The Best of Both Worlds: Solving Doctorow’s Oracle Problem
Cory Doctorow has been thinking about WEB3 lately. He just wrote a long piece about the Oracle Problem.
In this article we’re going to get to the bottom of the Oracle Problem, and how Mattereum’s solution to the Oracle Problem — multi party risk splitting with full legal enforceability — lets customers buy and sell valuable physical items as NFTs with strong buyer protection.
Solving the Oracle Problem in specific domains opens up huge possibilities for trade. Let’s go through Cory’s critique, and then present some answers to his questions.
In one section of “The inevitability of trusted third parties” Cory Doctorow quotes extensively from one of my comments on the Well’s State of the World 2022. I said:
Here is an NFT on OpenSea which gives the owner the right to
physically take delivery of a 1oz gold bar currently vaulted in
Singapore, or its financial value.https://opensea.io/assets/ethereum/0x495f947276749ce646f68ac8c248420045cb7b5e/47824387705324153400210554042155132922682187088261737780213014306821163188225[...]Here is the full legal text of one of the Ricardian contracts:
https://passport.mattereum.com/ntfa.20210319.20.alpha.004.619263/06_carbon/asset
s/out/certification-contract.htmlThis one is a contract between the NFT owner and my company, which
guarantees that we have bought-and-retired carbon credits to cover
the physical mining of the gold bullion that is being sold. It also
covers the CO2 emissions of the NFT issuing process.Clause 20 has the arbitration machinery.We've worked fairly closely with the UK government on arbitration
rules for blockchain asset disputes.https://www.pinsentmasons.com/out-law/news/new-dispute-rules-envisage-direct-to-
blockchain-enforcement-arbitral-decisionsThe rules themselves are here:
https://35z8e83m1ih83drye280o9d1-wpengine.netdna-ssl.com/wp-content/uploads/2021
/04/Lawtech_DDRR_Final.pdfWe get a name check on page 4.So what's being built out here is a very tightly bound legal
framework for buying and selling physical goods, with suites of
Ricardian contracts creating legally-enforceable claims about what
the goods are **DRAWN ON THIRD PARTIES**. Those third parties do not
benefit from the sale of the goods themselves, they make a living
providing legal warranties on the goods - they're essentially third
party inspectors with no economic interest in the situation other
than by selling insurance on the fact that something (for example)
contains no slave labour.
Cory then continues:
But the more I think about this smart contract, the fewer reasons I can find for it to be a smart contract instead of just, you know, a contract.
As Vinay Gupta — the creator of this system and someone I have a lot of respect for — says, right there in the text, the entire system relies on third party arbiters to make sure that the parties involved don’t rip each other off, that no one uses slave labor, that the carbon is all offset through various schemes and so on.
The point is, all of that could be a deception. The only reason to trust it is that you trust the auditors who have signed the scheme.
I don’t mean to pooh-pooh the role of auditors here. Auditors are great. In fact, we’re in the middle of several kinds of serious economic crises because we allowed auditors to become an oligopoly of hopelessly conflicted megafirms, and they are cheating like crazy, and so much of the world is broken as a result.
We know that the big auditing firms are riddled with fraud. We know that carbon offsets are among the most fraudulent instruments that companies make.
I don’t get how blockchain fixes any of this.
How blockchain fixes some of this
So let’s talk about how blockchain improves the situation: not a blanket fix, but an economically-efficient risk reduction across the board.
Alan Turing named the Oracle Problem in 1937, and people have been wrestling with it in the Ethereum space since the early days of the platform.
The state of the art in Ethereum Oracles is pretty sophisticated and pretty successful.
Part of the reason the Oracle Problem is hard in blockchain is the old computer security adage, “things are weakest at the joints”.
The pathway by which information from the physical world comes into the blockchain smart contract is a potentially-weak joint between physical world systems and ultra-reliable blockchain systems. The blockchain systems are almost transcendentally reliable: this is why the strain concentrates on the Oracles, and on key management (we’ll come back to key management below). The computer does not break, but you can get at their inputs.
Blockchain reliability is not a magical process
The blockchain systems are theoretically reliable because of massive redundancy. It’s a bit like flight computers, where there are five independent systems.
All of the flight computers have to agree for it not to be A Problem.
In the blockchain space there are thousands of computers forming the consensus on the current state of the system. This is very inefficient, but it is very effective. Given inputs will produce the same outputs very, very reliably.
This redundancy method produces insulation from the statistical problems of the real world. This is a very important point. A non-redundant system can get hit by a cosmic ray or a stray particle produced by normal radioactive decay. It can go down from a power outage and go offline. Non-redundant systems are flakey. There is no cure for this. Redundant systems are inefficient. There is no cure for this either. This is the law.
The massively redundant blockchain systems are decoupled from the randomness of life to form a statistical approximation of a perfect system. You can program the Ethereum metacomputer — a virtual machine made of thousands of regular computers in a redundant array — as if it was perfect. You can just totally ignore how the physical world works when programming this virtual machine: does not get hacked, does not have physical hardware problems.
Any individual node in the metacomputer which develops issues drops out of the consensus. The tens of thousands of remaining machines go on. As a programmer, the massive redundancy means you completely stop worrying about hardware problems or failovers. There is no “error handling.” Nothing ever crashes.
It just works.
There is a downside to this redundancy. The archaic Bitcoin proof of work mechanism would cost about $750,000,000 to carbon offset every year, if we even thought CO2 offsetting worked. There’s good redundancy and bad redundancy. It’s unfeasibly expensive to do this the wrong way. But the Avalanche system runs on less than 500 tons of CO2 a year, it’s hundreds of times faster than Bitcoin or Ethereum, and it’s been available for a year.
So massive redundancy is one half of what produces the effective decoupling of the blockchain from physical reality: the system is so redundant that there can be chaos in the physical world and the blockchain soldiers right on. It is not efficient (yet — we’ll cover proof of stake systems below) but it is elegant.
Now let’s look at the other half of what separates the blockchain from physical reality.
The other half of the decoupling of the blockchain from physical reality is True Names. You can download the Metamask wallet, create a key pair, and proceed to perform transactions on the blockchain without ever giving anybody any additional information about you at all: you’re an unaccountable ghost. Your legal identity is not tied to your actions.
This kind of power was a Cypherpunk dream for decades. Vernor Vinge’s True Names explores the boundary between the cryptographic metaverse and the physical world in minute detail. It is a massively important formative work. In that world, nobody can bind your metaverse avatar to your physical body: the system protects your privacy. But if the link is made, and your True Name is cracked, you can be shut down — or even killed — in the physical world.
In the blockchain environment, nobody has to know your True Name. This turns out to be a lot more of a mixed blessing than it was in SF novels.
Of course, in practice, the True Name protection on the blockchain is weak for three reasons:
- If the actions you take benefit you in the real world (“I mail ordered this book”) then you are bound to your name and address for delivery. If you cash out money you want to spend, you’re tied by banking. If you rent an apartment, you’re tied to the address.
- Funding a cryptocurrency wallet through crypto exchanges requires KYC/AML/CTF checks, just like regular banking or even more strict. This enables a “follow the money” approach to de-anonymizing people who later receive those funds, even if those people believe themselves to be anonymous. The crypto cash is tied to your real identity from the get go.
- You’re still going to have to pay taxes.
So while the blockchain space is in some abstract sense perfectly private and perfectly reliable, things are weakest at the joints. The on-ramps and off-ramps are parts of the real world, they’re tied to physical reality and KYC/AML/CTF regulations. Furthermore, when a user wants blockchain software to act on their behalf in ways which touch the real world, the blockchain’s security model breaks: the system acting as an extension of your will is no longer just the massively redundant blockchain. Now it’s a bunch of messy, regulated, human or Web2 systems. You and your software agents are no longer entirely anonymous because the real world requires named actors with KYC.
Any system connected to the real world is going to have some of the problems of the real world connected to it too. That’s just life.
Of course, there is the key management problem, and the software reliability problem. If you lose your key, or more likely somebody hacks the device on which you store your key, your blockchain identity and all its assets now belong to someone else. Hardware wallets help a lot, but no system is perfect.
And if the software you write and upload to the chain — the smart contracts — have a bug? God help you.
It’s a machine, and it’s utterly unforgiving. It’s more like programming aeroplane avionics systems or satellites than web pages. Here be dragons!
The best of both worlds: Oracles that work
So we’ve looked at the problems of connecting blockchain systems to the real world: reliability and anonymity break down, and the core benefits of the blockchain are diluted.
But there are pragmatic systems that find advantages in connecting the blockchain and the real world. I’ll briefly cover two: Chainlink (a big Web3 project of some note), and Mattereum (my own company, as described in the Well State of the World quote above.)
Chainlink
Consider the Chainlink oracle system.
A dazzling array of partner organizations with access to high quality data about things like weather conditions, stock prices and plane departures use a cryptographic and financial architecture to publish their data into the blockchain. They’re standing on their reputations: if they input bad data, they’re going to pay. There are complex “staking” arrangements coming this year which further automate this access to data.
So that’s the True Names side of the bridge: in the Chainlink system, people publishing data are identified by their True Name. Only worthy partners are allowed.
The security side is more complex: Trusted Computing infrastructure signs transactions, multiple data feeds are integrated into an oracle feed, no data is single-pathed. It’s not quite the fully redundant system of the blockchain, but it’s a lot of cryptographic hardware and a lot of data source diversity. Not quite the same statistical guarantees as the blockchain itself makes, but a lot better than you would get with a conventional API-based price feed or other oracle.
It’s a bridge: not as squishy and unreliable as real-world APIs are, with lots of single points of failure that hackers could attack. But not as utterly, relentlessly infallible as the Ethereum metacomputer. Better than what we have now: Chainlink manages the Oracle Problem well enough to produce a highly functional system, without some kind of Science Fiction fix. It’s just a lot of hard work and good engineering by teams of smart people over years, building the most fraud-resistant and functional thing they can.
Actual Machines, not Fucking Magic, as they say.
So that’s one end of the pragmatic solutions to the Oracle Problem in the blockchain space: highly automated systems for doing things like price feeds using trusted computing hardware to guarantee data integrity.
Mattereum
Now let’s look at my own company, Mattereum.
Mattereum operates all the way at the other end of the automation landscape: we rely on domain specialists such as curators, art historians and collectors to evaluate physical items. These physical items are being sold as NFTs!
The model is:
- An issuer puts the physical item in a vault with a set of third party evaluations provided by those experts
- The issuer then publishes an NFT which gives the owner of the NFT the right to the item in the vault, akin to a coat check, but secure
- The NFT owner can cash in the NFT for the item in the vault.
It’s a system for doing real world trade in valuable things with a huge reduction in the risk of fraud: better expert opinions than one would usually get, and intermediate owners (e.g. dealers, auctioneers) are never touching the physical item. It stays securely in the vault.
We’ve worked on quite a few assets already, such as a selection of props and memorabilia owned by legendary actor William Shatner, a 350,000 year-old hand axe, and a signed first edition by Gonzo icon Hunter S. Thompson.
These physical asset evaluations are performed by curators with relevant domain expertise and presented as legal warranty contracts — pen and ink type legalese — bound into the blockchain using a legal/technical construct called a Ricardian Contract. Not a lot of people seem to have heard of Ricardian Contracts these days: they were widely understood 5 years ago, but the number of people in the blockchain space has grown by something like 10000x since then and the Old Wisdom has become diluted.
Invented in the 1990s by Ian Grigg for managing a physical gold reserve with a cryptocurrency system, the Ricardian Contract is the key to understanding the new blockchain ecosystems.
Ricardian contracts are paper contracts, which use international arbitration law to appoint technically sophisticated arbitrators to manage cases involving a hybrid legal/technical system. Those arbitration laws carry hundreds of billions a year of settlements, so they’re well used and well understood and stable: the system has run since 1958.
Using those systems to make legalese contracts signed and paid on the blockchain arbitrable in the real world by real courts is the Ricardian Contract breakthrough. It’s another bridge: an extremely robust legal framework for getting enforceable legal rulings in complex areas like maritime law or civil engineering, carefully paired up to blockchain smart contracts.
What does the blockchain bring to the table in this instance? Well, the payments are taken on chain, using digital signatures, which are universally accepted as legal signatures these days. Actual statute legislates that in almost all countries. Those statues in each country are one part of the bridge, built out 20 years ago for general purpose use of digital signatures. But what this means is we have an instant and immediate settlement: the warranties on the physical object, and the ownership transfer, happen in a single atomic moment with the technical, legal, and financial transaction perfectly coordinated because they are the same transaction.
Remember I said “things are weakest at the joints” — well, in this case, there are no joints.
The legal, technical and financial transaction are a single transaction, there’s no way to wind up with a thing half-insured or stuck in an indeterminate state waiting for more paperwork. It’s a “performative speech act.” You say “make it so” and it is so!
That will stand up in court in 160+ countries because of the arbitration framework described above. It’s not an end-run around “the system” — it is an extension of “the system.” It’s a bridge! The legal system and the blockchain system can, with due care, work as one system.
In the beginning, Cory asked “why isn’t this just a contract?”
The answer is “it is a contract, but it’s a contract embedded in a Ricardian context — one half in the world of automated smart contracts, and the other half in the world of courts.”
If you do it right, when you put legal contracts on to the blockchain, you get the best of both worlds, and that’s what we did.
Some examples of our work.
A gold mood ring, one of the first issued, recently sold as an NFT for $65,000.
https://passport.mattereum.com/goldmoodstonering.1975/
https://www.prnewswire.com/news-releases/the-mood-ring---a-cultural-icon-re-emerges-as-smart-wearable-nfts-301414759.html
An original Andy Warhol print of Alexander the Great
https://opensea.io/assets/ethereum/0x1e65ad4fb60844925ed95dec8460d8de807b2bc4/2
https://passport.mattereum.com/Alexander_Screenprint_Warhol_01/
About Mattereum
London-based Mattereum was established in 2017 by a trans-disciplinary team with a track record in designing and launching nation state-level infrastructure and headed by former Ethereum release coordinator Vinay Gupta. With blockchain-enabled authentication and tokenization of physical assets with built-in legal guarantees, Mattereum removes the fear, uncertainty, and doubt that has plagued digital commerce for decades.
Follow us as we bring the Mattereum Protocol to an expanding variety of markets ranging from memorabilia, gold, wine, to prized classical instruments, and more.
More at: http://www.mattereum.com
Twitter: https://twitter.com/mattereum
