Paul Brody is a Principal and Global Blockchain Leader at EY.
Oracles, an often overlooked feature of blockchain technology, are having a moment. In ancient times, oracles were people or gods who provided wisdom or knowledge. In blockchains, they are mechanisms for providing sources of truth that did not originate within the system itself.
For much of the blockchain era, especially in the era of cryptocurrencies, oracles have not had a significant role to play. Whether ether or bitcoin or most ICO tokens, everything you need to know about the token, such as ownership and embedded logic, exists on the chain. No external wisdom is needed.
Now, as blockchains find new uses, this long-neglected functionality is suddenly the hottest ticket out there. In the future, they are going to have an important role in enterprise blockchain usage, enabling business and financial operations in both the “real world” (e.g. off-chain) as well on the blockchain. From financial services to product purchase agreements, at least some information from exchange rates to interest rates to proof of shipment delivery is needed from outside the blockchain. And because deals on the blockchain will depend on this information, it’s absolutely critical it is trustworthy.
See also: The Man in Plaid – CoinDesk’s “Most Influential” Profile of Chainlink’s Sergey Nazarov
While many people are interested in oracles for financial services, they will also be essential for implementing enterprise smart contracts. Current models like Chainlink start with the presumption that having multiple parties verify data is better than having a single party. They design a decentralized model from the get-go, and when combined with the ability to invest your stake against the quality of your own reporting, offer a powerful incentive to stay honest.
This model isn’t going to work for most enterprise agreements. And even fancy tools like zero-knowledge proofs will not solve a bigger problem. How do you know if the oracle is being truthful if there is only one source of that information? Spoiler alert: You need an independent third-party for that.
While the multiple-redundancy model may work in many business cases, for a lot of enterprise agreements there is only one source of data. Take a typical agreement between a buyer and a seller of, say, factory equipment. There is an exchange of money for the product, and payment is usually triggered by delivery of the product. This is really the simplest of all enterprise deal models, so let’s take that apart, one piece of truth at a time.
The starting point has to be the question of whether or not the product and money are real. In the case of fiat-backed tokens, you need to know the token issuer has money in the bank equal to that number and, most important, that money in the bank is not committed against other debts.
The same goes for the product to be exchanged. When it comes to triggering payment, the record of delivery from the shipper can be used but, again, only that shipper really has that information, and it is not a disinterested party because it may be penalized for late deliveries or damaged goods.
Nor is there any software-based answer that can address most of these questions. Zero-knowledge proofs are useful in providing answers without disclosing underlying information, but if the underlying data can be manipulated then they aren’t necessarily helpful. If you borrow money from one account to put in another, a software engine looking at that account may conclude you have enough to cover your online tokens even when you do not.
The only sustainable way of solving for reliable oracles, when only a single party can provide that truth, is through a third-party assessment. In short, you need the blockchain-equivalent of an audit, but not something that is only updated once a year with an annual report. Fortunately, such things exist and have done so long before blockchains came around, but they were used for other purposes.
Third parties
These third-party assessments are, it turns out, a staple of the audit business and they come in two main flavors: attestation reports and systems of controls (SOC) reports. Attestation reports are the gold standard, written to the same requirements as a legal audit, and signed by an auditor and backed by the audit firm in question.
SOC reports look more at the process of reporting than the output. Essentially, they certify the company in question has put in place a process and tools to safeguard the accuracy of the reporting, without specifically verifying the content of each output.
I foresee a big future for these reports because they enable truly liquid commerce on blockchains. It should be possible for companies to attach attestation or SOC reporting links to digital tokens, showing which ones have been subjected to a form of verification. It is not practical or scalable for each buyer or seller to have to verify these things all on their own.
See also: Paul Brody – Enterprises Would Use DeFi, if It Weren’t so Public
On learning about SOC reporting and attestation reports, many people say it’s contrary to the vision of a trustless blockchain environment. This is true, but that gives too much emphasis to trustless, and not enough to properly decentralized. While cryptocurrencies can indeed be trustless because they exist only on-chain, other forms of commerce require some level of trust.
In fact, a properly decentralized and competitive system can be set up to minimize the amount of trust needed and maximize the efficiency of the ecosystem. Having a third party perform an attestation or issue a SOC report aligns incentive and minimizes conflict of interest. Third parties that do a bad job or are caught lying will lose their business. In a properly decentralized environment, companies will have a choice of third-party providers, keeping competition in the system to drive down prices.
There is also a big difference between trusted third parties having a role in the system and having a permissioned or centralized system. In a genuinely decentralized blockchain environment, there is no absolute requirement to use one of these third-party services. Just like the internet, access to the network is permissionless, and while customers may prefer to buy only from companies that have an SSL certificate issued by a well known authority, users are not prevented from operating without one.
Oracles are of immense importance to the future of blockchain commerce ecosystems. We cannot develop large-scale commerce without trusted inputs. We will need, however, to accommodate multiple approaches to certifying information, including ones that lean on off-chain judgement and verification, not just clever algorithms.
