Welcoming our new “Android Proof”
When building production-ready DApps, the auditability of the off-chain part is as important as the auditability of the on-chain one. Being smart contracts confined to the network they are built on, they need to rely on bridges to fetch external data. Oraclize offers this connection in a blockchain-like fashion by providing authenticity proofs along with data themselves.
Authenticity Proofs are cryptographic guarantees proving the authenticity of data.
The Android Proof
Those Authenticity Proofs leverage sandboxing techniques, namely Trusted Computing, relying on multiple (and competing between themselves) providers and manufacturers. Other than the TLS Notary Proof, which was our first Authenticity Proof to be released and is out there since 2.5+ years now, we have developed alternatives based on different technology providers. The second proof of this kind to be released was the Ledger Proof, producing cryptographic guarantees via the Ledger TEE.
We are now releasing a new kind of Authenticity Proof — namely, Android Proof.
This new proof is based on the attestation techniques inherently implemented into Android devices. As the TLS Notary guarantee and the Ledger Proof rely on Amazon Web Services and Ledger devices respectively, the Android one is based on different technologies. It leverages new security guarantees offered through the use of SafetyNet Software Attestation and Android Hardware Attestation, for the provision of a secure and auditable environment whereby authenticable data can be fetched (more information here).
While there is no need to trust Oraclize, authenticity proofs require to open a trustline with the attestator(s) (aka the provider/manufacturer of the underlying technology), in this case Google + Qualcomm.
A notable aspect is the possibility to combine multiple Authenticity Proofs to secure the authenticity of a single information. Having different proofs would give stronger guarantees on the authenticity of a data, while lowering the amount of trust involved.
A first version of the Android Proof was released at the beginning of 2017, which, due to technical limitations, was relying on Software Attestation only. Thanks to the release of a new generation of Android devices, stronger guarantees have now been enabled on a second version of the Android Proof, as the attestation provided by SafetyNet can be combined with Hardware Attestation.
After a phase of beta testing on the public Ethereum Testnet, we are happy to announce that the Android proof v2 is now available on the Ethereum Mainnet.
Differently than the TLSNotary proof mentioned above, the Android proof is compatible with any version of TLS, making it a good replacement (or addition!) to the use of the TLSNotary proof. The following resources will help you to understand better the inner workings of the new Android proof:
- the Android Proof whitepaper
- a Solidity example showing how to select the Android proof in a smart contract
- the instructions explaining how the proof verification works
Note: The company has now rebranded into Provable.
