Smart contracts, by their nature, are able to run algorithmic calculations and store and retrieve data.Because every node runs every calculation, it’s not practical (and presently impossible) to make arbitrary network requests from an Ethereum contract.Oracles fill this void by watching the blockchain for events and responding to them by publishing the results of a query back to the contract.In this way, contracts can interact with the off-chain world.This introduces obvious trust problems.A decentralized contract that requires trusting a single outside data source is a bit of a contradiction.This can be mitigated by having multiple independent oracles respond to the same queries to form a consensus.For more on Oracles, check out Oraclize, a FinTech company providing a ‘reliable connection’ between distributed apps.Their explanation of an oracle is a good place to start.The oracle for Tinypay (described in more detail here) has to do three simple things:I went through a few iterations getting the right implementation, and I want to walk you through them as a tour of development on Ethereum.The first time I wrote the oracle, I used Go.

I tried to do all of the communication with the Ethereum node using the RPC APIs directly.That was interesting, because I was able to learn a lot about how the Ethereum protocol stores and marshals data at a low level.bitcoin kowrsI had to manually recreate the ABI (Application Binary Interface) in code and use that to both send and decipher messages.ebook bitcoin indonesiaThe ABI is necessary for defining how the contract can be interacted with, and how data is extracted from the raw bytes on the wire.The actual extracting of data from the events proved to be more complex than I was ready for.avoir des bitcoin gratuitHandling events was not yet completed in the Go client.jasa bitcoin

I was forced to poll the RPC endpoint manually, and to figure out how to decode the binary data from the raw events.bitcoin group stanfordThe Go client certainly seems to be the primary focus of the Ethereum team, and they’re well aware of the hole in the client around watching and decoding events.litecoin gpu mining 2017I expect this to be shored up soon, making the Go client a first class option for writing Oracles and other Ethereum client apps.The low level RPC APIs and decoding APIs proved to be very low-level, and they were making rapid iteration much harder, so…For the second iteration I switched to node.js and used the web3 library for communicating with the geth node.This gave me built in abstractions for event watching, data extraction and formatting, and generally made life a lot easier.I started with the very useful ‘tinyoracle’ guide by Alex Beregszaszi which got me well on my way to a good second versionThe following code extracts are somewhat edited, the full code can be found in the github repository (tag v0.0.2 for this iteration)// First we instruct web3 to use the RPC providerweb3.setProvider( new web3.providers.HttpProvider( 'http://' + opts.rpc_host + ':' + opts.rpc_port));Finally, for the third iteration, I gave up trying to roll it all myself.

We were already using the excellent tool, truffle, from ConsenSys in our web front end.I just copied the generated artifacts into my node.js project, and included it directly, and I was in business.Using Truffle we were able to compile our Solidity contracts into a javascript library that captured important details like the deployed address of the contract, and completely abstracted away the low level RPC communication.Watching events, and sending transactions, and querying data became simple API calls generated directly from our contract.As you can see, Truffle provides some really nice abstractions for using and interacting with smart contracts.It’s not perfect, and doesn’t solve some problems like contract versioning, etc.But we’ll have to cover those things in another post.One of the more popular proposals for implementing smart contracts differently from the way they are typically presented in Ethereum is through the concept of oracles.Essentially, instead of a long-running contract being run directly on the blockchain, all funds that are intended to go into the contract would instead go into an M-of-N multisig address controlled by a set of specialized entities called “oracles”, and the contract code would be simultaneously sent to all of these entities.

Every time someone wants to send a message to the contract, they would send the message to the oracles.The oracles would run the code, and if the code execution leads to a withdrawal from the contract to some particular address then the oracles circulate a transaction sending the funds and sign it.The approach is still low-trust, as no single oracle has the ability to unilaterally withdraw the funds, but it has a number of particular advantages: Given all of these advantages, it is undeniably clear that oracles have the potential to be a very useful paradigm for smart contracts going forward.However, the key question is, how will oracle-based computation and blockchain-based computation, as in Ethereum, interact with each other?First of all, one important point to make is that it will not always be the case that the oracle-based method of contract execution will be more efficient than the blockchain-based approach (not to mention non-currency/non-contract uses of the blockchain such as name registries and the People’s Republic of DOUG where oracle systems do not even begin to apply).

A common misconception is that the primary feature of Ethereum is that it is Turing-complete, and so while Bitcoin only allows quick scripts for verification Ethereum contracts are means to do much harder and computationally intensive tasks.This is arguably a misconception.The primary feature of Ethereum is not Turing-completeness; in fact, we have a section in our whitepaper which makes the argument that even if we explicitly removed the ability of Ethereum contracts to be Turing-complete it would actually change very little and there would still be a need for “gas”.In order to make contracts truly statically analyzable, we would need to go so far as to remove the first-class-citizen property (namely, the fact that contracts can create and call other contracts), at which point Ethereum would have very limited utility.Rather, the primary feature of Ethereum is state – Ethereum accounts can contain not just a balance and code, but also arbitrary data, allowing for multi-step contracts, long-running contracts such as DOs/DACs/DAOs and particularly non-financial blockchain-based applications to emerge.

For example, consider the following contract: This contract is pretty straightforward.It is an account with two access keys, where the first key has a withdrawal limit and the second key does not.You can think of it as a cold/hot wallet setup, except that you do not need to periodically go to the cold wallet to refill unless you want to withdraw a large amount of ether all at once.If a message is sent with data [DEST, VALUE], then if the sender is the first account it can send up to a certain limit of ether, and the limit refills at the rate of 1 finney per second (ie.86.4 ether per day).If the sender is the second account, then the account contract sends the desired amount of ether to the desired destination with no restrictions.Now, let’s see what expensive operations are required to execute here, specifically for a withdrawal with the limited key: There are also a couple dozen stack operations and memory reads/writes, but these are much faster than database and cryptography ops so we will not count them.

The storage database reads can be made efficient with caching, although the writes will require a few hashes each to rewrite the Patricia tree so they are not as easy; that’s why SLOAD has a gas cost of 20 but SSTORE has a cost of up to 200.Additionally, the entire transaction should take about 160 bytes, the Serpent code takes up 180 bytes, and the four storage slots take up 100-150 bytes – hence, 350 bytes one-time cost and 160 bytes bandwitdh per transaction.Now, consider this contract with a multisig oracle.The same operations will need to be done, but only on a few servers so the cost is negligible.However, when the multisig transaction is sent to Bitcoin, if the multisig is a 3-of-5 then three elliptic curve verifications will be required, and the transaction will require 65 bytes per signature plus 20 bytes per public key so it will take about 350-400 bytes altogether (including also metadata and inputs).The blockchain storage cost will be around 50 bytes per UTXO (as opposed to a static 350 in Ethereum).

Hence, assuming that an elliptic curve verification takes longer than a few hashes (it does), the blockchain-based approach is actually easier.The reason why this example is so favorable is because it is a perfect example of how Ethereum is about state and not Turing-completeness: no loops were used, but the magic of the contract came from the fact that a running record of the withdrawal limit could be maintained inside the contract.(Note: advanced cryptographers may note that there is a specialized type of threshold signature that actually requires only one verification operation even if a large number of oracles are used to produce it.However, if we use a currency with such a feature built-in, then we are already abandoning Bitcoin’s existing infrastructure and network effect; in that case, why not just use the Ethereum contract?)At other times, however, oracles do make sense.The most common case that will appear in reality is the case of external data; sometimes, you want a financial contract that uses the price of the US dollar, and you can’t cryptographically determine that just by doing a few hashes and measuring ratios.

In this case, oracles are absolutely necessary.Another important case is smart contracts that actually are very hard to evaluate.For example, if you are purchasing computational resources from a decentralized cloud computing application, verifying that computations were done legitimately is not a task that the Ethereum blockchain can cheaply handle.For most classes of computation, verifying that they were done correctly takes exactly as long as doing them in the first place, so the only way to practically do such a thing is through occasional spot-checking using, well, oracles.Another cloud-computing use case for oracles, although in this context we do not think of them as such, is file storage – you absolutely do not want to back up your 1GB hard drive onto the blockchain.An additional use-case, already mentioned above, is privacy.Sometimes, you may not want the details of your financial contracts public, so doing everything on-chain may not be the best idea.Sure, you can use standard-form contracts, and people won’t know that it’s you who is making a contract for difference between ETH and USD at 5:1 leverage, but the information leakage is still high.

In those cases, you may want to limit what is done on-chain and do most things off-chain.So we have these two paradigms of total on-chain and partial on-chain, and they both have their relative strengths and weaknesses.However, the question is, are the two really purely competitive?The answer is, as it turns out, no.To further this point, here are a few particular examples: SchellingCoin – incentivized decentralized oracles.The SchellingCoin protocol is a proof-of-concept that shows how we can create a decentralized oracle protocol that is incentive-compatible: have a two-step commitment protocol so that oracles do not initially know what each other’s answers are, and then at the end have an Ethereum contract reward those oracles that are closest to the median.This incentivizes everyone to respond with the truth, since it is very difficult to coordinate on a lie.An independently conceived alternative, TruthCoin, does a similar thing for prediction markets with binary outcomes (eg.

did the Toronto Maple Leafs win the World Cup?).Verifiable computation oracles – when the oracles in question are executing moderately computationally intensive code, then we can actually go beyond the admittedly flaky and untested economics of the SchellingCoin/TruthCoin protocols.The idea is as follows.By default, we have M of N oracles running the code and providing their votes on the answers.However, when an oracle is perceived to vote incorrectly, that oracles can be “challenged”.At that point, the oracle must provide the code to the blockchain, the blockchain checks the code against a pre-provided hash and runs the code itself, and sees if the result matches.If the result does not match, or if the oracle never replies to the challenge, then it loses its security deposit.The game-theoretic equilibrium here is for there to be no cheating at all, since any attempt at cheating necessarily harms some other party and so that party has the incentive to perform a check.Signature batching – one of the problems that I pointed out with the multisig oracle approach above is signature bloat: if you have three oracles signing everything, then that’s 195 extra bytes in the blockchain and three expensive verification operations per transaction.

However, with Ethereum we can be somewhat more clever – we can come up with a specialized “oracle contract”, to which oracles can submit a single transaction with a single signature with a large number of votes batched together: [addr1, vote1, addr2, vote2 ... ].The oracle contract then processes the entire list of votes and updates all of the multisig voting pools contained inside it simultaneously.Thus, one signature could be used to back an arbitrarily large number of votes, reducing the scalability concerns substantially.Blockchain-based auditing – the concept of oracle-based computation can actually go much further than the “Bitcoin multisig oracle” (or, for that matter, Ethereum multisig oracle) idea.The extreme is an approach where oracles also decide the one thing that the Bitcoin-based schemes still leave the blockchain to decide: the order of transactions.If we abandon this requirement, then it is possible to achieve much higher degrees of efficiency by having an oracle maintain a centralized database of transactions and state as they come, providing a signed record of each new balance sheet as a transaction is applied, allowing for applications like microtransactions and high-frequency trading.

However, this has obvious trust-problems; particularly, what if the oracle double-spends?Fortunately, we can set up an Ethereum contract to solve the problem.Much like the verifiable computation example above, the idea is that by default everything would run entirely on the oracle, but if the oracle chooses to sign two different balance sheets that are the result of incompatible transactions then those two signatures can be imported into Ethereum, and the contract will verify that those two signatures are valid, and if they are the contract will take away the oracle’s security deposit.More complicated schemes to deal with other attack vectors are also possible.Verifiable secure multiparty computation – in the case where you are using oracles specifically for the purpose of maintaining private data, you can set up a protocol where the oracles securely choose a new secret key using multiparty random number generation every 24 hours, sign a message with the old key to prove to the world that the new key has authority, and then have to submit all of the computations that they made using the old key to the Ethereum blockchain for verification.

The old key would be revealed, but it would be useless since a message transferring ownership rights to the new key is already in the blockchain several blocks before.Any malfeasance or nonfeasance revealed in the audit would lead to the loss of a security deposit.The larger overarching point of all this is that the primary raison d’être of Ethereum is not just to serve as a smart contract engine; it is more generally to serve as a world-wide trust-free decentralized computer, albeit with the disadvantages that it can hold no secrets and it is about ten thousand times slower than a traditional machine.The work in developing cryptoeconomic protocols to ensure that ordinary people have access to reliable, trustworthy and efficient markets and institutions is not nearly done, and the most exciting end-user-centric innovation is likely what will be built on top.It is entirely possible to have systems which use Ethereum for one thing, an M-of-N oracle setup for another thing, and some alternative network like Maidsafe for something else; base-level protocols are your servant, not your master.