IEEE INTERNET OF THINGS JOURNAL, VOL. 1, NO. 1, JANUARY 2018 1 Present and Future of the Blockchain for the Internet of Things Francesco Restuccia, Member, IEEE, Salvatore D’Oro, Member, IEEE, Salil S. Kanhere, Senior Member, IEEE, Tommaso Melodia, Fellow, IEEE, and Sajal K. Das, Fellow, IEEE Abstract—It is now clear that the Internet of Things (IoT) will radically transform our daily lives. One of the key challenges to the IoT’s success is how to secure and anonymize billions of IoT transactions and devices per day, an issue that still lingers despite significant research efforts over the last few years. On the other hand, technologies based on blockchain algorithms are disrupting today’s cryptocurrency markets and showing tremendous potential, since they provide a distributed transaction ledger that cannot be tampered with or controlled by a single entity. Although the blockchain may present itself as a cure-all for the IoT’s security and privacy challenges, significant research efforts still need to be put forth to adapt the computation-intensive blockchain algorithms to the stringent energy and processing constraints of today’s IoT devices. In this paper, we provide an overview of existing literature on the topic of blockchain for IoT, and present a roadmap of research challenges that will need to be addressed to enable the usage of blockchain technologies in the IoT. Index Terms—Internet of Things, Research, Challenges, Blockchain, Security, Anonymity, Privacy I. I NTRODUCTION It is hard to mention a technology that will impact and benefit our lives more than the Internet of Things (IoT). In a few years, cars, kitchen appliances, televisions, smartphones, utility meters, intra-body sensors, thermostats, and almost anything we can imagine will be absorbed into the Internet and accessible from anywhere on the planet [1]. The revolution brought by IoT will be unmatched – some say it will be similar to the building of roads and railroads which powered the Industrial Revolution of the 18th to 19th centuries [2] – and will take by storm every human sector and industry, ranging from education, health-care, smart home and smart city, to manufacturing, mining, commerce, transportation, and surveillance, just to mention a few [3]. Over the last few years, researchers have mainly focused their attention on addressing IoT’s computation and com- munication scalability issues [4–6]. While these topics are certainly paramount to IoT’s success and need to be thoroughly investigated, the community has now widely acknowledged that they have to be considered “low-hanging fruits” with F. Restuccia, S. D’Oro and T. Melodia are with the Department of Electrical and Computer Engineering, Northeastern University, Boston, MA, 02115 USA e-mail: {frestuc, salvatoredoro, melodia}@ece.neu.edu. S.S. Kanhere is with the School of Computer Science and Engineering, University of New South Wales, Sydney, NSW 2052, Australia. E-mail: salil.kanhere@unsw.edu.au. S. K. Das is with the Department of Computer Science, Missouri University of Science and Technology, Rolla, MO 65401 USA. Email: sdas@mst.edu. Manuscript received December 15, 2017; revised January 1, 2018. respect to the towering issues of IoT security and privacy, which are unprecedented in scope and magnitude [7–11] and will require considerable research effort to be overcome. It is easy to imagine, indeed, that once humans, sensors, cars, robots, and drones will be able to seamlessly interact with each other from any side of the globe, a number of threats that we cannot even imagine today will be unveiled. As currently envisioned, the IoT will implement a central- ized, client-server based access model in which IoT trans- actions (i.e., data, money, or any other object of value) between IoT entities (i.e., any computing device or stakeholder connected to the IoT) is entrusted to monolithic, centralized service providers [12]. This model clearly simplifies the inter- actions between IoT entities and facilitates the data collection process. However, it ultimately makes the IoT vulnerable to a number of spinous security and privacy issues. Specifi- cally, centralized service providers can make illegitimate use of IoT data, for example, mass-surveillance programs [13]. Even more importantly, centralized data collection models can expose the system to hacking by malicious activities, with nefarious consequences for citizens, as unveiled in [14– 17]. Another major challenge is the authentication of IoT entities that will be mostly deployed in the wild with little supervision [18; 19]. If not addressed, IoT authentication issues can generate botnets (e.g., Mirai [20]) and hard-to-tackle sybil attacks [21]. The key intuition to address the challenges above is to orchestrate the IoT in a decentralized fashion, so that no single entity has control over IoT transactions. Not only will decentralization provide security and privacy by design, but also empower users with the choice of sharing or selling their sensor data with third party entities without intermediaries. Decentralized control also implies scalability – which has plagued the IoT from its very inception [22; 23]. The end goal, therefore, is to investigate decentralized data access models for the IoT, which will ensures that user-data is not entrusted to centralized entities or companies, but instead is made the property of the users themselves. To this end, technologies and systems based on the concept of blockchain are disrupting the worldwide cryptocurrency market, and may prove crucial to achieve the stringent security and privacy goals of the IoT [24]. Although the key algorithms and principles behind the blockchain have been known since the 70’s (i.e., Merkle trees [25], consensus algorithms [26]), the first practical application of the blockchain was originally proposed in 2008 as part of the Bitcoin cryptocurrency [27]. Since then, it has been widely applied to a wide range of non-monetary applications,