Ramp Oracle

Ramp Oracle is enabling trustless settlement between fiat and crypto-assets

Current release

In this release, Ramp Oracle is integrated as a part of Ramp Instant fork running on the Rinkeby testnet.

Click here to create a test transaction using Ramp Instant widget integration.

Click here to see an example of a receipt from a transaction secured by Ramp Oracle.

Recommended reading: The future of on-ramps is peer-to-peer

This documentation should be considered work in progress.

Ramp Oracle

Ramp Oracle is an Intel SGX based oracle used for enabling trustless settlement between fiat and crypto-assets.

The application itself is divided into two parts: untrusted app, used to facilitate external communication with the enclave; and the secure enclave itself. Ramp Oracle takes advantage if multiple Intel SGX features such as remote attestation and data sealing to establish a verifiable trust relationship.

The following paragraphs describe key oracle activities used to provide data necessary for this verification to outside actors.

Oracle registration

Oracle registration is performed at least once before the oracle is authorized to perform any other activity. Registration is performed using the attestation report created during Intel EPID based remote attestation. The report is used by the OracleRegistry contract to verify the security properties of the enclave as well as to provide a signer address used to uniquely identify the oracle.

Creating a proof of payment

Every on-chain transaction created using Ramp Instant requires a corresponding proof of payment to be finalized. The proof is created inside the secure enclave by querying banking data provider, filtering results and signing the matching payment (if it exists) with signing key. The signing key is stored (sealed) securely inside the enclave and can only be used for signing a valid payment.

The signed proof is then transported on-chain and used to settle the transaction.

Oracle Explorer

End-to-end proof verification

Oracle Explorer facilitates a proof of payment verification in your browser. Data from on-chain and off-chain sources are combined and cross-examined to prove the soundness of the proof. See Oracle Explorer codebase to inspect this process and learn more (coming soon).

You can enter Oracle Explorer from your transaction receipt. Click here to see an example.

Below you can learn about specific information used by Oracle Explorer, section-by

Oracle

ORACLE REGISTRY ADDRESS - the address of OracleRegistry contract which is responsible for registering, verifying and revoking oracles. OracleRegistry contains oracle policy which describes hard requirements for registering as the oracle, i.e. providing remote attestation report that corresponds to the legal oracle source code version, obtained from properly configured secure enclave

ORACLE ADDRESS - an Ethereum address used to identify an oracle running in a secure enclave. This address does not function as a wallet and it's corresponding private key is securely sealed inside a secure enclave

MRSIGNER (or "enclave signer") - uniquely identifies the operator of the oracle. Currently, the only operator (and thus, MRSIGNER) is linked to the oracle operated by Ramp Network.

MRENCLAVE (or "enclave hash") - uniquely identifies the version of the source code running in the secure enclave, i.e. an algorithm used by the oracle to fetch data and create proofs. It can be verified by creating a local enclave and cross-examining with oracle policy in Oracle Registry. You can create a local enclave by following the instruction in Oracle sources (coming soon).

You can learn more about the significance of MRSIGNER, MRENCLAVE and other attestation report fields here. You can learn more about remote attestation here.

Proof of payment

RELEASE PAYMENT TX HASH - Transaction that released the payment from escrow contract. Transaction input contains PROOF SIGNATURE.

PROOF MESSAGE - Proof of payment constructed by the oracle. Consists of hashed transaction details that uniquely identify a given payment (see "Payment details" below). It can only be signed if the specified payment is valid.

PROOF SIGNATURE - Created by oracle signing PROOF MESSAGE _**_with oracle signing key stored inside the enclave.

Payment details

DATA SOURCE URL - Source of truth used by the oracle to construct a proof of payment.

QUERY (JSONPATH) - Describes the test used by the oracle to determine whether the expected payment was performed and whether it contains matching details.

EXPECTED PAYMENT ID - Describes the expected outcome of the aforementioned test (or QUERY). If the outcome is positive, the oracle can proceed with constructing a proof of payment.

Smart contracts and sources

RampInstantEthEscrows

RampInestantTokenEscrows

OracleRegistry

Ramp Oracle - coming soon