Securing DLCs with zkOracles

While discreet log contracts solves for scalability and privacy concerns in the implementation of smart contracts on Bitcoin, the data required for event outcome validation is coming from a third-party oracle. This means that the security of a DLC remains susceptible to potential manipulation or oracle-counterparty collusion.

OmniZK utilizes zkOracles for trust minimization at an crucial stage in the settlement process: the oracle that outputs the final event outcome data that generates the correct signature to sign the correct CET.

Below, we cover the core concepts of a zkOracle design, how zkOracles are used for DLC security.

What Are zkOracles?

Zero-knowledge oracles (zkOracles) integrate zero-knowledge proofs and smart contracts to create programmable on/off-chain data verifications, computations and storage.

zkOracles provide various advantages over traditional oracles:

  1. Formation of an autonomous network that is trust minimized

  2. Improved security for base layer networks

  3. 1-of-N trust model, system integrity is upheld as long as one node behaves

  4. Verifiable proof is the consensus

  5. Decentralization-friendly

  6. Allocation of computing power is efficient with minimal waste

zkOracles have the ability to safeguard data privacy while ensuring the integrity and authenticity of transmitted information.

zkOracle Architecture

The architecture of a zkOracle on OmniZK primarily consists of three component modules:

  1. Data source: Selection of data source that outputs the event outcome. This should ideally be an on-chain event that can be computationally proven to output a defined outcome.

  2. Proof generator: Omniwatchers run the computations off-chain and generate the event outcome accompanied by a proof.

  3. Verifiable on-chain proof: The OmniSigners verify the proof which is available as calldata on-chain. Once validity is confirmed, OmniSigners proceed to signature generation.

The zkOracle is required to be integrated via the zkOracle Adaptor into the OmniZK network for OmniRelayers to listen, compute, and execute.

It is important to note that as a network, the OmniZK protocol does not verify the authenticity and trueness of data sources that cannot be definitively proven on-chain, this is especially true if the event outcome is a real-world event and not computable. OmniZK simply provide the prover/verifier framework for proof computations, proof generation and event outcome verifications, using the data source provided.

Using zkOracles in a Trusted Execution Environment

The zkOracle uses computational integrity to secure the oracle provision of event outcomes, thereby removing the need to rely on a highly trusted set of validators, and also do not require onerous economic penalties to function.

The OmniZK Protocol provides the standardization and framework for the creation and integration of zkOracles by developers for DLC operations.

OmniRelayers perform remote attestation to establish that their enclaves are running the correct code which has not been tampered with to ensure the integrity of proof generation, proof verification and contract signing.

As long as the event proofs are verified by the attested code within the secure enclave, the oracle reporting and DLC settlements can operate fully autonomously with robust security.

Last updated