Background
What is TLay
As its name implies, TLay stands for Trust Layer of DePIN. TLay is building a digital trust layer for DePIN infrastructure to enable large-scale collaboration, along with a public asset network for Real-World Assets (RWA). TLay aims to provide a digital trust layer for the DePIN ecosystem, bridge the physical world and the digital world, natively register, issue and run assets in the physical world on the blockchain, improving transparency, real-time and fairness, realizing large-scale collaboration among global machines, innovatively exploring the next generation of distributed digital business and finance that is more open, interconnected and innovative.
TLay products integrate core functions such as BoAT3 Trusted Chip/Module, BoAT3 Lite/Agent SDK, BoAT3 IoT Oracle Service and DePIN Appchain, as well as DePIN MVP bootstrap support. BoAT3 Trusted Chip/Module is used to quickly transform diverse IoT devices to implement DePIN functionality, which greatly reduces the difficulty and time cost of DePINization. BoAT3 IoT Oracle is a decentralized oracle specially built for the DePIN scenario, which ensures that the verifiable data generated by the DePIN Unit is reliably recorded on the chain. TLay DePIN Appchain is an EVM-compatible application chain that adopts Rollup architecture to achieve high-performance and low-cost data processing. TLay family greatly simplifies the DePIN development process and helps developers and start-up teams quickly launch projects.
Let’s DePIN
DePIN (De-centralized Physical Infrastructure Networks) is an emerging category of Web3 narrative that builds physical infrastructure networks (e.g., wireless networks, storage networks) in a crowdsourcing way. Meanwhile, as its name implies, BoAT3 is designed to be a DePIN-oriented IoT oracle.
Being tired of computing the nonce to work out the PoW (Proof of Work), more and more people are enthusiastic about further building DePIN to improve real-world life. DePINers, who play the role of supply-side builders, are rewarded for their contribution to the construction and operation of the physical infrastructure network. Hence, it’s essential to measure the physical work they do as the basis of the reward. Such a basis is called a Proof of Physical Work or PoPW.
Proof of Physical Work (PoPW)
For every DePIN project, it’s essential to accurately measure, securely report, and effectively verify a DePIN Unit’s Physical Work (PW). A DePIN Unit is a facility that undertakes the physical work. For example, For a wireless network unit, the PoPW is how many bytes it transfers. For a solar photovoltaic electricity generation unit, the PoPW is how much energy it generates. The PW represents the status or value of some real-world assets.
Whatever the exact measure criteria are, a DePIN Unit is usually equipped with IoT (Internet of Things) devices to measure and report the PoPW, which is verified by the network. Unlike blockchain-native data, PoPW is instead off-chain data. Hence an IoT oracle is required to securely convey PoPW to the blockchain for contribution assessment.
However, traditional IoT devices can not easily access blockchain services due to constrained computing, storage, connectivity capabilities, and power supply. For example, an arkreen renewable energy data collector may be powered by a solar panel and battery. It usually periodically measures and reports the energy generation data. For example, it’s difficult to install an Ethereum client into the data collector to transfer the PoPW. That’s why TLay comes out to bridge real-world assets by conveying the PoPW from IoT devices.
TLay Family Overview
The Forming of BoAT3
BoAT3 (Blockchain of AI Things for Web3), is the latest expansion of the industry-well-known BoAT-X (https://github.com/aitos-io/BoAT-EdgeDocs). Since its initiation in 2018, the open-source project BoAT-X has been engaging in the mission of enabling any IoT (Internet of Things) devices to access blockchain services, such that every IoT device can play the role of a blockchain oracle. The name BoAT-X, implies any imaginative possibilities. BoAT-X is a set of enablers for the IoT industry that manages on-chain identities (cryptographic algorithms and keys), conducts verifiable claims, transmits transactions to blockchains as well as coordinates with traditional IoT industry to allow smooth transition to Web3.
Most blockchain projects serve humans and are built on servers on the Internet, however, BoAT-X is dedicated to the IoT. As IoT has grown so fast in recent years, it’s predicted that the quantity of IoT devices will rise beyond 5 times that of the global population in 2025. Huge IoT devices capture massive data all day in an efficient way, providing materials for various utilization, such as AI training and inference. Thus, data trustworthiness is the essence of the data utilization and monetization.
Blockchain is a trusted way, among multiple parties, to ensure data authenticity as well as log the activities that generate the data. But it’s not easy for IoT. Most IoT devices are much slimmer than many people think. For example, Raspberry Pi, in many IoT-oriented Web3 projects, is probably one of the most powerful IoT devices. In most practical applications, the IoT device is much more constrained than Raspberry Pi. How to bridge vast slim as well as powerful IoT devices to blockchain, is the challenge BoAT-X addresses.
Basically, the countermeasure of the challenge is tailoring the most necessary functionalities of a blockchain wallet and porting to the key components of IoT devices. In the past half-decade, the BoAT-X framework, a multi-chain IoT blockchain wallet, already supports mainstream IoT chips and modules, especially resource-constrained ones. By covering them, BoAT is capable of sailing in most IoT devices that are made up of chips and modules.
Now the BoAT’s voyage expands toward the DePIN-oriented IoT Oracle for Web3.
A DePIN-oriented Oracle for PoPW
BoAT3 IoT Oracle is a DePIN-oriented oracle for PoPW. It offers a set of hardware and software for DePIN projects, involving IoT devices, cloud services, and blockchain services, to generate, report, and verify the proof of a certain physical work.
A typical PoPW flows like this:
1. The DePIN Unit does some physical work (e.g., collecting renewable energy) and produces the energy data.
2. Among the data, there may be some non-PoPW application data (e.g., solar inverter voltage alert) being sent to the dApp backend directly (the magenta path), which is out of this article’s scope.
3. Meanwhile, PoPW is generated within the DePIN Unit by packing the working data (e.g., the real-time power and cumulative energy). A wallet in the DePIN Unit holds the unique device cryptographic key and signs the PoPW. The signed PoPW assertion is then sent to the IoT oracle following the blue path.
4. The IoT oracle validates the signed PoPW against the device’s credentials registered in DID. If the validation passes, the verified PoPW is sent to the blockchain and the dApp following the green path.
5. Once the verified PoPW is stored on the blockchain, the dApp could further utilize the PoPW (e.g., reward the participating DePIN Unit based on the physical work ).
BoAT3’s Philosophy and Challenges
BoAT3 IoT Oracle focuses on a common need of DePIN projects, which is the PoPW protocol, i.e. the way to drive the PoPW passing from the diverse IoT devices to the blockchain smoothly and securely. It addresses some pivotal aspects:
● Active data feeding: Unlike most other blockchain oracles that are passively triggered by a smart contract to request an off-chain server (data source) for valuable information, the BoAT3 IoT Oracle works mostly in an active feeding mode. This adapts to most IoT devices’ typical behavior that they actively send IoT data to the backend, either in some interval or being triggered by some event. Furthermore, depending on the network topology (e.g., LoRa network) and power-saving strategy, some IoT devices are only reachable in downlink at the moment when they just transmit some uplink data. Hence typically, IoT devices actively transmit PoPW to the blockchain through the BoAT3 IoT Oracle.
● Flexible blockchain enabler for IoT devices: The diversity of IoT devices calls for a flexible approach to securely generate and report the PoPW. Unlike servers that are powerful enough, IoT devices cover a wide range of capabilities, from very lightweight MCUs running at tens of MHz with tens of kB of memory to more powerful devices such as Raspberry Pi and Android-based smart modules running at more than 1GHz with multiple CPU/GPU cores. TLay offers blockchain-enabled IoT chips and modules, as well as SDKs, to meet the on-chain requirements of different types of IoT devices.
● Managed device identities: For most dApps, the user is anonymous unless he binds his blockchain identity (address) with his real-life identity (e.g., social media account). However, it’s not the case for DePIN units. KYD or Know Your Device is mandatory for the DePIN network to verify how much physical work is undertaken by which DePIN unit. It’s fundamental to manage the IoT device’s identity so that only registered IoT devices can generate valid PoPW.
● PoPW Validation and Separate PW Evaluation: BoAT3 IoT Oracle validates every PoPW report by verifying its signature. Every valid IoT device has a registered identity, and thus only untampered PoPW from a valid DePIN unit will pass through. Because the Physical Work (PW) depends on the exact DePIN project, thus, the evaluation of the PW is separated from the PoPW validation. This allows BoAT3 IoT Oracle to focus on the validation of PoPW authenticity in a standard way while leaving the evaluation of various PW (based on the verified PoPW) to the dApp.
● Multiple blockchain adaption: A thriving DePIN ecosystem should cover many dApps running on different blockchains. As an infrastructure for infrastructures, BoAT3 IoT Oracle extends its flexibility by introducing customizable dApp Connectors on the Oracle node. It allows the DePIN project to customize how to pass the PoPW to its blockchain and smart contract.
● IoT platform integration: Though PoPW is the key message generated by IoT devices, IoT data is not all PoPW. BoAT3 IoT Oracle could integrate with the IoT platform to process PoPW and non-PoPW data in an extended way.
● Privacy-preserving: Privacy protection is one of the cornerstones of DePIN projects. In case the raw PoPW contains sensitive information, it must be encrypted before going out of the IoT device. BoAT3 IoT Oracle integrates a confidential computation enclave and Zero Knowledge Proof (ZKP) technology to allow sensitive data to be processed in a trusted environment with a ZKP proof for the authenticity of the result.
● Decentralized oracle nodes: BoAT3 IoT Oracle is a decentralized oracle. Any eligible Oracle service provider could list their service endpoints in the on-chain registry. The exact service terms are determined by every service provider.
Thanks to the efforts we are making, BoAT3 IoT Oracle could help DePIN projects get to the market quickly and securely. It supplies all the things that a DePINer needs to build a DePIN project’s digital MRV (Measuring, Reporting, and Verification) capabilities.
DePIN Appchain
For DePIN projects, the underlying blockchain infrastructure must meet several key requirements:
- Performance and Cost: DePIN projects often involve tens of thousands or even millions of IoT devices generating numerous transactions per reward cycle. Hence, blockchain must offer high performance, robust security, and low costs. Solutions like Rollup, a modular blockchain approach, fit these requirements well, making it a sensible choice for supporting DePIN projects.
- Storage Needs: PW and PoPW data volumes are usually large, and some even require long-term retention. So, they’re typically stored off-chain and remain accessible without censorship. Options like decentralized storage solutions such as Filecoin, Arweave, Kwil, or cloud storage are considered, bearing in mind that data would be accessible to anyone.
- Cross-Chain Service: Collaboration among different DePIN projects is essential to provide users with convenient services. Since these projects may operate on different blockchains, trusted cross-chain services are necessary to facilitate seamless collaboration between them.
Given these requirements, a Rollup based infra supporting DePIN projects is introduced to TLay.
Building Blocks
IoT Device Integration in a DePIN Unit
BoAT3’s IoT device integration is an extension of the BoAT’s indirect operation mode. The IoT devices are integrated with the BoAT3 Lite SDK to create their own blockchain wallets and cooperate with the BoAT3 IoT Oracle Node. See the background of the indirect approach at https://github.com/aitos-io/BoAT-EdgeDocs.
● BoAT3 Lite SDK
BoAT3 Lite SDK is a C language lightweight blockchain wallet SDK for embedded devices. It manages a device wallet that enables the IoT device to create and sign the PoPW eligible for validation on the BoAT3 IoT Oracle node.
Most IoT devices are resource-constrained. They have limited computational power, storage capacity, and connectivity bandwidth. It’s difficult to run Node.js and many other blockchain SDKs. BoAT3 Lite SDK is extremely optimized for such resource-constrained embedded systems, allowing the device to generate and report the PoPW.
BoAT3 Lite SDK supports a lot of popular IoT chips and modules. It also supports high-level security by adopting a Trusted Execution Environment (TEE), Secure Element (SE) or SIM card (for cellular communications).
A non-exhaustive list of the supported IoT chips and modules can be found at https://github.com/aitos-io/BoAT-EdgeDocs/blob/main/SUPPORTED_LIST.md.
We are working hard to expand the supported chip and module models.
In addition, a BoAT3 Agent SDK written in high-level languages such as Java and golang is also available if connecting BoAT3 IoT Oracle with an IoT platform is the case.
● BoAT3 Trusted Chips and Modules
BoAT3 Trusted Chips and Modules are IoT hardware components driven by BoAT3 Lite SDK. In addition to normal connectivity capabilities, they can generate and report the PoPW to the BoAT3 IoT Oracle node through BoAT3 Lite SDK.
Though BoAT3 Lite SDK is flexible to port to almost any IoT hardware, it needs quite a lot of expertise in both the blockchain and embedded/IoT areas. To shorten the Time-to-Market, TLay cooperates with partners to provide IoT chips and modules that already integrate BoAT3 Lite SDK. DePIN projects can choose from them to compose their DePIN units with immediate PoPW assertion capability. Hence the developer could concentrate on the physical work itself rather than dealing with SDK porting on various IoT hardware.
This might accelerate DePIN projects at a 10x speed because the BoAT3 Trusted Chips and Modules as standard hardware components would expand the growth of DePIN Unit deployment much faster than spending time on porting on a variety of hardware devices. Though the DePIN Units cover different areas and involve diverse hardware, BoAT3 Trusted Chips and Modules are the common components that enable DePIN projects with on-hand PoPW capability.
BoAT3 IoT Oracle
Oracle Architecture
Oracle Components
● Data Validator
Data Validator validates the trustworthiness of the proof of certain physical work that is measured and reported by the IoT devices. The PoPW is validated against its signature and the device identity that is registered as DID. Once verified, the PoPW is passed to the Rule Engine for dispatch.
● Rule Engine
Rule Engine is a dispatcher that distributes the verified PoPW to a corresponding Connector based on the DePIN project and the Thing Model of the PoPW.
● Connectors
Connectors are virtual machine instances that allow a plug-in implemented as a JavaScript module to be loaded and executed to customize the process of the PoPW stream. DePIN projects can write their own JavaScript module to deal with the PoPW and adapt to the blockchain and smart contract they are running on.
● Confidential Computation Enclave & ZK Prover
A confidential Computation Enclave is an isolated execution environment that allows sensitive data to be processed. It’s often the case that the extracted information rather than the raw data is the demand. If some PoPW contains sensitive data (e.g., personal information), the plain text PoPW must be encrypted before it goes out of the IoT device. It can only be decrypted within the boundary of the Confidential Computation Enclave, and thus the algorithm in the enclave could compute the necessary information (Physical Work Claim) based on the data. After the computation is completed, only the insensitive Physical Work Claim is disclosed. No raw data should spread outside the enclave. ZK Prover collaborates with the Confidential Computation Enclave to generate proof that the disclosed Physical Work Claim is actually worked out by the algorithm and the given data. Users can benefit from Confidential Computation and ZK to monetize the data without the disclosure of the original data that may contain private information.
DePIN Appchain and On-chain Services
Appchain Architecture
The whole structure relies on a three-layer framework based on Rollup, comprising these key elements:
- Ethereum Mainnet: Serving as Layer 1, the Ethereum Mainnet ensures the security and trust of the entire system, providing data availability and settlement for Layer 2.
- Rollup Layer 2: This layer is one of the popular Rollups based on optimistic or zero-knowledge (ZK) principles, such as Optimism, Arbitrum, and Polygon CDK. It offers high security and trust at relatively low costs. However, its performance and cost efficiency may not yet support the large-scale implementation of DePIN projects due to its reliance on the Ethereum Mainnet for data availability. Many public service contracts that serve DePIN utilities across multiple blockchains will be deployed on this layer. These contracts cover a range of services, from unified economic models to trustless cross-chain operations and decentralized identifier (DID) services. This layer serves as a bustling hub for on-chain activities, enabling DePIN projects to engage with diverse on-chain ecosystems, e.g. decentralized exchanges (DEXs) and loan platforms. Miners on the TLay Layer 3 can transfer their rewards to Layer 2 for conversion into stablecoins.
- TLay Layer 3: Serving as Layer 3, this layer adopts OP or ZK Rollup with Layer 2 as the settlement layer and a third-party DA (Data Availability) service. Its security and trust are inherited from Layer 2. With the adoption of third-party DA, its performance is no longer constrained by Ethereum L1’s block gas limit, resulting in further cost reduction. The performance and fee are sufficient to support large-scale implementation of DePIN projects. Due to the potentially large number of DePIN projects, a single L3 chain may not support all projects, leading to the possibility of multiple L3 chains operating concurrently. They can achieve inter-project, cross-chain collaboration through trustless cross-chain contracts located on Layer 2. The smart contracts for the DePIN projects, as well as the DID contracts and other contracts directly serving the DePIN projects, are deployed on this layer.
- Data Availability (DA) Service: Utilizing third-party DA services such as Celestia or EigenDA, they employ Data Availability Sampling (DAS) technology to ensure that the hosted data is fully accessible to the community, thus avoiding data withholding attacks, which are crucial for Rollup security. Adopting third-party DAs can prevent consuming Ethereum L1 gas, leading to the large-scale on-chain throughput expansion.
- Data Storage Service: PW or PoPW data forms the foundation of DePIN projects, reward distribution typically based on this data. Additionally, if Rollup requires security challenges, the security challenge data may also partly originate from PW data. Therefore, it is imperative to securely store these data, ensuring traceability and allowing authorized users to freely access it (typically fully open). Data storage services can utilize decentralized storage such as Filecoin and Arweave, Kwil as well as cloud storage. To ensure data accessibility and prevent data withholding, a challenging process for data access is necessary.
On-chain Services
● DID & Device Registry
Every IoT device needs an identity registered in the DePIN ecosystem. Unlike many other web3 projects that only care about the digital signature, DePIN projects should not only verify the signature against their public keys or addresses but also authenticate the data, and their signatures are from the registered IoT devices.
● Oracle Node Registry
Oracle Node Registry is where the eligible BoAT3 IoT Oracle service providers are registered and listed. Anyone could set up its BoAT3 IoT Oracle node if necessary criteria are met.
● Access Grant
Access Grant allows DePIN projects to define the rule to access BoAT3 IoT Oracle. For example, a DePIN project could determine which address could update the Javascript code in a corresponding Connector.
● ZK Verifier
ZK Verifier is a library that allows smart contracts to verify the ZK proof generated by the ZK Prover in the BoAT3 IoT Oracle node.
● PoPW Notary Service
As a default dApp, notary is one of the BoAT3 IoT Oracle’s built-in services. Any IoT device can notarize PoPW by calling the service, where the data is stored in the decentralized storage, and its fingerprint (e.g., hash) is permanently stored on the blockchain.
● Thing Model
Thing Model is a customized data structure for IoT devices to report their PoPW in a predefined structure. Any PoPW must follow one of the Thing Models the DePIN project defines.
Guide for Developers
Step 1: Determine the IoT Network Topology
An IoT network is typically a multi-layered star network. The IoT devices (terminals) connect to an IoT gateway, and the gateway connects to the Internet or Intranet. The exact network topology is determined by a lot of factors, such as device capabilities, connectivity technologies, route configurations, commercial strategy, and regulatory requirements.
The first decision to make is where to place the data trust anchor point. A trust anchor point is the starting point of the trust chain. It’s typically at the place where the data could be signed with a unique key.
Trust Anchor Points on Different Types of IoT Network Topology
Ideally, the IoT device should measure the PW(Physical Work), pack the measured PW in PoPW, and sign the PoPW with its unique device key. This places the trust anchor point in the IoT device, which is the nearest point in the PoPW assertion path. However, in some cases, the IoT device is not capable of signing the PoPW. It could be caused by technical issues, commercial reasons, or both. Thus, there are two other choices to place the trust anchor point: at the on-site gateway, or at the on-cloud IoT platform.
Wherever the anchor point is placed, the anchor point should generate and report the PoPW to the BoAT3 IoT Oracle node.
Step 2: Choose an IoT Integration Solution
If the anchor point is placed at the IoT device or an on-site gateway device, there are two integration options. One is the software solution, while the other is the hardware solution.
The software solution is porting BoAT3 Lite SDK to the target IoT device. BoAT3 Lite SDK is written in C language and is quite effective to run on IoT hardware. But C language is not cross-platform. That means some additional efforts are inevitable, and embedded hardware and software skills are required to port the SDK.
The hardware solution is choosing the BoAT3 Trusted Modules or BoAT3 Trusted Chips that already integrate with BoAT3 Lite SDK. The connectivity module or chip is a key component to compose the IoT device. Choosing the supported models could get rid of the SDK porting.
If the anchor point is placed at the IoT platform, no IoT integration is needed. The IoT platform should instead integrate with the BoAT3 Agent SDK written in high-level languages such as Java and golang.
Step 3: Choose the PoPW Verification Mode
There are two PoPW verification modes, Plain Text PoPW, and Privacy Preserving PoPW, to meet various requirements.
● Plain Text PoPW
In a plain text PoPW scenario, PoPW is the raw data of a certain physical work.
Plain Text PoPW Flow
The IoT device measures the physical work and signs it with its device key. The signed PoPW is sent to the BoAT3 IoT Oracle node in plain text. The Data Validator validates the PoPW and passes it to the Rule Engine to select a corresponding Connector. The DePIN project customized plug-in in the Connector instance transfers the verified plain text PoPW to dApp. The dApp rewards the DePIN Unit according to its physical work.
● Privacy-Preserving PoPW
In a privacy-preserving PoPW scenario, PoPW is encrypted, and a Physical Work Claim is computed to reflect certain insensitive information extracted from the raw data of the physical work.
Privacy-Preserving PoPW Flow
The IoT device measures the physical work and encrypts it before signing it with its device key. The encrypted PoPW is sent to the BoAT3 IoT Oracle node. The Data Validator validates the encrypted PoPW’s signature and passes it to Rule Engine to select a corresponding Connector. The DePIN project customized plug-in in the Connector instance injects the encrypted PoPW into the Confidential Computation Enclave. The PoPW is decrypted inside the enclave, and the algorithm in the enclave computes a Physical Work Claim and generates a ZK proof for the computation. The Physical Work Claim and its ZK proof are then sent to dApp. The dApp verifies the ZK proof and rewards the DePIN Unit according to its Physical Work Claim.
Step 4: Prepare the Connector Plug-in
To support multiple blockchains and smart contracts, the Connector is a customizable Javascript script for developers to define how to deal with the verified PoPW. This at least includes reporting the PoPW to the dApp’s smart contract. In addition, the PoPW can also be stored in the decentralized storage for later use. The developers could determine the exact behavior by writing their own plug-in code.
Conclusion
The emerging DePIN ecosystem needs an IoT oracle as well as high performance & low cost appchains to convey to the smart contract the proof of what physical work the DePIN Unit contributes. Unlike other Web3 projects, DePIN Units are built on IoT devices for the physical world, which leads to a lot of opportunities and challenges.
Technically, to address the diversity of IoT devices inside the DePIN Units, BoAT3 IoT Oracle comes with BoAT3 Lite SDK as well as BoAT3 Trusted Chips and Modules with embedded blockchain wallet to empower the IoT device to generate and report the PoPW to the Oracle node. The oracle node validates the authenticity of the PoPW and passes it to the dApp’s on-chain smart contract via a DePIN project customized Connector. The dApp rewards the DePIN Unit according to the physical work it does. For PoPW that contains sensitive information, the Confidential Computation Enclave and ZK Proof are involved to generate a verifiable Physical Work Claim for the dApp to evaluate the reward for the DePIN Unit.
TLay accelerates DePIN projects by standardizing the protocol of PoPW generation, reporting, and verification. Contrary to Bitcoin, which adopts PoW intrinsically in its consensus method, Physical Work (PW) is often an extrinsic effort of a DePIN dApp. A DePIN Project’s appchain or smart contract can not directly measure the PW without IoT devices and oracles. TLay provides DePIN projects with not only the software that implements the protocol but also the key IoT hardware components to pave the way for PoPW’s digital MRV. This covers the diverse DePIN Units in a large range and pushes the DePIN projects to grow quickly.
By ferrying PoPW to the blockchain world securely, TLay establishes a Trust Layer for DePIN Infrastructure.
