Author: Limo

The Tangle,, the Future – Interview with Robert A. Küfner, CEO of

The Tangle,, the Future – Interview with Robert A. Küfner, CEO of

Today, I have the pleasure to present the interview I had with the creator and CEO of Robert A. Küfner. is a Berlin-based company, that committed itself to innovation, business development and the creation of business models, using distributed systems -particularly the Tangle ledger of IOTA.

We have seen several livestreams, meetups, and articles about their work, that is giving us valuable information of what we can expect in the field of distributed ledger technologies and where we are heading.

Their latest meetup in Zug, with the Keynote-speaker Oliver Bussmann, President of the Cryptovalley in Zug, gave us a great overview of the status quo of cryptocurrencies and their impact.

Also interesting is their latest announcement: -a project that will enable the tokenization of assets on the Tangle, which is comparable to the ERC20 layer on Ethereum.

Thank you, Robert, for the opportunity!


1. Can you tell us a little bit about yourself, like how did you slide into the realm of cryptocurrency?

I first got involved in crypto back in 2010. I came across an article about Bitcoin and it shook my world. I knew then as I know now that the idea behind it was revolutionary. Back then though, it wasn’t a movement, it was a bunch of computer geeks having fun.

The more I learned about it though, the more I wanted to be a part of it, and in 2013 I founded the first publicly listed company to be focused solely on Distributed Ledger Technology, Smart Equity AG, with my good friend and business partner, Michael Geike.

DLT became my life. I become more and more involved in the space and eventually wound up speaking to Dr.Gavin Wood in London. Dr.Wood introduced me to the idea of smart contracts and I was instantly hooked and invested in the Ethereum crowd-sale, which would then go on to provide a basis for a lot of what we’re doing now.

I’ve always understood myself as an evangelist for a decentralized world and after following the developments in the space for so long I was eager to have a solid impact on it. After being introduced to IOTA early on by Florian Reike, I felt I had the right background, knowledge, and network in the cryptospace, as well access to incredible technology in the Tangle, and possibly most importantly, the right timing.

It’s been almost ten years since the launch of Bitcoin, but the Distributed Ledger Technology movement is only really taking a firm hold now – it feels like we’re talking about the development of the Internet in the early 90s.


2. When you created, what was the business model, the focus and the problems you wanted to solve? has always been about connecting the real-world with the huge potential of Distributed Ledger Technology – that’s our slogan, our motto – it’s what the team lives by.

Our business model has evolved over time as we’ve realized just how huge the market for what we can deliver is. Initially, we wanted to focus all our attention on the peaq project. While we’re still doing that, we’ll also be taking on clients looking for DLT based software solutions with the help of Advanced Blockchain AG – and there are plenty of opportunities out there.

We’ll be helping all kinds of businesses to make the leap into the DLT world, and take full advantage of the countless benefits that come with doing so. The more companies make the jump into DLT, the closer the world will move towards a token economy.


3. Your new project, which is comparable to the ERC-20 standard in Ethereum enables the tokenization of almost every value asset in the real world. Can you give us a small introduction to what your vision of is and what it can enable that is not yet created?

The ICO world went crazy after people realized how easy it was to create their own tokens, but a lot of people were eventually let down by the underlying technology – blockchain. A lot of projects never really took off because of inherent drawbacks with blockchain, like scalability, transaction fees, and high running costs. is picking up where the ERC 20 left off. peaq is a token creation framework built on the Tangle network, making it possible to tokenize virtually anything you perceive to have value and trade or send it around the world in seconds. With the Tangle technology at our fingertips, we’re opening up a whole new dimension to the token economy, limited only by the imagination of those who choose to build on peaq.

peaq will make it possible for startups to go public on the day they’re created, giving them access to the capital they need to develop fast. Banks and financial institutions will finally be able to benefit from DLT thanks to the scalable, zero-fee framework that the DAG provides. It’s also not currently economically viable to trade stocks and shares on the blockchain because of ‘Gas’ prices and scalability limits – peaq will change this too. This is by no means an exhaustive list, but it sheds light on the sort of potential we’re looking it. Many of the use cases for the platform are yet to be thought of.


4. During the presentation of, a group of people in the IOTA slack were concerned that would lead to a new ICO-storm, based on the Tangle. Can you give us your point of view about possible ICO’s and how we can ensure, that these kinds of crowdfundings are, not again, used in a bad way?


I think they make fair points, and to an extent I share their concerns – but one must keep in mind that it’s very difficult to weed out the bad projects from the good ones without imposing your views and opinions on them and therefore limiting the imagination of others – and ICOs are a great tool for financing start-ups.

As much as I’m against ICO scams and people using great technology for bad things – I feel as though this may be a necessary phase. In the same way, the internet was flooded with all sorts of good-for-nothing websites at the start, and the same way Bitcoin was used for all sorts of awful things during the first few years.

It will show that firstly, the framework works, and secondly, people are interested in it and know how to use it. The next step will be for the projects that are built for good and built to last to gain momentum and trust.

If a Tangle based ICO-storm does happen, it will be down to the people to weed out the good projects from the bad, and I’m confident that the good projects will be successful in the long-run and in a great position to make use of this cutting-edge technology to make the world a better, more efficient place.

Similar to the way Ethereum made blockchain technology widely-available and easily accessible, our goal is to bring the wonders of the Tangle Network to the people. We’re creating the tool, we’re not telling people how to use it.


5. What do you think will be the impact of blockchains in the next 5-10 years and especially IOTA which is already disrupting the “enterprise” blockchains of today?


I think it’s very important to distinguish between Distributed Ledger Technology and blockchain. Blockchain is a subcategory of DLT, as is the Tangle Network.

Many people like to refer to the crypto movement by calling it things like the ‘blockchain revolution’. Blockchain was a big step forward, there’s no doubt about it, but the technology has peaked young – blockchain is outdated. The Tangle network is the first example of a new breed of Distributed Ledger Technology that will pick up where blockchain left off and improve on it exponentially.

It’s obviously very difficult to predict precisely what will happen over the next few years in such a young, fast-moving industry – but I see DLT revolutionizing the way we do business. I see distributed ledgers bringing industries together and creating new applications, new markets, new economies. More and more real-world assets and ideas will be tokenized, and the token economy will begin to take hold of a more efficient, more inclusive world.

I’m a very firm believer in the IOTA project. I think it’s a great concept coming at a great time, and could have a really big impact on the machine-to-machine economies of the future, and beyond.


Thank you for your time and my best wishes for your efforts! We’re looking forward to your next projects and livestreams!


Blockchains, Bandwagons and Chances.

Blockchains, Bandwagons and Chances.

We believe that the economy works best when it works for everyone, and this new platform is an engine for inclusionDon Tapscott,  ‎Alex Tapscott in Blockchain Revolution

The majority of active members in Cryptoland share this vision, one way or another. It’s quite rare to see that people are in complete agreement, in unison, when it comes to innovation and possible prospects of a technology.

It seems like the field of Blockchains is such a rare case.

8 years ago, 2009, when Satoshi uploaded his whitepaper for the Bitcoin, nobody knew what a Blockchain is.

Bitcoin? Isn’t that this weird Internet money? A way to buy drugs, anonymity, emancipation, a way past the banks. Who knows.

The last years have shown, that these decentralized peer to peer systems can be helpful in many regards.

We can share information, values or we can make contracts, and no one needs to rely on the authenticity of a signature, made by the contractors, bank employees or whoever is part of the deal.

We also can become millionaires in a blink of an eye.

The Blockchain seems to be an overwhelmingly potential thing, and people start to realize that this piece of technology is here to stay.

We all had this moment when we met old friends and we talked about our career, hobbies, what are you doing right now?


At this point, we do not explain all 1471 cryptocurrencies. We also don’t explain proof of stake, BIP148, hashes, or scalability. But we boil it down to: “a great new technology, that could be beneficial for all of us“.

Yes -eventually, Blockchains or distributed ledger technologies (DLT) will shape the technological landscape of the future for the better.

Over the last years, the great vision of blockchains was dyed in humanity. 

You can easily check for yourself: go to Twitter and look for #bitcoin , #ethereum or #iota and read the first 20 tweets.

It seems like reality in social media channels doesn’t reflect the great vision of a future, built on blockchains, that we all believe in.

Bitcoin is great, who needs Ethereum?

IOTA is a scam, fuck those altcoins!

If I were you, I would invest in Pumpcoin, you heard it here first. 

The homo oeconomicus dominates the majority of communication of Blockchains. We do believe in Blockchains, as long as it is our Blockchain, we invested in.

What hypocrisy.

The reason isn’t really mindblowing.

People know that the cryptocurrency-tsunami of investments will be a stepstone for a new generation of millionaires, and they also believe that the more they communicate and advertise, the higher the chances are that they are surfing straight into the six and seven digit Dollar club.

That, of course, doesn’t tell us anything about the technological perks, the technical quality of the system they are cheering for.

We can replace all those tweets, texts and messages with “Buy ***coin, make me rich, please”.

That works in 99% of all cases. At this point, I recommend you go to Twitter and look for #bitcoin: Link.

And there are millions a day. Cryptocurrency/Blockchains have become “the game of pump“.

The incentive of earning money is way higher than supporting the technology itself.

That leads to the neverending brigading, FUD’ing and lying, regardless of the truth.

It also leads to forks, mining conglomerates, and divided communities.

People create useless forks, they create special vocabulary that sounds meaningful, or they write long, technical blog posts where they compare the old system with their new, better Blockchain with a fancy logo or a quote of a renowned person, that vouches for the upcoming initial coin offering (ICO).

People collect hundreds of millions of Dollars, for a 5 head developer-team.

The innovation, luckily, doesn’t take place in social media channels and is not equivalent to the initial amount of investments. It happens behind closed curtains because partnerships are behind NDA’s, in most cases.

If you invest in Blockchains, invest in the technology, the team, the prospects and the advantages it has over others, despite what social media writes on a Thursday in November.

If you follow social media channels, you may take short-term gains, that are based on emotional market-reactions, but the best strategy is looking for the best tech, your favorized project and to hold onto it. For years, if necessary.

This is not a cheerful article for IOTA, this is just a reminder, that we should not lose the aim for all of this. This is greater than our purse, so let’s not reduce it to a Kardashian’esque reality soap.

Needless to say, I’m looking forward to times, when exchanges, ICO’s and crypto-industries are regulated by governments. Yes. Governments. They are here to stay anyway. Maybe for taking part in the technical and neutral maintenances of these systems, while they provide 10% of the hashpower for earning parts of the currency.

A self-sustaining task, that would fit the government while people and companies could use these distributed systems for their purposes.  Just an idea of a solution for a disrupting innovation. Same could work with banks. They couldn’t stop the network, but they could become a useful part of it.

We need to accept banks and governments because unregulated systems lead to game-theoretical circle jerking, where everyone works for himself.

Why? Because the image of Satoshi’s vision implied improvement of life, emancipation for the people, we either believe in it, or we reduce that to a flowery phrase that fits right into the buzzword banter of investors.

He didn’t want to create a playground for ludicrous investors, cryptocurrency casino web pages, pump & dump groups or emotional discussions on Reddit, that are solely aiming for changing the sentiment of a cryptocurrency.

What we need is an education for our future. A solid comprehension for the possibilities of cryptocurrencies, not investment wise.

Bitcoin is already used in countless countries. The value of a BTC is over $7000, as I’m writing. Is the value of one bitcoin important? Not for the innovation.

Apart from the price that holds investors captive, Bitcoin is used as a standard currency already. Over 330 ATM all over the world make it possible to use Bitcoin in people lifes on a daily basis.

Currencies are one field, technological advances for the producing industry is another.

These technologies are not just objects of an investment game, they are part of a paradigm shift on a global scale.

Foxconn already communicated that ~300.000 of their 400.000 workers are replaced by machines in the near future. Distributed ledger technologies are on the verge of being used everywhere. 

The World Economy Forum in Davos hosted presentations and discussions for over 2500 managers, thought leaders and scientists.

They debated about networking, big data, robotics, automation, artificial intelligence and the Internet Of Things. Better known as Industry 4.0.

Ask any company, bank, government for the importance and disruptive impact magnitude of distributed ledger technologies. They already know that for years.

The Deutsche Bank released parts of an internal study with an intimidating result: For the first time in industrial times, an industrial revolution will destroy workplaces instead of creating them.

A heavy transformation for industry and society.

We don’t need Tradingview, bots for margin trading, or hashtags with edgy love-declarations for a coin.

We need solutions, to integrate these systems in the financial and industrial infrastructures, to embrace the coming century.

This enabler tech could bring basic wealth for every region on the globe, it could transform the energy sector, revolutionize the sharing or exchanging of value, it could enable a new, stable form of democracy and shift our society from a purely antagonistic, hedonistic, to a thriving, thinking, sustainable society.

We are taking part in interesting times that possibly change the way we live and work on a global scale, forever.

We should accept them as such and use innovation to make it happen, in the best way possible, instead of advertising innovation towards our own pockets.

Don’t get confused in the social media madhouse that chases profits.


SatoshiPay live-demo with IOTA flash-channels

SatoshiPay live-demo with IOTA flash-channels

Online payments

Today, online sales are done with a few conditions.

Usually, these conditions involve paying high transaction fees, time for the registration, an agreement to a monthly payment, loading up a customer account or reaching a minimum order level before buyers are able to purchase things online, while security standards are not always on the highest level.

These issues apply to both sides, customers, and suppliers.

Requirements of these online-payments can be diverse for both parties:

Requirements for Buyer Requirements for Seller
Highest security Highest security
Insurance in case of a loss/damage Reliability of the payments and network
Low fees Low transaction fees
Cancellation option Minimization of shortfall in payment
High acceptability Cost-efficient implementation
Usability Simple management
Low time for delivery Speedy payment procedure
Low Hardware-requirements Low running costs


E-commerce in 2017 can be, therefore, many things. Todays payment-options are either fast, cheap, or simple, but not all in once due to the technical limitations of the common systems such as high transaction fees, clunky processes due to security reasons, or minimum order value.


2014 Satoshipay was founded by Meinhard Benn (CEO), Henning Peters (Technical Advisor), Kilian Thalhammer (Payment Advisor) in London, with their headquarters in Berlin.

Satoshipay enabled e-commerce payments when they started with Bitcoin, but after months of developing, testing and strategic decisions, they decided to go with IOTA instead.

With IOTA as the backend technology, SatoshiPay is able to offer the highest standards of online-payments with all advantages.

  • Incredibly fast
  • Lowest fees
  • Decentralized, reliable system
  • 100% Data-integrity for secure payments
  • No third-party access
  • No minimum order value
  • True micro-payments
  • Easy integration for websites
  • Low running costs

One practical use-case of buying an online daily news-article, therefore, can be a new experience.
As many providers offer a membership with a flat-rate, or monthly price for access to an article section, it’s practically impossible to buy just a single article for a quarter, online, without any further liability.
SatoshiPay enables a new form of online payments where customers will be able to pay for a single article without having to bother about any requirements on top of that.

This barrier-free solution is the future of online payments as it combines all perks a payment provider can offer today.

IOTA’s Tangle architecture makes it furthermore future-proof, as the system becomes faster, the more people use it and a quantum-proof algorithm is integrated for the challenges of tomorrow.

The Satoshipay IOTA Flash Demo

The SatoshiPay + IOTA proof-of-concept demo shows how the powerful IOTA system can be used as the settlement system in SatoshiPay’s backend to execute payments over the web.

Originally, SatoshiPay used the Bitcoin blockchain as settlement layer, the only viable option at the time. But as the transaction fees in the Bitcoin network increased to unacceptable levels, it was necessary to switch to a system which could provide a long-term, scalable solution for transacting nanopayments at speed.

The IOTA distributed ledger technology is exactly such a solution. The IOTA network (the “Tangle”), offers zero-fee transactions and does not limit the number of transactions per second, making it unique among cryptocurrencies and an ideal ledger technology for SatoshiPay’s future needs.

Satoshipay writes:

As of today, we have a working demo that supports initial funding of the SatoshiPay web wallet with IOTAs, nano payments for individual content items and pay-outs to content publishers. As with the current SatoshiPay solution, no extra software needs to be downloaded by the consumer and there is no log-in. The consumer also never gives up control over their funds, because their private keys approving fund transfers is never shared with SatoshiPay.

The demo is here available
(Google Chrome recommended)

Step by step instructions of the Demo:

  • When a user visits a website with SatoshiPay installed, an IOTA wallet is immediately created on their behalf in the browser.
  • To begin the demo, start by filling your IOTA wallet. In our demo, the wallet will be funded for free. Notice that there’s a zero in the center of the orange circle located in the bottom right-hand corner of the website. This means that your wallet’s balance is currently 0i. Let’s change this by filling your wallet: Start by clicking the orange circle located in the bottom right-hand corner of the website to open the wallet. Click “Fund the Channel”, wait a few seconds for the proof-of-work to finish, and you’ll now see a positive balance in your wallet. (Proof-of-work is required to participate in the IOTA network, the Tangle.)
  • Close out of the wallet and scroll down on the demo website to find the “See it in action” section. In this section, there are links to various content items. Click on any one of them and notice that the content is behind a paywall.
  • This content is accessed for just fractions of a cent, and denominated in IOTA (see exchange price here). Click the orange “Pay -amount- i” button located at the upper left-hand corner of the content, wait a few seconds, and the content will become available to you! 90% of the IOTA paid is transferred to the content owner, while SatoshiPay deducts a flat 10% service fee. No other payment service provider has ever been able to enable transactions this small at such a low fee. This is nano payment magic.
    • Troubleshooting: It may take a few seconds for the content to load after making the payment. If it takes longer than 10 seconds, open your wallet (by clicking the orange circle in the bottom right-hand corner of the website) and click “Channel Transactions”. Doing this should allow the content to properly load. Remember that this demo is only meant to be used on a Google Chrome browser.
  • Rinse & repeat. For every content item the content owner sells, there’s a flat 10% fee charged by SatoshiPay. No matter how high or low the price, no matter how many sales. The content owner is paid out in IOTA tokens, which can then, in turn, be converted into fiat (Euro, Dollars, etc.) via an exchange. Feel free to purchase more content items on the demo website, explore the wallet’s past transactions, or even reset the demo and start over.
  • When finished, go to the wallet and press “Close Channel”. Your Flash Channel will be closed and your transaction bundle will be attached to the main Tangle. You can still reset the demo after that.

Technical Highlights

IOTA’s Flash Network:

While the IOTA Tangle only increases in speed as more users adopt it – to a point where there is for “all practical purposes unlimited throughput” – the Flash Network is a protocol implemented to make sure large volumes of transactions can be performed at speed today. Over time, as the Tangle adoption rate grows, the IOTA Flash Network will not be needed.

The creation of the proof-of-concept website coincided with the announcement and early release of IOTA’s new Flash Network technology, which allows instantaneous payments by creating a layer on top of the IOTA ledger. Our demo features a fully browser-based implementation of the Flash Network.

SatoshiPay’s Settlement System:

SatoshiPay is an interface that creates paywall features straight in the browser and interacts with a settlement network in the back (in the present case, the IOTA Tangle). By installing the SatoshiPay widget on a website, a content owner is able to sell content directly to their visitors without asking them to log in or install anything.

It works by installing a crypto-wallet in the user’s browser, over which the user has full control (i.e. neither SatoshiPay nor any 3rd party can’t touch any of the funds on the wallet), that can transact directly with the website owner. Because SatoshiPay facilitates peer-to-peer transactions between two participants on a distributed ledger, there’s much lower friction and overheads. This means it’s economically feasible to transact in super-small amounts, while only charging 10% tx fee (compared to existing payment service providers, who’ll tend to have a 30c min fee + 2-5%).

Further Instructions are given at



Explaining series: The new IOTA Whitepaper (vers. 1.3) summarized

Explaining series: The new IOTA Whitepaper (vers. 1.3) summarized

When dealing with innovative technology, it’s not always easy to understand the underlying mechanisms and technological features, explained by a whitepaper, as it is written with and for specialists with a thorough understanding of math and statistics.

The following article aims for outlining the most important parts.

Since most of the insights of the whitepaper are not easy to digest, I couldn’t erase all complex parts.

Disclaimer: To catch all information, you should read the whitepaper, as I can not guarantee that I included all necessary information.
Italic written parts are citings from the original document.

1 Introduction and description of the system

For IOTA, we have different layers of necessary information on top of that, that should be kept in mind, when trying to understand the field of application and functionality.

  • The IoT (Internet of Things), a global network of devices, that interact for different purposes with each other. Unlike the Internet, the IoT is not organized in one topology, that is synchronous and connected intrinsically, like a flat field. The IoT is more like a connected infrastructure that is comparable to a bumpy geomorphological landscape, with hills, holes, continents, that are connected via several connectivity types, with divided subnetworks, offline-areas, and usually higher latencies compared to the Web. But also harder to attack with DDoS- attacks due to its natural barriers and mesh-net connection.
  • Blockchains. A peer to peer network, that enables many use-cases, often bears a monetary incentive for miners or investors, and also could be a key-technology for disrupting certain industries, such as Fintech or bigdata-markets. Blockchains are running on the Internet.
  • Its derivative DLT (Distributed Ledger Technology), a technology that shares some similarities with blockchains. The difference is the chronological order, that is used to store information and value in blocks and chains, while distributed ledger technologies share these values or information between all nodes in their network. That means, that although all blockchains have distributed values, they are usually bound to the chronological order of blocks, ordered in a chain, which is not the case in DLT’s. That difference makes IOTA architecture different in many regards, while it keeps the advantages of blockchains.
  • The DAG (Directed Acyclic Graph). A mathematical graph, that is used for ordering and updating nodes or edges. Important here is that along its path, dependencies exist, that make it impossible for a confirmation of a transaction to “travel” back to its origin. Cycles are not allowed in a DAG. That means that once information is induced, it’s impossible to change it afterwards, which is an important part of the consensus-rule.
  • IOTA, the software/cryptocurrency/protocol that is based on the Whitepaper of the Tangle by Prof. Serguei Popov.
    IOTA is made for the machine economy in the IoT, so it’s natural habitat is a mesh-network, where asynchronicity and offline-clusters are part of the system. The Tangle that is based on a DAG for IOTA brings up the following rule: transactions between nodes can only be conducted if nodes reference two other unconfirmed transactions.
  • Therefore, users act as both: miners and validators. Consensus is not decoupled, like in most Blockchains.

Along their way, unconfirmed transactions are referenced. If they are referenced by good nodes, they earn “weight” and “cumulative weight” (Figure 1, bold numbers). The latter is the most important measurement for transactions on a way to its network approval. The referencing of good nodes is usually based on the fact that the tip is not created by a lazy node, so it did participate in the approval of newer transactions.

Prof. Serguei Popov writes:

In order to issue a transaction, a node does the following:

• The node chooses two other transactions to approve according to an algorithm.
In general, these two transactions may coincide.

• The node checks if the two transactions are not conflicting, and does not approve
conflicting transactions.

• For a node to issue a valid transaction, the node must solve a cryptographic
puzzle similar to those in the Bitcoin blockchain. This is achieved by finding a
nonce such that the hash of that nonce concatenated with some data from the
approved transaction has a particular form. In the case of the Bitcoin protocol,
the hash must have at least a predefined number of leading zeros.


The IOTA network is asynchronous. In general, nodes do not necessarily see the same set of transactions. 

The tangle may contain conflicting transactions. The nodes do not have to achieve
consensus on which valid transactions have the right to be in the ledger, meaning
all of them can be in the tangle. However, in the case where there are conflicting
transactions, the nodes need to decide which transactions will become orphaned. 

The confidence level of a transaction is decided by the tip-selection algorithm (MCRW), that selects transactions for confirmation according to their cumulative weight. If the cumulative weight is high, the tip is more likely to get chosen. Lazy tips: a node, that conducts a new transaction and avoids doing too much pow via choosing older transactions for approval. This lazy node creates a lazy tip, that is less likely to be chosen because the low cumulative weight leads to a slow or non-selection of the MCRW tip-selection algorithm.

2 Weights and more

The following part in the whitepaper describes the weight of a transaction and other indicators.

The weight of a transaction is proportional to the amount of work that the issuing node invested into it.

The weight is attached to a transaction via positive integer, which means a whole number that can be read when reading the information of the transaction and the bundle it’s in.

In general, the idea is that a transaction with a larger weight is more “important” than a transaction with a smaller weight.

The basic idea of the weight is to give transactions an indicator if they are valid and coming from a “good node”.

It’s practically impossible to generate “an abundance of transactions with acceptable weights in a short period of time“.


  • Weight:
    The weight of a transaction is proportional to the amount of work that the issuing node invested into it
  • Cumulative weight:
    The own weight of a particular transaction plus the sum of own weights of all transactions that directly or indirectly approve this transaction.
  • Tips:
    Unapproved transactions in the tangle graph.
  • Height:
    The length of the longest oriented path to the genesis.
  • Depth:
    The length of the longest reverse-oriented path to some tip.
  • Score:
    The score of a transaction is the sum of own weights of all transactions approved by this transaction plus the own weight of the transaction itself.

For a thorough understanding of these indices, I recommend reading section 2 of the whitepaper, as it describes the calculations of the cumulative weight. To draw a conclusion: The more pow is done by honest nodes, the higher the cumulative weight gets.

3 Stability of the system, and cutsets

Under the assumption that all devices in the Tangle network have the same computational power, the approval of tips is distinguished in 2 different scenarios:

Low load: the typical number of tips is small, and frequently becomes 1. This may happen when the flow of transactions is so small that it is not probable that several different transactions approve the same tip. Also, if the network latency is very low and devices compute fast, it is unlikely that many tips would appear. This even holds true in the case when the flow of transactions is reasonably large. Moreover, we have to assume that there are no attackers that try to artificially inflate the number of tips.

High load:  the typical number of tips is large. This may happen when the flow of transactions is large, and computational delays together with network latency make it likely that several different transactions approve the same tip.

As written in the whitepaper, there is no clear borderline between those two scenarios, just an informal distinction in order to showcase extreme cases.


Important indicators:

  • L(t):
    The total number of tips in the system at time t.
  • h:
    The average time a device needs to perform the PoW
  • λ:
    Poisson point process that can be applied to the large number of incoming transactions from roughly independent entities
  • r:
    Revealed tips. Tips that were attached to the tangle before time t − h (before the PoW was done)
  • λh:
    Hidden tips. Tips that were attached to the tangle simultaneously when the PoW was done. [t − h, t)

The stability of the total number of tips L(t) is the most important point to assess the rate of approval in both load-regimes.


  • We assume that the number of tips remains roughly stationary in time and is concentrated around a
    number L0 > 0
  • In the stationary regime, this mean number of chosen tips should be equal to 1


Approval in the low regime: 

The situation in the low load regime is relatively simple. The first approval happens on an average timescale of order λ^−1 since one of the first few incoming transactions will approve a given tip.

Approval in the high regime:

One may assume that the Poisson flows of approvals to different tips are independent and have an approximate rate of 2λ/L0. Therefore, the expected time for a transaction to receive its first approval is around L0/(2λ) ≈ 1.45h

However, it is worth noting that for more elaborate approval strategies, it may not be a good idea to passively wait a long time until a transaction is approved by the others. This is due to the fact that “better” tips will keep appearing and will be preferred for approval. Rather, in the case when a transaction is waiting for approval over a time interval much larger than L0/2λ, a good strategy would be to promote this latent transaction with an additional empty transaction. In other words, a node can issue an empty transaction that approves its previous transaction together with one of the “better” tips to increase the probability that the empty transaction receives approval. -> 

-> which can lead to an attack, described later.


1. We distinguish between two regimes, low load and high load (Figure 3).

2. There are only a few tips in the low load regime. A tip gets approved for the
first time in Θ(λ^−1) time units, where λ is the rate of the incoming flow of

3. In the high load regime, the typical number of tips depends on the tip approval
strategy employed by the new transaction.

4. If a transaction uses the strategy of approving two random tips, the typical
number of tips is given by (equation 1). It can be shown that this strategy is optimal
with respect to the typical number of tips. However, it is not practical to adopt
this strategy because it does not encourage approving tips.

5. More elaborate strategies are needed to handle attacks and other network issues.
A family of such strategies is discussed in Section 4.1 (of the Whitepaper).

6. The typical time for a tip to be approved is Θ(h) in the high load regime,
where h is the average computation/propagation time for a node. However, if
the first approval does not occur in the above time interval, it is a good idea
for the issuer and/or receiver to promote that transaction with an additional
empty transaction.

7. It can be observed that at any fixed time t the set of transactions that were tips at some moment
s ∈ [t, t + h(L_0, N)] typically constitutes a cutset. Any path from a transaction
issued at time t’ > t to the genesis must pass through this set. It is important
that the size of a new cutset in the tangle occasionally becomes small. One may then
use the small cutsets as checkpoints for possible DAG pruning and other tasks.

3.1 How fast does the cumulative weight typically grow?

The cumulative weight is the most important indicator, because most of attack vectors can be created around this indicator.

Tip approval is mostly based on the cumulative weight, therefore, one must understand the cumulative weight adaptation rate.

Prof. Popov writes in a footnote:

In fact, the author’s feeling is that the tip approval strategy is the most important ingredient for constructing a tangle-based cryptocurrency. It is there that many attack vectors are hiding. Also, since there is usually no way to enforce a particular tip approval strategy, it must be such that the nodes would voluntarily choose to follow it knowing that at least a good proportion of other nodes does so.

The growth of cumulative weight in:

Low regime:  After a transaction gets approved several times, its cumulative weight will grow with speed λ because all new transactions will indirectly reference this transaction.

High regime: In the case where the network is in the high load regime, an old transaction with a large cumulative weight will experience weight growth with speed λ because essentially all new transactions will indirectly reference it. Moreover, when the transaction is first added to the tangle it may have to wait for some time to be approved. In this time interval, the transaction’s cumulative weight behaves in a random fashion.


  • H(t):
    As the expected cumulative weight at time t (for simplicity, we start counting time at the moment when our transaction
    was revealed to the network, i.e., h time units after it was created).
  • K(t):
    As the expected number of tips that approve the transaction at time t.

The whitepaper offers complicated calculations at this point that lead to the cumulative weight adaptation rate of:


1. After a transaction gets approved multiple times in the low load regime, its
cumulative weight will grow with speed λw, where w is the mean weight of a
generic transaction.

2. In the high load regime, there are two distinct growth phases. First, a transaction’s
cumulative weight H(t) grows with increasing speed during the adaptation
period according to (equation 8 – in the whitepaper). After the adaptation period is over, the cumulative
weight grows with speed λw (Figure 4). In fact, for any reasonable strategy,
the cumulative weight will grow with this speed after the end of the adaptation
period because all incoming transactions will indirectly approve the transaction
of interest.

3. One can think of the adaptation period of a transaction as the time until most
of the current tips indirectly approve that transaction. The typical length of
the adaptation period is given by (equation 7 – in the whitepaper).

4 Possible attack scenarios

Outpacing attack/large weight attack:

1. An attacker sends a payment to a merchant and receives the goods after the
merchant decides the transaction has a sufficiently large cumulative weight.

2. The attacker issues a double-spending transaction.

3. The attacker uses their computing power to issue many small transactions that
approve the double-spending transaction, but do not approve the original transaction
that they sent to the merchant either directly or indirectly.

4. It is possible for the attacker to have a plethora of Sybil identities which are
not required to approve tips.

5. An alternative method to item 3 would be for the attacker to issue a big doublespending
transaction using all of their computing power. This transaction would have a very large own weight,
and would approve transactions prior to the legitimate transaction used to pay the merchant.

6. The attacker hopes that their dishonest subtangle outpaces the honest subtangle.
If this happens, the main tangle continues growing from the doublespending
transaction, and the legitimate branch with the original payment to
the merchant is orphaned (fig. 5)

7. From the above discussion (calculations in the whitepaper), it is important to recognize that the inequality λ > µ
should be true for the system to be secure. In other words, the input flow of “honest”
transactions should be large compared to the attacker’s computational power.
Otherwise, the estimate (equation 12) would be useless. This indicates the need for additional
security measures, such as checkpoints, during the early days of a tangle-based
system.  -> the Coordinator

8. When choosing a strategy for deciding which one of two conflicting transactions
is valid, one has to be careful when using cumulative weight as a decision metric.
This is due to the fact that cumulative weight can be subject to an attack similar
to the one described in Section 4.1, namely, the attacker may prepare a doublespending
transaction well in advance, build a secret subtangle referencing it, and
then broadcast that subtangle after the merchant accepts the legitimate transaction.
A better method for deciding between two conflicting transactions might be the one
described in the next section: run the tip selection algorithm and see which of the
two transactions is indirectly approved by the selected tip.

4.1 A parasite chain attack and a new tip selection algorithm

1. An attacker secretly builds a subtangle that
occasionally references the main tangle to gain a higher score. Note that the score
of honest tips is roughly the sum of all own weights in the main tangle, while the
score of the attacker’s tips also contains the sum of all own weights in the parasite
chain. Since network latency is not an issue for an attacker who builds a subtangle
alone27, they might be able to give more height to the parasite tips if they use a
computer that is sufficiently strong. Moreover, the attacker can artificially increase
their tip count at the moment of the attack by broadcasting many new transactions
that approve transactions that they issued earlier on the parasite chain (Figure 6).
This will give the attacker an advantage in the case where the honest nodes use some
selection strategy that involves a simple choice between available tips.

2. To defend against this attack style, we are going to use the fact that the main
tangle is supposed to have more active hashing power than the attacker. Therefore,
the main tangle is able to produce larger increases in cumulative weight for more
transactions than the attacker. The idea is to use a MCMC algorithm to select the
two tips to reference

3. It is easy to see why the MCMC selection algorithm will not select one of the attacker’s
tips with high probability. The reasoning is identical to the lazy tip scenario:
the sites on the parasite chain will have a cumulative weight that is much smaller
than the sites that they reference on the main tangle. Therefore, it is not probable
that the random walker will ever jump to the parasite chain unless it begins there,
and this event is not very probable either because the main tangle contains more

4. In any case, there is not a large incentive for the nodes to be selfish because possible gains
only amount to a slight decrease in confirmation time. This is inherently different
from other decentralized constructs, such as Bitcoin. The important fact is that nodes
do not have reasons to abandon the MCMC tip selection algorithm.

4.2 Splitting attack

1. Aviv Zohar suggested the following attack scheme against the proposed MCMC algorithm.
In the high-load regime, an attacker can try to split the tangle into two
branches and maintain the balance between them. This would allow both branches
to continue to grow. The attacker must place at least two conflicting transactions
at the beginning of the split to prevent an honest node from effectively joining the
branches by referencing them both simultaneously. Then, the attacker hopes that
roughly half of the network would contribute to each branch so that they would be
able to “compensate” for random fluctuations, even with a relatively small amount
of personal computing power. If this technique works, the attacker would be able to
spend the same funds on the two branches

2. To defend against such an attack, one needs to use a “sharp-threshold” rule that
makes it too hard to maintain the balance between the two branches. An example
of such a rule is selecting the longest chain on the Bitcoin network.

3. It is worth noting that the attacker’s task is very difficult because of network
synchronization issues: they may not be aware of a large number of recently issued

4. Another effective method for defending against a splitting attack
would be for a sufficiently powerful entity to instantaneously publish a large number
of transactions on one branch, thus rapidly changing the power balance and making
it difficult for the attacker to deal with this change. If the attacker manages to maintain
the split, the most recent transactions will only have around 50% confirmation
confidence (Section 1), and the branches will not grow. In this scenario, the “honest”
nodes may decide to start selectively giving their approval to the transactions that
occurred before the bifurcation, bypassing the opportunity to approve the conflicting
transactions on the split branches

5. One may consider other versions of the tip selection algorithm. For example, if
a node sees two big subtangles, then it chooses the one with a larger sum of own
weights before performing the MCMC tip selection algorithm outlined above.


Attack-scenario conclusion: 

1. We considered attack strategies for when an attacker tries to double-spend by
“outpacing” the system.
2. The “large weight” attack means that, in order to double-spend, the attacker
tries to give a very large weight to the double-spending transaction so that it
would outweigh the legitimate subtangle. This strategy would be a menace
to the network in the case where the allowed own weight is unbounded. As a
solution, we may limit the own weight of a transaction from above, or set it to
a constant value.
3. In the situation where the maximal own weight of a transaction is m, the best
attack strategy is to generate transactions with own weight m that reference
the double-spending transaction. When the input flow of “honest” transactions is
large enough compared to the attacker’s computational power, the probability
that the double-spending transaction has a larger cumulative weight can be
estimated using the formula (12) (see also examples below (equation 12)).
4. The attack method of building a “parasite chain” makes approval strategies
based on height or score obsolete since the attacker’s sites will have higher
values for these metrics when compared to the legitimate tangle. On the other
hand, the MCMC tip selection algorithm described in Section 4.1 seems to
provide protection against this kind of attack.
5. The MCMC tip selection algorithm also offers protection against the lazy nodes
as a bonus.

5 Resistance to quantum computations

As of today, one must check an average of 2^68 nonces to find a suitable hash that allows a
new block to be generated. It is known (see e.g. [source 15]) that a quantum computer would need
Θ(√N) operations to solve a problem that is analogous to the Bitcoin puzzle
stated above. This same problem would need Θ(N) operations on a classical computer.

Therefore, a quantum computer would be around √2^68 = 2^34 ≈ 17 billion times more
efficient at mining the Bitcoin blockchain than a classical computer. Also,
it is worth noting that if a blockchain does not increase its difficulty in response to
increased hashing power, there would be an increased rate of orphaned blocks.
For the same reason, a “large weight” attack would also be much more eefficient on
a quantum computer. However, capping the weight from above, as suggested
in Section 4, would effectively prevent a quantum computer attack as well. This is
evident in iota because the number of nonces that one needs to check in order to find
a suitable hash for issuing a transaction is not unreasonably large. On average, it is
around 3^8. The gain of efficiency for an “ideal” quantum computer would, therefore, be
of order 3^4 = 81, which is already quite acceptable.

More importantly, the algorithm used in the IOTA implementation is structured such that the time to find a nonce is not much
larger than the time needed for other tasks that are necessary to issue a
transaction. The latter part is much more resistant against quantum computing, and
therefore gives the tangle much more protection against an adversary with a quantum
computer when compared to the (Bitcoin) blockchain.

Questions about the whitepaper, its including math or special attack vectors can be discussed in the development slack under #tanglemath


Advertisment ad adsense adlogger