BoAT3 IoT Oracle: Bridging Real-World Assets to Web3 in the DePIN Narrative
Background
What is BoAT3 IoT Oracle
As its name implies, BoAT3, standing for Blockchain of AI Things for Web3, is the latest expansion of the industry-well-known BoAT-X (https://github.com/aitos-io/BoAT-EdgeDocs). Since its initiation by aitos.io in 2018, the open-source project BoAT-X has been engaging in the mission of enabling any IoT (Internet of Things) devices to access blockchain services, such that every IoT device can play the role of a blockchain oracle. As the initiator and core contributor, aitos.io named BoAT-X, where X implies any imaginative possibilities. BoAT-X is a set of enablers for the IoT industry that manages on-chain identities (cryptographic algorithms and keys), conducts verifiable claims, transmits transactions to blockchains as well as coordinates with traditional IoT industry to allow smooth transition to Web3.
Most blockchain projects serve humans and are built on servers on the Internet, however, the BoAT-X family is dedicated to the IoT. As IoT has grown so fast in recent years, it’s predicted that the quantity of IoT devices will rise beyond 5 times that of the global population in 2025. Huge IoT devices capture massive data all day in an efficient way, providing materials for various utilization, such as AI training and inference. Thus, data trustworthiness is the essence of the data utilization and monetization.
Blockchain is a trusted way, among multiple parties, to ensure data authenticity as well as log the activities that generate the data. But it’s not easy for IoT. Most IoT devices are much slimmer than many people think. For example, Raspberry Pi, in many IoT-oriented Web3 projects, is probably one of the most powerful IoT devices. In most practical applications, the IoT device is much more constrained than Raspberry Pi. How to bridge vast slim as well as powerful IoT devices to blockchain, is the challenge the BoAT-X family addresses.
Basically, the countermeasure of the challenge is tailoring the most necessary functionalities of a blockchain wallet and porting to the key components of IoT devices. In the past half-decade, the BoAT-X framework, a multi-chain IoT blockchain wallet, already supports mainstream IoT chips and modules, especially resource-constrained ones. By covering them, BoAT is capable of sailing in most IoT devices that are made up of chips and modules.
Now the BoAT’s voyage expands toward the DePIN-oriented IoT Oracle for Web3.
Let’s DePIN
DePIN (De-centralized Physical Infrastructure Networks) is an emerging category of Web3 narrative that builds physical infrastructure networks (e.g., wireless networks, storage networks) in a crowdsourcing way. Meanwhile, as its name implies, BoAT3 is designed to be a DePIN-oriented IoT oracle.
Being tired of computing the nonce to work out the PoW (Proof of Work), more and more people are enthusiastic about further building DePIN to improve real-world life. DePINers, who play the role of supply-side builders, are rewarded for their contribution to the construction and operation of the physical infrastructure network. Hence, it’s essential to measure the physical work they do as the basis of the reward. Such a basis is called a Proof of Physical Work or PoPW.
Proof of Physical Work (PoPW)
For every DePIN project, it’s essential to accurately measure, securely report, and effectively verify a DePIN Unit’s Physical Work (PW). A DePIN Unit is a facility that undertakes the physical work. For example, For a wireless network unit, the PoPW is how many bytes it transfers. For a solar photovoltaic electricity generation unit, the PoPW is how much energy it generates. The PW represents the status or value of some real-world assets.
Whatever the exact measure criteria are, a DePIN Unit is usually equipped with IoT (Internet of Things) devices to measure and report the PoPW, which is verified by the network. Unlike blockchain-native data, PoPW is instead off-chain data. Hence an IoT oracle is required to securely convey PoPW to the blockchain for contribution assessment.
However, traditional IoT devices can not easily access blockchain services due to constrained computing, storage, connectivity capabilities, and power supply. For example, an outdoor weather data collector may be powered by a solar panel and battery. It usually wakes up periodically to measure and report the weather data. For example, it’s difficult to install an Ethereum client into the weather data collector to transfer the PoPW. That’s why BoAT3 IoT Oracle comes out to bridge real-world assets by conveying the PoPW from IoT devices.
BoAT3 IoT Oracle Overview
A DePIN-oriented Oracle for PoPW
BoAT3 is a DePIN-oriented oracle for PoPW. It offers a set of hardware and software for DePIN projects, involving IoT devices, cloud services, and blockchain services, to generate, report, and verify the proof of a certain physical work.
A typical PoPW flows like this:
1. The DePIN Unit does some physical work (e.g., collecting weather data) and produces the data.
2. Among the data, there may be some non-PoPW application data (e.g., low battery alert) being sent to the dApp backend directly (the magenta path), which is out of this article’s scope.
3. Meanwhile, PoPW is generated within the DePIN Unit by packing the working data (e.g., the temperature and humidity). A wallet in the DePIN Unit holds the unique device cryptographic key and signs the PoPW. The signed PoPW assertion is then sent to the IoT oracle following the blue path.
4. The IoT oracle validates the signed PoPW against the device’s credentials registered in DID. If the validation passes, the verified PoPW is sent to the blockchain and the dApp following the green path.
5. Once the verified PoPW is stored on the blockchain, the dApp could further utilize the PoPW (e.g., reward the participating DePIN Unit based on the physical work ).
BoAT3’s Philosophy and Challenges
BoAT3 IoT Oracle focuses on a common need of DePIN projects, which is the PoPW protocol, i.e. the way to drive the PoPW passing from the diverse IoT devices to the blockchain smoothly and securely. It addresses some pivotal aspects:
● Active data feeding: Unlike most other blockchain oracles that are passively triggered by a smart contract to request an off-chain server (data source) for valuable information, the BoAT3 IoT Oracle works mostly in an active feeding mode. This adapts to most IoT devices’ typical behavior that they actively send IoT data to the backend, either in some interval or being triggered by some event. Furthermore, depending on the network topology (e.g., LoRa network) and power-saving strategy, some IoT devices are only reachable in downlink at the moment when they just transmit some uplink data. Hence typically, IoT devices actively transmit PoPW to the blockchain through the BoAT3 IoT Oracle.
● Flexible blockchain enabler for IoT devices: The diversity of IoT devices calls for a flexible approach to securely generate and report the PoPW. Unlike servers that are powerful enough, IoT devices cover a wide range of capabilities, from very lightweight MCUs running at tens of MHz with tens of kB of memory to more powerful devices such as Raspberry Pi and Android-based smart modules running at more than 1GHz with multiple CPU/GPU cores. BoAT3 offers blockchain-enabled IoT chips and modules, as well as SDKs, to meet the on-chain requirements of different types of IoT devices.
● Managed device identities: For most dApps, the user is anonymous unless he binds his blockchain identity (address) with his real-life identity (e.g., social media account). However, it’s not the case for DePIN units. KYD or Know Your Device is mandatory for the DePIN network to verify how much physical work is undertaken by which DePIN unit. It’s fundamental to manage the IoT device’s identity so that only registered IoT devices can generate valid PoPW.
● PoPW Validation and Separate PW Evaluation: BoAT3 IoT Oracle validates every PoPW report by verifying its signature. Every valid IoT device has a registered identity, and thus only untampered PoPW from a valid DePIN unit will pass through. Because the Physical Work (PW) depends on the exact DePIN project, thus, the evaluation of the PW is separated from the PoPW validation. This allows BoAT3 IoT Oracle to focus on the validation of PoPW authenticity in a standard way while leaving the evaluation of various PW (based on the verified PoPW) to the dApp.
● Multiple blockchain adaption: A thriving DePIN ecosystem should cover many dApps running on different blockchains. As an infrastructure for infrastructures, BoAT3 IoT Oracle extends its flexibility by introducing customizable dApp Connectors on the Oracle node. It allows the DePIN project to customize how to pass the PoPW to its blockchain and smart contract.
● IoT platform integration: Though PoPW is the key message generated by IoT devices, IoT data is not all PoPW. BoAT3 IoT Oracle could integrate with the IoT platform to process PoPW and non-PoPW data in an extended way.
● Privacy-preserving: Privacy protection is one of the cornerstones of DePIN projects. In case the raw PoPW contains sensitive information, it must be encrypted before going out of the IoT device. BoAT3 IoT Oracle integrates a confidential computation enclave and Zero Knowledge Proof (ZKP) technology to allow sensitive data to be processed in a trusted environment with a ZKP proof for the authenticity of the result.
● Decentralized oracle nodes: BoAT3 IoT Oracle is a decentralized oracle. Any eligible Oracle service provider could list their service endpoints in the on-chain registry. The exact service terms are determined by every service provider.
Thanks to the efforts we are making, BoAT3 IoT Oracle could help DePIN projects get to the market quickly and securely. It supplies all the things that a DePINer needs to build a DePIN project’s digital MRV (Measuring, Reporting, and Verification) capabilities.
Building Blocks
Overall Architecture
IoT Device Integration in a DePIN Unit
BoAT3’s IoT device integration is an extension of the BoAT’s indirect operation mode. The IoT devices are integrated with the BoAT3 Lite SDK to create their own blockchain wallets and cooperate with the BoAT3 IoT Oracle Node. See the background of the indirect approach at https://github.com/aitos-io/BoAT-EdgeDocs.
● BoAT3 Lite SDK
BoAT3 Lite is a C language lightweight blockchain wallet SDK for embedded devices. It manages a device wallet that enables the IoT device to create and sign the PoPW eligible for validation on the BoAT3 IoT Oracle node.
Most IoT devices are resource-constrained. They have limited computational power, storage capacity, and connectivity bandwidth. It’s difficult to run Node.js and many other blockchain SDKs. BoAT3 Lite SDK is extremely optimized for such resource-constrained embedded systems, allowing the device to generate and report the PoPW.
BoAT3 Lite SDK supports a lot of popular IoT chips and modules. It also supports high-level security by by adopting a Trusted Execution Environment (TEE), Secure Element (SE) or SIM card (for cellular communications).
A non-exhaustive list of the supported IoT chips and modules can be found at https://github.com/aitos-io/BoAT-EdgeDocs/blob/main/SUPPORTED_LIST.md.
We are working hard to expand the supported chip and module models.
In addition, a BoAT3 Agent SDK written in high-level languages such as Java and golang is also available if connecting BoAT3 IoT Oracle with an IoT platform is the case.
● Blockchain Chips and Modules
Blockchain chips and modules are IoT hardware components driven by BoAT3 Lite SDK. In addition to normal connectivity capabilities, they can generate and report the PoPW to the BoAT3 IoT Oracle node through BoAT3 Lite SDK.
Though BoAT3 Lite SDK is flexible to port to almost any IoT hardware, it needs quite a lot of expertise in both the blockchain and embedded/IoT areas. To shorten the Time-to-Market, aitos.io cooperates with partners to provide IoT chips and modules that already integrate BoAT3 Lite SDK. DePIN projects can choose from them to compose their DePIN units with immediate PoPW assertion capability. Hence the developer could concentrate on the physical work itself rather than dealing with SDK porting on various IoT hardware.
This might accelerate DePIN projects at a 10x speed because the blockchain chips and modules as standard hardware components would expand the growth of DePIN Unit deployment much faster than spending time on porting on a variety of hardware devices. Though the DePIN Units cover different areas and involve diverse hardware, blockchain chips/modules are the common components that enable DePIN projects with on-hand PoPW capability.
BoAT3 IoT Oracle Node
● Data Validator
Data Validator validates the trustworthiness of the proof of certain physical work that is measured and reported by the IoT devices. The PoPW is validated against its signature and the device identity that is registered as DID. Once verified, the PoPW is passed to the Rule Engine for dispatch.
● Rule Engine
Rule Engine is a dispatcher that distributes the verified PoPW to a corresponding Connector based on the DePIN project and the Thing Model of the PoPW.
● Connectors
Connectors are virtual machine instances that allow a plug-in implemented as a JavaScript module to be loaded and executed to customize the process of the PoPW stream. DePIN projects can write their own JavaScript module to deal with the PoPW and adapt to the blockchain and smart contract they are running on.
● Confidential Computation Enclave & ZK Prover
A confidential Computation Enclave is an isolated execution environment that allows sensitive data to be processed. It’s often the case that the extracted information rather than the raw data is the demand. If some PoPW contains sensitive data (e.g., personal information), the plain text PoPW must be encrypted before it goes out of the IoT device. It can only be decrypted within the boundary of the Confidential Computation Enclave, and thus the algorithm in the enclave could compute the necessary information (Physical Work Claim) based on the data. After the computation is completed, only the insensitive Physical Work Claim is disclosed. No raw data should spread outside the enclave. ZK Prover collaborates with the Confidential Computation Enclave to generate proof that the disclosed Physical Work Claim is actually worked out by the algorithm and the given data. Users can benefit from Confidential Computation and ZK to monetize the data without the disclosure of the original data that may contain private information.
Common Services
● DID & Device Registry
Every IoT device needs an identity registered in the DePIN ecosystem. Unlike many other web3 projects that only care about the digital signature, DePIN projects should not only verify the signature against their public keys or addresses but also authenticate the data, and their signatures are from the registered IoT devices.
● Oracle Node Registry
Oracle Node Registry is where the eligible BoAT3 IoT Oracle service providers are registered and listed. Anyone could set up its BoAT3 IoT Oracle node if necessary criteria are met.
● Access Grant
Access Grant allows DePIN projects to define the rule to access BoAT3 IoT Oracle. For example, a DePIN project could determine which address could update the Javascript code in a corresponding Connector.
● ZK Verifier
ZK Verifier is a library that allows smart contracts to verify the ZK proof generated by the ZK Prover in the BoAT3 IoT Oracle node.
● Decentralized Storage
It’s obvious that the blockchain itself can hardly handle the huge IoT data due to the TPS(Transactions Per Second) and cost. Decentralized storage is a necessary capacity to store the PoPW as well as many other types of data.
● PoPW Notary Service
As a default dApp, notary is one of the BoAT3 IoT Oracle’s built-in services. Any IoT device can notarize PoPW by calling the service, where the data is stored in the decentralized storage, and its fingerprint (e.g., hash) is permanently stored on the blockchain.
● Thing Model
Thing Model is a customized data structure for IoT devices to report their PoPW in a predefined structure. Any PoPW must follow one of the Thing Models the DePIN project defines.
Guide for Developers
Step 1: Determine the IoT Network Topology
An IoT network is typically a multi-layered star network. The IoT devices (terminals) connect to an IoT gateway, and the gateway connects to the Internet or Intranet. The exact network topology is determined by a lot of factors, such as device capabilities, connectivity technologies, route configurations, commercial strategy, and regulatory requirements.
The first decision to make is where to place the data trust anchor point. A trust anchor point is the starting point of the trust chain. It’s typically at the place where the data could be signed with a unique key.
Ideally, the IoT device should measure the PW(Physical Work), pack the measured PW in PoPW, and sign the PoPW with its unique device key. This places the trust anchor point in the IoT device, which is the nearest point in the PoPW assertion path. However, in some cases, the IoT device is not capable of signing the PoPW. It could be caused by technical issues, commercial reasons, or both. Thus, there are two other choices to place the trust anchor point: at the on-site gateway, or at the on-cloud IoT platform.
Wherever the anchor point is placed, the anchor point should generate and report the PoPW to the BoAT3 IoT Oracle node.
Step 2: Choose an IoT Integration Solution
If the anchor point is placed at the IoT device or an on-site gateway device, there are two integration options. One is the software solution, while the other is the hardware solution.
The software solution is porting BoAT3 Lite SDK to the target IoT device. BoAT3 Lite SDK is written in C language and is quite effective to run on IoT hardware. But C language is not cross-platform. That means some additional efforts are inevitable, and embedded hardware and software skills are required to port the SDK.
The hardware solution is choosing the blockchain modules or blockchain chips that already integrate with BoAT3 Lite SDK. The connectivity module or chip is a key component to compose the IoT device. Choosing the supported models could get rid of the SDK porting.
If the anchor point is placed at the IoT platform, no IoT integration is needed. The IoT platform should instead integrate with the BoAT3 Agent SDK written in high-level languages such as Java and golang.
Step 3: Choose the PoPW Verification Mode
There are two PoPW verification modes, Plain Text PoPW, and Privacy Preserving PoPW, to meet various requirements.
● Plain Text PoPW
In a plain text PoPW scenario, PoPW is the raw data of a certain physical work.
The IoT device measures the physical work and signs it with its device key. The signed PoPW is sent to the BoAT3 IoT Oracle node in plain text. The Data Validator validates the PoPW and passes it to the Rule Engine to select a corresponding Connector. The DePIN project customized plug-in in the Connector instance transfers the verified plain text PoPW to dApp. The dApp rewards the DePIN Unit according to its physical work.
● Privacy-Preserving PoPW
In a privacy-preserving PoPW scenario, PoPW is encrypted, and a Physical Work Claim is computed to reflect certain insensitive information extracted from the raw data of the physical work.
The IoT device measures the physical work and encrypts it before signing it with its device key. The encrypted PoPW is sent to the BoAT3 IoT Oracle node. The Data Validator validates the encrypted PoPW’s signature and passes it to Rule Engine to select a corresponding Connector. The DePIN project customized plug-in in the Connector instance injects the encrypted PoPW into the Confidential Computation Enclave. The PoPW is decrypted inside the enclave, and the algorithm in the enclave computes a Physical Work Claim and generates a ZK proof for the computation. The Physical Work Claim and its ZK proof are then sent to dApp. The dApp verifies the ZK proof and rewards the DePIN Unit according to its Physical Work Claim.
Step 4: Prepare the Connector Plug-in
To support multiple blockchains and smart contracts, the Connector is a customizable Javascript script for developers to define how to deal with the verified PoPW. This at least includes reporting the PoPW to the dApp’s smart contract. In addition, the PoPW can also be stored in the decentralized storage for later use. The developers could determine the exact behavior by writing their own plug-in code.
Conclusion
The emerging DePIN ecosystem needs an IoT oracle to convey to the blockchain the proof of what physical work the DePIN Unit contributes. Unlike other Web3 projects, DePIN Units are built on IoT devices for the physical world, which leads to a lot of opportunities and challenges.
Technically, to address the diversity of IoT devices inside the DePIN Units, BoAT3 IoT Oracle comes with BoAT Lite SDK as well as blockchain-enabled chips and modules with embedded blockchain wallet to empower the IoT device to generate and report the PoPW to the Oracle node. The oracle node validates the authenticity of the PoPW and passes it to the dApp’s on-chain smart contract via a DePIN project customized Connector. The dApp rewards the DePIN Unit according to the physical work it does. For PoPW that contains sensitive information, the Confidential Computation Enclave and ZK Proof are involved to generate a verifiable Physical Work Claim for the dApp to evaluate the reward for the DePIN Unit.
BoAT3 IoT Oracle accelerates DePIN projects by standardizing the protocol of PoPW generation, reporting, and verification. Contrary to Bitcoin, which adopts PoW intrinsically in its consensus method, Physical Work (PW) is often an extrinsic effort of a DePIN dApp. A DePIN Project’s appChain or smart contract can not directly measure the PW without IoT devices and oracles. BoAT3 IoT Oracle provides DePIN projects with not only the software that implements the protocol but also the key IoT hardware components to pave the way for PoPW’s digital MRV. This covers the diverse DePIN Units in a large range and pushes the DePIN projects to grow quickly.
By ferrying PoPW to the blockchain securely, BoAT3 IoT Oracle bridges the real-world assets to Web3 in the DePIN Narrative.
