What are the security guarantees of DLC oracles?

Question

DLC (Discreet Log Contracts) is a protocol that allows two parties to create a bet based on the outcome of some real-world event, as reported by a trusted oracle. Alice and Bob lock coins in a multi-sig UTXO that may be spent in different ways depending on what the oracle reports. After the event in question happens, the oracle reports an outcome, and either Alice or Bob claim the coins. The oracle may not even be aware of Alice or Bob - it just publishes commitments to outcomes. Another benefit of DLCs is that they leave minimal on-chain footprint: the oracle announcements are not placed on-chain, only bet resolutions are, and they look identical to a regular multi-sig usage (similar to Lightning channels).

What I don't understand about DLCs are oracle security guarantees. How are oracles incentivized to honestly report outcomes? What happens if an oracle reports a false outcome? Reports conflicting outcomes? Goes offline and reports nothing? Is there some kind of security deposit that a misbehaving oracles loses? If so, who enforces this, and where would the deposit go?

Answer 1

How are oracles incentivized to honestly report outcomes?

The current DLC protocol does not include the capacity to pay a fee to the oracle as the oracle is generally unaware of what DLCs are relying on their oracle announcements. (Of course you could pay them out of band if you knew their Bitcoin address.) Hence we are moving into the realm of reputation here and we could discuss endlessly what is rational from a reputation perspective. This is not a new problem though. A company like Bloomberg is incentivized to provide accurate market information as if it was found they were providing inaccurate information they would lose business and encounter legal and regulatory challenges. Blockchains do not solve the challenge of oracle honesty with the possible exception that the event they are reporting on is data inherent to the blockchain. Market prices, sports events etc are clearly not inherent to the blockchain.

What happens if an oracle reports a false outcome?

From a blockchain perspective nothing. The funds would go to whoever bet on this false outcome. From an external reputation perspective you would expect the oracle to not be relied on in future.

Reports conflicting outcomes?

There is an additional consideration other than reputation in the DLC context in that if an oracle provides a signature that both Event A and Event B occurred even though those events were mutually exclusive they leak their private key.

Goes offline and reports nothing?

If a single oracle does not report anything then the DLC will refund the users’ collateral after the contract timeout. More details are here.

Is there some kind of security deposit that a misbehaving oracles loses?

Not currently. You could request an oracle posts a timelocked security deposit that is locked by the private key that is leaked if they sign two mutually exclusive events.

If so, who enforces this, and where would the deposit go?

In the case that the oracle leaks their private key it would be whoever notices that the oracle has signed mutually exclusive events, constructs a transaction to move those funds once they are able to be moved and gets it included in a block.

You may also be interested in this London Bitcoin Devs transcript on DLCs with the Suredbits team. That links to a bunch of resources including related Suredbits blog posts.