IOTA (technology)

Page semi-protected
From Wikipedia, the free encyclopedia

Official IOTA logo
 1,000,000Miota | Mi | MegaIota
White paperPopov, Serguei (3 April 2016). "April 3, 2016. Version 0.6" (PDF). Archived from the original (PDF) on 14 August 2020.
Initial release11 July 2016; 7 years ago (2016-07-11)
Code repository
Source modelOpen source
Hash functionEd25519
Supply limit2,779,530,283,277,761

IOTA is an open-source distributed ledger and cryptocurrency designed for the Internet of things (IoT).[1] It uses a directed acyclic graph to store transactions on its ledger, motivated by a potentially higher scalability over blockchain based distributed ledgers.[2] IOTA does not use miners to validate transactions, instead, nodes that issue a new transaction on the network must approve two previous transactions.[3] Transactions can therefore be issued without fees, facilitating microtransactions.[3] The network currently[as of?] achieves consensus through a coordinator node, operated by the IOTA Foundation.[4] As the coordinator is a single point of failure, the network is currently[as of?] centralized.[5][needs update]

IOTA has been criticized due to its unusual design, of which it is unclear whether it will work in practice.[6][7] As a result, IOTA was rewritten from the ground up for a network update called Chrysalis, or IOTA 1.5, which launched on 28 April 2021.[7] In this update, controversial decisions such as ternary encoding and quantum proof cryptography were left behind and replaced with established standards.[7] A testnet for a follow-up update called Coordicide, or IOTA 2.0, was deployed in late 2020, with the aim of releasing a distributed network that no longer relies on the coordinator for consensus in 2021.[5][7][8][needs update]


The value transfer protocol IOTA, named after the smallest letter of the Greek alphabet, was created in 2015 by David Sønstebø, Dominik Schiener, Sergey Ivancheglo, and Serguei Popov.[1][9] Initial development was funded by an online public crowdsale, with the participants buying the IOTA value token with other digital currencies.[2] Approximately 1300 BTC were raised, corresponding to approximately US$500,000 at that time, and the total token supply was distributed pro-rata over the initial investors. The IOTA network went live in 2016.[10]

IOTA foundation

In 2017, early IOTA token investors donated 5% of the total token supply for continued development and to endow what became later became the IOTA Foundation.[2] In 2018, the IOTA Foundation was chartered as a Stiftung in Berlin, with the goal to assist in the research and development, education and standardisation of IOTA technology.[11] The IOTA Foundation is a board member of International Association for Trusted Blockchain Applications (INATBA),[12] and founding member of the Trusted IoT Alliance[13] and Mobility Open Blockchain Initiative (MOBI),[14] to promote blockchain and distributed ledgers in regulatory approaches, the IoT ecosystem and mobility.

Following a dispute between IOTA founders David Sønstebø and Sergey Ivancheglo, Ivancheglo resigned from the board of directors on 23 June 2019.[15][16][17] On 10 December 2020 the IOTA Foundation Board of Directors and supervisory board announced that the Foundation officially parted ways with David Sønstebø.[18][19]

DCI vulnerability disclosure

On 8 September 2017, researchers Ethan Heilman from Boston University and Neha Nerula et al. from MIT's Digital Currency Initiative (DCI) reported on potential security flaws with IOTA's former Curl-P-27 hash function.[6] The IOTA Foundation received considerable backlash in their handling of the incident.[20] FT Alphaville reported legal posturing by an IOTA Founder against a security researcher for his involvement in the DCI report, as well as instances of aggressive language levelled against a Forbes contributor and other unnamed journalists covering the DCI report.[21] The Center for Blockchain Technologies at the University College London severed ties with the IOTA Foundation due to legal threats against security researchers involved in the report.[22]


As a speculative blockchain and cryptocurrency-related technology, IOTA has been the target of phishing, scamming, and hacking attempts, which have resulted in the thefts of user tokens and extended periods of downtime.[23][24][25] In January 2018, more than US$10 million worth of IOTA tokens were stolen from users that used a malicious online seed-creator, a password that protects their ownership of IOTA tokens.[23] The seed-generator scam was the largest fraud in IOTA history to date, with over 85 victims.[26] In January 2019, the UK and German law enforcement agencies arrested a 36-year-old man from Oxford, England believed to be behind the theft.[27][28]

On 26 November 2019 a hacker discovered a vulnerability in a third-party payment service,[24] provided by MoonPay,[29] integrated in the mobile and desktop wallet managed by the IOTA Foundation.[24] The attacker compromised over 50 IOTA seeds, resulting in the theft of approximately US$2 Million worth in IOTA tokens.[24] After receiving reports that hackers were stealing funds from user wallets, the IOTA Foundation shut down the coordinator on 12 February 2020.[30][31] This had the side-effect of effectively shutting down the entire IOTA cryptocurrency.[30] Users at-risk were given seven days to migrate their potentially compromised seed to a new seed, until 7 March 2020. The coordinator was restarted on 10 March 2020.[32]

IOTA 1.5 (Chrysalis) and IOTA 2.0 (Coordicide)

The IOTA network is currently[as of?] centralized, a transaction on the network is considered valid if and only if it is referenced by a milestone issued by a node operated by the IOTA foundation called the coordinator.[2] In 2019 the IOTA Foundation announced that it would like to operate the network without a coordinator in the future, using a two-stage network update, termed Chrysalis for IOTA 1.5 and Coordicide for IOTA 2.0.[5][24] The Chrysalis update went live on 28 April 2021, and removed its controversial design choices such as ternary encoding and Winternitz one-time signatures, to create an enterprise-ready blockchain solution. In parallel Coordicide is currently[as of?] developed, to create a distributed network that no longer relies on the coordinator for consensus.[5] A testnet of Coordicide was deployed late 2020, with the aim of releasing a final version in 2021.[5][7][8][needs update]


Diagram comparing a traditional blockchain with a "tangle"

The Tangle

The Tangle is the moniker used to describe IOTAs directed acyclic graph (DAG) transaction settlement and data integrity layer.[2] It is structured as a string of individual transactions that are interlinked to each other and stored through a network of node participants.[33] The Tangle does not have miners validating transactions, rather, network participants are jointly responsible for transaction validation, and must confirm two transactions already submitted to the network for every one transaction they issue.[34] Transactions can therefore be issued to the network at no cost, facilitating micropayments.[34] To avoid spam, every transaction requires computational resources based on Proof of Work (PoW) algorithms, to find the answer to a simple cryptographic puzzle.[35]

IOTA supports both value and data transfers.[3] A second layer protocol provides encryption and authentication of messages, or data streams, transmitted and stored on the Tangle as zero-value transactions.[35] Each message holds a reference to the address of a follow-up message, connecting the messages in a data stream, and providing forward secrecy.[35] Authorised parties with the correct decryption key can therefore only follow a datastream from their point of entry.[35] When the owner of the data stream wants to revoke access, it can change the decryption key when publishing a new message.[35] This provides the owner granular controls over the way in which data is exchanged to authorised parties.[35]

IOTA token

The IOTA token is a unit of value in the IOTA network.[36] There is a fixed supply of 2,779,530,283,277,761 IOTA tokens in circulation on the IOTA network. IOTA tokens are stored in IOTA wallets protected by an 81-character seed, similar to a password.[28] To access and spend the tokens, IOTA provides a cryptocurrency wallet.[7][23] A hardware wallet can be used to keep credentials offline while facilitating transactions.[28]

Coordinator node

IOTA currently[as of?] requires a majority of honest actors to prevent network attacks.[2] However, as the concept of mining does not exist on the IOTA network, it is unlikely that this requirement will always be met. Therefore, consensus is currently[as of?] obtained through referencing of transactions issued by a special node operated by the IOTA foundation, called the coordinator.[4] The coordinator issues zero value transactions at given time intervals, called milestones.[4] Any transaction, directly or indirectly, referenced by such a milestone is considered valid by the nodes in the network. The coordinator is an authority operated by the IOTA foundation and as such single point of failure for the IOTA network, which makes the network centralized.[5]


IOTA is traded in megaIOTA units (1,000,000 IOTA) on digital currency exchanges such as Bitfinex, and listed under the MIOTA ticker symbol.[37] Like other digital currencies, IOTA's token value has soared and fallen.[38][39][40]

Fast Probabilistic Consensus (FPC)

The crux of cryptocurrencies is to stop double spends, the ability to spend the same money twice in two simultaneous transactions. Bitcoin's solution has been to use Proof of Work (PoW) making it a significant financial burden to have a minted block be rejected for a double spend. IOTA has designed a voting algorithm called Fast Probabilistic Consensus to form a consensus on double spends.[41] Instead of starting from scratch, the IOTA Foundation started with Simple Majority Consensus where the first opinion update is defined by,

Where is the opinion of node at time . The function is the percent of all the nodes that have the opinion and is the threshold for majority, set by the implementation. After the first round, the successive opinions change at time to the function,

Although, this model is fragile against malicious attackers which is why the IOTA Foundation decided not to use it.[42] Instead the IOTA Foundation decided to augment the leaderless consensus mechanism called, Random neighbors majority consensus (RMC) which is similar to SMC although, the nodes in which their opinions are queries is randomized. They took RMC then augmented it to create FPC by having the threshold of majority be a random number generated from a Decentralized Random Number Generator (dRNG). For FPC, the first sound is the same,

For success rounds though,

Where where , is a randomized threshold for majority. Randomizing the threshold for majority makes it extremely difficult for adversaries to manipulate the consensus by either making it converge to a specific value or prolonging consensus. Note that FPC is only utilized to form consensus on a transaction during a double spend.[43]

Ultimately, IOTA uses Fast Probabilistic Consensus for consensus and uses Proof of Work as a rate controller.[44] Because IOTA does not use PoW for consensus, its overall network and energy per transaction is extremely small.[45]

Applications and testbeds

Proof-of-concepts building on IOTA technology are being developed in the automotive and IoT industry by corporates as Jaguar Land Rover, STMicroelectronics and Bosch.[38][46][47] IOTA is a participant in smart city testbeds, to establish digital identity, waste management and local trade of energy.[1][48][49] In project Alvarium, formed under the Linux Foundation, IOTA is used as an immutable storage and validation mechanism.[50][51] The privacy centered search engine Xayn uses IOTA as a trust anchor for its aggregated AI model.[52][53]

On 11 February 2020, the Eclipse Foundation and IOTA Foundation jointly launched the Tangle EE (Enterprise Edition) Working Group.[3] Tangle EE is aimed at enterprise users that can take IOTA technology and enable larger organizations to build applications on top of the project, where the Eclipse Foundation will provide a vendor-neutral governance framework .[54]

Announcements of partners were critically received.[55][56] In 2017, IOTA released the data marketplace, a pilot for a market where connected sensors or devices can store, sell or purchase data.[57][58] The data marketplace was received critically by the cryptocurrency community over the extent of the involvement of the participants of the data marketplace, suggesting that "the IOTA Foundation was actively asking publications to use Microsoft’s name following the data marketplace announcement.".[55] Izabelle Kaminska criticized a Jaguar press release: "our interpretation is that it's very unlikely Jaguar will be bringing a smart-wallet-enabled marketplace any time soon."[56]


IOTA promises to achieve the same benefits that blockchain-based DLTs bring — decentralization, distribution, immutability and trust — but remove the downsides of wasted resources associated with mining as well as transaction costs.[2] However, several of the design features of IOTA are unusual, and it is unclear whether they work in practice.[59][5][6]

The security of IOTA's consensus mechanism against double-spending attacks is unclear, as long as the network is immature.[33] Essentially, in the IoT, with heterogeneous devices having varying levels of low computational power, sufficiently strong computational resources will render the tangle insecure.[33] This is a problem in traditional proof-of-work blockchains as well, however, they provide a much greater degree of security through higher fault tolerance and transaction fees.[33] At the beginning, when there is a lower number of participants and incoming transactions, a central coordinator is needed to prevent an attack on the IOTA tangle.[33]

Critics have opposed role of the coordinator for being the single source of consensus in the IOTA network. Polychain Capital founder Olaf Carlson-Wee, says "IOTA is not decentralized, even though IOTA makes that claim, because it has a central "coordinator node" that the network needs to operate. If a regulator or a hacker shut down the coordinator node, the network would go down."[60] This was demonstrated during the Trinity attack incident, when the IOTA foundation shutdown the coordinator to prevent further thefts.[60][24][5] Following a discovered vulnerability in October 2017, the IOTA foundation transferred potentially compromised funds to addresses under its control, providing a process for users to later apply to the IOTA Foundation in order to reclaim their funds.[6]

Additionally, IOTA has seen several network outages as a result of bugs in the coordinator as well as DDoS attacks.[2] Early in the seed generator scam, a DDoS network attack distracted IOTA admins, leaving initial thefts undetected.

In 2020, the IOTA Foundation announced that it would like to operate the network without a coordinator in the future, but implementation of this is still in an early development phase.[24][5][7]

See also


  1. ^ a b c Morenne, Benoit (7 April 2021). "Machines That Shop for Themselves Promise to Save Time and Money". Wall Street Journal. ISSN 0099-9660. Retrieved 24 April 2021.
  2. ^ a b c d e f g h Anadiotis, George (30 November 2017). "A better blockchain: Bitcoin for nothing and transactions for free?". ZDNet. Retrieved 15 January 2020.
  3. ^ a b c d McKendrick, Joe. "Enter the Tangle, a blockchain designed specially for the Internet of Things". ZDNet. Retrieved 29 February 2020.
  4. ^ a b c Cao, Bin; Li, Yixin; Zhang, Lei; Zhang, Long; Mumtaz, Shahid; Zhou, Zhenyu; Peng, Mugen (10 July 2019). "When Internet of Things Meets Blockchain: Challenges in Distributed Consensus". IEEE Network. 33 (6): 133–139. arXiv:1905.06022. Bibcode:2019arXiv190506022C. doi:10.1109/MNET.2019.1900002. ISSN 1558-156X. S2CID 108368043.
  5. ^ a b c d e f g h i Mix (28 May 2019). "IOTA wants to ditch its most centralized component, but the timeline is still murky". Hard Fork | The Next Web. Retrieved 17 January 2020.
  6. ^ a b c d Heilman, Ethan; Narula, Neha; Tanzer, Garrett; Lovejoy, James; Colavita, Michael; Virza, Madars; Dryja, Tadge (2019). "Cryptanalysis of Curl-P and Other Attacks on the IOTA Cryptocurrency". Cryptology ePrint Archive.
  7. ^ a b c d e f g Anadiotis, George. "IOTA still wants to build a better blockchain and get it right this time". ZDNet. Retrieved 24 April 2021.
  8. ^ a b Riesbeck, Peter (15 August 2020). "Moneten für Maschinen - Warum Dominik Schiener die Kryptowährung Iota entwickelt". Frankfurter Rundschau (in German). Retrieved 2 January 2021.
  9. ^ Kahl, Stephan (7 March 2018). "22-Year-Old Behind $5 Billion Crypto Is Just Getting Started". Bloomberg.
  10. ^ Chavez-Dreyfuss, Gertrude (28 November 2017). "Blockchain network IOTA teams up with Microsoft, others on data marketplace". Reuters. Retrieved 15 January 2020.
  11. ^ "IOTA: Erste Krypto-Stiftung Deutschlands gegründet". DIE STIFTUNG (in German). 15 November 2017. Retrieved 15 January 2020.
  12. ^ O'Brien, Chris (3 April 2019). "EU launches blockchain association to accelerate distributed ledger technology adoption". VentureBeat. Retrieved 17 January 2020.
  13. ^ Osborne, Charlie (19 September 2017). "New alliance advocates the blockchain to improve IoT security, trust". ZDNet. Retrieved 17 January 2020.
  14. ^ Russel, Jon (2 May 2018). "BMW, GM, Ford and Renault launch blockchain research group for automotive industry". TechCrunch. Retrieved 1 February 2020.
  15. ^ Stanley Hunter, John (20 February 2020). "Hacks und Streit unter Gründern: Was ist bei IOTA los?". Capital (in German). Retrieved 2 January 2021.
  16. ^ Come-from-Beyond (3 February 2020). "My side of the story about parting ways with David Sønstebø". Medium. Retrieved 3 January 2021.
  17. ^ "Sergey Ivancheglo departs from the IOTA Foundation". IOTA Foundation Blog. 26 July 2019. Retrieved 3 January 2021.
  18. ^ "IOTA Foundation parts ways with David Sønstebø". IOTA Foundation Blog. 10 December 2020. Retrieved 2 January 2021.
  19. ^ Sønstebø, David (23 December 2020). "My departure has been greatly exaggerated". Medium. Retrieved 2 January 2021.
  20. ^ Daniel Oberhaus & Jordan Pearson (2 March 2018). "A $5 Billion Cryptocurrency Has Enraged Cryptographers". Vice. Retrieved 21 January 2020.
  21. ^ Kelly, Jemima (25 August 2018). "FUD, inglorious FUD". Retrieved 21 January 2020.
  22. ^ Mix (28 April 2018). "University College London (UCL) severs ties with IOTA Foundation". Hard Fork | The Next Web. Retrieved 18 January 2020.
  23. ^ a b c Marcel Rosenbach, Markus Böhm (30 January 2018). "Betrugsmaschen bei Kryptowährungen: Auf einmal ist alles weg". (in German). Retrieved 15 January 2020.
  24. ^ a b c d e f g Kannenberg, Axel (27 February 2020). "IOTA cryptocurrency: Million dollar credit stolen, no payments possible (translated)". heise online. Retrieved 4 March 2020.
  25. ^ Osborne, Charlie (7 December 2020). "2020's worst cryptocurrency breaches, thefts, and exit scams". ZDNet. Retrieved 3 January 2021.
  26. ^ Cimpanu, Catalin. "Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency". ZDNet. Retrieved 15 January 2020.
  27. ^ "Oxford man arrested over £8.7m cryptocurrency theft". BBC News. 23 January 2019. Retrieved 17 January 2020.
  28. ^ a b c Chavez-Dreyfuss, Gertrude (30 January 2019). "IOTA says bulk of $11 million stolen tokens found, hacker worked alone". Reuters. Retrieved 15 January 2020.
  29. ^ "Trinity Attack Incident Part 1: Summary and next steps". 21 February 2020. Archived from the original on 10 May 2021.
  30. ^ a b Cimpanu, Catalin. "IOTA cryptocurrency shuts down entire network after wallet hack". ZDNet. Retrieved 29 February 2020.
  31. ^ Osborne, Charlie. "Bisq Bitcoin exchange slams on the brakes after exploit of critical security flaw, crypto theft". ZDNet. Retrieved 4 May 2020.
  32. ^ Kannenberg, Axel (2 March 2020). "Nach Trinity-Hack: IOTA stellt Migrationstool für kompromittierte Seeds bereit". heise online (in German). Retrieved 8 March 2020.
  33. ^ a b c d e Ali, Muhammad Salek; Vecchio, Massimo; Pincheira, Miguel; Dolui, Koustabh; Antonelli, Fabio; Rehmani, Mubashir Husain (18 December 2018). "Applications of Blockchains in the Internet of Things: A Comprehensive Survey". IEEE Communications Surveys & Tutorials. 21 (2): 1676–1717. doi:10.1109/COMST.2018.2886932. ISSN 1553-877X.
  34. ^ a b Makhdoom, Imran; Abolhasan, Mehran; Abbas, Haider; Ni, Wei (1 January 2019). "Blockchain's adoption in IoT: The challenges, and a way forward". Journal of Network and Computer Applications. 125: 251–279. doi:10.1016/j.jnca.2018.10.019. hdl:10453/130183. S2CID 54525546.
  35. ^ a b c d e f Hawig, David; Zhou, Chao; Fuhrhop, Sebastian; Fialho, Andre S; Ramachandran, Navin (14 June 2019). "Designing a Distributed Ledger Technology System for Interoperable and General Data Protection Regulation–Compliant Health Data Exchange: A Use Case in Blood Glucose Data". Journal of Medical Internet Research. 21 (6): e13665. doi:10.2196/13665. ISSN 1438-8871. PMC 6595943. PMID 31199293.
  36. ^ Marcel Rosenbach, Alexander Jung, Frank Dohmen (22 January 2018). "Kryptowährung: Bitcoin geht, Blockchain bleibt". (in German). Retrieved 15 January 2020.{{cite web}}: CS1 maint: multiple names: authors list (link)
  37. ^ Cheng, Evelyn (14 June 2017). "Major bitcoin exchanges hit by cyberattacks as record rally makes them a target". CNBC. Retrieved 17 January 2020.
  38. ^ a b "New ways to trade data, New ways to trade data". The Economist. 28 March 2018. ISSN 0013-0613. Retrieved 15 January 2020.
  39. ^ Kharif, Olga (14 May 2019). "Bitcoin Adds Market Share in Recovery in Crypto Prices". Bloomberg. Retrieved 18 January 2020.
  40. ^ Smith, Oliver (16 August 2018). "How Next Generation Crypto Investors Are Poised To Win, Even If Their Startups Lose". Forbes. Retrieved 15 January 2020.
  41. ^ Popov, Serguei (2021). "FPC-BI: Fast Probabilistic Consensus within Byzantine Infrastructures". Preprint. 147: 77–86. arXiv:1905.10895. doi:10.1016/j.jpdc.2020.09.002. ISSN 0743-7315. S2CID 198179629.
  42. ^ I. Benjamin, S.-O. Chan, R. O'Donnel, O. Tamuz, L.-Y. Tan, Convergence, unanimity and disagreement in majority dynamics on unimodular graphs and random graphs, Stochastic Processes and their Applications 126 (9) (2016) 2719-2733.
  43. ^ Capossele, Angelo, Sebastian Müller, and Andreas Penzkofer. "Robustness and efficiency of leaderless probabilistic consensus protocols within Byzantine infrastructures." arXiv preprint arXiv:1911.08787 (2019).
  44. ^ Sanders, William (19 March 2021). "Explaining the IOTA Congestion Control Algorithm".
  45. ^ Ramachandran, Navin (14 May 2021). "Energy Benchmarks for the IOTA Network (Chrysalis Edition)".
  46. ^ O'Grady, Sean (3 May 2019). "Mobile piggy bank: Jaguar Land Rover's 'earn as you drive' concept". The Independent. Retrieved 17 January 2020.
  47. ^ Chavez-Dreyfuss, Gertrude (30 September 2020). "Jaguar, NTT team up with tech group on remote access software". Reuters. Retrieved 3 January 2021.
  48. ^ O'Brien, Chris (30 August 2019). "Norway unveils energy-positive building showcasing smart city potential". VentureBeat. Retrieved 17 January 2020.
  49. ^ Mix (21 February 2018). "IOTA is vulnerable to replay attacks but has no intention of fixing the flaw". Hard Fork | The Next Web. Retrieved 3 January 2021.
  50. ^ Bantle, Ulrich (31 October 2019). "Linux Foundation gründet Data-Privacy-Projekt Alvarium". Linux-Magazin (in German). Retrieved 25 January 2020.
  51. ^ Agelini, Chris (23 January 2020). "How open, trusted edge can help improve data sharing and monetization". VentureBeat. Retrieved 25 January 2020.
  52. ^ Lomas, Natasha (8 December 2020). "Xayn is privacy-safe, personalized mobile web search powered by on-device AIs". TechCrunch. Retrieved 3 January 2021.
  53. ^ Voß, Oliver (9 December 2020). "Suchmaschine mit Tinder-Prinzip". Tagesspiegel. Retrieved 3 January 2021.
  54. ^ Miller, Ron (11 February 2020). "Tangle EE project joins Eclipse Foundation to bring distributed ledger apps to enterprise". TechCrunch. Retrieved 29 February 2020.
  55. ^ a b Mix (12 December 2017). "IOTA clarifies it has no formal partnership with Microsoft [UPDATED]". Hard Fork | The Next Web. Retrieved 15 January 2020.
  56. ^ a b Kaminska, Izabella (28 May 2019). "Emperor has no clothes, Jaguar crypto press release edition". FT Alphaville.
  57. ^ Ponciano, Jonathan. "IOTA Foundation Launches Data Marketplace For 'Internet-Of-Things' Industry". Forbes. Retrieved 18 January 2020.
  58. ^ "IOTA launches IoT data marketplace, envisions devices autonomously buying and trading information". VentureBeat. 28 November 2017. Retrieved 15 January 2020.
  59. ^ Evans, Jon (10 August 2018). "Cryptocurrency insecurity: IOTA, BCash and too many more". TechCrunch. Retrieved 26 January 2020.
  60. ^ a b Kauflin, Jeff (3 January 2018). "IOTA Rose 464% In 2017, But Buyer Beware: Experts Have Major Security Concerns". Forbes. Archived from the original on 7 August 2019. Retrieved 7 August 2019.

External links