You are looking at a specific version 20220506:150807 of this paper. See the latest version.

Paper 2022/499

Practical Decentralized Oracle Contracts for Cryptocurrencies

Varun Madathil and Sri AravindaKrishnan Thyagarajan and Dimitrios Vasilopoulos and Lloyd Fournier and Giulio Malavolta and Pedro Moreno-Sanchez

Abstract

The lack of data feeds about real-world events happening ``outside'' of the blockchain environment is a critical obstacle to the development of smart contracts. This has motivated the introduction of trusted identities, the so-called ``Oracles'', that attest the information about real-world events into the blockchain. This enables mutually distrustful parties to establish contracts based on said events. Previous proposals for oracle-based contracts rely either on Turing-complete smart contracts or on trusted hardware. While the latter imposes an additional trust assumption, the former relies on a Turing-complete language to write the complete data feed on-chain, imposing thus an undesirable on-chain storage overhead and being incompatible with many popular cryptocurrencies that do not support Turing-complete language such as Bitcoin. Moreover, no proposal so far comes with provable cryptographic guarantees. In this work, we lay the foundations of oracle contracts for cryptocurrencies. We present game-based definitions that model the security properties of oracle contracts, and we propose the first construction with provable security guarantees. Moreover, our construction does not incur any additional on-chain overhead and is compatible with all cryptocurrencies. Finally, our evaluation shows that our construction is practical even in commodity hardware. As a contribution of independent interest, we show an efficient construction of witness encryption for the class of languages: $ \{ (\vk, m) \in \mathcal{L} : \exists~\sigma \text{ s.t. }\mathsf{Verify}(\vk, \sigma, m) = 1\} $ where $\sigma$ is a BLS signature on $m$. We show how this can be efficiently extended to the threshold settings (allowing the distribution of trust among several ``Oracles'') and how to prove that the encrypted message has a certain structure (e.g., it is itself a valid signature on some message). To guarantee the latter in a practically efficient manner, we develop a new batching technique for cut-and-choose, inspired by the work of Lindell-Riva on garbled circuits.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
oracle contractsthreshold cryptographywitness encryptionverifiable encryptionblockchain
Contact author(s)
vrmadath @ ncsu edu,t srikrishnan @ gmail com,pedro moreno @ imdea org,giulio malavolta @ hotmail it,dimitrios vasilopoulos @ imdea org
History
2023-01-18: last of 5 revisions
2022-04-28: received
See all versions
Short URL
https://ia.cr/2022/499
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.