IV. Projects working on Decentralised Oracles

There are multiple projects working on solving these challenges with varying degrees of decentralisation, by programming different incentive mechanisms to reduce single trusted intermediary reliance, and by introducing sophisticated attack-prevention mechanisms. An in-depth analysis of each project is outside of the scope of this post, and instead, a high-level description is provided.

The projects are split into 2 categories: Networks supplying oracle services, and Networks internalising oracle services.

1. Oracle-as-a-Service

ChainLink (LIVE)

Chainlink aims to build a fully decentralised network of oracle nodes compatible with Ethereum, Bitcoin and Hyperledger with modularity in mind: Every piece of the ChainLink system is upgradable. The main idea is to build a trusted marketplace for oracles where client and nodes are connected. Good behaviour is incentivised as performance and reputation is public, and bad behaviour will incur penalties. They are initially doing aggregation of data from oracles on-chain, but are looking to move it off-chain with an interesting design.

The security of any system is only as strong as its weakest link. Decentralisation is here to ensure availability at all times, but to counter the risk of faulty nodes delivering poor data, ChainLink puts forward two possible solutions.

On-chain aggregation (source)

Initial solution: On-chain aggregation

In-contract aggregation of all nodes’ value on-chain, which can be publicly audited, using a commit-reveal to avoid nodes observing other oracles’ responses and freeloading. The final value is thus decided on-chain once enough responses are public, but this has a significant computation cost: one transaction per node, one transaction to reach consensus, and one or more aggregation contracts deployed on Ethereum.

Medium-term strategy: Off-chain aggregation

Off-chain aggregation offers a more cost-effective way to reach consensus. Unfortunately, this does not suppress the problem of freeloading.

The proposed solution is to use Schnorr signatures: each oracle participating in a job receives a [public key, private key] combination specific to that job. They can use their private key to generate a partial signature which contains their solution to the data query (encrypted). One partial signature on its own is insufficient, but if enough partial signatures are combined (figure below), it yields a collective signature equivalent to the aggregation of all answers in a single transaction.

Off-chain aggregation (source)

The key word is enough partial signatures, because this offers a relief mechanism when some nodes do not answer the query. The downside of this method is that if an honest node takes too long to send its answer, they will not be rewarded — thus inducing a time dependency for nodes. This does tackle freeloading though, because once answers are revealed, no additional submissions are taken.

You can find more information on ChainLink here. Illustrations were taken from their whitepaper.

Witnet

Witnet is a reputation-based decentralised oracle network: nodes running the Witnet software earn or lose reputation when they fulfil a data request correctly or incorrectly — where correctness is defined by a consensus algorithm analysing nodes’ answers. Nodes which disagreed with the consensus lose reputation (by being off-line or attempting to be malicious), which is split between honest nodes. If the consensus was a timeout, as long as a node agrees with the consensus, it remains unpunished.

The oracle nodes, called witnesses, are randomly chosen for jobs and to mine blocks based on their network reputation, making majority attacks more difficult. Good actors will thus quickly increase their reputation and acquire more responsibilities within the network, while inactive and malicious actors will rapidly lose all network credibility and with it their right to contribute to the network, making them inoffensive.

Since reputation is so valuable in Witnet, in addition to this transfer of reputation between good and bad nodes after an oracle job, there is also a constant redistribution of reputation at each block (90 seconds) between all active nodes to prevent A. reputation centralisation over the oldest honest nodes and B. exit scam (nodes stopping fulfilling jobs to collect mining rewards only).

The redistribution is performed by a demurrage function at every block: active nodes see their reputation diminished in a logarithmic exponential decay, and nodes that behaved well in that block earn an equal share of this reputation. In other words, reputation is at stake at all times and those with the biggest reputation have the most to lose. Therefore, in order to remain a top oracle on Witnet, you must participate well at all times.

Witnet is its own separate blockchain and can therefore provide decentralise oracle services anywhere via bridge nodes. This might become less relevant with interoperability solutions, but until then, it offers a scalable solution, with reduced on-chain operation fees, and allows to fix critical vulnerabilities in last resort.

You can find more information at https://witnet.io or you can read their whitepaper here.

Oraclize

Oraclize is a London-based cybersecurity company with a team of 9 people offering a centralised solution to blockchain oracles. They have the longest actively running and the world’s most widely adopted blockchain oracle service. While it is available on multiple blockchain platforms (Bitcoin, Ethereum, Monax, Rootstock, Corda and private networks), the majority of their customers are working on Ethereum.

Their approach is to leverage all TEE environment providers to minimise vulnerability. This is what they call sandboxing. Oraclize leverages the products of IT providers and manufacturers (including Amazon’s EC2, Google’s SafetyNet, Qualcomm’s QSEE, Ledger’s Nano S and Intel’s SGX) as key components of its own core service (the Oraclize technology). They are physically grouped within a unique environment and leveraged together: Oraclize has designed ad-hoc custom applications as well as a software layer connection for all of TEEs to make them interoperable. By recovering the data from multiple TEEs, even if one technology were to be compromised by a vulnerability such as Spectre for Intel’s SGX, the overall aggregation of value would still ignore the compromised data point. (assuming the vulnerability was architecture specific, and not a generic one hitting all processors)

To achieve distributed trust and the integrity of their data, Oraclize has been relying on TLSNotary to digitally sign TLS data from https websites. This comes at cost: Oraclize can in theory only deliver data as shown on the website with no post-processing off-chain, but this already covers many use cases. The main risk here remains that if too many data sources are compromised, there is no way to prevent wrong data from being propagated, but this risk is also present in the more “decentralised” solutions.

You can find more information about Oraclize here

Town Crier

The team behind this academic proposal is composed of 5 Cornell University PhDs and undergraduates.

Town Crier acts as a bridge between smart contracts on any blockchain and https-enabled websites with TLS layer handling handshakes for secure communication to deliver source-authenticated data. The approach taken is different to TLS-notary (security at software level only), allowing for more customisable data relaying.

The data is recovered by nodes running on Intel’s SGX (security at software and hardware level). This authenticated data feed is delivered from enclave to the blockchain, solely relying on the SGX protection to testify the node is indeed running the software as expected.

To protect confidentiality, messages are only decrypted inside the Trusted Execution Environment’s enclave, which can thus be used not only for safe data transfer but also for ingesting encrypted user credentials (e.g.: private API). In addition, custom requests are supported for potentially multiple web-scraping target.

Their approach to tackle single points-of-failure is to both aggregate data source as well as data oracles on multiple SGX platforms. The software has proven to be relatively scalable with throughputs of 15–65 transactions/sec.

You can find more about Town Crier here. The acquisition of Town Crier by ChainLink was reported during Devcon 4 by the CEO, Sergey Nazarov on 1 November 2018.