Trust Your Oracle? Cornell Launches Tool for Confidential Blockchain Queries

A new tool from Cornell's famed IC3 lab allows ethereum smart contracts to obtain and send information more securely.

AccessTimeIconMay 17, 2017 at 11:30 a.m. UTC
Updated Aug 18, 2021 at 6:10 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Smart contracts are touted as having the potential to do all kinds amazing things. But, to fulfill their promise, they need a way to communicate with the outside world.

That is not so easily done. Due of the nature of a blockchain (all nodes need to agree on any change in state of the database), smart contracts cannot simply fetch data on their own.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • So, instead, they rely on 'oracles'.

    A key part of the smart contract ecosystem, oracles allow smart contracts to access information, like commodity, currency, derivative pricing and more, from websites, and then use that data to implement the terms of a smart contract.

    But oracles come with their own set of challenges.

    For example, an oracle needs to be able to provide a tamper-proof source of information. So, if your smart contract offers insurance against flight cancellations, you want to make sure that the data you are getting on flights is accurate, and has not been altered at any point after being scraped from the website.

    Confidential queries are another issue. Say, a smart contract needs information on a personal bank statement or a medical record. A query from the oracle to the website would need to contain login, password or other private information. And you don't want anyone seeing that.

    Sealed in a box

    To that end, researchers at Cornell's Initiative for Cryptocurrencies and Contracts (IC3) have launched an oracle service that allows ethereum smart contracts to obtain trustworthy information and to securely send confidential queries to websites.

    Unlike other oracles, Town Crier, as the service is called, gets its added security from Intel's Software Guard eXtensions (SGX). IC3 has already implemented SGX on Teechan, a proposed off-chain payment solution for bitcoin, though not without some measure of debate.

    But Town Crier is officially IC3's first published and first deployed SGX-based tool.

    If you are wondering how SGX works, it essentially lets you run code inside an enclave, or a type of black box environment, which provides extra protection against tampering. Not even a computer's own operating system can see the data inside the enclave.

    Another feature SGX offers is 'remote attestation'. That means those using the service will be able to validate Town Crier code is in fact running in a secure SGX environment.

    Ari Juels, a professor at Cornell Tech working on the project, told CoinDesk:

    "Assuming that you trust SGX, data delivered by Town Crier from a website is guaranteed to be free from tampering. This authenticity property means that to trust Town Crier's data, you only need to trust Intel's implementation of SGX and the target website."

    While Town Crier runs its core code on a server with an SGX chip, the solution also has a front end that consists of a smart contract running on the ethereum blockchain.

    According to Juels, Town Crier will also be instrumental for permissioned blockchains, in which fewer, trusted participants exchange data.

    He said:

    "Even if banks trust one another to source data correctly, they are not going to trust one another to handle data on business plans or trades, so confidentiality features of a system like this are also very important in a permissioned setting."

    Other solutions

    Still, IC3 is not alone in seeking to provide assistance on oracles.

    Other oracles that have been proposed in the past include Augur and Gnosis, which are both prediction markets that rely on the 'wisdom of the crowd'.

    Another service is Oraclize, which relies on a TLSNotary – a service that allows an auditor to verify if a specific web page was accurately retrieved. Still, Town Crier is framed as unique in that it relies on a specific type of hardware for its security.

    Right now, although fully functional, Town Crier is still officially in alpha, and supports only query types for flight data, stock tickers, UPS tracking and weather data.

    The project has also partnered with SmartContracts.com, so anyone wanting to spin up a Town Crier oracle and experiment with coin price queries, can easily do so.

    Fortune cookies image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.