### Implementation Study of Two Verifiable Delay Functions

Vidal Attias, Luigi Vigneri, Vassil Dimitrov

Tokenomics, 2020

Abstract

Proof of Work is a prevalent mechanism to prove investmentof time in blockchain projects. However the use of massive parallelismand specialized hardware gives an unfair advantage to a small portion ofnodes and raises environmental and economical concerns. In this paperwe provide an implementation study of two Verifiable Delay Functions, anew cryptographic primitive achieving Proof of Work goals in an unpar-allelizable way. We provide simulation results and an optimization basedon a multiexponentiation algorithm.

### Preventing Denial of Service Attacks in IoT Networks through Verifiable Delay Functions

Vidal Attias, Luigi Vigneri, Vassil Dimitrov

IEEE Global Communications Conference (GLOBECOM), 2020

Abstract

Permissionless distributed ledgers provide a promising approach to deal with the Internet of Things (IoT) paradigm. Since IoT devices mostly generate data transactions and micropayments, distributed ledgers that use fees to regulate the network access are not an optimal choice. In this paper, we study a feeless architecture developed by IOTA and designed specifically for the IoT. Due to the lack of fees, malicious nodes can exploit this feature to generate an unbounded number of transactions and perform a denial of service attacks. We propose to mitigate these attacks through verifiable delay functions. These functions, which are non-parallelizable, hard to compute, and easy to verify, have been formulated only recently. In our work, we design a denial of service prevention mechanism which addresses network heterogeneity, limited node computational capabilities, and hardware-specific implementation optimizations. Verifiable delay functions have mostly been studied from a theoretical point of view, but little has been done in tangible applications. Hence, this paper can be considered as a pioneer work in the field, since it builds a bridge between this theoretical mathematical framework and a real-world problem.

### Spatial Positioning Token (SPToken) for Smart Mobility

Roman Overko, Rodrigo Ordóñez-Hurtado, Sergiy Zhuk, Pietro Ferraro, Andrew Cullen, Robert Shorten

IEEE Transactions on Intelligent Transportation Systems, 2020

Abstract

We introduce a permissioned distributed ledger technology (DLT) design for crowdsourced smart mobility applications. This architecture is based on a directed acyclic graph architecture (similar to the IOTA tangle) and uses both Proof-of-Work and Proof-of-Position mechanisms to provide protection against spam attacks and malevolent actors. In addition to enabling individuals to retain ownership of their data and to monetize it, the architecture is also suitable for distributed privacy-preserving machine learning algorithms, is lightweight, and can be implemented in simple internet-of-things (IoT) devices. To demonstrate its efficacy, we apply this framework to reinforcement learning settings where a third party is interested in acquiring information from agents. In particular, one may be interested in sampling an unknown vehicular traffic flow in a city, using a DLT-type architecture and without perturbing the density, with the idea of realizing a set of virtual tokens as surrogates of real vehicles to explore geographical areas of interest. These tokens, whose authenticated position determines write access to the ledger, are thus used to emulate the probing actions of commanded (real) vehicles on a given planned route by jumping'' from a passing-by vehicle to another to complete the planned trajectory. Consequently, the environment stays unaffected (i.e., the autonomy of participating vehicles is not influenced by the algorithm), regardless of the number of emitted tokens. The design of such a DLT architecture is presented, and numerical results from large-scale simulations are provided to validate the proposed approach.

### Distributed Ledger Enabled Control of Tyre Induced Particulate Matter in Smart Cities

Panagiota Katsikouli, Pietro Ferraro, Hugo Richardson, Hanson Cheng, Siobhan Anderson, Deepak Mallya, David Timoney, Marc Masen, Robert Shorten

Frontiers in Sustainable Cities, 2020

Abstract

The link between transport related emissions and human health is a major issue for municipalities worldwide and one of the main challenges to address in the context of Smart Cities. Specifically, Particulate Matter (PM) emissions from exhaust and non-exhaust sources are one of the main worrying contributors to air-pollution. In this paper, we challenge the notion that a ban on internal combustion engine vehicles will result in clean and safe air in our cities, since emissions from tyres and other non-exhaust sources are expected to increase in the near future. We support this claim through simple calculations, based on publicly available data from the city of Dublin, and we present a high level solution to this problem, in the form of a control mechanism and ride-sharing scheme to limit the number of vehicles and therefore maintain the amount of transport-related PM to safe levels. Thanks to the use of Distributed Ledger Technology our proposal is entirely distributed, fair and privacy preserving, which makes it ideal for application in the Smart City domain.

### On Fairness in Voting Consensus Protocols

Sebastian Müller, Andreas Penzkofer, Darcy Camargo, Olivia Saa

Abstract

Voting algorithms have been widely used as consensus protocols in the realization of fault-tolerant systems. These algorithms are best suited for distributed systems of nodes with low computational power or heterogeneous networks, where different nodes may have different levels of reputation or weight. Our main contribution is the construction of a fair voting protocol in the sense that the influence of the eventual outcome of a given participant is linear in its weight. Specifically, the fairness property guarantees that any node can actively participate in the consensus finding even with low resources or weight. We investigate effects that may arise from weighted voting, such as loss of anonymity, centralization, scalability, and discuss their relevance to protocol design and implementation.

### On asymptotic fairness in voting with greedy sampling

Abraham Gutierrez, Sebastian Müller, Stjepan Šebek

Abstract

The basic idea of voting protocols is that nodes query a sample of other nodes and adjust their own opinion throughout several rounds based on the proportion of the sampled opinions. In the classic model, it is assumed that all nodes have the same weight. We study voting protocols for heterogeneous weights with respect to fairness. A voting protocol is fair if the influence on the eventual outcome of a given participant is linear in its weight. Previous work used sampling with replacement to construct a fair voting scheme. However, it was shown that using greedy sampling, i.e., sampling with replacement until a given number of distinct elements is chosen, turns out to be more robust and performant.

### Committee selection in DAG distributed ledgers and applications

Bartosz Kuśmierz, Sebastian Müller, Angelo Capossele

Abstract

In this paper, we propose several solutions to the committee selection problem among participants of a distributed ledger based on a decentralized acyclic graph (DAG). Our methods are based on a ledger intrinsic reputation model that serves as a selection criterion. The main difficulty arises from the fact that the DAG ledger is

### Healthor: Protecting the Weak in Heterogeneous DLTs with Health-aware Flow Control

Jonas Theis, Luigi Vigneri, Lin Wang, Animesh Trivedi

4th Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers (SERIAL), 2020

Abstract

Permissionless distributed ledger technologies (DLTs) utilize an underlying peer-to-peer network to disseminate transactions. These types of networks have been shown to be highly heterogeneous. However, current DLTs fail to consider this heterogeneity which can render low-end nodes to be unable to participate in consensus.

### A survey on security challenges and solutions in the IOTA

Mauro Conti, Gulshan Kumar, Pranav Nerurkar, Rahul Saha, Luigi Vigneri

Elsevier Journal of Network and Computer Applications, 2022

Abstract

Wide-scale adoption of the Internet of Everything requires decentralized security, responsibility, and trust among the stakeholders. All these can be achieved by a Distributed Ledger Technology (DLT) backbone. As a mathematical model for enabling this DLT backbone, IOTA’s Tangle is gaining popularity due to its scalability and freedom from transaction fees. Unlike blockchain, the Tangle uses a Directed Acyclic Graph (DAG) structure, and its design does not cover essential blockchain pitfalls, including expensive Proof of Work (PoW), limited throughput, high transaction costs, and significant confirmation delays. The original IOTA is evolving into a Coordinator-less environment, the Coordicide. It requires additional modules, such as auto-peering and a reputation system, to fully exploit Tangle’s scalability and complete decentralization potential. Nevertheless, each new evolutionary update adds complexity and may introduce security threats. Therefore, the present survey’s motivation is a detailed security analysis of the IOTA. To spur developers and researchers’ interest and summarize the security status in IOTA, we have drawn the current review. Our survey outlines security vulnerabilities on IOTA and their mitigation strategies and explores several important open directions to be researched further. The vulnerabilities are discussed on both the original IOTA and its upcoming Coordicide version. In summary, this survey is first in the field for (i) understanding the basic functionalities of the IOTA, (ii) listing the security solutions provided in the literature against the reported and unreported attacks, and (iii) presenting open research questions (RQ) for directing the future investigations on IOTA.

### Rethinking modular multi-exponentiation in real-world applications

Vidal Attias, Luigi Vigneri, Vassil Dimitrov

Journal of Cryptographic Engineering, 2022

Abstract

The importance of efficient multi-exponen- tiation algorithms in a large spectrum of cryptographic applications continues to grow. Many of the algorithms proposed in the past pay attention exclusively on the minimization of the number of modular multiplications. However, a short reduction of the multiplicative com- plexity can be easily overshadowed by other figures of merit. In this article we demonstrate a large number of practical results aimed at concrete cryptographic tasks requiring multi-exponentiations and provide rec- ommendations on the best possible algorithmic strate- gies for different selection of security parameters.

### Feedback control for distributed ledgers: An attack mitigation policy for DAG-based DLTs

Pietro Ferraro, Andreas Penzkofer, Christopher King, Robert Shorten

Abstract

In this paper we present a feedback approach to the design of an attack mitigation policy for DAG-based Distributed Ledgers. We develop a model to analyse the behaviour of the ledger under the so called Tips Inflation Attack and we design a control strategy to counteract this attack strategy. The efficacy of this approach is showcased through a theoretical analysis, in the form of two theorems about the stability properties of the ledger with and without the controller, and extensive Monte Carlo simulations of an agent-based model of the distributed ledger.

### Impact of delay classes on the data structure in IOTA

Andreas Penzkofer, Olivia Saa, Daria Dziubałtowska

CBT2021 - 5th Cryptocurrencies and Blockchain Technology workshop

Abstract

In distributed ledger technologies (DLTs) with a directed acyclic graph (DAG) data structure, a message-issuing node can decide where to append that message and, consequently, how to grow the DAG. This DAG data structure can typically be decomposed into two pools of messages: referenced messages and unreferenced messages (tips). The selection of the parent messages to which a node appends the messages it issues, depends on which messages it considers as tips. However, the exact time that a message enters the tip pool of a node depends on the delay of that message. In previous works, it was considered that messages have the same or similar delay; however, this generally may not be the case. We introduce the concept of classes of delays, where messages belonging to a certain class have a specific delay, and where these classes coexist in the DAG. We provide a general model that predicts the tip pool size for any finite number of different classes. This categorisation and model is applied to the first iteration of the IOTA 2.0 protocol (a.k.a. Coordicide), where two distinct classes, namely value and data messages, coexist. We show that the tip pool size depends strongly on the dominating class that is present. Finally, we provide a methodology for controlling the tip pool size by dynamically adjusting the number of references a message creates.

### Efficient Verification of the Wesolowski Verifiable Delay Function for Distributed Environments

Vidal Attias, Luigi Vigneri, Vassil Dimitrov

Submitted to the Conference on Security and Cryptography for Networks 2022

Abstract

Verifiable Delay Functions (VDFs) are a set of new cryptographic schemes ensuring that an agent has spent some time (evaluation phase) in a unparalleled computation. A key requirement for such a construction is that the verification of the computation’s correctness has to be done in a significantly shorter time than the evaluation phase. This has led VDFs to recently gain exposure in large-scale decentralized projects as a core component of consensus algorithms or spam-prevention mechanisms. In this work, due to the increasing relevance and the lack of literature, we will focus on the optimization of the verification phase of Wesolowski’s VDF and provide a three-axis of improvement concerning multi-exponentiation computation, prime testing techniques, and hashing tricks. We will show that our optimizations reduce the computation time of the verification phase between 12% and 35% for the range of parameters considered.

### Parasite Chain Detection in the IOTA Protocol

Andreas Penzkofer, Bartosz Kusmierz, Angelo Capossele, William Sanders, Olivia Saa

Accepted for publication at Tokenomics 2020, Toulouse, France

Abstract

In recent years several distributed ledger technologies based on directed acyclic graphs (DAGs) have appeared on the market. Similar to blockchain technologies, DAG-based systems aim to build an immutable ledger and are faced with security concerns regarding the irreversibility of the ledger state. However, due to their more complex nature and recent popularity, the study of adversarial actions has received little attention so far. In this paper we are concerned with a particular type of attack on the IOTA cryptocurrency, more specifically a Parasite Chain attack that attempts to revert the history stored in the DAG structure, also called the Tangle. In order to improve the security of the Tangle, we present a detection mechanism for this type of attack. In this mechanism, we embrace the complexity of the DAG structure by sampling certain aspects of it, more particularly the distribution of the number of approvers. We initially describe models that predict the distribution that should be expected for a Tangle without any malicious actors. We then introduce metrics that compare this reference distribution with the measured distri- bution. Upon detection, measures can then be taken to render the attack unsuccessful. We show that due to a form of the Parasite Chain that is different from the main Tangle it is possible to detect cer- tain types of malicious chains. We also show that although the attacker may change the structure of the Parasite Chain to avoid detection, this is done so at a significant cost since the attack is rendered less efficient.

### Equilibria in the Tangle

Serguei Popov, Olivia Saa, Paulo Finardi

Computers & Industrial Engineering, Volume 136, Pages 160-172, October 2019

Abstract

We analyse the Tangle — a DAG-valued stochastic process where new ver- tices get attached to the graph at Poissonian times, and the attachment’s loca- tions are chosen by means of random walks on that graph. These new vertices, also thought of as “transactions”, are issued by many players (which are the nodes of the network), independently. The main application of this model is that it is used as a base for the IOTA cryptocurrency system [1]. We prove existence of “almost symmetric” Nash equilibria for the system where a part of players tries to optimize their attachment strategies. Then, we also present simulations that show that the “selfish” players will nevertheless cooperate with the network by choosing attachment strategies that are similar to the “recom- mended” one.

### FPC-BI: Fast Probabilistic Consensus within Byzantine Infrastructures

Serguei Popov, William J Buchanan

Journal of Parallel and Distributed Computing

Abstract

This paper presents a novel leaderless protocol (FPC-BI: Fast Probabilistic Consensus within Byzantine Infrastructures) with a low communicational complexity and which allows a set of nodes to come to a consensus on a value of a single bit. The paper makes the assumption that part of the nodes are Byzantine, and are thus controlled by an adversary who intends to either delay the consensus, or break it (this defines that at least a couple of honest nodes come to different conclusions). We prove that, nevertheless, the protocol works with high probability when its parameters are suitably chosen. Along this the paper also provides explicit estimates on the probability that the protocol finalizes in the consensus state in a given time. This protocol could be applied to reaching consensus in decentralized cryptocurrency systems. A special feature of it is that it makes use of a sequence of random numbers which are either provided by a trusted source or generated by the nodes themselves using some decentralized random number generating protocol. This increases the overall trustworthiness of the infrastructure. A core contribution of the paper is that it uses a very weak consensus to obtain a strong consensus on the value of a bit, and which can relate to the validity of a transaction.

### Robustness and efficiency of leaderless probabilistic consensus protocols within Byzantine infrastructures

Angelo Capossele, Sebastian Müller, Andreas Penzkofer

Blockchain: Research and Applications, Volume 2, Issue 1, April 2021, 100007

Abstract

This paper investigates leaderless binary majority consensus protocols with low computational complexity in noisy Byzantine infrastructures. Using computer simulations, we show that explicit randomization of the consensus protocol can significantly increase the robustness towards faulty and malicious nodes. We identify the optimal amount of randomness for various Byzantine attack strategies on different kinds of network topologies.

### Fast Probabilistic Consensus with Weighted Votes

Sebastian Müller, Andreas Penzkofer, Bartosz Kuśmierz, Darcy Camargo, William J Buchanan

Future Technologies Conference (FTC) 2020

Abstract

The fast probabilistic consensus (FPC) is a voting consensus protocol that is robust and efficient in Byzantine infrastructure. We propose an adaption of the FPC to a setting where the voting power is proportional to the nodes reputations. We model the reputation using a Zipf law and show using simulations that the performance of the protocol in Byzantine infrastructure increases with the Zipf exponent. Moreover, we propose several improvements of the FPC that decrease the failure rates significantly and allow the protocol to withstand adversaries with higher weight. We distinguish between cautious and berserk strategies of the adversaries and propose an efficient method to detect the more harmful berserk strategies. Our study refers at several points to a specific implementation of the IOTA protocol, but the principal results hold for general implementations of reputation models.

## Pre-Coordicide Papers

### The Tangle

Serguei Popov

Abstract

This paper analyzes the mathematical foundations of IOTA, a cryptocurrency for the Internet-of-Things (IoT) industry. The main feature of this novel cryptocurrency is the tangle, a directed acyclic graph (DAG) for storing transactions. The tangle naturally succeeds the blockchain as its next evolutionary step, and offers features that are required to establish a machineto-machine micropayment system.

### Equilibria in the Tangle

Serguei Popov, Olivia Saa, Paulo Finardi

Computers & Industrial Engineering, 2019

Abstract

We analyse the Tangle — a DAG-valued stochastic process where new vertices get attached to the graph at Poissonian times, and the attachment’s locations are chosen by means of random walks on that graph. These new vertices, also thought of as “transactions”, are issued by many players (which are the nodes of the network), independently. The main application of this model is that it is used as a base for the IOTA cryptocurrency system. We prove existence of “almost symmetric” Nash equilibria for the system where a part of players tries to optimize their attachment strategies. Then, we also present simulations that show that the “selfish” players will nevertheless cooperate with the network by choosing attachment strategies that are similar to the “recommended” one.

### Properties of the Tangle for Uniform Random and Random Walk Tip Selection

Bartosz Kuśmierz, William Sanders, Andreas Penzkofer, Angelo Capossele, Alon Gal

IEEE International Conference on Blockchain, 2019

Abstract

The growing number of applications for distributed ledger technologies is driving both industry and academia to solve the limitations of blockchain, particularly its scalability issues. Recent distributed ledger technologies have replaced the blockchain linear structure with a more flexible directed acyclic graph in an attempt to accommodate a higher throughput. Despite the fast-growing diffusion of directed acyclic graph based distributed ledger technologies, researchers lack a basic understanding of their behavior. In this paper we analyze the Tangle, a directed acyclic graph that is used (with certain modifications) in various protocols such as IOTA, Byteball, Avalanche or SPECTRE. Our contribution is threefold. First, we run simulations in a continuous-time model to examine tip count stability and cumulative weight evolution while varying the rate of incoming transactions. In particular we confirm analytical predictions on the number of tips with uniform random tip selection strategy. Second, we show how different tip selection algorithms affect the growth of the Tangle. Moreover, we explain these differences by analyzing the spread of exit probabilities of random walks. Our findings confirm analytically derived predictions and provide novel insights on the different phases of growth of cumulative weight as well as on the average time difference for a transaction to receive its first approval when using distinct tip selection algorithms. Lastly, we analyze simulation overhead and performance as a function of Tangle size and compare results for different tip selection algorithms.

### Extracting Tangle Properties in Continuous Time via Large-Scale Simulations

Bartosz Kuśmierz, Philip Staupe, Alon Gal

Abstract

This paper analyzes fundamental properties of the Tangle. We use computer simulations to analyze cumulative weight evolution and tip count stability using a continuous-time model. As a byproduct of our analysis of average tip count we derive analytical formulas for the average number of tips in the discrete-time model. The paper also introduces and analyses the influence of a non-constant number of directly-approved transactions and scaling-invariance properties of the Tangle.

### Probability of Being Left Behind and Probability of Becoming Permanent Tip

Bartosz Kuśmierz, Alon Gal

Abstract

We formalize, analyze and numerically estimate probability that given transaction will be left behind and probability that transaction will become permanent tip. Analyzed data are gathered for different values of λ and α. As a byproduct of our study, we provide properties of probability of leaving behind in the limit case of parameters.

### Local Modifiers in the Tangle

Serguei Popov

Abstract

As of today, there are many cryptocurrency systems around. They mostly share one common feature: all participants of the network interpret the same ledger in the same way. In this paper, we introduce the idea of local modifiers: the nodes of the network can interact with the ledger in different ways, depending on various kinds of information locally available to them. We then argue that such an approach permits to increase the security and the scalability of the Tangle.

### The first glance at the simulation of the Tangle: discrete model

Bartosz Kuśmierz

Abstract

In this paper we present preliminary results obtained with the computer simulation of the Tangle - directed acyclic graph adapted for decentralized information storage. The first scalable, permissionless distributed ledger to use this technology is IOTA. IOTA protocol is designed for Internet of Things, Web 3.0 and other applicable sectors where the standard blockchain architecture comes up short. We examine basic properties of the Tangle, this include analysis of cumulative weight and stability of tips number, for different tip selection mechanisms.

### The Security and Stability of the Tangle

Quentin Bramas

Abstract

In this paper, we study the stability and the security of the Tangle, which is the distributed data structure at the base of the IOTA protocol. The contribution of this paper is twofold. Firstly we present a simple model to analyze the Tangle and give the first formal analyzes of the average number of unconfirmed transactions and the average confirmation time of a transaction. Secondly, we define the notion of an assiduous honest majority that captures the fact that the honest nodes have more hashing power than the adversarial nodes and that all this hashing power is constantly used to create transactions. This notion is important because we prove that it is a necessary assumption to protect the Tangle against double-spending attacks, and this is true for any tip selection algorithm (which is a fundamental building block of the protocol) that verifies some reasonable assumptions. In particular, the same is true with the Markov Chain Monte Carlo selection tip algorithm currently used in the IOTA protocol. Our work shows that either all honest nodes must constantly use all their hashing power to validate the main chain (similarly to the bitcoin protocol) or some kind of authority must be provided to avoid this kind of attack (as in the current version of the IOTA where a Coordinator is used). The work presented here constitutes a theoretical analysis and cannot be used to attack the current IOTA implementation. The goal of this paper is to present a formalization of the protocol and, as a starting point, to prove that some assumptions are necessary to defend the system again double-spending attacks. We hope that it will be used to improve the current protocol with a more formal approach.

### How to Choose Its Parents in the Tangle

Vidal Attias, Quentin Bramas

The International Conference on Networked Systems NETYS, 2019

Abstract

The Tangle is a data structure mainly used to store transactions in the IOTA cryptocurrency. It has similarities with the blockchain structure of Bitcoin but in the Tangle, a block contains only one transaction and has not one, but two parents. The security and the stability of this distributed data structure is highly dependent on the algorithm used to select the parents of a new block. Previous work showed that the current parents selection algorithms are insecure, not stable or have low performances. And we propose a new algorithm that combines all these properties.

### Quasi-Analytic Parasite Chain Absorption Probabilities in the Tangle

Philip Staupe

Abstract

We analyse with which probability the MCMC random walk gets absorbed into a parasite chain and underpin our arguments with simulation-based numerical results.

### Improving the Anonymity of the IOTA Cryptocurrency

Laurence Tennant

Abstract

IOTA differentiates itself from other cryptocurrencies by being based on a non-blockchain data structure with a highly scalable approach to transaction confirmation. In addition, it exclusively uses post-quantum cryptography. However, as with most cryptocurrencies, IOTA’s ledger is currently completely transparent. Constructing an acceptable privacy solution within these parameters is a considerable challenge. The report begins with a brief introduction to IOTA, followed by a general overview of privacy and anonymity in cryptocurrency. This leads to a review of methods currently used to enhance anonymity in other cryptocurrencies, and an assessment of their effectiveness and applicability to IOTA. Ultimately, off-ledger mixing using payment channels is found to be the most promising long-term privacy solution. In the meantime, centralised mixing forms a practical way to perform anonymity-enhanced transactions over the IOTA network, and can build a foundation for trustless solutions in future.

Serguei Popov

### Parasite Chain Detection in the IOTA Protocol

Andreas Penzkofer, Bartosz Kuśmierz, Angelo Capossele, William Sanders, Olivia Saa

Tokenomics, 2020

Abstract

In recent years several distributed ledger technologies based on directed acyclic graphs (DAGs) have appeared on the market. Similar to blockchain technologies, DAG-based systems aim to build an immutable ledger and are faced with security concerns regarding the irreversibility of the ledger state. However, due to their more complex nature and recent popularity, the study of adversarial actions has received little attention so far. In this paper we are concerned with a particular type of attack on the IOTA cryptocurrency, more specifically a Parasite Chain attack that attempts to revert the history stored in the DAG structure, also called the Tangle. In order to improve the security of the Tangle, we present a detection mechanism for this type of attack. In this mechanism, we embrace the complexity of the DAG structure by sampling certain aspects of it, more particularly the distribution of the number of approvers. We initially describe models that predict the distribution that should be expected for a Tangle without any malicious actors. We then introduce metrics that compare this reference distribution with the measured distribution. Upon detection, measures can then be taken to render the attack unsuccessful. We show that due to a form of the Parasite Chain that is different from the main Tangle it is possible to detect certain types of malicious chains. We also show that although the attacker may change the structure of the Parasite Chain to avoid detection, this is done so at a significant cost since the attack is rendered less efficient.

### On the stability of unverified transactions in a DAG-based Distributed Ledger

Pietro Ferraro, Christopher King, Robert Shorten

IEEE Transactions on Automatic Control, 2020

Abstract

Directed Acylic Graphs (DAGs) are emerging as an attractive alternative to traditional blockchain architectures for distributed ledger technology (DLT). In particular DAG ledgers with stochastic attachment mechanisms potentially offer many advantages over blockchain, including scalability and faster trans- action speeds. However, the random nature of the attachment mechanism coupled with the requirement of protection against double-spending transactions might result in an unstable system in which not all transactions get eventually validated. Such transactions are said to be orphaned, and will never be validated. Our principal contribution is to propose a simple modification to the attachment mechanism for the Tangle (the IOTA DAG architecture). This modification ensures that all transactions are validated in finite time, and preserves essential features of the popular Monte-Carlo selection algorithm. In order to demonstrate these results we derive a fluid approximation for the Tangle (in the limit of infinite arrival rate) and prove that this fluid model exhibits the desired behavior. We also present simulations which validate the results for finite arrival rates.

### Distributed Ledger Technology for Smart Mobility: Variable Delay Models

Andrew Cullen, Pietro Ferraro, Christopher King, Robert Shorten

IEEE 58th Conference on Decision and Control (CDC), 2019

Abstract

Recently, distributed ledgers based on directed acyclic graphs (DAG) have been proposed for various applications in the smart mobility domain [1]. While many application studies have been described in the literature, an open problem in the DLT community concerns the lack of mathematical models describing their behavior and their validation. Building on previous work in [1], we present, in this paper, a fluid-based approximation for the IOTA Foundation DAG-based DLT that incorporates varying transaction delays. This extension, namely the inclusion of varying delays, is important for feedback control applications (such as transactive control [2]). Extensive simulations are presented to illustrate the efficacy of our approach.

### IOTA-based Directed Acyclic Graphs without Orphans

Pietro Ferraro, Christopher King, Robert Shorten

IEEE Transactions on Automatic Control, 2020

Abstract

Directed Acylic Graphs (DAGs) are emerging as an attractive alternative to traditional blockchain architectures for distributed ledger technology (DLT). In particular DAG ledgers with stochastic attachment mechanisms potentially offer many advantages over blockchain, including scalability and faster transaction speeds. However, the random nature of the attachment mechanism coupled with the requirement of protection against double-spend transactions leaves open the possibility that not all transactions will be eventually validated. Such transactions are said to be orphaned, and will never be validated. Our principal contribution is to propose a simple modification to the attachment mechanism for the Tangle (the IOTA DAG architecture). This modification ensures that all transactions are validated in finite time, and preserves essential features of the popular Monte-Carlo selection algorithm. In order to demonstrate these results we derive a fluid approximation for the Tangle (in the limit of infinite arrival rate) and prove that this fluid model exhibits the desired behavior. We also present simulations which validate the results for finite arrival rates.

### Distributed Ledger Technology for IoT: Parasite Chain Attacks

Andrew Cullen, Pietro Ferraro, Christopher King, Robert Shorten

Abstract

Directed Acyclic Graph (DAG) based Distributed Ledgers can be useful in a number of applications in the IoT domain. A distributed ledger should serve as an immutable and irreversible record of transactions, however, a DAG structure is a more complicated mathematical object than its blockchain counterparts, and as a result, providing guarantees of immutability and irreversibility is more involved. In this paper, we analyse a commonly discussed attack scenario known as a parasite chain attack for the IOTA Foundation DAG based ledger. We analyse the efficacy of IOTA core MCMC algorithm using a matrix model and present an extension which improves the ledger resistance to these attacks.

### Distributed Ledger Technology, Cyber-Physical Systems, and Social Compliance

Pietro Ferraro, Christopher King, Robert Shorten

IEEE Access, Volume: 6

Abstract

This paper describes how Distributed Ledger Technologies can be used to design a class of cyber-physical systems, as well as to enforce social contracts and to orchestrate the behaviour of agents trying to access a shared resource. The first part of the paper analyses the advantages and disadvantages of using Distributed Ledger Technologies architectures to implement certain control systems in an Internet of Things (IoT) setting, and then focuses on a specific type of DLT based on a Directed Acyclic Graph. In this setting we propose a set of delay differential equations to describe the dynamical behaviour of the Tangle, an IoT-inspired Directed Acyclic Graph designed for the cryptocurrency IOTA. The second part proposes an application of Distributed Ledger Technologies as a mechanism for dynamic deposit pricing, wherein the deposit of digital currency is used to orchestrate access to a network of shared resources. The pricing signal is used as a mechanism to enforce the desired level of compliance according to a predetermined set of rules. After presenting an illustrative example, we analyze the control system and provide sufficient conditions for the stability of the network.

### Direct Acyclic Graph-based Ledger for Internet of Things: Performance and Security Analysis

Yixin Li, Bin Cao, Mugen Peng, Long Zhang, Lei Zhang, Daquan Feng, Jihong Yu

IEEE Transactions on Networking, 2020

Abstract

Abstract—Direct Acyclic Graph (DAG)-based ledger and the corresponding consensus algorithm has been identified as a promising technology for Internet of Things (IoT). Compared with Proof-of-Work (PoW) and Proof-of-Stake (PoS) that have been widely used in blockchain, the consensus mechanism de-signed on DAG structure (simply called as DAG consensus) can overcome some shortcomings such as high resource consumption, high transaction fee, low transaction throughput and long confirmation delay. However, the theoretic analysis on the DAG consensus is an untapped venue to be explored. To this end, based on one of the most typical DAG consensuses, Tangle, we investigate the impact of network load on the performance and security of the DAG-based ledger. Considering unsteady network load, we first propose a Markov chain model to capture the behavior of DAG consensus process under dynamic load conditions. The key performance metrics, i.e., cumulative weight and confirmation delay are analysed based on the proposed model. Then, we leverage a stochastic model to analyse the probability of a successful double-spending attack in different network load regimes. The results can provide an insightful understanding of DAG consensus process, e.g., how the network load affects the confirmation delay and the probability of a successful attack. Meanwhile, we also demonstrate the trade-off between security level and confirmation delay, which can act as a guidance for practical deployment of DAG-based ledgers.