Chainlink: Connected Consensus on Ethereum
Firstly, the entire team and I want to thank everyone who has dedicated their personal time, effort, and well written code towards Chainlink’s success. We are deeply grateful to all our supporters, community members, and node operators who are all helping smart contracts realize their full potential.
In this post, we will provide details about our release of Chainlink on Ethereum mainnet. In order to provide greater clarity about what Chainlink’s launch may mean for the larger smart contract ecosystem, we will briefly examine what we believe makes smart contracts unique, why solving the “oracle problem” is a critical next step in their evolution, and how Chainlink seeks to address this limitation of smart contracts today, in the near-term, and over the long-term.
The Unique Value of Smart Contracts
A smart contract is a digital agreement that is made extremely reliable by being run on a tamper-proof/decentralized node network such as Ethereum.
Smart contracts create an entirely new and game theoretically superior form of agreement which is deterministic and guaranteed in the correct execution of its contractual terms through cryptographic means. The ability for a contract’s practical outcome, such as payment to the correct party, to be guaranteed by cryptography is an entirely new method for society to form reliable agreements. For example, Bitcoin ownership is cryptographically guaranteed, in a way no other asset ownership has ever been.
The significant difference between a contract in which you are cryptographically/deterministically (100%) guaranteed to receive what you’re owed and a contract in which you only receive what you’re owed when the other party feels like paying it (X% of the time) cannot be overstated; since the ability of a contract to function as expected determines if it is entered into at all (e.g. the existence of crop insurance in emerging countries) and whether or not a contract fails to prevent fraud has significant personal, and even societal consequences (e.g. the 2008 financial crisis).
In short, smart contracts’ extreme reliability/determinism enables them to function with an entirely new level of value and trustworthiness. We aim to preserve this property of extreme reliability/determinism when building and using smart contracts.
Expanding the Capabilities of Smart Contracts
If we apply this extreme reliability concept beyond the ownership and movement of assets like Bitcoin, we see that a truly reliable method of forming contracts will have far reaching consequences. We can apply smart contracts to various fraud/failure-prone agreements in industries such as insurance (which often doesn’t pay policy holders), international trade (which often leaves suppliers paid late or never), and finance (which has faulty or fraudulent agreements, such as the various financial contracts which led to the 2008 crisis).
Once we consider how smart contracts would actually work in these industries, we arrive at a few simple and clear conclusions about how they would be required to function:
- Smart contracts that are to be written about specific contractual events such as goods delivery, market events or insurance events, need to know when the event has occurred.
- Smart contracts need to remain extremely reliable while they are reacting to proof of an agreement’s performance, so that they retain their unique value of extreme reliability.
- Smart contracts cannot access data feeds about events on their own and need to be given data about the performance of a contract from the real/”off-chain” world.
These three points illustrate the problem that currently prevents more advanced smart contracts from being written, and for which Chainlink provides a solution.
As developers begin to implement their chosen smart contract, they encounter a problem created by the security model which makes their smart contract secure in the first place: their smart contract is unable to connect with key external resources like off-chain data and APIs. This lack of external connectivity is due to how consensus is reached around a blockchain’s transaction data, making it a problem for all smart contract networks.
Once we realize that a smart contract cannot request data inputs of any kind from any source, we intuitively reach for the initial solution of designating a “single trusted third party” in the form of a single “oracle”. In the least reliable/secure setup scenarios, this oracle may even be run by one of the parties involved in the transaction, creating a clear conflict of interest. We quickly realize that having a “single trusted third party” with complete control of the contract breaks the security, reliability, and basic value that a smart contract provides by introducing a new and equally critical single point of failure.
Regardless of how reliable the smart contract being triggered is in terms of the network its run on, if the oracle providing data to a smart contract is unreliable, or under the unilateral control of a party in the transaction, then the entire smart contract no longer has extreme reliability/determinism.
End-to-End Reliability for Smart Contracts
The Chainlink network’s goal is to enable smart contracts that are connected to all the external inputs and outputs they require to function, while maintaining the extreme reliability that makes them uniquely useful. After working with many developers, Dapp teams, and enterprises of all sizes, we’ve observed that users of a technology like smart contracts, which promotes itself as extremely reliable, don’t want just one part of the smart contract’s architecture to be reliable, while other parts fail entirely. For users to put large amounts of value into smart contracts, they want the various systems controlling that value to have “end-to-end reliability”.
Chainlink’s approach to solving the problem of a “single trusted third party” uses the same method that secures smart contracts themselves: decentralized computation. The Chainlink network allows multiple independent nodes to perform decentralized computations about the accuracy of an external input before it is written into a smart contract. Once we achieve decentralization at the blockchain middleware/oracle level, we can then go on to decentralize the data provider/origin level as well, assuming there are multiple sources providing the same data e.g. cryptocurrency prices. The details of our approach to making a decentralized oracle network that makes smart contract inputs reliable can be found here.
As the Chainlink network goes live on Ethereum, we will provide a decentralized oracle network run by multiple independent node operators, and approaches to decentralized computation that combine those individual results into a single smart contract input/trigger. We’re glad to launch this initial version of Chainlink this month based on three key factors: our successful completion of three independent security audits, the completion of various scalability and stress tests internally, and a clear increase in demand for a highly reliable/decentralized oracle mechanism as a key building block in the design and implementation of various smart contracts/Dapps.
Reliable market prices, and specifically cryptocurrency prices, will be one of the first decentralized oracle networks made available on Ethereum. Market prices are commonly used in the traditional financial industry to determine outcomes for trillions of dollars in lending, derivatives, and other financial products. As these financial products migrate on-chain via the increasingly popular decentralized finance (DeFi) movement, they will also need to consume market price changes “on-chain” as a reliable triggering mechanism, to determine their appropriate outcome. Since many of today’s decentralized finance products focus on the cryptocurrency community as early adopters, the need for reliable cryptocurrency prices on-chain, around which these on-chain financial products are built, is especially acute/necessary.
We’re starting out with widely useful price data like the ETH to USD conversion rate, which we will provide in a fully decentralized manner at both the data source and the blockchain middleware/oracle levels. We’ll be starting this oracle network using three separate data sources that go through three independent node operators. We plan to expand the levels of decentralization at both the data origin level and the oracle level by adding four more high quality price data providers and eventually reaching a total of twenty one Chainlink nodes. After reaching seven separate sources of data, with twenty one technically reviewed and identity verified node operators, we’ll solicit community/user feedback to consider further expansion of this decentralized oracle network, while maintaining a high level of both data source and independent node operator security and reliability. All smart contracts/Dapps in the Ethereum mainnet are welcome to start using our market reference data contracts here, and anyone can see the contract being updated here.
Our team is excited about being a useful part of the decentralized finance and smart contracts revolution taking shape now. We’ve heard from our existing users and many others in the DeFi community that reliable oracles for their products will help accelerate their roadmap, bringing into reality the exciting smart contract powered future which we’ve all been working towards. Just like many of these teams rely on Ethereum for the security and reliability of their smart contract, we are working diligently to provide an oracle mechanism that will further enable what they’re building and/or add to the security of how their existing smart contract/Dapp already works. We encourage everyone building a smart contract or Dapp that needs reliable oracles to let us know how we can be helpful via email, Gitter (technical chat) or a contact request. If there are specific price data feeds that you need on-chain for your smart contract, let us know here. We’ll be selecting which price pairs to launch next based on requests from the community.
Becoming a Chainlink Node Operator
Since Chainlink is focused on providing a reliable decentralized oracle network, we strongly believe that the security, reliability, and independence of the individual node operators which make up these networks are all key success factors. Even if Chainlink’s software is considered secure, a node operator is still responsible for correctly running it in a secure environment and accurately representing the number of nodes that are actually under their control in an oracle network. In an effort to balance smart contract developers’ needs for a live/working oracle network together with node operator reliability and independence, we’ve identified two distinct ways that Chainlink node operators can offer additional security and reliability assurances to Chainlink’s users at this early stage of the network.
The Importance of Sybil Resistance and Infrastructure Review
In this initial stage of the Chainlink network, we believe that the most reliable Chainlink nodes will be those that have undergone both a technical review by the Chainlink team (or another group that is considered capable of assessing the quality of a node operator’s infrastructure), and an optional identity review, to provide assurances that their node is independent from others in the network. As more nodes and transactions appear on the Chainlink network, more automated approaches to determining a nodes reliability will become possible and go on to be implemented.
The technical review process is detailed in our documentation and is meant to help provide assurances that a node operator is able to securely and reliably run a Chainlink node:
- Successfully running a Chainlink node on testnet against a suite of test contracts, proving that a node operator can reliably run a node.
- Being added to the Chainlink Explorer to undergo an uptime check, providing a greater degree of detail about a node operator’s uptime.
- Undergoing a brief infrastructure review with a Chainlink team member, to go through a checklist of infrastructure (backup systems) and security (private keys) best practices needed for reliability and security.
We also intend to have an optional identity review available to node operators, designed to protect users of an oracle network from the most common attack vector experienced in decentralized computing infrastructures: sybil attacks. The ability for one person hiding behind anonymity to pretend that they are multiple independent nodes can allow them to take over an oracle network without the need to overcome more complex technical or security hurdles. By providing a basic level of identity review at this early stage in the Chainlink network, we can take critical steps in an effort to avoid sybil attacks, allowing users of the Chainlink network to have an additional level of assurance that the nodes they’re relying on are indeed independent of each other.
At the time of Chainlink’s launch on Ethereum, we will have multiple technically reviewed and sybil resistant nodes listed in our documentation. Over the coming weeks and months, our goal is to add more high quality node operators through a continually evolving/improving process. Node operators that prefer not to undergo a full technical review or sybil resistance/identity verification will of course also be included in the Chainlink network. There are also multiple listing services for users to select Chainlinks outside our documentation currently under development by the Chainlink community, we expect the existence of multiple listing services where Chainlinks can be chosen by users on the basis of various reliability measures.
Chainlink’s Continued Development
The unique value of the Chainlink network is its ability to provide provably reliable individual oracles that can be securely and efficiently combined into oracle networks of varying sizes. In order to achieve this goal, Chainlink needs to continually improve on the key dimensions that allow users to select high quality individual node operators, aggregate those nodes into sybil resistant oracle networks, and provide security guarantees that enable oracle networks to serve as reliable smart contract triggers.
The Chainlink network will continually strive to allows users to select high quality oracles by providing data about how nodes are fulfilling their past and current requests. The Chainlink Explorer is one of the key initial tools that we are launching in conjunction with Ethereum mainnet. The explorer is designed to provide insight into how Chainlink nodes function on two key dimensions:
- Providing detailed information about a Chainlink node’s fulfillment of a user’s request. Showing both the node’s off-chain activity and the on-chain results, gives smart contract developers critical insight into how the system that is responsible for triggering their contract is performing.
- Aggregating data about the reliability and speed of the off-chain activity and on-chain activity of all Chainlink node operators that are connected to the explorer. By gathering detailed data about a Chainlink node operator’s performance on multiple key dimensions, we are able to begin building an informed approach to how Chainlink’s reputation system would work, based on real transaction data.
As the Chainlink explorer expands in its capabilities, we expect to provide increasing levels of insight about individual node operator’s fulfillment of their past commitments, which contracts/Dapps have used a specific Chainlink (implementing a web of trust model), as well as various metrics about node operator uptime and reliability. As the Chainlink network’s real transactions grow, we are looking forward to increasing the amount of verifiable proof available about an oracles reliability, by providing users insight into how their chosen oracles are performing, as well as what metrics they might use to choose future oracles.
Once a more data-driven framework for choosing node operators on the basis of real world transactions begins to emerge, those node operators will then need to be formed into oracle networks that achieve decentralization. In order to achieve this aggregation at the level of security, and efficiency sought from highly decentralized oracle networks, we have been busy at work on improved forms of aggregation across oracles. In conjunction with Chainlink’s release on Ethereum mainnet, we’re excited to present a new approach to utilizing threshold signatures in Chainlink, which allows us to efficiently create highly decentralized oracle networks consisting of hundreds, or even thousands of nodes. The key benefit of the Chainlink threshold signature scheme is that these oracles are able to have their signatures verified on-chain (a key security requirement) in a manner that we believe to be orders of magnitude more efficient than existing approaches. By making large decentralized oracle networks efficient enough to become feasible, we hope that once there is a sufficiently large collection of high quality independent node operators, these new levels of efficiency will make the creation of large decentralized oracle networks the preferred method for providing highly reliable inputs into high value smart contracts.
In addition to high quality oracles that are sufficiently decentralized, Chainlink seeks to excel in two more key dimensions.
The combination of trusted execution environments (TEEs) with decentralized computation provides a greater degree of security for individual node operators. One of TEE’s key benefits is that the computation a node operator performs can be kept private/confidential even from the node operator themselves. This decreases the possibility of any one node operator tampering with a computation and therefore increases the reliability of the oracle network overall. We’re excited about our acquisition of Town Crier late last year, its inclusion in Chainlink as our approach to TEEs, and are actively working to merge TEEs and decentralized oracle networks in a way that greatly benefits smart contracts. We encourage you to read more about Town Crier here.
The future state of smart contract development that Chainlink seeks to create is one where smart contracts are built at the same speed as web applications. Similar to web developers who have a multitude of market data, event, payment, and various other APIs available to them, smart contract developers should have a similar collection of easily utilized inputs and outputs. Chainlink is actively working to become the place where smart contracts go to easily find, quickly implement and securely interact with a large collection of pre-made external inputs and outputs in the form of on-chain contracts that they can easily and securely make specific requests to.
If you’re a smart contract developer and need a properly secured input or output for your smart contract to function correctly, reach out to us, as both we and our entire community are actively prioritizing and continuing to work on making those inputs available to you.
The entire team and I are deeply grateful to have an excited, insightful and genuinely interested community that sees the long-term value of what we’re building. Thank you for all of your support.
We’re also thrilled to have built a great team that shares this genuine interest, which we’re slowly growing to make the next generation of smart contracts a reality. If you’re a software engineer who is interested in working in an open source community environment, we welcome you to join us on Github. We are also planning to launch a research fellowship/grants program. If you want to build Chainlink together with us through engineering, product management, marketing, design, developer evangelism or more, view our career opportunities here.
Our entire team is excited to be part of building a truly decentralized future, and we are excited to hear from you if you’re interested in this future as well.