Astraea: A Decentralized Blockchain Oracle
Aim
The public blockchain was originally conceived to process monetary transactions in a peer-to-peer network while preventing double-spending. It has since been extended to numerous other applications including execution of programs that exist on the blockchain called smart contracts. Smart contracts have a major limitation, namely they only operate on data that is on the blockchain. Trusted entities called oracles attest to external data in order to bring it onto the blockchain but they do so without the robust security guarantees that blockchains generally provide. This has the potential to turn oracles into centralized points-of-failure. This talk introduces Astraea, a decentralized oracle that addresses these limitations. Participants in play a voting game that decides the truth or falsity of propositions. We describe the game and the roles played by various actors in the system. We also present a formal analysis of the game's parameters in order to measure the probability of an adversary with bounded funds being able to successfully manipulate the oracle's decision. The analysis shows that the same parameters can be set to make manipulation arbitrarily difficult --- a desirable feature for the system.
Method
Astraea is a general-purpose decentralized oracle that runs on a public ledger and leverages human intelligence through a voting-based game. Entities in fall into one or more of three roles: submitters, voters, and certifiers. Submitters submit Boolean propositions to the system and pay fees for doing so. Voters play a low-risk/low-reward game where they are given the opportunity to vote on the truth of a random proposition by placing a small monetary stake. Certifiers play a high-risk/high-reward game where they place a large stake on the outcome of the voting and certification process. A decision is reached on a proposition once it has accumulated a certain number of votes, at which the majority of votes determines the outcome. Unlike existing oracles targeted at prediction markets, voters and certifiers are not required to be online during particular time periods; all roles may enter or exit the system at any time. Due to its requirement for monetary staking and fees, the system is inherently resistant to Sybil attacks.
Results
A key design goal of is to admit a formal analysis of its properties, and in particular, to be able to quantify the probability of an adversary manipulating the outcome of the system under certain assumptions. We omit the details of the analysis. However, it can be shown that even a very powerful adversary controlling 25 of all votes has a negligible chance of success when the system requires 100 votes per proposition and honest players are 95 accurate.
Conclusion
This talk introduces a decentralized, trustless, and permissionless blockchain oracle system. Submitters enter propositions into the system, while voters and certifiers play a game to determine the truth value of each proposition. We analyze the game's properties to quantify the chances of an adversary manipulating the outcome of the oracle and determine that reasonable parameters exist that preclude a powerful adversary from successfully manipulating the system.