Research on Private Transactions in IOTA
The full article was originally published by Laurence Tennant on Medium. Read the full article here.
Although they are discussed in more detail in the report, I would like to highlight some of the key points here.
IOTA’s zero fees are its most striking feature. This has led some to hope that IOTA could become the ultimate privacy coin, offering free, private transactions. However, there are several inherent barriers to implementing privacy in IOTA. Some potential approaches involve mixing your coins with those of others. But with no transaction fee, there is less to deter certain attacks against anonymity, such as Sybil attacks, or somebody disrupting a protocol and learning information about other users.
Interrelated to zero fees is the fact that the Tangle distributes transaction confirmation among all users, rather than delegating the job to computationally-powerful miners. This means that any approach to creating and verifying private transactions involving heavy cryptographic computations (such as zk-SNARKS) remains impractical, as it would be outside of the capabilities of the majority of lightweight devices on the IOTA network.
These are difficulties with decentralised or embedded privacy in IOTA. However, trustless, off-ledger mixing offers a promising solution. The development of payment protocols like TumbleBit in Bitcoin represents an exciting step forward because privacy is cryptographically guaranteed, yet need not impact scalability or involve major changes to the core codebase.
The most obvious privacy concern with the IOTA ledger is that if iotas have moved from A to B, you can virtually guarantee that was user A sending money directly to user B. The majority of iotas in circulation can be traced back to a few exchanges. And if you send money to someone, it’s usually not difficult for them to work out your total IOTA balance.
Token mixing services are useful here, because they start to add a level of uncertainty in the ledger, breaking the links of ownership between transactions, which was previously impossible. A small fee can be charged to disincentivise Sybil attackers. The downside of this setup is that it is a trusted one, which is why upgrading to the TumbleBit model is the long-term objective.
Practical First Steps
After completing a security audit, an IOTA token mixer will be publicly released, hopefully within a month, with private beta testing currently being finalized. It makes the first step towards improving the anonymity and fungibility of IOTA, and can form the foundation of trustless solutions in the future.
To elaborate on the drawbacks of the current mixer: with the lack of enforced timestamps in IOTA, such a service cannot yet be trustless. A malicious service administrator could take the funds from a user. We have mitigated this slightly by having the mixer issue a signed contract to the user. And once IOTA has enforced timestamps, developments towards a trustless model can be made. The previous network upgrade brought with it a new transaction structure (see below), and in the next IRI release, these timestamps will be enforced in a first roll-out on the testnet.