Trust Your Oracle? Cornell Launches Tool for Confidential Blockchain Queries
Smart contracts are touted as having the potential to do all kinds amazing things. But, to fulfill their promise, they need a way to communicate with the outside world.
That is not so easily done. Due of the nature of a blockchain (all nodes need to agree on any change in state of the database), smart contracts cannot simply fetch data on their own.
So, instead, they rely on ‘oracles’.
A key part of the smart contract ecosystem, oracles allow smart contracts to access information, like commodity, currency, derivative pricing and more, from websites, and then use that data to implement the terms of a smart contract.
But oracles come with their own set of challenges.
For example, an oracle needs to be able to provide a tamper-proof source of information. So, if your smart contract offers insurance against flight cancellations, you want to make sure that the data you are getting on flights is accurate, and has not been altered at any point after being scraped from the website.
Confidential queries are another issue. Say, a smart contract needs information on a personal bank statement or a medical record. A query from the oracle to the website would need to contain login, password or other private information. And you don’t want anyone seeing that.
Sealed in a box
To that end, researchers at Cornell’s Initiative for Cryptocurrencies and Contracts (IC3) have launched an oracle service that allows ethereum smart contracts to obtain trustworthy information and to securely send confidential queries to websites.
Unlike other oracles, Town Crier, as the service is called, gets its added security from Intel’s Software Guard eXtensions (SGX). IC3 has already implemented SGX on Teechan, a proposed off-chain payment solution for bitcoin, though not without some measure of debate.
But Town Crier is officially IC3’s first published and first deployed SGX-based tool.
If you are wondering how SGX works, it essentially lets you run code inside an enclave, or a type of black box environment, which provides extra protection against tampering. Not even a computer’s own operating system can see the data inside the enclave.
Another feature SGX offers is ‘remote attestation’. That means those using the service will be able to validate Town Crier code is in fact running in a secure SGX environment.
Ari Juels, a professor at Cornell Tech working on the project, told CoinDesk:
“Assuming that you trust SGX, data delivered by Town Crier from a website is guaranteed to be free from tampering. This authenticity property means that to trust Town Crier’s data, you only need to trust Intel’s implementation of SGX and the target website.”
While Town Crier runs its core code on a server with an SGX chip, the solution also has a front end that consists of a smart contract running on the ethereum blockchain.
According to Juels, Town Crier will also be instrumental for permissioned blockchains, in which fewer, trusted participants exchange data.
“Even if banks trust one another to source data correctly, they are not going to trust one another to handle data on business plans or trades, so confidentiality features of a system like this are also very important in a permissioned setting.”
Still, IC3 is not alone in seeking to provide assistance on oracles.
Other oracles that have been proposed in the past include Augur and Gnosis, which are both prediction markets that rely on the ‘wisdom of the crowd’.
Another service is Oraclize, which relies on a TLSNotary – a service that allows an auditor to verify if a specific web page was accurately retrieved. Still, Town Crier is framed as unique in that it relies on a specific type of hardware for its security.
Right now, although fully functional, Town Crier is still officially in alpha, and supports only query types for flight data, stock tickers, UPS tracking and weather data.
The project has also partnered with SmartContracts.com, so anyone wanting to spin up a Town Crier oracle and experiment with coin price queries, can easily do so.
Fortune cookies image via Shutterstock