Tangle Improvement Proposal (TIP) Repository

TIPs are improvement proposals for bettering the IOTA technology stack.

Building the IOTA ecosystem is a community effort, therefore we welcome anyone to propose, discuss and debate ideas that will later become formalized TIPs.

Propose new ideas

Do you have an idea how to improve the IOTA technology stack?

Head over to the discussions page to browse already submitted ideas or share yours!
Once your idea is discussed, you can submit a draft TIP (template here as a PR to the repository.
You will receive feedback from the TIP Editors and review from core devs.
Once accepted, your TIP is merged as Draft.
It is your responsibility to drive its implementation and to present a clear plan on how the new feature will be adopted by the network.
Once implementation is ready and testing yields satisfactory result, the TIP becomes Proposed.
Proposed TIPs that are supported by majority of the network become Active.

You may find more information about the TIP Process in TIP-1.

Stardust TIPs

Stardust is the next upgrade of the IOTA protocol that adds tokenization and smart contract chain support besides many more improvements. Browse the list of TIPs below with the Stardust tag to learn more about what changes.

List of TIPs

Last updated: 2023-10-19
The Status of a TIP reflects its current state with respect to its progression to being supported on the IOTA mainnet.
- Draft TIPs are work in progress. They may or may not have a working implementation on a testnet.
- Proposed TIPs are demonstrated to have a working implementation. These TIPs are supported on Shimmer, the staging network of IOTA.
- Active TIPs are supported on the IOTA mainnet.
- Replaced TIPs have been replaced by a newer TIP.
- Obsolete TIPs are no longer in use.

#	Title	Description	Type	Layer	Status	Initial Target
1	TIP Process	Purpose and guidelines of the contribution framework	Process	-	Active	-
2	White Flag Ordering	Mitigate conflict spamming by ignoring conflicts	Standards	Core	Active	Chrysalis
3	Uniform Random Tip Selection	Perform fast tip-selection to increase message throughput	Standards	Core	Active	Chrysalis
4	Milestone Merkle Validation	Add Merkle tree hash to milestone for local ledger state verification	Standards	Core	Active	Chrysalis
5	Binary To Ternary Encoding	Define the conversion between binary and ternary data	Standards	Core	Active	Chrysalis
6	Tangle Message	Generalization of the Tangle transaction concept	Standards	Core	Replaced by TIP-24	Chrysalis
7	Transaction Payload	UTXO-based transaction structure	Standards	Core	Replaced by TIP-20	Chrysalis
8	Milestone Payload	Coordinator issued milestone structure with Ed25519 authentication	Standards	Core	Replaced by TIP-29	Chrysalis
9	Local Snapshot File Format	File format to export/import ledger state	Standards	Interface	Replaced by TIP-35	Chrysalis
10	Mnemonic Ternary Seed	Represent ternary seed as a mnemonic sentence	Standards	IRC	Obsolete	Legacy IOTA
11	Bech32 Address Format	Extendable address format supporting various signature schemes and address types	Standards	Interface	Replaced by TIP-31	Chrysalis
12	Message PoW	Define message proof-of-work as a means to rate-limit the network	Standards	Core	Active	Chrysalis
13	REST API	Node REST API routes and objects in OpenAPI Specification	Standards	Interface	Replaced by TIP-25	Chrysalis
14	Ed25519 Validation	Adopt ZIP-215 to explicitly define Ed25519 validation criteria	Standards	Core	Active	Chrysalis
15	Dust Protection	Prevent bloating the ledger size with to dust outputs	Standards	Core	Replaced by TIP-19	Chrysalis
16	Event API	Node event API definitions in AsyncAPI Specification	Standards	Interface	Replaced by TIP-28	Chrysalis
17	Wotsicide	Define migration from legacy WOTS addresses to post-Chrysalis Phase 2 network	Standards	Core	Obsolete	Chrysalis
18	Multi-Asset Ledger and ISC Support	Transform IOTA into a multi-asset ledger that supports running IOTA Smart Contracts	Standards	Core	Active	Stardust
19	Dust Protection Based on Byte Costs	Prevent bloating the ledger size with dust outputs	Standards	Core	Active	Stardust
20	Transaction Payload with New Output Types	UTXO-based transaction structure with TIP-18	Standards	Core	Active	Stardust
21	Serialization Primitives	Introduce primitives to describe the binary serialization of objects	Standards	Core	Active	Stardust
22	IOTA Protocol Parameters	Describes the global protocol parameters for the IOTA protocol	Standards	Core	Active	Stardust
23	Tagged Data Payload	Payload for arbitrary data	Standards	Core	Active	Stardust
24	Tangle Block	A new version of TIP-6 that renames messages to blocks and removes the Indexation Payload in favor of the Tagged Data Payload. Replaces TIP-6.	Standards	Core	Active	Stardust
25	Core REST API	Node Core REST API routes and objects in OpenAPI Specification. Replaces TIP-13.	Standards	Interface	Active	Stardust
26	UTXO Indexer REST API	UTXO Indexer REST API routes and objects in OpenAPI Specification.	Standards	Interface	Active	Stardust
27	IOTA NFT standards	Define NFT metadata standard, collection system and creator royalties	Standards	IRC	Active	Stardust
28	Node Event API	Node event API definitions in AsyncAPI Specification. Replaces TIP-16.	Standards	Interface	Active	Stardust
29	Milestone Payload	Milestone Payload with keys removed from essence. Replaces TIP-8.	Standards	Core	Active	Stardust
30	Native Token Metadata Standard	A JSON schema that describes token metadata format for native token foundries	Standards	IRC	Active	Stardust
31	Bech32 Address Format for IOTA and Shimmer	Extendable address format supporting various signature schemes and address types. Replaces TIP-11.	Standards	Interface	Active	Stardust
32	Shimmer Protocol Parameters	Describes the global protocol parameters for the Shimmer network	Standards	Core	Active	Stardust
33	Public Token Registry	Defines an open public registry for NFT collection ID and native tokens metadata	Standards	IRC	Draft	Stardust
34	Wotsicide (Stardust update)	Define migration from legacy W-OTS addresses to post-Chrysalis networks. Replaces TIP-17.	Standards	Core	Obsolete	Stardust
35	Local Snapshot File Format (Stardust Update)	File format to export/import ledger state. Replaces TIP-9.	Standards	Interface	Active	Stardust
37	Dynamic Proof-of-Work	Dynamically adapt the PoW difficulty	Standards	Core	Withdrawn	Stardust

Need help?

If you want to get involved in the community, need help getting started, have any issues related to the repository or just want to discuss blockchain, distributed ledgers, and IoT with other people, feel free to join our Discord.

An attack with fake outputs from malicious node

Discussed in #51

^{Originally posted by lunfardo314 January 21, 2022}

An attack with fake outputs

Assumptions

New Stardust output types introduce metadata in outputs. It is not interpreted by the protocol, so fro the L1 it can be any
The node API provides to clients only outputs and their IDs, in pairs.
Transactions are not stored on the node, they are pruned, therefore not available for the client.
There's no way for the client to check if the data provided with output ID is genuine.

The attack

Malicious public node which wallet is connected to, can easily fake the output data, while keeping genuine output IDs. Wallet has no means to check validity of it.

Specifically, mutable metadata block is not validated by the protocol, therefore it can be replaced by arbitrary data.

This feature makes it possible for the malicious node attack the L2 apps which interpret metadata field in it own way.

Examples

Bad Eve

Alice is running an app:

the app permanently reads her donations address and collects the iotas sent to her by consuming UTXOs and consolidating iotas in her another address
If the UTXO with output also contains metadata block, the app interprets the message by posting it as a string to Alice's public website together with the donated amount.
Eve run a public node. She modifies the node's API the following simple way: in all requested by API outputs in metadata block she replaces all occurrences of string love to hate.
Bob donates 1000i to Alice by sending UTXO with metadata field I love you.
Eve provides the UTXO with faked metadata block to Alice
Alice consumes faked UTXO, collects the donation and displays message 1000i from Bob: I hate you.
this way any the love expressed to Alice will be converted into hate without good way to detect it, because consumed UTXOs will soon be pruned

Potential stealing of funds

If L2 wallet interprets the metadata block as a command to send funds or sender block as owner of funds, the funds can easily be stolen with this attack. This is exactly the case Stardust VM, especially if smart contract chain is run with one validator.

Proposed solution at the protocol level

In the protocol, we can require hash of all concatenated data of inputs used to produce the transaction by the wallet as a part of the transaction essence (signed).

This way the transaction will contain not only output IDs of outputs, but also commitment to the data of outputs used to produce the transaction.

The validation of transaction should be extended with checking in the validation context if hash of referenced outputs by inputs is equal to the hash included into the essence. If wallet used faked inputs, the transaction will be invalidated.

Pros

it prevents the attack. Malicious node will not be able to make the wallet to produce wrong transaction
solution is a simple extension of the protocol in iota.go
storage overhead is only 32 bytes per one transaction
we can keep sending only outputs from API (alternatively we would need to keep and send entire transactions)

Cons

some, rather small, processor overhead in transaction validation
the client still won't be able to detect faked output data. The produced transaction will look valid to the wallet (however it won't be confirmed)

iotaledger / tips Goto Github PK

tips's Introduction

Tangle Improvement Proposal (TIP) Repository

Propose new ideas

Stardust TIPs

List of TIPs

Need help?

tips's People

Contributors

Stargazers

Watchers

Forkers

tips's Issues