Privacy aware IOTA ledger: Decentralized mixing and unlinkable IOTA transactions

Umair Sarfraz, Masoom Alam, Sherali Zeadally, Abid Khan

Research output: Contribution to journalArticlepeer-review

28 Scopus citations


IOTA is a distributed ledger technology for the Internet-of-Things (IoT) industry. The protocol distinguishes itself from existing distributed ledgers by being formed on a directed acyclic graph. To enable micro-transactions for smart devices, it uses a scalable approach for network growth and transaction confirmations. Being a public distributed ledger, the transactions on the ledger are completely transparent hence opening up the possibilities for linking and identification attacks. Different promising privacy enhancing techniques have been proposed for improving anonymity in distributed ledgers. However, many of the proposed approaches provide security guarantees only against Elliptic Curve Digital Signature (ECDSA) schemes and thus become incompatible with the IOTA ledger because IOTA uses quantum resilient hash-based signatures. While centralized solutions can still work with IOTA ledger for enhancing privacy, they are still proprietary and prone to single point of failures. We propose a novel decentralized mixing protocol for the IOTA ledger that incorporates a combination of decryption mixnets and multi-signatures. Our technique does not require any (trusted or accountable) third party and it is completely compatible with the IOTA protocol. Analysis of our results for this technique shows that the security and privacy are guaranteed even in the presence of malicious entities in the system. Our technique provides strong privacy to the IOTA ledger and the degree of anonymity it adds, protects entities against identification and linking attacks.

Original languageEnglish
Pages (from-to)361-372
Number of pages12
JournalComputer Networks
StatePublished - Jan 15 2019

Bibliographical note

Publisher Copyright:
© 2018


  • Anonymity
  • Distributed ledger
  • IOTA
  • Internet Of Things (IoT)
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Privacy aware IOTA ledger: Decentralized mixing and unlinkable IOTA transactions'. Together they form a unique fingerprint.

Cite this