A Tip for IOTA Privacy: IOTA Light Node Deanonymization via Tip Selection

Hojung Yang,Suhyeon Lee,Seungjoo Kim
2024-03-17
Abstract:IOTA is a distributed ledger technology that uses a Directed Acyclic Graph (DAG) structure called the Tangle. It is known for its efficiency and is widely used in the Internet of Things (IoT) environment. Tangle can be configured by utilizing the tip selection process. Due to performance issues with light nodes, full nodes are being asked to perform the tip selections of light nodes. However, in this paper, we demonstrate that tip selection can be exploited to compromise users' privacy. An adversary full node can associate a transaction with the identity of a light node by comparing the light node's request with its ledger. We show that these types of attacks are not only viable in the current IOTA environment but also in IOTA 2.0 and the privacy improvement being studied. We also provide solutions to mitigate these attacks and propose ways to enhance anonymity in the IOTA network while maintaining efficiency and scalability.
Cryptography and Security
What problem does this paper attempt to address?
### What problems does this paper attempt to solve? This paper mainly explores the security and privacy issues faced by light nodes in tip selection in the IOTA network. Specifically, the paper reveals a new deanonymization attack method, which takes advantage of the mechanism that light nodes rely on full nodes for tip selection. #### Main problems: 1. **Light nodes rely on full nodes for tip selection**: - IOTA uses a directed acyclic graph (DAG) structure called Tangle to process transactions. Due to performance issues, light nodes cannot directly perform tip selection and need to rely on full nodes to complete this process. - This dependency allows the transaction requests of light nodes to be exploited by malicious full nodes, thus being associated with specific user identities. 2. **Deanonymization attack**: - Malicious full nodes can infer the identities of light nodes by comparing the tip - selection requests of light nodes with the records in their own ledgers. - The paper shows that this attack is not only feasible in the current IOTA environment but also effective in the IOTA 2.0 version, although IOTA 2.0 aims to improve decentralization and security. 3. **Insufficient privacy protection**: - Although IOTA has introduced a coordinator to ensure the stability and security of the network, this approach has led to a certain degree of centralization, affecting users' privacy. - The paper proposes that existing privacy - enhancing techniques such as centralized mixers and ring signatures may not be sufficient to completely prevent this tip - selection - based deanonymization attack. #### Solutions: - **Improve the tip - selection algorithm**: The paper suggests optimizing the tip - selection algorithm to reduce the degree to which light nodes rely on full nodes, thereby reducing the risk of being attacked. - **Enhance anonymity**: Some methods for enhancing the anonymity of the IOTA network are proposed, such as through more complex tip - selection strategies or introducing more full nodes to disperse risks. - **Evaluate and verify**: Analyze the IOTA network in different environments to verify the effectiveness of these solutions and provide further improvement suggestions. In conclusion, this paper aims to reveal and solve the privacy leakage problems faced by light nodes in the tip - selection process in the IOTA network and proposes corresponding mitigation measures.