The science behind the Tangle
Research undertaken on topics related to The Tangle and IOTA technologies.
We have many papers published on Google Scholar with more being added regularly from our distinguished researchers.
Olivia Saa, Andrew Cullen, Luigi Vigneri
Abstract
This whitepaper introduces IOTA’s groundbreaking approach to tokenomics and incentives, challenging prevalent models in the crypto space. Traditional cryptocurrencies often rely on token-based incentives, resulting in a degradation of civic duty and a skewed distribution of wealth. IOTA 2.0 diverges from this trend, offering access to the network as a reward for maintaining the network, thus creating an inclusive and accessible cryptocurrency ecosystem and making digital autonomy a reality for a broader user base. IOTA 2.0’s leaderless consensus eliminates fees for token holders, who instead burn Mana, a resource generated by their tokens, to produce their own blocks. By rewarding participation in the network with Mana and not the base token, IOTA 2.0 tokenomics prevents value extraction and exploitation by profit-motivated validators. Our approach eliminates inflation entirely, ensuring a fixed token supply and preventing wealth concentration. Tying rewards directly to the system’s utility also encourages sustained, long-term engagement from early adopters, and accommodates users restricted from receiving cryptocurrency rewards.
Sebastian Müller, Andreas Penzkofer, Nikita Polyanskii, Jonas Theis, William Sanders, Hans Moog
IEEE Access, 2022
Abstract
We introduce the theoretical foundations of the Tangle 2.0, a probabilistic leaderless consensus protocol based on a directed acyclic graph (DAG) called the Tangle. The Tangle naturally succeeds the blockchain as its next evolutionary step as it offers features suited to establish more efficient and scalable distributed ledger solutions. Consensus is no longer found in the longest chain but on the heaviest DAG, where PoW is replaced by a stake- or reputation-based weight function. The DAG structure and the underlying Reality-based UTXO Ledger allow parallel validation of transactions without the need for total ordering. Moreover, it enables the removal of the intermediary of miners and validators, allowing a pure two-step process that follows the \emph{propose-vote} paradigm at the node level and not at the validator level. We propose a framework to analyse liveness and safety under different communication and adversary models. This allows providing impossibility results in some edge cases and in the asynchronous communication model. We provide formal proof of the security of the protocol assuming a common random coin.
Sebastian Müller, Andreas Penzkofer, Nikita Polyanskii, Jonas Theis, William Sanders, Hans Moog
ACM Distributed Ledger Technologies: Research and Practice, 2023
Abstract
The Unspent Transaction Output (UTXO) model is commonly used in the field of Distributed Ledger Technology (DLT) to transfer value between participants. One of its advantages is that it allows parallel processing of transactions, as independent transactions can be added in any order. This property of order invariance and parallelisability has potential benefits in terms of scalability. However, since the UTXO Ledger is an append-only data structure, this advantage is compromised through the presence of conflicting transactions. We propose an extended UTXO Ledger model that optimistically updates the ledger and keeps track of the dependencies of the possible conflicts. In the presence of a conflict resolution mechanism, we propose a method to reduce the extended ledger back to a consistent UTXO Ledger.
Andrew Cullen, Pietro Ferraro, William Sanders, Luigi Vigneri, Robert Shorten
IEEE Internet of Things Journal, 2021
Abstract
In the Internet of Things (IoT) domain, devices need a platform to transact seamlessly without a trusted intermediary. Although Distributed Ledger Technologies (DLTs) could provide such a platform, blockchains, such as Bitcoin, were not designed with IoT networks in mind, hence are often unsuitable for such applications: they offer poor transaction throughput and confirmation times, put stress on constrained computing and storage resources, and require high transaction fees. In this work, we consider a class of IoT-friendly DLTs based on directed acyclic graphs, rather than a blockchain, and with a reputation system in the place of Proof of Work (PoW). However, without PoW, implementation of these DLTs requires an access control algorithm to manage the rate at which nodes can add new transactions to the ledger. We model the access control problem and present an algorithm that is fair, efficient and secure. Our algorithm represents a new design paradigm for DLTs in which concepts from networking are applied to the DLT setting for the first time. For example, our algorithm uses distributed rate setting which is similar in nature to transmission control used in the Internet. However, our solution features novel adaptations to cope with the adversarial environment of DLTs in which no individual agent can be trusted. Our algorithm guarantees utilisation of resources, consistency, fairness, and resilience against attackers. All of this is achieved efficiently and with regard for the limitations of IoT devices. We perform extensive simulations to validate these claims.
Serguei Popov, Hans Moog, Darcy Camargo, Angelo Capossele,Vassil Dimitrov, Alon Gal, Andrew Greve, Bartosz Kusmierz, Sebastian Mueller, Andreas Penzkofer, Olivia Saa, William Sanders, Luigi Vigneri, Wolfgang Welz, Vidal Attias
Abstract
The Coordicide project focuses on the removal of the Coordinator through the implementation of several network components, as discussed in this working paper. Despite these additional components, all existing fundamental design features of the Tangle remain in place.
Evaldas Drąsutis
Abstract
The document introduces IOTA Smart Contracts, a distributed ledger technology (DLT) and a multi-blockchain smart contract framework with ability to transact cross-chain in a trustless and scalable manner on the IOTA UTXO ledger on layer 1. The main goal is to present the reasoning behind the concept and the architectural elements. The style of the whitepaper is informal
Lianna Zhao, Luigi Vigneri, Andrew Cullen, William Sanders, Pietro Ferraro, Robert Shorten
IEEE Internet of Things Journal, 2021
Abstract
Access control is a fundamental component of the design of distributed ledgers, influencing many aspects of their functionality, such as fairness, efficiency, traditional notions of network security, and adversarial attacks such as Denial-of-Service (DoS) attacksAttackers attempt to put stress on the network by sending a large amount of transactions to other nodes.. In this work, we consider the security of a recently proposed access control protocol for Directed Acyclic Graph-based distributed ledgers. We present a number of attack scenarios and potential vulnerabilities of the protocol and introduce a number of additional features which enhance its resilience. Specifically, a blacklisting algorithm, which is based on a reputation-weighted threshold, is introduced to handle both spamming and multi-rate malicious attackers. A solidification request component is also introduced to ensure the fairness and consistency of the network in the presence of attacks. Finally, a timestamp component is also introduced to maintain the consistency of the network in the presence of multi-rate attackers. Simulations to illustrate the efficacy and robustness of the revised protocol are also presented.
Sebastian Müller, Angelo Capossele, Bartosz Kuśmierz, Vivian Lin, Hans Moog, Andreas Penzkofer, Olivia Saa, William Sanders, Wolfgang Welz
3rd Conference on Blockchain Research Applications for Innovative Networks and Services (BRAINS), 2021
Abstract
The security of any Distributed Ledger Technology (DLT) depends on the safety of the network layer. Much effort has been put into understanding the consensus layer of DLTs. However, many network layer designs seem ad-hoc and lack a careful analysis of the influence of the design decisions on the whole DLT system. We propose a salt-based automated neighbor selection protocol that shows the inherent tradeoffs of certain design decisions and allows a quantitative treatment of some network topology requirements. This example may serve as a design framework and facilitate future research. We provide a selection of results from simulations to highlight some tradeoffs in the design decisions.
Bing-Yang Lin, Daria Dziubałtowska, Piotr Macek, Andreas Penzkofer, Sebastian Müller
EAI VALUETOOLS 2022 - 15th EAI International Conference on Performance Evaluation Methodologies and Tools
Abstract
In this paper, we investigate the performance of the Tangle 2.0 consensus protocol in a Byzantine environment. We use an agent-based simulation model that incorporates the main features of the Tangle 2.0 consensus protocol. Our experimental results demonstrate that the Tangle 2.0 protocol is robust to the bait-and-switch attack up to the theoretical upper bound of the adversary's 33% voting weight. We further show that the common coin mechanism in Tangle 2.0 is necessary for robustness against powerful adversaries. Moreover, the experimental results confirm that the protocol can achieve around 1s confirmation time in typical scenarios and that the confirmation times of non-conflicting transactions are not affected by the presence of conflicts.
Serguei Popov
IEEE Blockchain Technical Briefs, 2019
Abstract
Throughput is a key property for any distributed ledger technology. However, limited resources, such as bandwidth or node computational power, can lead to network congestion when nodes try to issue more transactions than the network can handle. Consequently, priority criteria are necessary to determine whether a transaction should be accepted or not. In this paper, we present a novel adaptive rate control algorithm for the Tangle, a new-generation distributed ledger allowing large throughput. Our approach combines various concepts, such as resource tests and Proof-of-Work with dynamic difficulty. Our algorithm not only serves as an anti-spam mechanism, but also achieves fair representation. This is to be contrasted with pure Proof-of-Work blockchains, which lead to wasteful mining races.
Luigi Vigneri, Wolfgang Welz
2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
Abstract
Distributed networks have been widely studied in literature. However, the blockchain paradigm has inspired to revisit some of the results under a different point of view. In this paper, we analyze the “classic” spam protection problem applied to the IOTA Tangle, a distributed ledger technology which addresses Bitcoin’s (monetary and energy) efficiency issues through the absence of mining pools. However, the lack of miners makes the network vulnerable to denial of service attacks. We propose an anti spam mechanism based on the solution of a cryptographic puzzle: When a node wants to generate a new transaction, it dynamically adapts the difficulty of the puzzle depending on its target throughput and on its reputation score. Specifically, the adaptive difficulty property guarantees that any node, even with low hashing power, can achieve similar throughput for a given reputation. In the paper, we prove this claim both analytically and through simulations, and we show that fairness between low- and high-power nodes is indeed reached.
Vassil Dimitrov, Luigi Vigneri, Vidal Attias
IEEE Transactions on Computers, 2021
Abstract
Primality generation is the cornerstone of several essential cryptographic systems. The problem has been a subject of deep investigations, but there is still a substantial room for improvements. Typically, the algorithms used have two parts trial divisions aimed at eliminating numbers with small prime factors and primality tests based on an easy-to-compute statement that is valid for primes and invalid for composites. In this paper, we will showcase a technique that will eliminate the first phase of the primality testing algorithms. The computational simulations show a reduction of the primality generation time by about 30% in the case of 1024-bit RSA key pairs. This can be particularly beneficial in the case of decentralized environments for shared RSA keys as the initial trial division part of the key generation algorithms can be avoided at no cost. This also significantly reduces the communication complexity. Another essential contribution of the paper is the introduction of a new one-way function that is computationally simpler than the existing ones used in public-key cryptography. This function can be used to create new random number generators, and it also could be potentially used for designing entirely new public-key encryption systems.
Louis Helmer, Andreas Penzkofer
Abstract
The high energy consumption of proof of work-based distributed ledgers has become an important environmental concern. Bitcoin, for example, consumes as much energy in a year as a developed country. Alternative consensus mechanisms, such as proof of stake, have been shown to use drastically less energy than proof of work-based DLTs. For example, the IOTA DLT, built upon a directed acyclic graph (DAG) architecture, uses an alternative consensus mechanism that requires significantly less energy than other DLTs. Because the (DLT) space is constantly and rapidly evolving, the question of how much energy DLTs actually consume demands to be continuously studied and answered. Studying the energy consumption of alternative DLTs is important as it contributes to improving the understanding of the general public that not all cryptocurrencies use excessive energy resources. Previous research into the energy consumption of the IOTA network has shown that an optimization in the overall protocol correlates to an optimization in energy consumption. The planned IOTA 2.0 update, built upon the GoShimmer research prototype, promises to further optimize the protocol by removing the network's centralized Coordinator. This report presents the results of measuring the energy consumption of a private GoShimmer network while comparing these findings to previous research into the current mainnet, which is called Chrysalis. The main findings of this report are that the IOTA 2.0 research prototype shows both improvements and increase in the energy consumption metrics compared to the Chrysalis network. Additionally, this report defines a model to estimate the total annual energy consumption of an IOTA network. This model should be significant for future research as it enables a way to estimate the total cost of running the IOTA network as well as its carbon emissions. Moreover, having an annual power consumption metric allows for better objective comparisons to different DLTs.
Vidal Attias, Luigi Vigneri, Vassil Dimitrov
Abstract
RSA cryptography is still widely used. Some of its applications (e.g., distributed signature schemes, cryptosystems) do not allow the RSA modulus to be generated by a centralized trusted entity. Instead, the factorization must remain unknown to all the network participants. To this date, the existing algorithms are either computationally expensive, or limited to two-party settings. In this work, we design a decentralized multi-party computation algorithm able to generate efficiently the RSA modulus.
Vidal Attias, Luigi Vigneri, Vassil Dimitrov
Tokenomics, 2020
Abstract
Proof of Work is a prevalent mechanism to prove investmentof time in blockchain projects. However the use of massive parallelismand specialized hardware gives an unfair advantage to a small portion ofnodes and raises environmental and economical concerns. In this paperwe provide an implementation study of two Verifiable Delay Functions, anew cryptographic primitive achieving Proof of Work goals in an unpar-allelizable way. We provide simulation results and an optimization basedon a multiexponentiation algorithm.
Vidal Attias, Luigi Vigneri, Vassil Dimitrov
IEEE Global Communications Conference (GLOBECOM), 2020
Abstract
Permissionless distributed ledgers provide a promising approach to deal with the Internet of Things (IoT) paradigm. Since IoT devices mostly generate data transactions and micropayments, distributed ledgers that use fees to regulate the network access are not an optimal choice. In this paper, we study a feeless architecture developed by IOTA and designed specifically for the IoT. Due to the lack of fees, malicious nodes can exploit this feature to generate an unbounded number of transactions and perform a denial of service attacks. We propose to mitigate these attacks through verifiable delay functions. These functions, which are non-parallelizable, hard to compute, and easy to verify, have been formulated only recently. In our work, we design a denial of service prevention mechanism which addresses network heterogeneity, limited node computational capabilities, and hardware-specific implementation optimizations. Verifiable delay functions have mostly been studied from a theoretical point of view, but little has been done in tangible applications. Hence, this paper can be considered as a pioneer work in the field, since it builds a bridge between this theoretical mathematical framework and a real-world problem.
Abstract
We introduce a permissioned distributed ledger technology (DLT) design for crowdsourced smart mobility applications. This architecture is based on a directed acyclic graph architecture (similar to the IOTA tangle) and uses both Proof-of-Work and Proof-of-Position mechanisms to provide protection against spam attacks and malevolent actors. In addition to enabling individuals to retain ownership of their data and to monetize it, the architecture is also suitable for distributed privacy-preserving machine learning algorithms, is lightweight, and can be implemented in simple internet-of-things (IoT) devices. To demonstrate its efficacy, we apply this framework to reinforcement learning settings where a third party is interested in acquiring information from agents. In particular, one may be interested in sampling an unknown vehicular traffic flow in a city, using a DLT-type architecture and without perturbing the density, with the idea of realizing a set of virtual tokens as surrogates of real vehicles to explore geographical areas of interest. These tokens, whose authenticated position determines write access to the ledger, are thus used to emulate the probing actions of commanded (real) vehicles on a given planned route by ``jumping'' from a passing-by vehicle to another to complete the planned trajectory. Consequently, the environment stays unaffected (i.e., the autonomy of participating vehicles is not influenced by the algorithm), regardless of the number of emitted tokens. The design of such a DLT architecture is presented, and numerical results from large-scale simulations are provided to validate the proposed approach.
Panagiota Katsikouli, Pietro Ferraro, Hugo Richardson, Hanson Cheng, Siobhan Anderson, Deepak Mallya, David Timoney, Marc Masen, Robert Shorten
Frontiers in Sustainable Cities, 2020
Abstract
The link between transport related emissions and human health is a major issue for municipalities worldwide and one of the main challenges to address in the context of Smart Cities. Specifically, Particulate Matter (PM) emissions from exhaust and non-exhaust sources are one of the main worrying contributors to air-pollution. In this paper, we challenge the notion that a ban on internal combustion engine vehicles will result in clean and safe air in our cities, since emissions from tyres and other non-exhaust sources are expected to increase in the near future. We support this claim through simple calculations, based on publicly available data from the city of Dublin, and we present a high level solution to this problem, in the form of a control mechanism and ride-sharing scheme to limit the number of vehicles and therefore maintain the amount of transport-related PM to safe levels. Thanks to the use of Distributed Ledger Technology our proposal is entirely distributed, fair and privacy preserving, which makes it ideal for application in the Smart City domain.
Sebastian Müller, Andreas Penzkofer, Darcy Camargo, Olivia Saa
Abstract
Voting algorithms have been widely used as consensus protocols in the realization of fault-tolerant systems. These algorithms are best suited for distributed systems of nodes with low computational power or heterogeneous networks, where different nodes may have different levels of reputation or weight. Our main contribution is the construction of a fair voting protocol in the sense that the influence of the eventual outcome of a given participant is linear in its weight. Specifically, the fairness property guarantees that any node can actively participate in the consensus finding even with low resources or weight. We investigate effects that may arise from weighted voting, such as loss of anonymity, centralization, scalability, and discuss their relevance to protocol design and implementation.
Abraham Gutierrez, Sebastian Müller, Stjepan Šebek
Abstract
The basic idea of voting protocols is that nodes query a sample of other nodes and adjust their own opinion throughout several rounds based on the proportion of the sampled opinions. In the classic model, it is assumed that all nodes have the same weight. We study voting protocols for heterogeneous weights with respect to fairness. A voting protocol is fair if the influence on the eventual outcome of a given participant is linear in its weight. Previous work used sampling with replacement to construct a fair voting scheme. However, it was shown that using greedy sampling, i.e., sampling with replacement until a given number of distinct elements is chosen, turns out to be more robust and performant.
Bartosz Kuśmierz, Sebastian Müller, Angelo Capossele
Abstract
In this paper, we propose several solutions to the committee selection problem among participants of a distributed ledger based on a decentralized acyclic graph (DAG). Our methods are based on a ledger intrinsic reputation model that serves as a selection criterion. The main difficulty arises from the fact that the DAG ledger is
Abstract
Permissionless distributed ledger technologies (DLTs) utilize an underlying peer-to-peer network to disseminate transactions. These types of networks have been shown to be highly heterogeneous. However, current DLTs fail to consider this heterogeneity which can render low-end nodes to be unable to participate in consensus.
Abstract
Wide-scale adoption of the Internet of Everything requires decentralized security, responsibility, and trust among the stakeholders. All these can be achieved by a Distributed Ledger Technology (DLT) backbone. As a mathematical model for enabling this DLT backbone, IOTA’s Tangle is gaining popularity due to its scalability and freedom from transaction fees. Unlike blockchain, the Tangle uses a Directed Acyclic Graph (DAG) structure, and its design does not cover essential blockchain pitfalls, including expensive Proof of Work (PoW), limited throughput, high transaction costs, and significant confirmation delays. The original IOTA is evolving into a Coordinator-less environment, the Coordicide. It requires additional modules, such as auto-peering and a reputation system, to fully exploit Tangle’s scalability and complete decentralization potential. Nevertheless, each new evolutionary update adds complexity and may introduce security threats. Therefore, the present survey’s motivation is a detailed security analysis of the IOTA. To spur developers and researchers’ interest and summarize the security status in IOTA, we have drawn the current review. Our survey outlines security vulnerabilities on IOTA and their mitigation strategies and explores several important open directions to be researched further. The vulnerabilities are discussed on both the original IOTA and its upcoming Coordicide version. In summary, this survey is first in the field for (i) understanding the basic functionalities of the IOTA, (ii) listing the security solutions provided in the literature against the reported and unreported attacks, and (iii) presenting open research questions (RQ) for directing the future investigations on IOTA.
Vidal Attias, Luigi Vigneri, Vassil Dimitrov
Journal of Cryptographic Engineering, 2022
Abstract
The importance of efficient multi-exponen- tiation algorithms in a large spectrum of cryptographic applications continues to grow. Many of the algorithms proposed in the past pay attention exclusively on the minimization of the number of modular multiplications. However, a short reduction of the multiplicative com- plexity can be easily overshadowed by other figures of merit. In this article we demonstrate a large number of practical results aimed at concrete cryptographic tasks requiring multi-exponentiations and provide rec- ommendations on the best possible algorithmic strate- gies for different selection of security parameters.
Pietro Ferraro, Andreas Penzkofer, Christopher King, Robert Shorten
Abstract
In this paper we present a feedback approach to the design of an attack mitigation policy for DAG-based Distributed Ledgers. We develop a model to analyse the behaviour of the ledger under the so called Tips Inflation Attack and we design a control strategy to counteract this attack strategy. The efficacy of this approach is showcased through a theoretical analysis, in the form of two theorems about the stability properties of the ledger with and without the controller, and extensive Monte Carlo simulations of an agent-based model of the distributed ledger.
Andreas Penzkofer, Olivia Saa, Daria Dziubałtowska
CBT2021 - 5th Cryptocurrencies and Blockchain Technology workshop
Abstract
In distributed ledger technologies (DLTs) with a directed acyclic graph (DAG) data structure, a message-issuing node can decide where to append that message and, consequently, how to grow the DAG. This DAG data structure can typically be decomposed into two pools of messages: referenced messages and unreferenced messages (tips). The selection of the parent messages to which a node appends the messages it issues, depends on which messages it considers as tips. However, the exact time that a message enters the tip pool of a node depends on the delay of that message. In previous works, it was considered that messages have the same or similar delay; however, this generally may not be the case. We introduce the concept of classes of delays, where messages belonging to a certain class have a specific delay, and where these classes coexist in the DAG. We provide a general model that predicts the tip pool size for any finite number of different classes. This categorisation and model is applied to the first iteration of the IOTA 2.0 protocol (a.k.a. Coordicide), where two distinct classes, namely value and data messages, coexist. We show that the tip pool size depends strongly on the dominating class that is present. Finally, we provide a methodology for controlling the tip pool size by dynamically adjusting the number of references a message creates.
Vidal Attias, Luigi Vigneri, Vassil Dimitrov
Abstract
Verifiable Delay Functions (VDFs) are a set of new cryptographic schemes ensuring that an agent has spent some time (evaluation phase) in a unparalleled computation. A key requirement for such a construction is that the verification of the computation’s correctness has to be done in a significantly shorter time than the evaluation phase. This has led VDFs to recently gain exposure in large-scale decentralized projects as a core component of consensus algorithms or spam-prevention mechanisms. In this work, due to the increasing relevance and the lack of literature, we will focus on the optimization of the verification phase of Wesolowski’s VDF and provide a three-axis of improvement concerning multi-exponentiation computation, prime testing techniques, and hashing tricks. We will show that our optimizations reduce the computation time of the verification phase between 12% and 35% for the range of parameters considered.
Andreas Penzkofer, Bartosz Kusmierz, Angelo Capossele, William Sanders, Olivia Saa
Accepted for publication at Tokenomics 2020, Toulouse, France
Abstract
In recent years several distributed ledger technologies based on directed acyclic graphs (DAGs) have appeared on the market. Similar to blockchain technologies, DAG-based systems aim to build an immutable ledger and are faced with security concerns regarding the irreversibility of the ledger state. However, due to their more complex nature and recent popularity, the study of adversarial actions has received little attention so far. In this paper we are concerned with a particular type of attack on the IOTA cryptocurrency, more specifically a Parasite Chain attack that attempts to revert the history stored in the DAG structure, also called the Tangle. In order to improve the security of the Tangle, we present a detection mechanism for this type of attack. In this mechanism, we embrace the complexity of the DAG structure by sampling certain aspects of it, more particularly the distribution of the number of approvers. We initially describe models that predict the distribution that should be expected for a Tangle without any malicious actors. We then introduce metrics that compare this reference distribution with the measured distri- bution. Upon detection, measures can then be taken to render the attack unsuccessful. We show that due to a form of the Parasite Chain that is different from the main Tangle it is possible to detect cer- tain types of malicious chains. We also show that although the attacker may change the structure of the Parasite Chain to avoid detection, this is done so at a significant cost since the attack is rendered less efficient.
Serguei Popov, Olivia Saa, Paulo Finardi
Computers & Industrial Engineering, Volume 136, Pages 160-172, October 2019
Abstract
We analyse the Tangle — a DAG-valued stochastic process where new ver- tices get attached to the graph at Poissonian times, and the attachment’s loca- tions are chosen by means of random walks on that graph. These new vertices, also thought of as “transactions”, are issued by many players (which are the nodes of the network), independently. The main application of this model is that it is used as a base for the IOTA cryptocurrency system [1]. We prove existence of “almost symmetric” Nash equilibria for the system where a part of players tries to optimize their attachment strategies. Then, we also present simulations that show that the “selfish” players will nevertheless cooperate with the network by choosing attachment strategies that are similar to the “recom- mended” one.
Serguei Popov, William J Buchanan
Journal of Parallel and Distributed Computing
Abstract
This paper presents a novel leaderless protocol (FPC-BI: Fast Probabilistic Consensus within Byzantine Infrastructures) with a low communicational complexity and which allows a set of nodes to come to a consensus on a value of a single bit. The paper makes the assumption that part of the nodes are Byzantine, and are thus controlled by an adversary who intends to either delay the consensus, or break it (this defines that at least a couple of honest nodes come to different conclusions). We prove that, nevertheless, the protocol works with high probability when its parameters are suitably chosen. Along this the paper also provides explicit estimates on the probability that the protocol finalizes in the consensus state in a given time. This protocol could be applied to reaching consensus in decentralized cryptocurrency systems. A special feature of it is that it makes use of a sequence of random numbers which are either provided by a trusted source or generated by the nodes themselves using some decentralized random number generating protocol. This increases the overall trustworthiness of the infrastructure. A core contribution of the paper is that it uses a very weak consensus to obtain a strong consensus on the value of a bit, and which can relate to the validity of a transaction.
Angelo Capossele, Sebastian Müller, Andreas Penzkofer
Blockchain: Research and Applications, Volume 2, Issue 1, April 2021, 100007
Abstract
This paper investigates leaderless binary majority consensus protocols with low computational complexity in noisy Byzantine infrastructures. Using computer simulations, we show that explicit randomization of the consensus protocol can significantly increase the robustness towards faulty and malicious nodes. We identify the optimal amount of randomness for various Byzantine attack strategies on different kinds of network topologies.
Sebastian Müller, Andreas Penzkofer, Bartosz Kuśmierz, Darcy Camargo, William J Buchanan
Future Technologies Conference (FTC) 2020
Abstract
The fast probabilistic consensus (FPC) is a voting consensus protocol that is robust and efficient in Byzantine infrastructure. We propose an adaption of the FPC to a setting where the voting power is proportional to the nodes reputations. We model the reputation using a Zipf law and show using simulations that the performance of the protocol in Byzantine infrastructure increases with the Zipf exponent. Moreover, we propose several improvements of the FPC that decrease the failure rates significantly and allow the protocol to withstand adversaries with higher weight. We distinguish between cautious and berserk strategies of the adversaries and propose an efficient method to detect the more harmful berserk strategies. Our study refers at several points to a specific implementation of the IOTA protocol, but the principal results hold for general implementations of reputation models.
Bing-Yang Lin, Daria Dziubałtowska, Piotr Macek, Andreas Penzkofer, Sebastian Müller
2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
Abstract
DAG-based DLTs allow for parallel, asynchronous writing access to a ledger. Consequently, the perception of the most recent blocks may differ considerably between nodes, and the underlying network properties of the P2P layer have a direct impact on the performance of the protocol. Moreover, the stronger inter-dependencies of several core components demand a more complex and complete approach to studying such DLTs. This paper presents an agent-based, open-sourced simulator for large-scale networks that implement the leaderless Tangle 2.0 consensus protocol. Its scope includes modeling the underlying peer-to-peer communication with network topology, package loss, and heterogeneous latency, the gossip protocol with reliable broadcast qualities, the underlying DAG-based data structure, and the consensus protocol. The simulator allows us to explore the performance of the protocol in different network environments, as well as different attack scenarios.
Darcy Camargo, Luigi Vigneri, Andrew Cullen
2023 International Congress on Blockchain and Applications (BLOCKCHAIN'23)
Abstract
A significant portion of research on distributed ledgers has focused on circumventing the limitations of leader-based blockchains mainly in terms of scalability, decentralization and power consumption. Leaderless architectures based on directed acyclic graphs (DAGs) avoid many of these limitations altogether, but their increased flexibility and performance comes at the cost of increased design complexity, so their potential has remained largely unexplored. Management of write access to these ledgers presents a major challenge because ledger updates may be made in parallel, hence transactions cannot simply be serialised and prioritised according to token fees paid to validators. In this work, we propose an access control scheme for leaderless DAG-based ledgers which is based on consuming credits rather than paying fees in the base token. We outline a general model for this new approach and provide some simulation results showing promising performance boosts.
Darcy Camargo, Andreas Penzkofer, Sebastian Müller, William Sanders
2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
Abstract
The robust construction of the ledger data structure is an essential ingredient for the safe operation of a distributed ledger. While in traditional linear blockchain systems, permission to append to the structure is leader-based, in Directed Acyclic Graph-based ledgers, the writing access can be organised leaderless. However, this leaderless approach relies on fair treatment of non-referenced blocks, i.e. tips, by honest block issuers. We study the impact of a deviation from the standard tip selection by a subset of block issuers with the aim of halting the confirmation of honest blocks entirely. We provide models on this so-called orphanage of blocks and validate these through open-sourced simulation studies. A critical threshold for the adversary issuance rate is shown to exist, above which the tip pool becomes unstable, while for values below the orphanage decrease exponentially. We study the robustness of the protocol with an expiration time on tips, also called garbage collection, and modification of the parent references per block.
Bartosz Kusmierz, Roman Overko
2022 IEEE International Conference on Omni-layer Intelligent Systems (COINS)
Abstract
Rapidly growing distributed ledger technologies (DLTs) have recently received attention among researchers in both industry and academia. While a lot of existing analysis (mainly) of the Bitcoin and Ethereum networks is available, the lack of measurements for other crypto projects is observed. This article addresses questions about tokenomics and wealth distributions in cryptocurrencies. We analyze the time-dependent statistical properties of top cryptocurrency holders for 14 different distributed ledger projects. The provided metrics include approximated Zipf coefficient, Shannon entropy, Gini coefficient, and Nakamoto coefficient. We show that there are quantitative differences between the coins (cryptocurrencies operating on their own independent network) and tokens (which operate on top of a smart contract platform). Presented results show that coins and tokens have different values of approximated Zipf coefficient and centralization levels. This work is relevant for DLTs as it might be useful in modeling and improving the committee selection process, especially in decentralized autonomous organizations (DAOs) and delegated proof-of-stake (DPoS) blockchains.
Mayank Raikwar, Nikita Polyanskii, Sebastian Müller
2023 5th Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS)
Abstract
This paper investigates the issue of fairness in Distributed Ledger Technology (DLT), specifically focusing on the shortcomings observed in current blockchain systems due to Miner Extractable Value (MEV) phenomena and systemic centralization. We explore the potential of Directed Acyclic Graphs (DAGs) as a solution to address or mitigate these fairness concerns. Our objective is to gain a comprehensive understanding of fairness in DAG-based DLTs by examining its different aspects and measurement metrics. We aim to establish a shared knowledge base that facilitates accurate fairness assessment and allows for an evaluation of whether DAG-based DLTs offer a more equitable design. We describe the various dimensions of fairness and conduct a comparative analysis to examine how they relate to different components of DLTs. This analysis serves as a catalyst for further research, encouraging the development of cryptographic systems that promote fairness.
Serguei Popov
Abstract
This paper analyzes the mathematical foundations of IOTA, a cryptocurrency for the Internet-of-Things (IoT) industry. The main feature of this novel cryptocurrency is the tangle, a directed acyclic graph (DAG) for storing transactions. The tangle naturally succeeds the blockchain as its next evolutionary step, and offers features that are required to establish a machineto-machine micropayment system.
Serguei Popov, Olivia Saa, Paulo Finardi
Computers & Industrial Engineering, 2019
Abstract
We analyse the Tangle — a DAG-valued stochastic process where new vertices get attached to the graph at Poissonian times, and the attachment’s locations are chosen by means of random walks on that graph. These new vertices, also thought of as “transactions”, are issued by many players (which are the nodes of the network), independently. The main application of this model is that it is used as a base for the IOTA cryptocurrency system. We prove existence of “almost symmetric” Nash equilibria for the system where a part of players tries to optimize their attachment strategies. Then, we also present simulations that show that the “selfish” players will nevertheless cooperate with the network by choosing attachment strategies that are similar to the “recommended” one.
Bartosz Kuśmierz, William Sanders, Andreas Penzkofer, Angelo Capossele, Alon Gal
IEEE International Conference on Blockchain, 2019
Abstract
The growing number of applications for distributed ledger technologies is driving both industry and academia to solve the limitations of blockchain, particularly its scalability issues. Recent distributed ledger technologies have replaced the blockchain linear structure with a more flexible directed acyclic graph in an attempt to accommodate a higher throughput. Despite the fast-growing diffusion of directed acyclic graph based distributed ledger technologies, researchers lack a basic understanding of their behavior. In this paper we analyze the Tangle, a directed acyclic graph that is used (with certain modifications) in various protocols such as IOTA, Byteball, Avalanche or SPECTRE. Our contribution is threefold. First, we run simulations in a continuous-time model to examine tip count stability and cumulative weight evolution while varying the rate of incoming transactions. In particular we confirm analytical predictions on the number of tips with uniform random tip selection strategy. Second, we show how different tip selection algorithms affect the growth of the Tangle. Moreover, we explain these differences by analyzing the spread of exit probabilities of random walks. Our findings confirm analytically derived predictions and provide novel insights on the different phases of growth of cumulative weight as well as on the average time difference for a transaction to receive its first approval when using distinct tip selection algorithms. Lastly, we analyze simulation overhead and performance as a function of Tangle size and compare results for different tip selection algorithms.
Bartosz Kuśmierz, Philip Staupe, Alon Gal
Abstract
This paper analyzes fundamental properties of the Tangle. We use computer simulations to analyze cumulative weight evolution and tip count stability using a continuous-time model. As a byproduct of our analysis of average tip count we derive analytical formulas for the average number of tips in the discrete-time model. The paper also introduces and analyses the influence of a non-constant number of directly-approved transactions and scaling-invariance properties of the Tangle.
Bartosz Kuśmierz, Alon Gal
Abstract
We formalize, analyze and numerically estimate probability that given transaction will be left behind and probability that transaction will become permanent tip. Analyzed data are gathered for different values of λ and α. As a byproduct of our study, we provide properties of probability of leaving behind in the limit case of parameters.
Serguei Popov
Abstract
As of today, there are many cryptocurrency systems around. They mostly share one common feature: all participants of the network interpret the same ledger in the same way. In this paper, we introduce the idea of local modifiers: the nodes of the network can interact with the ledger in different ways, depending on various kinds of information locally available to them. We then argue that such an approach permits to increase the security and the scalability of the Tangle.
Bartosz Kuśmierz
Abstract
In this paper we present preliminary results obtained with the computer simulation of the Tangle - directed acyclic graph adapted for decentralized information storage. The first scalable, permissionless distributed ledger to use this technology is IOTA. IOTA protocol is designed for Internet of Things, Web 3.0 and other applicable sectors where the standard blockchain architecture comes up short. We examine basic properties of the Tangle, this include analysis of cumulative weight and stability of tips number, for different tip selection mechanisms.
Quentin Bramas
Abstract
In this paper, we study the stability and the security of the Tangle, which is the distributed data structure at the base of the IOTA protocol. The contribution of this paper is twofold. Firstly we present a simple model to analyze the Tangle and give the first formal analyzes of the average number of unconfirmed transactions and the average confirmation time of a transaction. Secondly, we define the notion of an assiduous honest majority that captures the fact that the honest nodes have more hashing power than the adversarial nodes and that all this hashing power is constantly used to create transactions. This notion is important because we prove that it is a necessary assumption to protect the Tangle against double-spending attacks, and this is true for any tip selection algorithm (which is a fundamental building block of the protocol) that verifies some reasonable assumptions. In particular, the same is true with the Markov Chain Monte Carlo selection tip algorithm currently used in the IOTA protocol. Our work shows that either all honest nodes must constantly use all their hashing power to validate the main chain (similarly to the bitcoin protocol) or some kind of authority must be provided to avoid this kind of attack (as in the current version of the IOTA where a Coordinator is used). The work presented here constitutes a theoretical analysis and cannot be used to attack the current IOTA implementation. The goal of this paper is to present a formalization of the protocol and, as a starting point, to prove that some assumptions are necessary to defend the system again double-spending attacks. We hope that it will be used to improve the current protocol with a more formal approach.
Vidal Attias, Quentin Bramas
The International Conference on Networked Systems NETYS, 2019
Abstract
The Tangle is a data structure mainly used to store transactions in the IOTA cryptocurrency. It has similarities with the blockchain structure of Bitcoin but in the Tangle, a block contains only one transaction and has not one, but two parents. The security and the stability of this distributed data structure is highly dependent on the algorithm used to select the parents of a new block. Previous work showed that the current parents selection algorithms are insecure, not stable or have low performances. And we propose a new algorithm that combines all these properties.
Philip Staupe
Abstract
We analyse with which probability the MCMC random walk gets absorbed into a parasite chain and underpin our arguments with simulation-based numerical results.
Laurence Tennant
Abstract
IOTA differentiates itself from other cryptocurrencies by being based on a non-blockchain data structure with a highly scalable approach to transaction confirmation. In addition, it exclusively uses post-quantum cryptography. However, as with most cryptocurrencies, IOTA’s ledger is currently completely transparent. Constructing an acceptable privacy solution within these parameters is a considerable challenge. The report begins with a brief introduction to IOTA, followed by a general overview of privacy and anonymity in cryptocurrency. This leads to a review of methods currently used to enhance anonymity in other cryptocurrencies, and an assessment of their effectiveness and applicability to IOTA. Ultimately, off-ledger mixing using payment channels is found to be the most promising long-term privacy solution. In the meantime, centralised mixing forms a practical way to perform anonymity-enhanced transactions over the IOTA network, and can build a foundation for trustless solutions in future.
Serguei Popov
Andreas Penzkofer, Bartosz Kuśmierz, Angelo Capossele, William Sanders, Olivia Saa
Tokenomics, 2020
Abstract
In recent years several distributed ledger technologies based on directed acyclic graphs (DAGs) have appeared on the market. Similar to blockchain technologies, DAG-based systems aim to build an immutable ledger and are faced with security concerns regarding the irreversibility of the ledger state. However, due to their more complex nature and recent popularity, the study of adversarial actions has received little attention so far. In this paper we are concerned with a particular type of attack on the IOTA cryptocurrency, more specifically a Parasite Chain attack that attempts to revert the history stored in the DAG structure, also called the Tangle. In order to improve the security of the Tangle, we present a detection mechanism for this type of attack. In this mechanism, we embrace the complexity of the DAG structure by sampling certain aspects of it, more particularly the distribution of the number of approvers. We initially describe models that predict the distribution that should be expected for a Tangle without any malicious actors. We then introduce metrics that compare this reference distribution with the measured distribution. Upon detection, measures can then be taken to render the attack unsuccessful. We show that due to a form of the Parasite Chain that is different from the main Tangle it is possible to detect certain types of malicious chains. We also show that although the attacker may change the structure of the Parasite Chain to avoid detection, this is done so at a significant cost since the attack is rendered less efficient.
Abstract
Directed Acylic Graphs (DAGs) are emerging as an attractive alternative to traditional blockchain architectures for distributed ledger technology (DLT). In particular DAG ledgers with stochastic attachment mechanisms potentially offer many advantages over blockchain, including scalability and faster trans- action speeds. However, the random nature of the attachment mechanism coupled with the requirement of protection against double-spending transactions might result in an unstable system in which not all transactions get eventually validated. Such transactions are said to be orphaned, and will never be validated. Our principal contribution is to propose a simple modification to the attachment mechanism for the Tangle (the IOTA DAG architecture). This modification ensures that all transactions are validated in finite time, and preserves essential features of the popular Monte-Carlo selection algorithm. In order to demonstrate these results we derive a fluid approximation for the Tangle (in the limit of infinite arrival rate) and prove that this fluid model exhibits the desired behavior. We also present simulations which validate the results for finite arrival rates.
Andrew Cullen, Pietro Ferraro, Christopher King, Robert Shorten
IEEE 58th Conference on Decision and Control (CDC), 2019
Abstract
Recently, distributed ledgers based on directed acyclic graphs (DAG) have been proposed for various applications in the smart mobility domain [1]. While many application studies have been described in the literature, an open problem in the DLT community concerns the lack of mathematical models describing their behavior and their validation. Building on previous work in [1], we present, in this paper, a fluid-based approximation for the IOTA Foundation DAG-based DLT that incorporates varying transaction delays. This extension, namely the inclusion of varying delays, is important for feedback control applications (such as transactive control [2]). Extensive simulations are presented to illustrate the efficacy of our approach.
Pietro Ferraro, Christopher King, Robert Shorten
IEEE Transactions on Automatic Control, 2020
Abstract
Directed Acylic Graphs (DAGs) are emerging as an attractive alternative to traditional blockchain architectures for distributed ledger technology (DLT). In particular DAG ledgers with stochastic attachment mechanisms potentially offer many advantages over blockchain, including scalability and faster transaction speeds. However, the random nature of the attachment mechanism coupled with the requirement of protection against double-spend transactions leaves open the possibility that not all transactions will be eventually validated. Such transactions are said to be orphaned, and will never be validated. Our principal contribution is to propose a simple modification to the attachment mechanism for the Tangle (the IOTA DAG architecture). This modification ensures that all transactions are validated in finite time, and preserves essential features of the popular Monte-Carlo selection algorithm. In order to demonstrate these results we derive a fluid approximation for the Tangle (in the limit of infinite arrival rate) and prove that this fluid model exhibits the desired behavior. We also present simulations which validate the results for finite arrival rates.
Andrew Cullen, Pietro Ferraro, Christopher King, Robert Shorten
Abstract
Directed Acyclic Graph (DAG) based Distributed Ledgers can be useful in a number of applications in the IoT domain. A distributed ledger should serve as an immutable and irreversible record of transactions, however, a DAG structure is a more complicated mathematical object than its blockchain counterparts, and as a result, providing guarantees of immutability and irreversibility is more involved. In this paper, we analyse a commonly discussed attack scenario known as a parasite chain attack for the IOTA Foundation DAG based ledger. We analyse the efficacy of IOTA core MCMC algorithm using a matrix model and present an extension which improves the ledger resistance to these attacks.
Yixin Li, Bin Cao, Mugen Peng, Long Zhang, Lei Zhang, Daquan Feng, Jihong Yu
IEEE Transactions on Networking, 2020
Abstract
Abstract—Direct Acyclic Graph (DAG)-based ledger and the corresponding consensus algorithm has been identified as a promising technology for Internet of Things (IoT). Compared with Proof-of-Work (PoW) and Proof-of-Stake (PoS) that have been widely used in blockchain, the consensus mechanism de-signed on DAG structure (simply called as DAG consensus) can overcome some shortcomings such as high resource consumption, high transaction fee, low transaction throughput and long confirmation delay. However, the theoretic analysis on the DAG consensus is an untapped venue to be explored. To this end, based on one of the most typical DAG consensuses, Tangle, we investigate the impact of network load on the performance and security of the DAG-based ledger. Considering unsteady network load, we first propose a Markov chain model to capture the behavior of DAG consensus process under dynamic load conditions. The key performance metrics, i.e., cumulative weight and confirmation delay are analysed based on the proposed model. Then, we leverage a stochastic model to analyse the probability of a successful double-spending attack in different network load regimes. The results can provide an insightful understanding of DAG consensus process, e.g., how the network load affects the confirmation delay and the probability of a successful attack. Meanwhile, we also demonstrate the trade-off between security level and confirmation delay, which can act as a guidance for practical deployment of DAG-based ledgers.
Let's start a conversation.