I am releasing a comprehensive report on “Improving the Anonymity of the IOTA Cryptocurrency”. Anyone interested in privacy and anonymity is recommended to read it:

Although they are discussed in more detail in the report, I would like to highlight some of the key points here.

IOTA’s zero fees are its most striking feature. This has led some to hope that IOTA could become the ultimate privacy coin, offering free, private transactions. However, there are several inherent barriers to implementing privacy in IOTA. Some potential approaches involve mixing your coins with those of others. But with no transaction fee, there is less to deter certain attacks against anonymity, such as Sybil attacks, or somebody disrupting a protocol and learning information about other users.

Interrelated to zero fees is the fact that the Tangle distributes transaction confirmation among all users, rather than delegating the job to computationally-powerful miners. This means that any approach to creating and verifying private transactions involving heavy cryptographic computations (such as zk-SNARKS) remains impractical, as it would be outside of the capabilities of the majority of lightweight devices on the IOTA network.

These are difficulties with decentralised or embedded privacy in IOTA. However, trustless, off-ledger mixing offers a promising solution. The development of payment protocols like TumbleBit in Bitcoin represents an exciting step forward because privacy is cryptographically guaranteed, yet need not impact scalability or involve major changes to the core codebase.

The most obvious privacy concern with the IOTA ledger is that if iotas have moved from A to B, you can virtually guarantee that was user A sending money directly to user B. The majority of iotas in circulation can be traced back to a few exchanges. And if you send money to someone, it’s usually not difficult for them to work out your total IOTA balance.

Token mixing services are useful here, because they start to add a level of uncertainty in the ledger, breaking the links of ownership between transactions, which was previously impossible. A small fee can be charged to disincentivise Sybil attackers. The downside of this setup is that it is a trusted one, which is why upgrading to the TumbleBit model is the long-term objective.

Practical First Steps