A Distributed Efficient Blockchain Oracle Scheme for Internet of Things

Augur is the first prediction market platform for decentralized oracle proposed by Ethereum. It hands data request events to all participants in the market. If the data provided by one node is inconsistent with the consensus results of other nodes, the pledged tokens will be confiscated by the system and redistributed to other nodes, forcing the nodes to remain honest[9]. Adler et al.[10] designed a decentralised oracle scheme based on a voting game that divides participants into three categories: submitters, voters or verifiers. Voters and validators play games with each other. Eventually, the Nash equilibrium is reached where all rational participants are forced to act honestly. Cai et al.[13] thought that the linear growth of participants’ equity may lead to herd behavior, so they propose a nonlinear equity scaling rule to prevent Sybil attacks. However, the voting-based oracle requires a definite answer to the proposition, and the user’s voting is inefficient.

Trusted Execution Environment (TEE) can protect the core code of the program from interference by other malicious programs, while avoiding data leakage[6]. Zhang et al.[7] proposed a hardware-based oracle system, which uses Intel SGX to ensure the security and credibility of computing. However, the above system has the possibility of a single point of failure, so Woo et al.[8, 14] proposed a distributed oracle using Intel SGX to improve the availability of the oracle network in the event of a single point of failure or malicious nodes through the BFT consensus mechanism. Liu et al.[15] using TEE to extend blockchain trust from the blockchain to the off-chain, continuously perceive the inside of the vaccine box through trusted sensors and generate anti-counterfeiting data to obtain reliable vaccine tracking data. However, hardware-based oracles require specific hardware support, so their scalability is poor and it is difficult to take advantage of the large number of IoT devices without TEE.

DECO is a distributed oracle scheme that helps users prove that the data they access through TLS is from a specific website without the need for trusted hardware or server-side modifications[16]. He et al.[17] proposed a novel scalable data feed service SDFS, which ensures the rationality of the data acquisition process and the scalability of the system services. In addition, a node reputation evaluation strategy is designed to judge whether each node is a malicious node and update the reputation value of each node. Chainlink [11] proposes a decentralized oracle network to achieve reliable data input and connection between smart contracts and external data sources. It uses reputation systems and cryptographic algorithms to ensure reliable operation of the system. DOS Network[12] provides off-chain computing in a decentralized manner, and uses m-out-n multi-signature transactions to achieve consensus. Similarly, Manoj et al.[18] obtained trusted agricultural data for the blockchain using a threshold secret-sharing scheme. Lin et al.[19] proposed a novel IIoT-oriented digital twin architecture by combining oracle with decentralized learning. Gigli et al.[20] proposed a robust oracle architecture with a reputation algorithm for selecting trusted data sources. Even if there are multiple malicious data sources, it can consistently provide high-quality data.

The above solutions are all focused on improving the accuracy, reliability, and completeness of oracle data. However, these solutions do not consider the impact of the matching relationship between oracle nodes and data sources on the performance of the oracle system. Therefore, this paper designs a high-performance distributed multi-data-source oracle system with a hybrid TEE device for IoT scenarios. By combining the advantages of TEE and distributed oracle systems, the system selects efficient and trustworthy oracle nodes through weighted random selection, thereby improving the access efficiency of the oracle system.

The word ‘Oracle’ comes from Greek mythology and refers to people who can directly communicate with God and foresee the future. In a blockchain environment, oracle is a system that provides blockchain with information from the real world[21].

The main steps are shown in Fig. 1, 1) The user contract calls the oracle contract to obtain the data of the corresponding data source; 2) After the oracle node listens to the event of the oracle contract, it obtains data from the corresponding data source; 3) The data source returns the corresponding data; 4) Oracle nodes verify and sign the data and return the oracle contract; 5) The oracle contract returns data to the user contract.

Threshold signature is a group of $n$ members, the group has a pair of group signature public key and private key[22]. The group’s signature private key is shared by $n$ members in a threshold manner. Only the number of honest members in the group greater than or equal to the threshold value $t$ can sign on behalf of the group with the group signature private key. And it is easy for anyone to verify the signature through the group public key. These characteristics of threshold signature make it can be used in the process of oracle node aggregation data to prevent the problem of freeloading[11]. The process of threshold signature used in this paper is as follows:

1) Generate public key and group member private key: input the security parameter $s$, the threshold value $t$ and the number of members $n$, and return the private key $sk_{i}(i=1,2,...,n)$ for each member’s partial signature. Each member saves a private key fragment to generate a partial threshold signature. $pk$ is used to verify the threshold signature, as shown in the equation (1), where $L$ = $sk_{1},sk_{2},...,sk_{n}$ .

2) Generate partial threshold signature: input the message msg and the member private key $sk_{i}$ to generate a partial signature $Sign_{i}$, as shown in the equation (2):

3) Synthetic threshold signature: if the valid partial signatures $Sign_{i}$ collected by a member reach the threshold value $t$, these $Sign_{i}$ can be used to synthesize the threshold signature $Sign^{*}$.

4) Verify threshold signature: input message $msg$, public key $pk$ and threshold signature $Sign^{*}$, return judgment result $true$ and $false$, where $true$ means authentication passed and $false$ means not authenticated, as shown in equation (3):

In this Section, we present the oracle scheme proposed in this paper. We design a high-performance distributed oracle weighted matching scheme with multiple data sources. The system is mainly divided into on-chain contracts and off-chain nodes, where off-chain nodes are further divided into ordinary oracle nodes and TEE nodes. Ordinary oracles account for the majority of industrial Internet devices, providing scalability for the oracle system. A few nodes with TEE can provide trusted support for the system and improve system trustworthiness. The system overview is shown in Fig. 3.

The main steps include the following:

1. Firstly, the user contract initiates a data acquisition request to the oracle contract.

2. The oracle contract splits multiple data source requests into subtasks of a single data source.

3. The oracle contract takes the QoS of each oracle node to the requested data source as the weight of node selection, and uses the A-EepJ weighted random sampling algorithm to select the set of ordinary oracle nodes to participate in subsequent tasks.

4. The off-chain oracle node uses a one-time non-interactive Distributed Key Generation (DKG) protocol to generate a distributed public and private key after listening to the task.

5. According to the user task, the oracle node off-chain obtains data from the specified data source and signs it with its own private key fragment $sk_{i}$ to obtain the signature fragment $Sign_{i}$.

6. The TEE node is responsible for jointly verifying the signature fragment $Sign_{i}$ uploaded by the ordinary node, recording its response time $t_{d}^{i}$, and finally returning the Leader, which is aggregated by the Leader to obtain the group signature $Sign^{*}$

7. After aggregating the group signature, the Leader of the TEE node committee packages the group signature $Sign^{*}$, the original data and the node response time $t_{d}^{i}$, and then signs and uploads the oracle contract.

8. After the signature of the oracle contract verification is correct, the original data is obtained, and the behavior information of the oracle node and the corresponding QoS record are updated.

9. The final aggregation result is aggregated by oracle contract according to the user-defined multi-data source result aggregation strategy.

10. Finally, the oracle contract returns the final result to the user contract.

Firstly, the oracle contract processes data requests from user contracts in the form of a four-tuple $Request(m,n,D,r)$, where $m$ represents the number of nodes required for aggregate signature, $n$ represents the total number of nodes required for this task, $D$ represents the array of data sources, and $r$ represents the random number generated by the hash of the previous block. The oracle contract needs to split the multi-data source request task into multiple subtasks $Request(m,n,d,r)$ and record, $d\in D$, $d$ represents a single data source.

For a single subtask $Request(m,n,d,r)$, the oracle contract needs to select $n$ ordinary oracle nodes to obtain data d according to the requirements of the subtask. To select efficient nodes while ensuring randomness, we use the oracle node as a weight for the data source $d$ service quality $QoS_{d}$, and randomly select nodes. In order to reduce the space and time complexity of the oracle contract, we use the A-ExpJ algorithm [23] to randomly select $n$ nodes from $N$ to participate in the data acquisition task, $N$ represents the set of all ordinary oracle nodes. For each node $i$, a random number $u_{i}=rand(0,1)$ that obeys uniform distribution is selected, $k_{i}=u_{i}^{1/w_{i}}$ is used as the key value of sampling, and $m$ samples with the largest key value are selected as the sampling results. This method effectively reduces the time and space complexity of sampling compared with the cardinal method [24]. In addition, the non-replacement selection can reduce the repeated selection of some oracle nodes and reduce the response time.

$R$ denotes the set of n ordinary oracle nodes selected from $N$ by the A-ExpJ algorithm. We give a detailed description in Algorithm 1.

The oracle nodes are divided into two categories according to whether they have TEE: ordinary nodes and TEE nodes. TEE nodes together form a consensus committee to record, verify and aggregate data signatures. The ordinary oracle node generates a distributed public and private key based on the contract task, performs computational logic such as obtaining data or performing computational tasks, and signs the result.

Firstly, the selected oracle node set $R$ generates $n$ private key fragments $sk_{i}$ and public key $pk$ with a threshold of $m$ according to the $Request(m,n,d,r)$ one-time non-interactive distributed key generation (DKG) protocol [25] with a threshold of $m$.

Then, the node $i$ obtains data from the data source $d$, and uses its own private key fragment $sk_{i}$ to sign the obtained data $msg$ to obtain the signature fragment $Sign_{i}$.

As shown in Fig. 4, the oracle node $i$ submits the signature fragment $Sign_{i}$ to the consensus committee formed by the TEE node. Their node executes the program in the TEE environment [26, 27] to ensure the security and credibility of the program. The consensus committee verifies the signature fragment $Sign_{i}$ based on the Raft protocol [28] and aggregates it to form a group signature $Sign^{*}$. In addition, the committee will also record the time when node $i$ uploads the signature as its response time $t^{d}_{i}$. Finally, the Leader node will package the consensus group signature $Sign^{*}$, the original data $msg$ and the successfully aggregated node response time $t^{d}$ as $S$, and use the Leader’s private key $sk_{leader}$ to sign to get $sign_{S}$, upload the oracle contract.

The Raft-based TEE committee not only avoids the single point of failure issue of TEE nodes but also enhances resistance against Sybil attacks. Additionally, by using the Raft protocol for aggregated signatures, the number of broadcasts for threshold signature data is reduced, thus improving system efficiency. Furthermore, the TEE-based execution environment ensures the trustworthiness of response time records for regular nodes, providing a reliable data foundation for subsequent weighted random selection of nodes.

After receiving the data $Sign_{S}$ and $S$ from the TEE committee, the oracle contract uses Leader’s $pk_{leader}$ to verify $Verify(S,Sign_{S},pk_{leader})$, ensuring that the data has been verified by the TEE committee.

Then, the oracle contract uses the generated threshold signature public key $pk$ to verify the group signature $Sign^{*}$ formed by aggregation $Verify(msg,Sign^{*},pk)$.

Finally, when the verification is passed, the oracle contract update the number of times $h$ and the response time $t_{d}^{i}$ that the node $i$ in $Sign^{*}$ successfully completes the task from the data source $d$.

In order to improve the quality of service of the oracle, we define a quality of service index of the oracle, which includes the response time and service accuracy of the oracle node $i$ to the request of the data source $d$. According to the current task results, we divide the device into nodes that complete the task and those that do not complete the task, and take the longest time $max(t_{d})$ of the aggregated nodes as the total time $t_{d}^{total}$ of this task. At the same time, we use the timeout ratio $\beta$ of the device multiplied by the total time $max(t_{d})$ of this task as the estimated time $t_{d}^{delay}$ of other unfinished tasks.

We use the proportion of the response time $t_{d}^{i}$ of device $i$ to the longest time $t_{d}^{delay}$ of this task as its relative response time $T^{d}_{i}\in[0,1]$.

We use the number of times that the node $i$ successfully participates in the aggregation $h_{d}^{i}$ and the total number of times selected $c_{d}^{i}$ as the service accuracy $A_{d}^{i}$ of the node to the data source $d$.

We set a hyper-parameter $\alpha$ to determine the proportion of response time and accuracy in the QoS of the node to the data source $d$. $\alpha>0.5$ indicates that we pay more attention to the response time of the node, while $\alpha\leq 0.5$ indicates that we pay more attention to the service accuracy of the node.

When we get the result returned by $Request(m,n,D,r)$’s $|D|$ subtask $Request(m,n,d,r)$, we try to aggregate it to get the final result $Result(s_{1},...,s_{|D|})$ and return the user contract. It can be found that the user contract expects a consistent result for the $|D|$ results, but when the returned results are different in $s_{1},...,s_{|D|}$ and it is difficult to reach an agreement, the user can set different aggregation strategies for multi-data source data according to their own needs.

The oracle system designed in this paper consists of on-chain contracts, off-chain oracle nodes, and TEE committee. The smart contract is written by Golang and deployed on the chainmaker blockchain[29], the on-chain and off-chain establish communication with the on-chain contract through the ChainMaker SDK. The total number of nodes $N$ is 10, the number of nodes $n$ selected for each task is 5, and the threshold $m$ required for each task is 3.

In order to validate the effectiveness of the proposed scheme, we will analyze how the proposed scheme improves the efficiency of the system and reduces the response time. Then, we also experimentally verify the impact of scalability on the success rate of data aggregation.