Paper 2022/499

Practical Decentralized Oracle Contracts for Cryptocurrencies

Varun Madathil, Sri AravindaKrishnan Thyagarajan, Dimitrios Vasilopoulos, Lloyd Fournier, Giulio Malavolta, and Pedro Moreno-Sanchez


The lack of data feeds about real-world events happening ``outside'' of the blockchain environment is a critical obstacle to the development of smart contracts. This has motivated the introduction of trusted identities, the so-called ``Oracles'', that attest the information about real-world events into the blockchain. This enables mutually distrustful parties to establish contracts based on said events. Previous proposals for oracle-based contracts rely either on Turing-complete smart contracts or on trusted hardware. While the latter imposes an additional trust assumption, the former relies on a Turing-complete language to write the complete data feed on-chain, imposing thus an undesirable on-chain storage overhead and being incompatible with many popular cryptocurrencies that do not support Turing-complete language such as Bitcoin. Moreover, no proposal so far comes with provable cryptographic guarantees. In this work, we lay the foundations of oracle contracts for cryptocurrencies. We present game-based definitions that model the security properties of oracle contracts, and we propose the first construction with provable security guarantees. Moreover, our construction does not incur any additional on-chain overhead and is compatible with all cryptocurrencies. Finally, our evaluation shows that our construction is practical even in commodity hardware. As a contribution of independent interest, we show an efficient construction of witness encryption for the class of languages: $ \{ (\vk, m) \in \mathcal{L} : \exists~\sigma \text{ s.t. }\mathsf{Verify}(\vk, \sigma, m) = 1\} $ where $\sigma$ is a BLS signature on $m$. We show how this can be efficiently extended to the threshold settings (allowing the distribution of trust among several ``Oracles'') and how to prove that the encrypted message has a certain structure (e.g., it is itself a valid signature on some message). To guarantee the latter in a practically efficient manner, we develop a new batching technique for cut-and-choose, inspired by the work of Lindell-Riva on garbled circuits.

Available format(s)
Cryptographic protocols
Publication info
oracle contractsthreshold cryptographywitness encryptionverifiable encryptionblockchain
Contact author(s)
vrmadath @ ncsu edu
t srikrishnan @ gmail com
pedro moreno @ imdea org
giulio malavolta @ hotmail it
dimitrios vasilopoulos @ imdea org
2022-05-06: last of 2 revisions
2022-04-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Varun Madathil and Sri AravindaKrishnan Thyagarajan and Dimitrios Vasilopoulos and Lloyd Fournier and Giulio Malavolta and Pedro Moreno-Sanchez},
      title = {Practical Decentralized Oracle Contracts for Cryptocurrencies},
      howpublished = {Cryptology ePrint Archive, Paper 2022/499},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.