A Technical Overview of the XYO Network, Blockchain’s Cryptographic Location Oracle Network

Cryptographic Location Oracles

With the advent of blockchain-based, trustless smart contracts, the need for oracle services that arbitrate the outcome of a contract has grown significantly. Most current implementations of smart contracts rely on a single or aggregated set of authoritative oracles to settle the outcome of the contract. In cases where both parties can agree on the authority and incorruptibility of the specified oracle, this is sufficient. However, in many cases, either an appropriate oracle does not exist or the oracle cannot be considered authoritative because of the possibility of error or corruption.

Historical Background & Previous Approaches to Advances in Location Technologies

Proof of Location

The concept of provable location has been around since the 1960s, and can even be dated back to the 1940s with ground-based radio-navigation systems, such as LORAN [1]. Today, there are location services that stack multiple mediums of verification on top of one another to create a Proof of Location through triangularization and GPS services. However, these approaches have yet to address the most critical component we face in location technologies today: designing a system that detects fraudulent signals and disincentivizes the spoofing of location data. For this reason, we propose that the most significant crypto-location platform today will be the one that focuses most on proving the origin of physical location signals.

Proof of Location’s Shortcomings

In summary, Proof of Location can be understood as leveraging blockchain’s powerful properties, such as time-stamping and decentralization, and combining them with off-chain, location-aware device(s) that are hopefully resistant to spoofing. We refer to the realm of cryptographic location technology as “crypto-location.” Moreover, similar to how the weakness of smart contracts centers around oracle using a single source of truth (and thus have a single source of failure), crypto-location systems face the same problem. The vulnerability in current crypto-location technologies revolves around the off-chain devices that report back an object’s location. In smart contracts, the off-chain data source is an oracle. In the XYO Network, the off-chain data source moves around in the real world as a specialized type of oracle we call a Sentinel. The core innovation surrounding the XYO Network centers around an identityless, location-based proof underlying the components of our system to create a trustless, crypto-location protocol.

The XY Oracle Network

Desired Capabilities of the Oracle Network

The goal of the XYO Network is to create a trustless, decentralized system of location oracle that is resistant to attack and produces the highest certainty possible when queried for available data. We accomplish this through a set of abstractions that greatly reduces the risk of location spoofing through a chain of zero-knowledge proofs along the components of the system.

System Overview

Our system provides an entry point into a protocol of connected devices that provides high certainty on location data through a chain of cryptographic proofs. Users are able to issue transactions, called “queries,” in order to retrieve a piece of location data on any blockchain platform possessing smart contract functionality. Aggregators from the XYO Network then listen to these queries issued to the contract and fetch the answers that have the highest accuracy from a decentralized set of devices that relay cryptographic proofs back up to these aggregators. These aggregators then feed these answers back into the smart contract after reaching a consensus on the answer with the best score. This network of components makes it possible to determine if an object is at a specific XY-coordinate at a given time, with the most provable, trustless certainty possible.


Sentinels are location witnesses. They observe data heuristics and vouch for the certainty and accuracy of the heuristics by producing temporal ledgers. The most important aspect of Sentinels is that they produce ledgers that other components can be certain came from the same source. They do this by adding Proof of Origin to a relay chain of cryptographic proofs. Given that the XYO Network is a trustless system, Sentinels must be incentivized to provide honest location information. This is done by combining a reputation component with a payment component. A Sentinel is rewarded with XYO Network Tokens (XYO) when their information is used to answer a query. To increase their odds of being rewarded, they must create ledgers that are consistent with that of their peers and provide Proof of Origin to identify themselves as the source of the location information.


Bridges are location data transcribers. They securely relay location ledgers from Sentinels to Archivists. The most important aspect of a Bridge is that an Archivist can be sure that the heuristic ledgers that are received from a Bridge have not been altered in any way. The second most important aspect of a Bridge is that they add an additional Proof of Origin. Given that the XYO Network is a trustless system, Bridges must be incentivized to provide an honest relaying of heuristics. This is done by combining a reputation component with a payment component. A Bridge is rewarded with XYO Network Tokens (XYO) when the information that they have relayed is used to answer a query. To increase their odds of being rewarded, they must create ledgers that are consistent with that of their peers and provide Proof of Origin to identify themselves as the relay of the heuristics.


Archivists store location information from Bridges in a decentralized form with the goal of having all historical ledgers stored. Even if some data is lost or becomes temporarily unavailable, the system continues to function, just with reduced accuracy. Archivists also index ledgers so that they can easily return a string of ledger data if needed. Archivists store raw data only and get paid XYO Network Tokens solely for retrieval of the data and its subsequent use. Storage is always free.


Diviners are the most complex part of the XYO Network. The overall goal of a Diviner is to fetch the most accurate data for a query from the XYO Network and relay that data back to the issuer of that query. Diviners poll the applicable blockchain platform (i.e. Ethereum, Stellar, Cardano, IOTA, etc.) for queries issued to the XYO smart contract. Then, they find the answer to the query by interacting directly with the Archivist network to fetch the answer with the highest accuracy/confidence score. They do this by judging the witness with the best Proof of Origin Chain. The Diviners that fetched the answer with the best score in the shortest amount of time will have the ability to create a block on the main XYO blockchain (XYOMainChain) through Proof-of-Work. Queries are prioritized by reward size and complexity, so the more XYO offered for an answer, the higher in priority the query would be.

End-to-End Functionality

Now that the responsibilities of each component are detailed, here is an end-to-end example of how the system will work:

A Single Source of Truth

At their core, Diviners simply transform relative data into absolute data. They are able to explore the entire Archivist network to concretize an absolute answer to a query on the XYO Network. Diviners are also the nodes that propose and add blocks to the XYOMainChain, and get rewarded for their Proof-of-Work. Because the Archivist network is a store of unprocessed data and the blockchain is a store of absolute, processed data, the network can eventually use the latest information on the XYOMainChain to answer future queries instead of relying on expensive computation through the Archivist Network.

Frameworks For Selecting The Best Answer Candidate

We define the Best Answer as the single answer, amongst a list of Answer Candidates, that returns the highest validity score and has a higher accuracy score than the minimum required accuracy. The validity score is based on the Origin Chain Score. The system knows what the highest record Origin Score is, which would be the 100 percent until a higher score is achieved, which then becomes the new 100 percent. The XYO Network allows selection of the Best Answer Algorithm for determining the Best Answer. This creates expansion for future research into alternative algorithms.

Initial Integration With Public Blockchains

Proof of Origin

With a physical network comprised of untrusted nodes it is possible to determine the certainty of data that has been provided by edge nodes based on a zero-knowledge proof that two or more pieces of data originated from the same source. Using these data sets, combined with a number of similar data sets and the knowledge of at least one node’s absolute location, the absolute location of the other node can be ascertained.

Conceptual Overview

Traditional trustless systems rely on a private key for signing transactions or contracts in a system. This works very well with the assumption that the node on the network that signs the data in question is physically and virtually secure. However, if the private key is compromised, then the ability to prove origin falters.

Bound Witnesses

Proof of Origin relies on the concept of a Bound Witness. Given that an untrusted source of data used to resolve a digital contract (an oracle) is not useful, we can substantially increase the certainty of the data provided by first establishing the existence of a bidirectional proof of location. The primary bidirectional location heuristic is proximity, since both parties can validate the occurrence and range of an interaction by cosigning the interaction. This allows for a zero-knowledge proof that the two nodes were in proximity of each other.

Unidirectional vs. Bidirectional Location Heuristics

Most data related to the physical world (a heuristic) is unidirectional. This means that the element being measured cannot measure back, making unidirectional heuristic data very difficult to validate. A bidirectional heuristic is one where the measured element can report its own measurement back to the other party, which makes validation possible. Location is a rare heuristic in that it can be bidirectional, with two edge nodes reporting on each other. A real-world example of this would be two people who are near each other taking a selfie, printing a copy for each party, and then both signing the selfie. This process would give both parties Proof of Proximity. The only way for these two people to have gotten this “data” would be from them having been together in the same location.

Non-Edge Nodes

All nodes are considered “witnesses,” including Bridge, relay, storage, and analysis nodes. This allows for any data that is relayed from one node to the next to be bound. This is the concept of the Bound Witness.

Cross Reference

Analyzing every set of “selfies” that is produced and chained together by every edge node allows the system to produce the Best Answer from the relative proximity of all the nodes that are in the network. If every node reports honestly and accurately, the mapping of all the relative positions of the edge nodes will achieve the maximum certainty and accuracy possible: 100 percent. Conversely, if every node is either dishonest or flawed, the certainty and accuracy both can approach the minimum of 0 percent.


S’ and S” (Figure 1.) are each a Sentinel (edge node) that collect heuristics. When in contact with each other, they exchange heuristic data and public keys. Both build a full record of the interaction and sign the resulting interaction. That signed record then becomes the next entry in both of their local ledgers (16 for S’ and 3 for S”). This action binds these two witnesses as being within proximity of each other.

Figure 1. Witness Binding Example Between Two Sentinels

Origin Chains

Each origin maintains its own ledger and signs it to make a Proof of Origin Chain. Once information on the Proof of Origin Chain has been shared, it is effectively permanent. This is because the fork that happens after the share ends the chain and makes all future data from the witness to be treated as if it were from a new witness. To generate a link in a Proof of Origin Chain, the origin generates a public/private key pair. It then signs both the previous and next blocks with the same pair after including the public key in both blocks. Immediately after the signature is made, the private key is deleted. With the immediate deletion of the private key, the risk of a key being stolen or reused is greatly minimized.

Origin Chain Score

Origin Chain Score is calculated as follows (default algorithm):

  • PcD = Proof of Origin Chain Difficulty
  • Pc’ Pc” O = Proof of Origin Chain Overlap for Pc’ and Pc”

Origin Tree

An Origin Tree is used to calculate the approximate validity of an answer. It uses the data gathered to generate an Ideal Tree, which is the tree that best fits that data for a given asserted answer. If node N is located at X,Y,Z,T location, the error across all the data in the set must hold a certain value. To compute this error, we would calculate the MIN, MAX, MEAN, MEDIAN, and AVERAGE DISTANCE FROM THE MEAN.

Transient Key Chaining

A series of data packets can be chained together by using temporary private keys to sign two successive packets. When the public key paired with the private key is included in the data packets, the receiver can verify that both packets were signed by the same private key. The data in the packet cannot be altered without breaking the signature, assuring that the signed packets were not altered by a third party, such as a Bridge or storage node.

Link Depth

At a minimum, a node generates a new public/private key pair for every link in the Proof of Origin Chain, which has a Link Depth of 1. There may be N entries in the link table for a given Ledger Entry, with each entry specifying the distance in the future when part two of the link will be added. No two links may have the same order of magnitude on a base 2 scale. For example, the entry [1,3,7,12,39] would be allowed, but [1,3,7,12,15] would not.

Fixed Order

The key element in determining the sequence of ledgers is the order in which they were reported. Given that it is not possible for a device to change the order of any Proof of Origin signed ledger, an absolute order can be established by looking at all the ledgers collectively.

Second-to-Last Publishing

A primary method for establishing Proof of Origin is based on the fact that a Sentinel always reports its second to last block without reporting the last block. This allows the last block to have the signed link to its predecessor as evidence of the link.

Empty Links

To make a Proof of Origin Chain more secure, it is required that the chain is updated no more than once every ten seconds and no less than once every sixty minutes. In the case that no new data is available, an empty block will be added to the chain.


As time travels from left to right (Figure 2.), the Proof of Origin Chain that is being built gets longer. At any given time, the producer of the chain will only provide to the caller the entries with darkened borders, waiting for the second signing of the entry before making it available. For example, in the 3rd column, only entries 2 and 1 will be returned as being part of the chain.

Figure 2. Link inclusion example in a Proof of Origin Chain


Given a series of data packets that are signed in sequential pairs with temporary private keys and include the paired public keys, it can be determined with absolute certainty that the packets came from the same origin.

5 Security Considerations

Fake Diviner Attack

A set of digital signatures are sent to the XYO smart contract because the contract needs to verify the integrity of the Diviner that sent the answer. The contract can then verify the other Diviners that signed this list within a high confidence interval. Without this, the relaying oracle would be the single source of failure and risk within the system.

Sentinel DDoS Attacks

Another attack to consider is a Distributed Denial of Service (DDoS) among Sentinel nodes in a particular region. An attacker could attempt to establish a large number of connections to Sentinels in order to prevent them from relaying the correct information or relaying any information at all to the Bridge. We can circumvent this problem by requiring a small cryptographic puzzle to be solved by anyone attempting to connect to a Sentinel. Since a query won’t involve a very large number of connections to Sentinels, this will not impose a heavy bearing on the XYO relay system, and will require an attacker to spend a large amount of resources to execute a successful DDoS our network. At any given point in time, a Proof of Origin Chain can be verified by anyone as it is stored on the XYOMainChain. This ensures that if a single entity along the chain was compromised, the accuracy of the query’s answer (Origin Chain Score) will drop to 0.

XYO Token Economy

XYO Network Cryptoeconomics

We use XYO Tokens to incentivize the desired behavior of providing accurate, reliable location heuristics. XYO Tokens can be thought of as “gas” needed to interface with the real world in order to verify the XY-coordinate of a specified object.

Rewards for Independence

Location-gathering devices are the atomic blocks of the network, and a single device may act as one or more of the four components of the system. However, it would be rare, especially in a large XYO Network, that devices would be more than two of these components. Furthermore, a blockchain ledger that has more independent Proof of Origin will hold higher regard, so there is a cryptoeconomics penalty for a device acting as multiple components.

Rewards for Stationarity Integrity

Sentinels in the XYO Network are assigned a stationarity coefficient for their quantity of movement throughout their lifecycle. The less a Sentinel moves in a period of time, the more its data can be trusted. Archivists keep track and analyze these stationarity coefficients when considering which Sentinels to route queries to.

Incentivizing Token Usage

A system in which token holders are encouraged not to use their tokens creates a long-term problem for the underlying economy. It creates an ecosystem with very scarce stores of value and triggers a natural impulse to invent reasons for not using the token, instead of boosting utility and liquidity.

XYO Token Specifications

The public token sale has a tiered pricing structure that starts at 1 ETH: 100,000 XYO and maxes out at 1 ETH: 33,333 XYO. Details regarding our volume and time based pricing structure will be announced soon.

  • Contract Type: ERC20
  • Token: XYO
  • Token Name: XYO Network Utility Token
  • Token Address: 0x55296f69f40ea6d20e478533c15a6b08b654e758
  • Total issuance: Finite and capped at the amount reached after the Token Main Sale
  • Amount issued during the main sale: Unlimited
  • Unsold and Unallocated tokens: Burned after the token sale event. No further XYO tokens will be generated after the Main Sale ends.

XYO Network Use Cases

The XYO Network’s usage has vast applications that span a multitude of industries. Take for example an eCommerce Company that could offer its premium customers payment-upon-delivery services. To be able to offer this service, the eCommerce company would leverage the XYO Network (which uses XYO Tokens) to write a smart contract (i.e. on Ethereum’s platform). The XYO Network could then track the location of the package being sent to the consumer along every single step of fulfillment; from the warehouse shelf to the the shipping courier, all the way into the consumer’s house and every location in between. This could enable eCommerce retailers and websites to verify, in a trustless way, that the package not only appeared on the customer’s doorstep, but also safely inside their home. Once the package has arrived in the customer’s home (defined and verified by a specific XY-Coordinate), the shipment is considered complete and the payment to the vendor gets released. The eCommerce integration of the XYO Network thusly enables the ability to protect the merchant from fraud and ensure consumers only pay for goods that arrive in their home.

XYO Network Expansion

We are fortunate to have a consumer business that has successfully built a real-world network with over one million (1,000,000) Bluetooth and GPS devices in the world. Most location networks fail to reach this phase and attain the critical mass necessary to build out an extensive network. The Sentinel network we have created is only the starting point. The XYO Network is an open system that any operator of location devices can plug into and begin earning XYO Tokens.

  1. [2] Karapetsas, Lefteris. Sikorka.io. http://sikorka.io/files/devcon2.pdf. Shanghai, September 29, 2016.
  2. [3] Di Ferrante, Matt. Proof of Location. https://www.reddit.com/r/ethereum/comments/539o9c/proof.of.location/. September 17, 2016.
  3. [4] Goward, Dana. RNT Foundation Testifies Before Congress. US House of Representatives Hearing: “Finding Your Way: The Future of Federal Aids to Navigation,” Washington, DC, February 4, 2014.

XYO Network

XYO is building the world’s first geospatial cryptonetwork that aims to “future-proof” GPS.

XY Oracle Network

Written by

The world’s first location-based, trustless, decentralized oracle

XYO Network

XYO is building the world’s first geospatial cryptonetwork that aims to “future-proof” GPS.