Cryptology ePrint Archive: Report 2022/499

Practical Decentralized Oracle Contracts for Cryptocurrencies

Varun Madathil and Sri AravindaKrishnan Thyagarajan and Dimitrios Vasilopoulos and Lloyd Fournier and Giulio Malavolta and Pedro Moreno-Sanchez

Abstract: The lack of data feeds about real-world events happening ``outside'' of the blockchain environment is a critical obstacle to the development of smart contracts. This has motivated the introduction of trusted identities, the so-called ``Oracles'', that attest the information about real-world events into the blockchain. This enables mutually distrustful parties to establish contracts based on said events.

Previous proposals for oracle-based contracts rely either on Turing-complete smart contracts or on trusted hardware. While the latter imposes an additional trust assumption, the former relies on a Turing-complete language to write the complete data feed on-chain, imposing thus an undesirable on-chain storage overhead and being incompatible with many popular cryptocurrencies that do not support Turing-complete language such as Bitcoin. Moreover, no proposal so far comes with provable cryptographic guarantees.

In this work, we lay the foundations of oracle contracts for cryptocurrencies. We present game-based definitions that model the security properties of oracle contracts, and we propose the first construction with provable security guarantees. Moreover, our construction does not incur any additional on-chain overhead and is compatible with all cryptocurrencies. Finally, our evaluation shows that our construction is practical even in commodity hardware.

As a contribution of independent interest, we show an efficient construction of witness encryption for the class of languages: $ \{ (\vk, m) \in \mathcal{L} : \exists~\sigma \text{ s.t. }\mathsf{Verify}(\vk, \sigma, m) = 1\} $ where $\sigma$ is a BLS signature on $m$. We show how this can be efficiently extended to the threshold settings (allowing the distribution of trust among several ``Oracles'') and how to prove that the encrypted message has a certain structure (e.g., it is itself a valid signature on some message). To guarantee the latter in a practically efficient manner, we develop a new batching technique for cut-and-choose, inspired by the work of Lindell-Riva on garbled circuits.

Category / Keywords: cryptographic protocols / oracle contracts, threshold cryptography, witness encryption, verifiable encryption, blockchain

Date: received 25 Apr 2022, last revised 6 May 2022

Contact author: vrmadath at ncsu edu, t srikrishnan at gmail com, pedro moreno at imdea org, giulio malavolta at hotmail it, dimitrios vasilopoulos at imdea org

Available format(s): PDF | BibTeX Citation

Version: 20220506:150807 (All versions of this report)

Short URL: ia.cr/2022/499


[ Cryptology ePrint archive ]