A Systematic Literature Review of Lightweight Blockchain for IoT

The Internet of Things (IoT) has become an essential part of our society. IoT devices are used in our houses, hospitals, cars, industry, etc., making our lives easier. Nonetheless, there are a number of serious concerns about security, privacy and performance issues in IoT. It has been proven that the aforementioned issues are strictly related to the high degree of centralisation of current IoT architecture. Thus, there is an increasing interest in adopting blockchain in IoT. However, blockchain adoption is not straightforward due to the power, storage and computational limitations of IoT. Consequently, the concept of lightweight blockchain is getting more and more attention from researchers and engineers. In this paper, we conduct a systematic literature review on the lightweight blockchain concept for IoT following the PRISMA methodology. We systematically analyse “lightweight blockchain for IoT” proposals in order to better understand the limitations of blockchain for IoT, the characteristics of the current work on this topic and further research opportunities. Specifically, we analyse the definition of lightweight blockchain that other authors give, the characteristics of the reviewed proposals, their “lightweight” aspects and their evaluation. Finally, we discuss the results of the review along with further research opportunities. Consequently, this work is mostly focused on understanding the technical and performance-related aspects of blockchain for IoT as a prelude to more specific analysis such as security (i.e., attacks, vulnerabilities, etc.).


I. INTRODUCTION
The Internet of Things (IoT) consists of interconnected devices that are provided with unique identifiers and can communicate in order to achieve common goals in several areas and applications [1]. There is a great variety of common IoT applications, including smart homes, smart cities, smart grids, healthcare, connected vehicles, Industry 4.0, etc. The number of active IoT devices is predicted to reach 25 billion in 2030 [2]. The main difference between IoT and the classic Internet is the lack of human interaction. IoT devices can The associate editor coordinating the review of this manuscript and approving it for publication was Muhammad Tariq . create information, analyse it and take action autonomously. Furthermore, IoT devices are typically characterised by low power, small memory and limited processing capability.
However, IoT comes with several challenges to security, privacy and efficiency, mainly due to the excessively centralised frameworks that are currently available. The aforementioned challenges and issues include vulnerability to denial-of-service (DoS) attacks, privacy concerns, and low scalability and storage [3].
Due to the issues outlined above, there has been increasing interest in adopting blockchain, the technology behind cryptocurrencies such as Bitcoin or Ethereum, in IoT. Blockchain includes several compelling characteristics, such as decentralisation, trust, persistency and auditability. A distributed blockchain network would remove centralised points of failure and consequently improve IoT security, privacy and scalability [4]. As shown in Fig. 1, IoT networks are migrating from a past centralised database paradigm to a more contemporary cloud-oriented paradigm, aiming towards a decentralised model-based on the Web3 [5] concept driven by blockchain. Nevertheless, applying blockchain in resource-constrained environments is not as simple as it may seem since early blockchain consensus algorithms have limited throughput, high resource consumption, lack of efficiency and a relatively high delay in storing transactions [6]. Furthermore, designing efficient blockchain solutions for IoT is not a straightforward process since every case scenario has different requirements and needs [7]. Consequently, there is a great deal of scientific effort in creating lightweight blockchain architectures that can be compatible with the limitations of IoT devices. Thus, we identified a clear need for a comprehensive and systematic analysis of the current work on this topic in order to understand the current 2022 state-of-the-art and how blockchain architectures can be further optimised in the next years. Specifically, our main contributions can be summarised as follows: • Analysis of the concept of lightweight blockchain according to the current work. This is the first systematic literature review that is exclusively focused on the performance and efficiency aspects of blockchain for IoT. We comprehensively analyse over 98 ''blockchain for IoT'' proposals.
• A review and comparison of the characteristics and lightweight aspects of each proposal. We analyse several relevant blockchain characteristics such as the chain structure, the consensus and the storage approach.
• Analysis of the evaluation method of each solution.
We study the implementation technology and the evaluated metrics.
• Our own definition of the concept of ''lightweight blockchain'', based on the gathered knowledge from the analysed proposals.
• A discussion regarding the results of our analysis and future research opportunities and trends in blockchain development for resource-constrained environments. Consequently, this work is mainly focused on understanding the technical and performance-related aspects of blockchain for IoT as a prelude to more specific analysis, such as a security analysis of the current architectures (i.e., attacks, vulnerabilities, etc.).
The remainder of the paper is organised as follows. Section II provides an overview of the concepts that are addressed in this paper. Section III discusses other reviews and surveys on blockchain and IoT and also points out the differences between our review and the existing works, along with our contributions. Section IV presents the review methodology and the data collection process. In Section V we present and discuss the study's results. In Section VI we discuss the results of the review in order to answer the research questions. We also discuss several research opportunities in this field. Finally, Section VII includes the paper's conclusions.

II. BACKGROUND
This section provides an in-depth overview of the concepts that are addressed in this paper: (i) blockchain and (ii) blockchain for IoT.

A. BLOCKCHAIN
A blockchain is a type of Distributed Ledger Technology (DLT) [8], in which all the transactions are stored in a chain of blocks that are linked via cryptography, as shown in Fig. 2. The chain continuously grows when new blocks are appended to it. Blockchain provides a distributed software architecture that allows agents (i.e., humans and systems) to interact with each other without a central authority. In the absence of a central authority, a blockchain network works collaboratively. Each node of the network executes a consensus protocol that defines a set of rules and verification mechanisms to ensure the security, reliability and veracity of the transactions and maximise resilience to failures and cyber-attacks. Specifically, blockchain allows the resolution of conflicts and eliminates information asymmetries by providing a transparent and verifiable record of all transactions, which cannot be altered.
There are two main types of blockchain [9]: • Permissionless. In this type of blockchain, all devices can access the network and participate without any permission.
• Permissioned. In this type of blockchain, the participation must be authorised, and the actions that can be performed are controlled. Each user that performs transactions on a blockchain possesses a pair of public and private keys. The public key is used to provide a unique blockchain address for identification. The private key is used to sign the transactions. When adding a new transaction to the blockchain, the following procedure is followed: VOLUME 10, 2022 1) The user signs the transaction with their private key.
2) The user broadcasts the transaction to the other nodes of the network. 3) Each peer that receives the signed transaction carries out its validation. If the validation is successful, the transaction is added to each local block that is under construction. 4) When the new block has been completed by reaching the maximum number of transactions that are allowed, or the maximum time established by the blockchain protocol for a new block proposal, the peers acting as miners (i.e., ''validators'') execute the established consensus protocol. 5) When a miner finishes executing the consensus algorithm, they add the new block at the end of their local blockchain copy. 6) The miner then broadcasts the new block to the network so that the rest of the nodes can verify it. If the validation is successful, then all the nodes of the network add the new block to their own copy of the blockchain so that it remains permanently registered. On the other hand, if the validation is not successful, then the block is discarded. The consensus algorithm is a key element in blockchain [10]. It establishes the conditions that must be met to reach an agreement between the participating nodes on the validity of new blocks. Ideally, the consensus algorithm should give validators the same vote weight and then make decisions according to the majority of the votes. This scheme may be possible in permissioned networks. However, in public blockchains, this mechanism would lead to Sybil attacks, where a single user with multiple identities (i.e., controlling several nodes) would be able to take over and control the network. In decentralised networks, a user must be selected to add each block. This selection should be done randomly in order to avoid Sybil attacks. The solution proposed by the original PoW-based blockchain (i.e., Bitcoin) [11] avoids such attacks, as it requires miners to perform computationally expensive tasks in order to be elected as validators. Thus, a malicious node would be required to have more amount of computational power than all of the honest nodes. The ''work'' that is required in PoW-based consensus consists of performing heavy mathematical operations (i.e., mining). Specifically, this process consists of finding a random number (i.e., the nonce) that should cause the hash of the block header to have a certain number of zeros at the beginning. The required number of zeroes is established by a parameter called ''difficulty'' which establishes how many zeroes are required to be found. The more zeroes, the harder it is to find the right nonce. Despite being very computationally intensive, verifying the results of the mining process is a simple task for the rest of the nodes. However, even though this consensus approach provides great security benefits, it makes blockchain inefficient in terms of performance, scalability, and energy consumption [12]. Due to the issues mentioned above, several alternative consensus algorithms have been proposed. Furthermore, the lightweight blockchain concept started gaining popularity among researchers and enterprises. Table 1 includes a summary of the most used consensus algorithms and their limitations. We list the following algorithms: Proof of Work (PoW), Proof of Stake (PoS), Practical Byzantine Fault Tolerance (PBFT), Proof of Capacity (PoC), Proof of Authority (PoA), Proof of Elapsed Time (PoET), Proof of Activity (PoAc), RAFT and Proof of Burn (PoB).
Finally, another key blockchain feature that is worth mentioning is the ability to create smart contracts. Smart contracts were introduced to blockchain by the Ethereum platform. However, the concept of smart contract was first defined in 1996 by Szabo [13] as ''a computerised transaction protocol that executes the terms of a contract''. Smart contracts are decentralised scripts with sufficient autonomy to be self-executed when certain conditions are met. Smart contracts are included in the blockchain and allow the execution of distributed and highly automated work.

B. BLOCKCHAIN AND IoT
The IoT can be defined as the interconnection of everyday objects that are connected to the internet. One of the core features of IoT is linking the physical world and digital world together. Sensors play a very important role in IoT [14]. Sensors collect data from the environment, which generates a great amount of useful information. According to [15], the development of IoT includes three phases: embedded intelligence, connectivity and interaction. Embedded intelligence means that devices can perform actions automatically. Connectivity in IoT is mostly given by wireless connections such as ZigBee, WiFi, 3G, etc. Finally, IoT devices must also be capable of interacting with each other autonomously. Thus, with IoT, the current human-to-human interaction will turn into machine-to-machine interaction. The identification of IoT devices is made mostly by the use of radio-frequency identification (RFID). RFID technology is an extension of the optical tags that are found in everyday objects. These tags include embedded intelligence so the identity of an object can be decoded remotely [16].
The IoT generates large volumes of data and requires connectivity and power for long periods of time [17]. This, together with the limitations of the network, computational capacity and limited power supply lead to a high number of challenges. Furthermore, heterogeneity in IoT networks is currently too high due to the lack of standard protocols in this field [18]. Other crucial challenges of IoT are privacy and security. In the current centralised IoT architectures, we cannot be sure if the data has not been tampered with, altered or falsified. Also, nowadays, in many areas, the traceability of assets during their life cycle is required, thus making the immutability of the data a key challenge.
Blockchain is considered by many researchers as the most appropriate solution to the challenges that are present in IoT due to its key features such as security, immutability, trust and decentralisation [19]. Blockchain could protect IoT networks against data tampering. Furthermore, the possibility of creating automatised software that is shared over a decentralised and cryptographically secure blockchain network would increase the autonomy of IoT. In addition, the lack of a central authority would make IoT able to operate more quickly. Furthermore, decentralisation would eliminate single-point failures, thus improving the security and reliability of IoT. The immutability of blockchain is also ideal for the traceability of the data.
It is clear that blockchain is a suitable solution to some of the most important challenges of IoT. However, the original blockchain proposal suffers from limited throughput, high resource consumption, lack of efficiency and delay in storing transactions. These limitations of blockchain contrast with the fact that IoT devices generate huge amounts of data and have serious computational and power limitations. Therefore, the original blockchain technology proposed in 2009 by Satoshi Nakamoto for financial purposes cannot be directly applied to IoT. Although analysing the security of blockchain is out of the scope of this paper, it is worth mentioning that blockchain also has some concerning security issues. The most common attack in blockchain is the 51% attack, where the number of malicious nodes is higher than the number of honest nodes, thus compromising the security of the network. DoS, man-in-the-middle or Sybil attacks can also affect blockchains. However, most P2P protocols and IoT infrastructures are already vulnerable to these kinds of attacks [20]. In conclusion, blockchain represents the missing piece of the puzzle to solve the security, privacy and reliability problems of IoT [21].

C. SECTION SUMMARY
In this section, we have explained the concept of blockchain, its functioning mechanisms and the different consensus algorithms that govern most of the current blockchain networks. In addition, we have explained the relation between blockchain and IoT, along with the present challenges and opportunities that the intersection of these two technologies brings.

III. RELATED WORK
We identified 24 related reviews of blockchain for IoT. We conducted a Google Scholar search using the following string: Below we summarise the main contributions of each related survey. In Table 2, we provide a detailed classification and comparison of the related work, where we also highlight the focus and contributions of this paper.
Fernández-Caramés and Fraga-Lamas [9] presented a thorough review on how to adapt blockchain to the specific needs of IoT in order to develop blockchain-based IoT (BIoT) applications. Wu et al. [22], Ali et al. [23], Noby and Khattab [24], Abadi et al. [25] and Mezquita et al. [26] conducted comprehensive surveys on the applications of blockchain in IoT. Dai et al. [27] provided an overview of blockchain and its convergence with IoT by presenting a proposal of Blockchain of Things (BCoT). Memon et al. [28] provided a taxonomy of the challenges in the current IoT infrastructure and a literature survey with a taxonomy of the issues to expect in the future of IoT after adopting blockchain. Conoscenti et al. [29] tried to understand whether the blockchain and P2P approaches can be employed to foster a decentralised and private-by-design IoT. Lo et al. [30] focused on analysing the solutions proposed in academia and the methodologies used to integrate blockchain with IoT. Wang et al. [31] and Alladi et al. [32] discussed the integration of blockchain and IoT but only for one specific application: the Industrial Internet of Things (IIoT). Lao et al. [33] analysed popular blockchain-IoT architectures VOLUME 10, 2022 but only discussed their consensus algorithms. Finally, Farahani [34] presented challenges, opportunities, applications and solutions of blockchain for e-health. Wang et al. [35] and Karthikeyyan et al. [36] surveyed the current limitations and security issues of IoT. Sengupta et al. [37] surveyed the attacks and security issues of blockchain when applied to IIoT. Khan and Salah [3] and Alamri et al. [38] discussed how blockchain could be a key enabler in solving many IoT security problems. Ferrag et al. [39] provided a classification of threat models considered by blockchain protocols in IoT networks and a taxonomy and a side-by-side comparison of the state-of-the-art methods towards secure and privacypreserving blockchain. Madumidha [40] and Lin et al. [41] focused on the applicability of blockchain for IoT in order to tackle security issues. Alizadeh et al. [42] surveyed the most common attacks that affect blockchain networks and the solutions to mitigate them, intending to assess how malicious these attacks are in IoT.
Unlike the works that we previously mentioned, we systematically analyse the technical characteristics of a significant number of peer-reviewed blockchain architecture proposals for IoT that are categorised as ''lightweight''. We focus on studying the concept of lightweight blockchain starting from a general perspective (i.e., definitions) to a more specific overview (i.e., consensus, storage, cryptography, evaluation) of each proposal. The main goal of this study is to emphasise the specific technical aspects, needs, challenges and trends in blockchain development for fields of applications that require lightweight and efficient solutions. As far as we know, there is no systematic review that is completely focused on technical aspects of existing ''lightweight'' blockchain architectures for resourceconstrained environments. There is only a short review paper [43] that provides a brief summary of eight solutions labelled as ''lightweight blockchain''. However, the aforementioned review lacks a proper analysis of the few summarised works.

IV. METHOD
In this section, we state the method that was used to conduct the systematic literature review. The method includes the search methodology and the used sources, the research questions, the eligibility criteria and the data collection process.

A. RESEARCH QUESTIONS
The main goal of this paper is to understand the concept of lightweight blockchain and gather relevant information based on the current work in order to help and promote further research in this field. The research questions that this study will address are as follows: • RQ1. How do other authors define the concept of lightweight blockchain?
• RQ2. What characteristics do the lightweight blockchain proposals have?
In what aspects are the reviewed proposals lightweight?
• RQ4. How is lightweight blockchain evaluated? • RQ5. How could we define the concept of lightweight blockchain? RQ1 aims to gather different definitions of the concept of ''lightweight blockchain'' as it is a relatively new concept that does not have a standard and universal definition yet.
RQ2 pretends to study the main characteristics of the studied proposals in order to perform a comprehensive comparison. The characteristics that will be gathered are as follows: • The type of the blockchain • The structure of the framework • The consensus protocol • The type of storage RQ3 is pointed on studying the parts of the reviewed proposals that are considered as lightweight in order to see which aspect are getting the most and the least attention from the researchers. The possible lightweight aspects will be classified as follows: intends to study the evaluation of each proposal in order to gather information about the existing platforms and methods of testing / evaluation as well as insights into how to properly build and test lightweight blockchain.
RQ5 aims to provide a definition of ''lightweight blockchain'' based on the gathered information in order to have a better comprehension of this concept.

B. PAPER INCLUSION CRITERIA
The selected papers on the topic of lightweight blockchain must achieve all of the four inclusion criteria in order to be eligible for this review. These criteria were defined in order to provide the most adequate papers that would help us provide an answer to all our research questions and achieve the objectives of this study. The criteria and the corresponding explanation is shown in Table 3.

C. THE SEARCH AND THE PAPER SOURCES
This study was conducted by manually searching through six of the most relevant scientific search engines: The search string for searching involved two main concepts: lightweight AND blockchain. The complete search terms are as follows: The last search was carried out in October 2022.
Finally, the reference lists of the retrieved studies were manually searched in order to identify any additional relevant studies to could be included in this review.

D. STUDY PROTOCOL AND PROCESS
This study was conducted following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) [44], which diagram is shown in Fig. 3. We decided to use the PRISMA protocol because it offers several key benefits: • It demonstrates a quality review. • It allows readers to assess strengths and weaknesses. • It permits the replication of the reviewing process. • Its structure is compatible with the standard guidelines for systematic literature reviews in computer science proposed in [45]. After retrieving the available articles following the defined research terms from the databases and removing the duplicates, each article's title and abstract were screened independently for eligibility using the criteria defined in Table 3. From a total of 223 papers, 87 were positively evaluated. Furthermore, 11 more papers were included in the study based on a reference follow-up of the papers that were initially elected, making for a total of 98 included papers.
One hundred thirty-five papers were excluded due to the following reasons: • The paper is not focused on lightweight blockchain or other DLT: 94 papers  • The paper does not include an evaluation section: 16 papers • It is not a research paper, or it is a review paper: 14 papers • The paper is not written in English: 6 papers • The paper is not available on the internet: 6 papers Fig. 4 shows the number of eligible papers for each year since 2017, which is the year when the oldest paper of the included studies was published. We have noticed a considerable increment of published papers on lightweight blockchain in the last few years. By middle 2022 the number of lightweight blockchain papers is already more than half of the total number of papers related to this topic in 2021. This shows that the topic of lightweight blockchain is getting more and more attention, thus it is becoming increasingly relevant each year.
The data extraction methodology from the included papers was defined following the research questions of this study and other possible relevant information. The extracted data are as follows: • The author(s) name, the title, the publication year, the language the reference and the type of the paper.
• The definition of ''lightweight blockchain'' given by the author(s).
• The main characteristics of the proposal: blockchain type, structure, consensus and storage.
• The lightweight aspects of the proposal: architecture, storage, consensus and cryptography.
• The evaluation process of each proposal: implementation method and evaluated metrics.
• Possible research opportunities for the future.

V. RESULTS
In this section, we present the results of the collected data addressing the research questions that have been defined in Section IV. Please note that we only report what is found in the papers that have been reviewed. In this subsection, we study how the authors of the reviewed papers define the concept of lightweight blockchain. We identified several characteristics that a blockchain system should have in order to be considered lightweight, according to the authors of the reviewed papers. Most authors (n = 58) mention a low computational burden when referring to lightweight blockchain. Low network delay and overhead are mentioned by 38 authors. Low storage requirements are mentioned by 34 authors. Throughput capacity is mentioned by 30 authors. Finally, only 22 authors mention energy consumption when referring to lightweight blockchain. Fig. 5 shows the gathered results. In this subsection, a classification and comparison of the main characteristics of the reviewed proposals are presented. The complete classification and comparison of the characteristics of the reviewed solutions can be found in Table 4. The first column of the table provides the references of the reviewed papers. The rest of the columns correspond to the characteristics of the reviewed solutions. The characteristics that we gathered from the reviewed papers are as follows: • The type of the blockchain in terms of access control.  • The structure of the blockchain architecture. • The consensus protocol. • The storage approach of the proposed architecture. Below we provide a summary of the characteristics that were reviewed for each of the included papers and an assessment of the gathered information.

1) BLOCKCHAIN TYPE
As stated in Section II, there are two main types of blockchain: permissioned and permissionless. Out of 98 proposals, 78 were specifically designed as permissioned (n = 56) or permissionless (n = 22) blockchains, whereas five use both types in the same framework. In addition, 15 proposals were not designed for a specific type of blockchain; thus they could be used in both permissioned and permissionless environments (i.e., ''any'' type). Fig. 6 shows the distribution of this characteristic among all of the studied proposals.

2) STRUCTURE
Originally, all the nodes in a blockchain network could take the role of miners/validators while storing the entire chain. This type of blockchain structure can be defined as the ''classic'' structure. In resource-constrained environments, this type of structure is not usually possible [87]. Therefore, 49 authors divide the network into different layers of devices that have different capabilities and roles. In addition, the clustering method, where clusters of nodes are maintained by a cluster head, is also common, as it is used in 20 proposals. Both approaches (layering and clustering) can also be combined, as can be seen in 10 works. Another approach is the Directed Acyclic Graph (DAG), which is a structure used in a different type of DLT and was firstly introduced by IOTA [142]. The DAG architecture was used in only seven works. Finally, 28 authors maintain the ''classic'' one-layered blockchain structure in their proposals. Fig. 7 shows the distribution of the blockchain structure found in the reviewed papers.
Note that, in Table 4, some proposals where the structure could not be determined due to the lack of information or the incompatibility of the type of proposal with this categorization. Thus, in five proposals, the structure parameter was marked with a ''not applicable'' abbreviation (N/A).

3) CONSENSUS
Within the results of our analysis, we can divide the consensus algorithms in two groups: 1) Custom-made consensus algorithms. We define a custom consensus algorithm as an algorithm that was specifically developed for the proposed lightweight blockchain framework and was not used in any other framework or system. In 25 papers, we can find different custom algorithms that are randomness, vote, time, trust or location-based. 2) Generic consensus algorithms. We define a generic consensus algorithm as an algorithm that was not specifically developed for a specific lightweight blockchain framework research study, or is applied in multiple frameworks or systems. In 43 papers, we can find generic lightweight consensus algorithms such as Proof of Stake (PoS), Practical Byzantine Fault Tolerance (PBFT), Proof of Elapsed Time (PoET), Raft, Proof of Authority (PoA) and Proof of Capacity (PoC). The original consensus algorithm of blockchain is the PoW [11]. However, this algorithm is well known for its low efficiency and high resource requirements [143], which makes it unfeasible for resource-constrained devices.   Therefore, most authors employed more efficient consensus algorithms when building lightweight blockchain solutions. These algorithms are as follows: PoS, PBFT, PoET, PoA, PoC, PoR, Raft and other custom-made consensus. All of the alternative consensus algorithms that were used in the reviewed papers were designed to overcome the drawbacks of the PoW algorithm in resource-constrained environments. 13 authors presented an enhanced version of the PoW algorithm rather than implementing a novel algorithm. Fig. 8 shows the distribution of the discussed types of consensus in the reviewed papers.
Note that, in 10 proposals, the consensus algorithm is not mentioned. Therefore, the consensus parameter was marked in Table 4 with a ''not available'' abbreviation N/A.

4) STORAGE
Besides the consensus algorithm, storage is also a major issue in the blockchain-based IoT environments [58]. This issue can be easily tackled in some fields where historical data are not important and therefore are stored temporarily, as can be seen in four of the reviewed papers. However, most of the time, this is not the case. Therefore, according to the results of our analysis, data storage can be addressed as follows: VOLUME 10, 2022 • On the blockchain (On-BC). In 63 proposals, the data are kept inside the ledger. However, usually, lightweight IoT devices do not have sufficient storage space to keep the whole ledger. Therefore, 21 authors propose layered architectures where the data are stored in specifically designed storage nodes or layers within the blockchain.
• Cloud. Sixteen authors combined Cloud Computing with blockchain in order to tackle the storage issue. In the framework that is presented in [47], the authors assume that a smart home user already has a Cloud account such as Dropbox, OneDrive, etc. Uddin et al. [52] are the only authors that propose a cloud-based blockchain rather than just Cloud storage. They claim that this type of blockchain is the most optimal choice for the high processing and storage requirements of IoT.
• Off-chain. Ten authors proposed architectures where the data are stored off-chain (e.g., in a local server or database). In this approach, the only data that has to be stored on the shared ledger are its hashes in order to assure its integrity. However, storing data off-chain does not assure its availability. Fig. 9 shows the distribution of the type of data storage in the reviewed papers.
Note that, in Table 4, there are three proposals where the storage approach could not be determined due to the lack of information or the incompatibility of the type of proposal with the categorization of this characteristic. Thus, the storage parameter was marked with a ''not applicable'' abbreviation (N/A).

C. RQ3: IN WHICH ASPECTS ARE THE REVIEWED PROPOSALS ''LIGHTWEIGHT''?
In this subsection, a study on the lightweight aspects of the reviewed proposals is presented. Table 5 contains the reference number of each proposal, a brief description and the aspects that were taken into account in order to deliver a lightweight solution. The studied aspects are as follows: • The consensus algorithm • The storage approach • The architecture • The cryptography We established an evaluation criterion for each one of the considered aspects: consensus, storage, architecture and cryptography, as shown below.

1) CONSENSUS
In permissioned networks, resource-intensive consensus such as PoW is not necessary [144]. Thus, we will consider that a proposal is lightweight in terms of consensus if it is a permissioned framework that uses: • A custom vote, time, trust or location based algorithm. . Furthermore, an enhanced version of the PoW algorithm could also be considered as lightweight if the authors provide enough evidence on its suitability for resource-constrained devices.

2) STORAGE
As we mentioned in Section V-B, one of the main features of blockchain is the fact that the ledger is replicated in all devices involved in the network. Thus, if attackers want to forge the data, they must hack the majority of devices [58]. However, a resource-constrained device cannot maintain the blockchain continuously because of its low capabilities. Therefore, we consider a solution to be lightweight in terms of storage if: • The data are stored temporarily on the blockchain. • The data are stored outside the blockchain (e.g., on the Cloud or in an external database or server).
• There is enough evidence that the size of the data or blocks is reduced so that the storage of the blockchain is feasible on resource-constrained devices.
• The data are only stored in a specific storage layer or storage nodes within the blockchain.

3) ARCHITECTURE
Resource-constrained devices are unable to participate and maintain a blockchain network [83]. Therefore, a lightweight architecture must divide the network in various layers and/or clusters that give the involved devices different tasks according to their capabilities.

4) CRYPTOGRAPHY
Blockchain technology is strongly based on cryptography [145]. However, cryptography processing in resourceconstrained devices is not straightforward. Therefore, we will consider a solution as cryptographically lightweight if there is strong evidence of a significant performance improvement related to the cryptographic part of blockchain for resourceconstrained environments. As it can be seen in Fig. 10 and Table 5, based on our criteria, 74 proposals include a lightweight consensus, 63 a lightweight architecture, 49 a lightweight storage and 11 a lightweight cryptography. Only four proposals are lightweight in all aspects: consensus, storage, architecture and cryptography.

D. RQ4: HOW IS LIGHTWEIGHT BLOCKCHAIN EVALUATED?
In this subsection, we study the evaluation of the reviewed papers. We review the method of implementation of each paper and the evaluated metrics. Apart from the reference and a brief description of each proposed solution, Table 6 includes information about the implementation method (column II) and the metrics that have been evaluated in each case (column III).

1) IMPLEMENTATION METHOD
Twenty-four authors used a high level programming language for the implementation such as Python (n = 13), Java (n = 6), C/C++ (n = 3), JavaScript (n = 1) and iOS Swift (n = 1). Thus, Python, Java and C/C++ are the most commonly used programming languages for lightweight blockchain development. Twenty-three authors implemented their proposals in specific blockchain development platforms such as Hyperledger (n = 11), Ethereum (n = 10) or Multichain (n=2). Platforms such as Hyperledger Ethereum or Multichain offer great possibilities for implementing lightweight blockchains as they are suited for permissioned networks that include lightweight consensus. Twenty-two authors used generic simulators such as the NS-3 network simulator (n = 10), Cooja (n = 4), Matlab (n = 4), Colored Petri Net (n=1) or custom made simulators such as ''ZeroCaloSimu'' (n=1) or ''Block-Lite'' (n = 2). Finally, 29 authors did not provide information on how their solution was developed. Hence, in that case, the implementation parameter was marked with a ''not available'' abbreviation (N/A). Fig. 11 shows the distribution of the implementation methods that were used in the reviewed papers.

2) EVALUATED METRICS
In this sub-subsection, we study the metrics that were evaluated in the reviewed papers. This review is focused on the performance of blockchain; hence, we omit security evaluations. As it can be seen in Fig. 12, the authors of the reviewed papers have evaluated a wide range of performance metrics. Each author evaluated different metrics based on different criteria. The authors mostly focus on evaluating metrics that are related to their proposal's strengths and aimed improvements. We can frame the gathered evaluated metrics in the following categories: According to the information that was gathered in order to answer to the previous five research questions, we can define the concept of lightweight blockchain as: A framework that has proved its viability in resourceconstrained environments and includes the following five characteristics: • Low computational burden • Low network overhead • Low storage requirements • High throughput • High energy efficiency

VI. DISCUSSION AND FUTURE DIRECTIONS
In this section, we analyse the results of our study and give our own insights. We also discuss several research opportunities that we have identified during the review process. This section is divided in three subsections: • Section VI-A is related to the technical aspects of lightweight blockchain. Specifically, it addresses RQs 1, 2, 3 and 5.
• Section VI-B is related to the evaluation of lightweight blockchain. Specifically, it addresses RQ4.
• In Section VI-C we provide a summary of the open research gaps and future directions in lightweight  blockchain for IoT that we mentioned in the previous subsections.

A. LIGHTWEIGHT BLOCKCHAIN TECHNICAL ASPECTS
We identified very few solutions that are lightweight in all of the studied aspects: consensus, architecture, storage and cryptography. Thus, there is a clear need to design complete lightweight blockchain frameworks.
When it comes to lightweight blockchain, the majority of researchers think about the computational burden of blockchain in the first place. Blockchain offers major security and privacy features to networks that are composed of untrusted devices. However, these advantages come at a huge cost in terms of computational burden. According to most of the authors, the part of blockchain that mostly causes its computational burden is the consensus algorithm.
In consequence, many alternatives to the original PoW consensus algorithm of blockchain have been proposed. According to the results of the study, vote-based consensus algorithms are highly efficient and secure, whilst the PoW algorithm is the least efficient. It is worth mentioning that improving the PoW algorithm is also a studied option. However, we found out that enhancing the performance of the consensus algorithm could have a serious impact on the security of blockchain. That is why most authors design permissioned blockchain architectures for IoT. In a trusted environment, the security features of the consensus algorithm can be reduced in order to lower its computational burden. Another effective method of reducing the computational burden of blockchain is to design layered and/or clustered architectures. Dividing an architecture into various layers or clusters prevents resource-constrained devices from performing heavy computational tasks such as mining. However, this approach also has a negative impact on some benefits of blockchain. Ideally, all devices should participate in the blockchain network in order to assure maximum security and trust. Thus, our conclusion on the computational burden issue is that further research is required. There is a considerable need to develop more lightweight consensus algorithms without sacrificing security. We also believe that currently, designing layered architectures where IoT devices do not have to perform heavy tasks is an optimal approach.
The second concern of the researchers that work on lightweight blockchain solutions is the network overhead. In blockchain, all the transactions that occur in the network must be replicated in all nodes. In addition, lightweight consensus that is based on voting also carries an enormous communication burden. For example, the PBFT consensus needs to constantly exchange information regarding blocks validation between all the nodes of the network. That is why the performance of PBFT dramatically decreases when the number of nodes is high (i.e., more than 20) [144]. One of the most effective ways to reduce the network burden in blockchain is presented in [83]. The authors observed that during blocks verification, the information broadcast by peer nodes overlapped. Hence, they designed a lighter block structure named LightBlock. This approach reduces the necessity of sending the entire data to the other nodes more than one time. This approach reduced the network overload by over 90%. However, reducing the network burden in distributed systems while maintaining the full availability and integrity of the data is still a major issue that needs further research. One of the greatest drawbacks of blockchain is its low throughput. Bitcoin can only process seven transactions per second [11], whereas conventional payment systems like VISA or PayPal can process thousands. The low throughput of blockchain is not only a major issue in financial applications. IoT generates thousands of exabytes annually [146], and all that data has to be processed rapidly. The throughput is another aspect of blockchain that is strictly tied to the consensus algorithm. The heavy consensus process of blockchains greatly reduces their throughput. The most remarkable mechanism that has been proposed in order to improve the throughput of blockchain is the reputation-based consensus. One of the most effective reputation consensus is proposed in [47]. In this type of consensus, the nodes that have a good reputation are able to generate transactions at a much faster rate. This is because when trust is created, the verification process decreases for the nodes that have proved to be trustworthy. However, one of the major drawbacks of reputation-based consensus is that a trusted (i.e., permissioned) environment is required. Therefore, improving throughput in permissionless blockchains is still a major issue that needs further research.
One of the main features of blockchain is the fact that the ledger is replicated in all devices involved in the network. Thus, if attackers want to forge the data, they must hack most of the devices in the network. However, a resourceconstrained device cannot maintain the blockchain continuously because of its low capabilities. Specifically, due to insufficient storage capacity, these types of devices cannot assure blockchain's property of immutability [58]. According to the results of our study, there are three main approaches for lightweight blockchain storage: • Storing the data in the blockchain, but not on all devices.
This approach is very typical in layered architectures, where the data are stored in nodes that have sufficient storage. However, this approach separates the lightweight devices from the blockchain network itself. As we mentioned before, ideally, all devices should fully participate in the blockchain network.
• Storing the data off-chain is a simple yet effective method of reducing the storage burden in blockchain.
In this approach, the only data that has to be stored in the blockchain are its hashes in order to assure its integrity. However, storing data off-chain does not assure its availability, which is a major issue. Therefore, we recommend using this approach in environments where data loss is not a major concern.
• Cloud computing is another effective method of reducing the storage burden in blockchain. This method is very similar to the previous one. However, cloud storage is maintained by a third party. Thus, we recommend using this approach only if the privacy and the availability of the data are not critical. In conclusion, we identified a clear need to further research the integration of Cloud computing with blockchain in order to deliver safe, lightweight storage for resource-constrained environments. Furthermore, assuring the availability of the data in an off-chain storage approach is also a great challenge that requires further research. Nonetheless, novel approaches that would reduce the storage burden of on-chain data would be the most appropriate method of improving this aspect.
Energy consumption is the least aspect that authors mention when working on lightweight blockchain. However, this aspect has a huge impact on our world. Thus, it is not less important. According to [147], Bitcoin mining consumes the same amount of energy as the entire country of Denmark. Nevertheless, the huge energy consumption of blockchain not only involves environmental issues. Millions of IoT devices run on batteries [148], making blockchain unfeasible for a great part of lightweight devices. Energy consumption is mostly tied to the consensus algorithm. Therefore, improving the consensus algorithm also has a positive impact on energy consumption. For example, the authors in [83] propose a ''green'' consensus algorithm that reduces mining, with the specific purpose of reducing the energy consumption of blockchain in industrial environments. Many authors completely removed the mining process of the consensus in order to reduce energy consumption. However, as we mentioned before, removing mining could drastically reduce the security of the blockchain. This is why the most efficient consensus algorithms are available only in permissioned networks. Therefore, we recommend further research on efficient consensus for permissionless blockchain.
Very few authors focused on cryptographic improvements. Cryptography is a core feature of blockchain [149]. However, VOLUME 10, 2022 cryptography incurs a major burden, especially in lightweight IoT devices. Therefore, some of the reviewed papers aimed at reducing the burden that cryptography causes in IoT. In [85], the authors address the performance and energy consumption of the hash function in the mining process. They propose a novel mechanism that can change the hash algorithm used for mining by adjusting to the network traffic. The works [150] and [151] address similar a problematic regarding the performance of crpyptographic functions in blockchain. The work in [150] propose a blockchain-based vehicle-to-vehicle communication scheme with a low O(1) time complexity whilst the work in [151] goes one step further and analyzes the implementation of Federated Learning (FL) algorithms in blockchain for IoT schemes. FL algorithms improve blockchain-based IoT architectures by adding privacy and by further reducing overhead. Similarly, the authors in work [84] improve the used algorithms from the proposal presented in [47] achieving better security and performance results. However, we believe that the cryptography enhancement has received too little attention from the researchers and that there is room for more improvements. Novel lightweight cryptographic functions for blockchain need to be developed. Furthermore, it is also important to take into account quantum computing, which can pose a major threat to the security of blockchain [152].
Another approach for lightweight blockchain that is worth mentioning is the DAG structure. IOTA introduced this type of DLT aiming at IoT environments. However, this framework is not completely decentralised yet, since it has a centralised coordinator. The coordinator is run by IOTA Foundation in order to assure the security of the network. Currently, DAG-based blockchain can be completely decentralised and secure only when there is a high volume of transactions. One highly relevant lightweight blockchain architecture based on DAG structure is presented in [88]. In this paper, the authors try to tackle the storage issue of blockchain by proposing a DAG network for vehicular social networks. In the proposed architecture, only recent data that is useful for the drivers is maintained in the ledger. Furthermore, the main ledger is divided into various topic groups, which also greatly reduces the storage requirements. One particular DAG approach is presented in [104], where the authors design a DAG architecture that is very similar to blockchain, thus maintaining its greatest drawbacks such as huge energy consumption due to PoW mining. However, this particular DAG structure offers much more throughput capacity than regular blockchains. In conclusion, DAG is a promising solution. However, this technology still has some important limitations and challenges, such as centralisation and security issues [142]. Furthermore, DAGs still require real-world validation in several IoT areas. Apart from DAG DLTs, there are several efficient blockchain solutions that are suitable for IoT; the Hyperledger ecosystem, with Fabric and Sawtooth as the most used blockchains, and other platforms such as R3 Corda or Ethereum 2.0 with the novel PoS scheme that was recently released. Hashgraph is also an emerging solution that offers great efficiency. However, this technology has not yet been consolidated.
Finally, according to the previous discussion, we conclude that the most justifiable aspects that make a blockchain ''lightweight'' are as follows: efficient consensus algorithm, external storage and efficient cryptographic implementations. Consequently, the aforementioned characteristics guarantee low energy consumption, low network overhead, low computational and storage burdens, and overall high throughput capacity.

B. LIGHTWEIGHT BLOCKCHAIN EVALUATION
This paper is focused on the performance aspects of blockchain for IoT. Thus, we analysed the evaluation of the reviewed papers. Specifically, we analysed the implementation methods and the evaluated metrics of the lightweight blockchain proposals.

1) IMPLEMENTATION METHODS
Our analysis shows that there is a wide range of implementation methods for deploying blockchain networks. We identified a clear lack of a simple, universal and standardised testing and evaluation platform for lightweight blockchain. Furthermore, the conducted experiments could not accurately reproduce the system behavior in a real-world environment due to the following reasons: • Developing a blockchain framework proof of concept from scratch using a high-level programming language is not a simple task, and there is no guarantee that it will provide reliable results.
• Available test environment might use different mechanisms from the real world implementation.
• Normally, only a small number of IoT devices are used.
• Simulations might not provide accurate results for all case scenarios.

2) EVALUATED METRICS
Each author focused on different metrics in order to validate their lightweight blockchain proposal. There are two main reasons for this; First, the authors focus on different problematic aspects of blockchain and DLTs. For example, in [104] the authors claim that improving blockchain's throughput makes this technology sufficiently suitable for IIoT, and therefore, only measure the transactions per second of their solution. On the other hand, the authors in [83] take more aspects into account and therefore include more metrics in their evaluation. Second, the fact that authors use many distinct platforms to perform their experiments also impacts the measured metrics. For example, Hyperledger comes by default with several tools that can be used for performance evaluation purposes, such as Hyperledger Caliper, whereas other platforms such as Ethereum only include metrics related to the blockchain blocks and transactions. Moreover, the existence of multiple evaluation environments developed from scratch provides infinite possibilities when defining evaluation metrics.
The results of this study have proven that lightweight blockchain must possess several key characteristics in order to be applied to IoT: low computational burden, low network overhead, low storage requirements, high throughput and high energy efficiency. Therefore, a standardised metrics scheme for evaluating blockchain or other DLT solutions for IoT should be developed. Also, there is not clear what performance values are acceptable for a blockchain to be considered ''lightweight''. For example, how many transactions per second are enough or can be acceptable for a blockchain architecture for IoT? Establishing a consensus in this regard is an important challenge that needs to be addressed if standardised methodologies for lightweight blockchain are to be developed.
In conclusion, the high variability of the evaluated metrics in lightweight blockchain shows that it is necessary to develop a systematic and standard methodology in order to evaluate lightweight blockchain solutions. This would accelerate and facilitate the development and adoption of blockchain in IoT.

C. FUTURE DIRECTIONS SUMMARY
In the analysis of the results, we identified the following research opportunities and challenges for the further development of lightweight blockchain solutions: 1) Design complete blockchain solutions for IoT that are lightweight in all aspects: consensus, architecture structure, storage and cryptography. 2) Develop lightweight consensus algorithms that are suitable for permissionless blockchain networks. 3) Reduce the network overhead in distributed systems while maintaining the full availability and integrity of the data. 4) Improve throughput and reduce the network overhead in permissionless networks without reducing the security of the consensus algorithm. 5) Advance on the integration of Cloud computing with blockchain while guaranteeing the availability of the data. 6) Reduce the energy consumption of the consensus algorithms in permissionless networks. 7) Develop novel lightweight cryptographic algorithms for blockchain while taking into account quantum computing. 8) Eliminate centralization in DAG DLTs and solve its security issues. 9) Develop DLT solutions for specific IoT fields, such as Industry 4.0, smart homes, healthcare, etc., while tackling the specific issues and needs of each field. 10) Develop blockchain interoperability solutions in order to enable secure and efficient communication between heterogeneous blockchains. 11) Advance in the establishment of a standardised testing platform and metrics for blockchains and other DLTs (IOTA, Hashgraph, etc.).

VII. CONCLUSION
In this work, we systematically reviewed 98 ''lightweight blockchain for IoT'' proposals that have been published since 2017. This is the first systematic literature review that provides a comprehensive analysis of specific technical aspects that can be found in the current blockchain for IoT architecture proposals. We analysed and categorised several characteristics of the blockchains, their lightweight aspects and their evaluations. Finally, we outlined the existing shortcomings and identified future research opportunities. Our review proves that the concept of lightweight blockchain is constantly increasing its popularity each year. The analysed papers cover a wide variety of applications, and they are generally focused on a few specific problematic aspects of blockchain when it comes to its application in resource-constrained environments. Despite the relatively high number of proposed solutions in this field, there is still much research to be done, as the balance between security and efficiency in the blockchain is delicate. If the security properties of blockchain are reduced, then this technology becomes pointless when compared to other options. Thus, further research must be done in order to further improve blockchain-based IoT architectures. Furthermore, most of the proposed solutions are developed on many different platforms. Thus, they cannot be fairly compared, and most proofs-of-concept are typically in a too early stage of development. Finally, the increasing number of different blockchain solutions highlights the need to devise interoperable solutions.
According to the results of our study, the most promising yet unexplored DLT type is the DAG. This structure requires much less energy consumption, has zero fees and offers high throughput. However, ''classic'' blockchains are not yet outdated, since vote-based or round robin consensus algorithms along with layered Edge architectures are also efficient and could be used in many IoT applications. Other promising solutions regarding the storage burden of blockchain seems to be the use of decentralized databases such as IPFS to store the actual data. Finally, research regarding post-quantum cryptography for blockchain is also promising, since quantum computing poses a significant threat to the current blockchain architectures.