Switching to UTXO model for balances (colored coins, easier conflict resolution ...)

Following up on our discussions at the research summit, I want to raise the question if using an UTXO model to keep track of the balances on addresses would be beneficial for us or not.

Spoiler: I believe it is and I will try to argue why that is the case . I would really like to see a lively discussion around this topic since implementing the ledger state is one of the last stepping stones to a fully working prototype of the coordinator-less tangle and we would prefer to implement it “the right way” straight away.

Status Quo

Currently, IOTA uses a balance model for keeping track of addresses where every address simply has a single value associated to it (its current balance). The ledger state can therefore be seen as a simple dictionary of addresses and their corresponding balances:

Address1 = Balance1
Address2 = Balance2
Address3 = Balance3
…

The Problem(s)

When dealing with conflicts (double spends), it is hard to figure out which one of multiple transactions is actually performing a double spend and which transaction is using legitimate funds. This massively limits our abilities to efficiently deal with conflicts and increases the size of “conflict sets”. See example:

balance_model_1703×422 10.4 KB

Previously this was not a problem since the “heaviest subtangle wins” rule of the whitepaper version of IOTA only had to make sure that the addresses of a particular subtangle never turned negative.

With our new voting based coordicide solutions, it is however necessary to identify conflicts as fast and as exact as possible (to be able to vote on them). We want to know exactly which transaction are conflicting because it massively reduces the amount of votes we have to exchange.

Another problem with using a balance model is related to reattachments. If somebody ever receives funds on an address that has already been spent from, anybody can just reattach the previous spend and empty the address again (even without having access to the private key of the address). This has already been used as an “attack vector” when users didn’t follow the advice to use addresses only once (i.e. people receiving donations or other payments after the address has been used).

The Solution

If we would use a UTXO scheme to keep track of balances, then every address would not just contain its total balance but multiple sub-balances which carry a marker that indicates which transaction created the funds. Every coin on an address would therefore be uniquely identifiable and every spend names the exact coins that it wants to move. This would help us to identify conflicts and also stop malicious actors from spending newly received funds by reattaching an old transaction again. See example:

utxo_model_1705×422 24.8 KB

Additional Benefits

A UTXO model would also allow us to easily add features like “colored coins” where people can mark IOTA tokens to have (and retain) a certain “meaning”. Considering that 99% of existing smart contracts try to simply create “tokens” that are related to a certain use-case, this might be an interesting feature that would add a lot of value to the IOTA ecosystem.

I know that we have so far on purpose ignored the ICO craze but considering that the ICO hype is most probably over it might be time to consider the “reasonable” use cases of colored coins:

• resource tokens (i.e. access tokens for a certain service that can be acquired upfront)
• tokenization of real world assets (company shares, entities like collaboratively owned cars and so on)

Especially the tokenization of real world assets is an extremely interesting use case considering the possible move towards a sharing and 0-marginal cost economy. In addition it would most probably support the token price if people would use IOTA tokens to model their use cases instead of some 3rd party chain (because creating a colored coin requires the acquisition of IOTA tokens first).

Pros / Cons

I want to conclude with a list of pros and cons that compares the UTXO model to the balance model. I will update this initial post with points of the following discussion so we will at the end have a complete list of the relevant aspects:

Pros:

• faster and more exact conflict handling (less overhead for voting based consensus)
• support for colored coins
• impossible to steal funds by reattaching old transactions

Cons:

• a little bit more complex to implement (computationally it should be equivalent)
• slightly bigger transactions (a few trytes extra) since we need to “name” the identifier of the coins that we are moving

PS: UTXO means “unspent transaction output” which simply means that instead of keeping track of only the balances, you also keep track of where balances came from and where they go when they are spent (just in case people are not aware of this).

CFB has previously raised concerns about the scalability of a UTXO model in which addresses are reused.

Clarification:
This also means we are moving from one time addresses? Because currently in the account model we don’t suffer from the problems associated with it so much simply because you assume the address will always be cleared. Even though if someone acts irresponsibly I suppose you have to take care of this condition as well.

If we want to have colored coins must we have UTXO? If we create them via IXIs then we can do it via the account model as well (There may be some issues maybe, depends on how we design IXI txs to work).

Regardless, I have no objection to UTXO, and if we stop having reusable addresses maybe it is a good idea.

I guess this refers to the following problem: If IOTA is being used for streams of micro transactions, then it could happen that an address contains a lot of sub-balances per address.

If I am informed correctly, then we are already implementing a “sweep” feature into most wallets, that would accumulate multiple of these “inputs” into a single “input” again? This would mean that this is not “really” a problem? It’s even a nash equilibirum to sweep funds into single inputs because it reduces the amount of transactions that you need to create when you want to spend the funds again

But yeah I guess this is sth that should be considered.

Btw. I don’t think that it enables an additional attack vector because an attacker could also just distribute a lot of small payments to a lot of different addresses and therefore spam the database in the same way as sub-balances would.

If we want to support colored coins (which I think we should) then it should IMHO be part of the core protocol (because you can expect it to become a very crucial part of the IOTA ecosystem). There are just so many use cases …

I am not sure it would even be possible just with IXIs, but you are anyway right we don’t need full UTXO for colored coins. We could also have sth like “UTXO-light” which only keeps track of the balances of differently colored coins separately and still accumulates the balances in each group.

This might be a viable alternative if we conclude that UTXO doesn’t scale well enough. I am however more interested in the conflict detection aspects.

Since they were talks about integrating UTXO in current compass mainnet, I want to write down my objection to this. I stress that my post focuses on current mainnet and it is less relevant for the coordicide network.

The reasons I object is because I don’t understand what value it will bring to current mainnet. This is because:

1. We can find a way to detect conflicts and avoid replays with account-based
2. I think colored coins can be done on account-based… I mean why can’t one issue colored coins to a certain address? I suppose that if we really want to do colored coins another thread should be opened. I can think of at least one security issue having to do with iota being feeless regarding this feature.
3. It is lots of work :-P, and I see not much value in it.

There is a pro to doing it when it comes to replay attacks. But I think it can be solved with account-based (we’re still looking into that).

Another point to consider is that under UTXO we are marking coins. This means if a certain iota is used for a certain dubious transaction, it will become a bit less fungible. Account based also suffers of similar issue though (marked addresses), but they are less acute I think. I don’t if we care about this point in IF.

Again, if it is necessary for coordicide I have no objections

Switching to UTXO allows us to validate transactions without any random walks pretty much instantly. This is absolutely necessary for the “voting based” coordicide solution. Colored coins and all the other aspects are not even that important.

I do not think that it makes much sense to implement this in current mainnet as its a huge breaking change and we do not have this kind of voting requirements on mainnet anyway.

Sure,
Some people want to do it on mainnet still, hence my post