Skip to main content

IOTA-Related Research Papers

This document contains a list of research papers that are relevant to IOTA.

Starfish: A high throughput BFT protocol on uncertified DAG with linear amortized communication complexity

  • Link: https://eprint.iacr.org/2025/567
  • Publication: not published yet
  • Relevance: The IOTA consensus developers are currently working on porting Starfish to the production code to improve liveness of the consensus protocol.
  • Summary: Starfish is a partially synchronous DAG-based BFT protocol that achieves the security properties of certified DAGs, the efficiency of uncertified approaches and linear amortized communication complexity. The key innovation is Encoded Cordial Dissemination, a push-based dissemination strategy that combines Reed-Solomon erasure coding with Data Availability Certificates (DACs). Starfish decouples the transaction data from the block header information in the block structure, enabling push-based dissemination of block headers. Building on the previous uncertified DAG BFT commit rule, Starfish extends it to efficiently verify data availability through committed leader blocks serving as DACs.

Mysticeti: Reaching the Limits of Latency with Uncertified DAGs

  • Link: https://arxiv.org/pdf/2310.14821
  • Publication: Network and Distributed System Security Symposium (NDSS), accepted for 2025
  • Relevance: The production IOTA code currently employs Mysticeti-C with one leader in each round as a consensus mechanism.
  • Summary: Mysticeti is a partially synchronous DAG-based BFT protocol that is built over an uncertified DAG allowing for high resource efficiency. Mysticeti-C achieves a significant latency improvement compared to certified DAG BFTs by avoiding explicit certification of the DAG blocks and deriving certificates from the DAG structure.

FastPay: High-Performance Byzantine Fault Tolerant Settlement

  • Link: https://arxiv.org/abs/2003.11506
  • Publication: ACM Conference on Advances in Financial Technologies (AFT), 2020
  • Relevance: FastPay describes the core logic of the IOTA blockchain protocol for owned object transactions.
  • Summary: FastPay allows a set of distributed validators, some of which are Byzantine, to maintain a high-integrity and availability settlement system for pre-funded payments. It can be used to settle payments in a native unit of value (crypto-currency), or as a financial side-infrastructure to support retail payments in fiat currencies. This is not the protocol IOTA uses, yet it proposes the basic safety mechanism that IOTA extends. FastPay is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has low-latency for both confirmation and payment finality. Remarkably, each validator can be sharded across many machines to allow unbounded horizontal scalability.

HammerHead: Score-based Dynamic Leader Selection

  • Link: https://arxiv.org/pdf/2309.12713
  • Publication: IEEE International Conference on Distributed Computing Systems (ICDCS), 2024
  • Relevance: The IOTA consensus protocol uses a variant of the Mysticeti consensus algorithm due to its lower latency and leader scoring strategy stemming from the HammerHead's approach to update the leader scheduler in Mysticeti.
  • Summary: We explore the ideas pioneered by Carousel on providing Leader-Utilization and present HammerHead. Unlike Carousel, which is built with a chained and pipelined consensus protocol in mind, HammerHead does not need to worry about chain quality as it is directly provided by the DAG, but needs to make sure that even though validators might commit blocks in different views the safety and liveness is preserved. Our implementation of HammerHead shows a slight performance increase in a faultless setting, and a drastic 2x latency reduction and up to 40% throughput increase when suffering faults (100 validators, 33 faults).

Zef: Low-latency, Scalable, Private Payments

  • Link: https://arxiv.org/abs/2201.05671
  • Publication: Not published yet (under submission)
  • Relevance: Extends the FastPay design to support objects (rather than accounts), what IOTA actually uses. An additional contribution of this paper is to add strong privacy to FastPay transactions (but IOTA does not plan to do this).
  • Summary: Zef is the first Byzantine-Fault Tolerant (BFT) protocol to support payments in anonymous digital coins at arbitrary scale. Zef follows the communication and security model of FastPay: both protocols are asynchronous, low-latency, linearly-scalable, and powered by partially-trusted sharded validators. Zef further introduces opaque coins represented as off-chain certificates that are bound to user accounts. In order to hide the face values of coins when a payment operation consumes or creates them, Zef uses random commitments and NIZK proofs. Created coins are made unlinkable using the blind and randomizable threshold anonymous credentials of Coconut. To control storage costs associated with coin replay prevention, Zef accounts are designed so that data can be safely removed once an account is deactivated. Besides the specifications and a detailed analysis of the protocol, we are making available an open source implementation of Zef in Rust. Our extensive benchmarks on AWS confirm textbook linear scalability and demonstrate a confirmation time under one second at nominal capacity. Compared to existing anonymous payment systems based on a blockchain, this represents a latency speedup of three orders of magnitude, with no theoretical limit on throughput.