It has been a few months since our previous technical update but we've been quite productive in the intervening time. As we reported in that last update, the Orcfax project intentionally paused work on the component that publishes data to the Cardano blockchain while we awaited IOG’s delivery of the CIP-31 Reference Inputs feature.
Before this important enhancement oracle feeds on Cardano were not really financially sustainable or technically feasible in a permissionless way, i.e. without requiring off-chain deals and third-party infrastructure.
When CIP-31 and its related enhancements were made available on the Vasil Testnet in June, we dove in head first with the Plutus development experts at MLabs to analyze the exciting new options for implementing an oracle design on post-Vasil Cardano. This work is generously funded via a Project Catalyst Fund 8 grant.
The guiding principle that scoped our investigation was Orcfax’s commitment to a public data commons. That is to say, how can we amortize the cost of making as much free but trustworthy off-chain data available in a financially sustainable way?
Introducing the Cardano Open Oracle Protocol
The result of this analysis is an innovative new approach which Orcfax and MLabs have branded the Cardano Open Oracle Protocol (COOP). The protocol requires the first user of a newly updated data point in a COOP feed to pay the posted fee for that fact statement type (e.g. ADA/USD rate, current temperature in Nairobi, etc.).
This grants that dApp or smart contract script the privilege and potential business advantage of using that datum in the very same Cardano eUTXO transaction block in which the fee payment for the datum request is processed. That is to say, their dApp gets to read the validated fact statement one block before anyone else.
But the protocol also enforces the open publication of each signed fact statement, making it available to be used for free as a CIP-31 Reference Input in subsequent transactions for other downstream dApps. So essentially, "pay once, read many."
The fact statement UTXO continues to be reference-able in this way, until the publication submitter consumes it, reclaiming the publication deposit after its time-to-live expires. Of course, the fact statement itself will always remain readable from the blockchain for humans and off-chain apps, via Cardano block explorers and chain indices.
The COOP design also enables setting up completely free fact statement feeds whose first-use transaction fees are paid for from an escrow account. These accounts could be funded by a Project Catalyst grant, an industry consortium of fact statement users, a NGO, or a crowd-source campaign.
The COOP reference implementation software and documentation will be released as a Software Development Toolkit (SDK) under a copyleft open source license in Q4 2022. This means that other potential Cardano oracle providers can leverage this code to launch their own oracle services.
The SDK will make it easy for other projects to implement the Cardano Open Oracle Protocol along with the sustainability strategy and open-access principles it encodes. Each COOP-based data publisher can set their own pricing model and provide other value-added services to set themselves apart. We envision the introduction of whole new DeFi and RealFi use cases which can distinguish the Cardano ecosystem even further from competing chains.
The most comprehensive solution to The Oracle Problem?
On top of the innovations that will be introduced by the implementation of the Cardano Open Oracle Protocol, the Orcfax oracle service introduces some ground-breaking new features, integrations, and partnerships to the world of blockchain oracles. These have emerged from the R&D and networking we have been quietly conducting over the past few months while we awaited the Vasil hard fork.
As a matter of fact, based on our detailed analysis of the nascent blockchain oracle sector, we will go as far to say that the production implementation of the Orcfax oracle service that is scheduled for Q1 2023 will deliver the most comprehensive solution to “The Oracle Problem” in the entire blockchain industry.
We will dive into the technical reasons for this ambitious claim, including a closer look into the COOP design, in more regular updates over the coming weeks. These posts will explore the components in the concept diagram above and will lead up to the Orcfax whitepaper release and our Initial Coin Offering (ICO) announcement in Q4 2022. Sign up for our newsletter to get immediate notice of these updates in your inbox and give us a follow on Twitter for more immediate information and feedback.
In the meanwhile, to set the stage for these upcoming technical updates, we think it’s useful to first (re)establish some shared understanding about core concepts in the oracle domain, ending with our own assessment of The Oracle Problem.
What is an oracle?
Oracles like Orcfax, Chainlink, Charli3, etc. are the technical component in blockchain architectures that deliver information about the real-world to on-chain smart contracts. The name is derived from people in the ancient world who delivered messages and knowledge from the gods to the mortals.
Software oracles process information from online sources such as website content and open datasets but mostly from server-based application programming interfaces (API). These are the most common types of oracles and are used, for example, by algorithmic stablecoins or automated market maker (AMM) exchanges to monitor for changes in currency exchange rates.
Hardware oracles collect and publish information from physical sources such as sensors and barcode scanners. These are found in supply-chain scenarios or earth data use cases such as tree planting verification.
The Orcfax oracle service will start as a software oracle but will expand to include hardware-generated source data with a focus on agricultural and journalism use cases.
What is a smart contract?
Blockchain technology is often described as being "trustless" because cryptographic proofs and distributed consensus algorithms ensure that its shared data is authentic, accurate, and secure without reliance on a trusted third-party to verify the information.
Smart contracts are software programs that execute conditional logic on next-generation blockchains like Cardano (e.g. when event X happens, trigger action Y). Because their source code is immutably stored and run on decentralized blockchain networks, they constrain the range of permissible user actions and their effects. This means that they can reasonably be expected to have the same outcome each time they are triggered. Therefore smart contracts are also often referred to as having "trustless" qualities.
Smart contracts are the key enabler for the explosion of the trillion-dollar DeFi industry. What most people don’t realize however, is that the vast majority of smart contracts are critically dependent on off-chain data provided by a very small group of oracle service providers.
This is because almost all smart contracts need reliable real-world facts to serve as inputs to their application logic. This data must be “trustworthy” because the execution of smart contract logic can have significant economic and social consequences. Especially considering that the consequences of a blockchain transaction are irreversible by their very design. For example:
- A change in the Bitcoin to ADA price may trigger a limit order in a DeFi smart contract.
- The final score in a sports event may trigger a payout in a betting dApp smart contract.
- An extreme weather event may trigger a payout for a crop insurance smart contract.
- The words spoken in a political speech and authenticated via blockchain notarization may trigger policy changes or protests.
What is The Oracle Problem?
Given the examples above, it is not hard to imagine how introducing false, real-world data into smart contracts and dApps is a potentially lucrative attack vector for bad actors. Unfortunately, there are significant challenges to preventing so-called “man-in-the-middle” attacks and proving that external real-world data introduced to smart contracts can be trusted to be authentic and accurate. Collectively, the blockchain industry refers to these challenges as “The Oracle Problem.”
First-generation oracle providers each claim to have solved the oracle problem in their own way but what is not talked about enough is that most of these are still permissioned, black boxes. That is to say, they rely on off-chain deals to authorize and pay for access to their data which is usually sourced from a single trusted provider.
Smart contract developers or users of their dApps are not able to audit the provenance and flow of this data inside these black boxes, either before deciding to make an important financial decision based on that data or afterwards, to independently investigate whether any fraudulent activity has occurred or where mistakes where made. There is no clarity on how the oracle magically produced the singular data point that is eventually reported on-chain without any further context. Smart contract users are forced to trust the brand-reputation of the oracle provider as their only touchstone.
To be fair, most leading oracle platforms are now beginning to implement some form of decentralized oracle pools as another technique to address the oracle problem. In its purest form, a decentralized oracle pool uses distributed networking and computation nodes to validate the authenticity and accuracy of source data before it is published on-chain.
Unfortunately, most current implementations do not go this far. Instead they often receive data from a single, black box provider such as Binance price feeds, Google’s Big Query or Wolfram Alpha’s knowledgebase. They then use an oracle pool to arrive at a consensus about the uniformity of that data and not necessarily about its authenticity or accuracy. In our assessment, a decentralized pool of oracle nodes is irrelevant if it is bottlenecked by a single upstream provider. Therefore, we are implementing a triangulation strategy for source data collection which we'll explain in more detail in an upcoming update.
The first standards-based blockchain oracle
Another critical issue we have discovered during our analysis is that first-generation oracle providers have mostly ignored industry standards and academic research findings that exist outside of the blockchain and IT industry echo chamber. In particular those International Organization for Standardization (ISO) quality standards that provide well-established guidelines and practices for ensuring the authenticity and accuracy of digital information; the very thing that oracles should be most concerned about.
Orcfax is the first standards-based and research-driven oracle service in all of the nascent blockchain industry to conduct an extensive requirements analysis of these standards and research outputs. This analysis was carried out by archival science academics and industry experts with professional experience implementing these standards in traditional enterprise architectures.
The requirements derived from this well-documented process are directly traceable to the design choices we made to develop the Orcfax technical architecture. The outputs from this research will be published in the Orcfax whitepaper and submitted for peer review and publication to a scholarly journal in 2022 Q4.
In our next technical update, we will explain how we implemented these requirements as provenance audit logs that are archived on the Arweave permaweb network via the Arkly digital preservation service and inextricably linked back to the relevant transactions on the Cardano blockchain. We'll also explore how these archived fact statements will be made available for reference and research on the Factpage "proof-of-fact" block explorer.