Paper 2022/499

Practical Decentralized Oracle Contracts for Cryptocurrencies

Varun Madathil, North Carolina State University
Sri AravindaKrishnan Thyagarajan, Carnegie Mellon University
Dimitrios Vasilopoulos, IMDEA Software
Lloyd Fournier, none
Giulio Malavolta, Max Planck Institute for Security and Privacy
Pedro Moreno-Sanchez, IMDEA Software

We consider a scenario where two mutually distrustful parties, Alice and Bob, want to perform a payment conditioned on the outcome of some real-world event. A semi-trusted oracle (or a threshold number of oracles in a distributed trust setting) is entrusted to attest that such an outcome indeed occurred, and only then the payment is made successfully. We refer to such scenario as \emph{oracle-based conditional (ObC) payments} that are ubiquitous in many real-world applications, like financial adjudication, pre-scheduled payments or trading, and are a necessary building block to introduce information about real-world events into blockchains. The focus of this work is to realize such ObC payments with provable security guarantees and efficient instantiations. To do this, we propose a new cryptographic primitive that we call \emph{verifiable witness encryption based on threshold signatures (VweTS)}: Users can encrypt signatures on messages in a verifiable manner, such that, the decryption is successful only if a threshold number of signers (e.g., oracles) sign another message (e.g., the description of an event outcome). We require two security notions: (1) \emph{one-wayness} that guarantees that without the threshold number of signatures, the ciphertext hides the encrypted signature, and (2) \emph{verifiability}, that guarantees that a ciphertext that verifies successfully can be successfully decrypted to reveal the underlying signature. We present provably secure and efficient instantiations of VweTS where the encrypted signature can be some of the widely used schemes like Schnorr, ECDSA or BLS signatures. To provide verifiability in a practically efficient manner, we make use of a new batching technique for cut-and-choose, inspired by the work of Lindell-Riva on garbled circuits. Our VweTS instantiations can be readily used to realize ObC payments on virtually all cryptocurrencies of today in a fungible, cost-efficient, and scalable manner. Our instantiations are the first to support ObC payments in a distributed trust setting without requiring any form of synchrony or coordination among the users and the oracles. To demonstrate the practicality of our scheme, we present a prototype implementation and our benchmarks in commodity hardware show that the computation overhead is less than 13 seconds even for a threshold of 4 out of 7 and a payment conditioned on up to 1000 different real-world event outcomes, while the communication overhead is below 1.3MB. Therefore, our approach is practical even in commodity hardware.

Available format(s)
Cryptographic protocols
Publication info
oracle contracts threshold cryptography witness encryption verifiable encryption blockchain
Contact author(s)
vrmadath @ ncsu edu
t srikrishnan @ gmail com
dimitrios vasilopoulos @ imdea org
lloyd fourn @ gmail com
giulio malavolta @ hotmail it
pedro moreno @ imdea org
2022-08-10: last of 3 revisions
2022-04-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Varun Madathil and Sri AravindaKrishnan Thyagarajan and Dimitrios Vasilopoulos and Lloyd Fournier and Giulio Malavolta and Pedro Moreno-Sanchez},
      title = {Practical Decentralized Oracle Contracts for Cryptocurrencies},
      howpublished = {Cryptology ePrint Archive, Paper 2022/499},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.