• In order to improve the scalability of the oracle system while ensuring security and credibility, we designed a distributed multi-data source oracle architecture that includes TEE and ordinary devices. It uses a committee composed of TEE to improve the credibility and aggregation efficiency of off-chain data, and combines ordinary nodes to increase the scalability of the system.

• Since the selection of oracle nodes will affect the efficiency of data collection, we redesign a new Quality of Service (QoS) metric. It considers the response time and result accuracy of nodes obtaining data from the data source. Then, we use an efficient weighted random node selection algorithm to select task nodes in a non-replacement weighted extraction way, which fully improves the service efficiency of the system.

• Through experimental verification, our scheme can effectively improve the scalability and efficiency of the system. Compared with the ordinary scheme, the response time of each task is reduced by about 9.92%.

2.1  Voting-Based Oracles

Augur is the first prediction market platform for decentralized oracle proposed by Ethereum. It hands data request events to all participants in the market. If the data provided by one node is inconsistent with the consensus results of other nodes, the pledged tokens will be confiscated by the system and redistributed to other nodes, forcing the nodes to remain honest [12]. Adler et al. [13] designed a decentralised oracle scheme based on a voting game that divides participants into three categories: submitters, voters or verifiers. Voters and validators play games with each other. Eventually, the Nash equilibrium is reached where all rational participants are forced to act honestly. Cai et al. [16] thought that the linear growth of participants’ equity may lead to herd behavior, so they propose a nonlinear equity scaling rule to prevent Sybil attacks. However, the voting-based oracle requires a definite answer to the proposition, and the user’s voting is inefficient.

2.2  Hardware-Based Oracles

Trusted Execution Environment (TEE) can protect the core code of the program from interference by other malicious programs, while avoiding data leakage [6]. Zhang et al. [7] proposed a hardware-based oracle system, which uses Intel SGX to ensure the security and credibility of computing. However, the above system has the possibility of a single point of failure, so Woo et al. [8], [17] proposed a distributed oracle using Intel SGX to improve the availability of the oracle network in the event of a single point of failure or malicious nodes through the BFT consensus mechanism. Liu et al. [18] using TEE to extend blockchain trust from the blockchain to the off-chain, continuously perceive the inside of the vaccine box through trusted sensors and generate anti-counterfeiting data to obtain reliable vaccine tracking data. However, hardware-based oracles require specific hardware support, so their scalability is poor and it is difficult to take advantage of the large number of IoT devices without TEE.

2.3  Distributed Oracles

DECO is a distributed oracle scheme that helps users prove that the data they access through TLS is from a specific website without the need for trusted hardware or server-side modifications [19]. He et al. [20] proposed a novel scalable data feed service SDFS, which ensures the rationality of the data acquisition process and the scalability of the system services. In addition, a node reputation evaluation strategy is designed to judge whether each node is a malicious node and update the reputation value of each node. Chainlink [14] proposes a decentralized oracle network to achieve reliable data input and connection between smart contracts and external data sources. It uses reputation systems and cryptographic algorithms to ensure reliable operation of the system. DOS Network [15] provides off-chain computing in a decentralized manner, and uses m-out-n multi-signature transactions to achieve consensus. Similarly, Manoj et al. [21] obtained trusted agricultural data for the blockchain using a threshold secret-sharing scheme. Lin et al. [22] proposed a novel IIoT-oriented digital twin architecture by combining oracle with decentralized learning. Gigli et al. [23] proposed a robust oracle architecture with a reputation algorithm for selecting trusted data sources. Even if there are multiple malicious data sources, it can consistently provide high-quality data.

The above solutions are all focused on improving the accuracy, reliability, and completeness of oracle data. However, these solutions do not consider the impact of the matching relationship between oracle nodes and data sources on the performance of the oracle system. Therefore, this paper designs a high-performance distributed multi-data-source oracle system with a hybrid TEE device for IoT scenarios. By combining the advantages of TEE and distributed oracle systems, the system selects efficient and trustworthy oracle nodes through weighted random selection, thereby improving the access efficiency of the oracle system.

3.1  Oracle

The word ‘Oracle’ comes from Greek mythology and refers to people who can directly communicate with God and foresee the future. In a blockchain environment, oracle is a system that provides blockchain with information from the real world [24].

The main steps are shown in Fig. 1, 1) The user contract calls the oracle contract to obtain the data of the corresponding data source; 2) After the oracle node listens to the event of the oracle contract, it obtains data from the corresponding data source; 3) The data source returns the corresponding data; 4) Oracle nodes verify and sign the data and return the oracle contract; 5) The oracle contract returns data to the user contract.

Fig. 1  Overview of oracle system.

3.2  Threshold Signature

Threshold signature is a group of \(n\) members, the group has a pair of group signature public key and private key [25]. The group’s signature private key is shared by \(n\) members in a threshold manner. Only the number of honest members in the group greater than or equal to the threshold value \(t\) can sign on behalf of the group with the group signature private key. And it is easy for anyone to verify the signature through the group public key. These characteristics of threshold signature make it can be used in the process of oracle node aggregation data to prevent the problem of freeloading [14]. The process of threshold signature used in this paper is as follows:

1) Generate public key and group member private key: input the security parameter \(s\), the threshold value \(t\) and the number of members \(n\), and return the private key \(sk_i (i=1,2,\ldots,n)\) for each member’s partial signature. Each member saves a private key fragment to generate a partial threshold signature. \(pk\) is used to verify the threshold signature, as shown in the Eq. (1), where \(L = sk_1,sk_2,\ldots,sk_n\).

2) Generate partial threshold signature: input the message msg and the member private key \(sk_i\) to generate a partial signature \(Sign_i\), as shown in the Eq. (2):

3) Synthetic threshold signature: if the valid partial signatures \(Sign_i\) collected by a member reach the threshold value \(t\), these \(Sign_i\) can be used to synthesize the threshold signature \(Sign^*\).

4) Verify threshold signature: input message \(msg\), public key \(pk\) and threshold signature \(Sign^*\), return judgment result \(true\) and \(false\), where \(true\) means authentication passed and \(false\) means not authenticated, as shown in Eq. (3):

3.3  Analysis of Existing Problems

3.3.2  The Problem of Matching Data Sources to Oracles Nodes

In order to improve the robustness and security of the system, the current oracle scheme uses multiple oracle nodes and multiple data source nodes to reduce the impact of single point of failure and malicious [23]. The user smart contract specifies multiple data sources to obtain data, and matches different oracle nodes to perform tasks. However, there is an implicit matching relationship between the oracle node and the data source, and the network connectivity will greatly affect the speed of data acquisition. For example, due to network and geographical differences, the response time of the German oracle node A to obtain the data source \(D_1\) in Germany is often faster than the data source \(D_2\) in China. For example, the network connectivity will greatly affect the speed of data acquisition. As shown in Fig. 2, region \(A\) and \(B\) are distributed with some data sources and oracle nodes, and cross-domain requests will experience a longer network routing wait. Therefore, how to select appropriate nodes to participate in the task according to the implied matching relationship between data sources and oracle nodes is an effective means to improve the efficiency of the system.

Fig. 2  The process of obtaining data from data sources in regions A and B.

4.1  Overview

In this Section, we present the oracle scheme proposed in this paper. We design a high-performance distributed oracle weighted matching scheme with multiple data sources. The system is mainly divided into on-chain contracts and off-chain nodes, where off-chain nodes are further divided into ordinary oracle nodes and TEE nodes. Ordinary oracles account for the majority of industrial Internet devices, providing scalability for the oracle system. A few nodes with TEE can provide trusted support for the system and improve system trustworthiness. The system overview is shown in Fig. 3.

Fig. 3  Overview of our oracle system.

The main steps include the following:

4.2  Node Selection

Firstly, the oracle contract processes data requests from user contracts in the form of a four-tuple \(Request(m,n,D,r)\), where \(m\) represents the number of nodes required for aggregate signature, \(n\) represents the total number of nodes required for this task, \(D\) represents the array of data sources, and \(r\) represents the random number generated by the hash of the previous block. The oracle contract needs to split the multi-data source request task into multiple subtasks \(Request(m,n,d,r)\) and record, \(d \in D\), \(d\) represents a single data source.

For a single subtask \(Request(m,n,d,r)\), the oracle contract needs to select \(n\) ordinary oracle nodes to obtain data d according to the requirements of the subtask. To select efficient nodes while ensuring randomness, we use the oracle node as a weight for the data source \(d\) service quality \(QoS_d\), and randomly select nodes. In order to reduce the space and time complexity of the oracle contract, we use the A-ExpJ algorithm [26] to randomly select \(n\) nodes from \(N\) to participate in the data acquisition task, \(N\) represents the set of all ordinary oracle nodes. For each node \(i\), a random number \(u_i=rand(0,1)\) that obeys uniform distribution is selected, \(k_i=u_i^{1/w_i}\) is used as the key value of sampling, and \(m\) samples with the largest key value are selected as the sampling results. This method effectively reduces the time and space complexity of sampling compared with the cardinal method [27]. In addition, the non-replacement selection can reduce the repeated selection of some oracle nodes and reduce the response time.

\(R\) denotes the set of n ordinary oracle nodes selected from \(N\) by the A-ExpJ algorithm. We give a detailed description in Algorithm 1.

4.3  Data Request and Aggregation

The oracle nodes are divided into two categories according to whether they have TEE: ordinary nodes and TEE nodes. TEE nodes together form a consensus committee to record, verify and aggregate data signatures. The ordinary oracle node generates a distributed public and private key based on the contract task, performs computational logic such as obtaining data or performing computational tasks, and signs the result.

Firstly, the selected oracle node set \(R\) generates \(n\) private key fragments \(sk_i\) and public key \(pk\) with a threshold of \(m\) according to the \(Request(m,n,d,r)\) one-time non-interactive distributed key generation (DKG) protocol [28] with a threshold of \(m\) (It is worth noting that this phase can be paralleled with the data acquisition process).

Then, the node \(i\) obtains data from the data source \(d\), and uses its own private key fragment \(sk_i\) to sign the obtained data \(msg\) to obtain the signature fragment \(Sign_i\).

As shown in Fig. 4, the oracle node \(i\) submits the signature fragment \(Sign_i\) to the consensus committee formed by the TEE node. Their node executes the program in the TEE environment [29], [30] to ensure the security and credibility of the program. The consensus committee verifies the signature fragment \(Sign_i\) based on the Raft protocol [31] and aggregates it to form a group signature \(Sign^*\). In addition, the committee will also record the time when node \(i\) uploads the signature as its response time \(t^d_i\). Finally, the Leader node will package the consensus group signature \(Sign^*\), the original data \(msg\) and the successfully aggregated node response time \(t^d\) as \(S\), and use the Leader’s private key \(sk_{leader}\) to sign to get \(sign_S\), upload the oracle contract.

Fig. 4  Data flow of TEE node committee.

The Raft-based TEE committee not only avoids the single point of failure issue of TEE nodes but also enhances resistance against Sybil attacks. Additionally, by using the Raft protocol for aggregated signatures, the number of broadcasts for threshold signature data is reduced, thus improving system efficiency. Furthermore, the TEE-based execution environment ensures the trustworthiness of response time records for regular nodes, providing a reliable data foundation for subsequent weighted random selection of nodes.

4.4  Data Validation and QoS Update

After receiving the data \(Sign_S\) and \(S\) from the TEE committee, the oracle contract uses Leader’s \(pk_{leader}\) to verify \(Verify(S, Sign_S,pk_{leader})\), ensuring that the data has been verified by the TEE committee.

Then, the oracle contract uses the generated threshold signature public key \(pk\) to verify the group signature \(Sign^*\) formed by aggregation \(Verify(msg,Sign^*,pk)\).

Finally, when the verification is passed, the oracle contract update the number of times \(h\) and the response time \(t_d^i\) that the node \(i\) in \(Sign^*\) successfully completes the task from the data source \(d\).

In order to improve the quality of service of the oracle, we define a quality of service index of the oracle, which includes the response time and service accuracy of the oracle node \(i\) to the request of the data source \(d\). According to the current task results, we divide the device into nodes that complete the task and those that do not complete the task, and take the longest time \(max(t_d)\) of the aggregated nodes as the total time \(t_d^{total}\) of this task. At the same time, we use the timeout ratio \(\beta\) of the device multiplied by the total time \(max(t_d)\) of this task as the estimated time \(t_d^{delay}\) of other unfinished tasks.

We use the proportion of the response time \(t_{d}^{i}\) of device \(i\) to the longest time \(t_d^{delay}\) of this task as its relative response time \(T^d_{i} \in [0,1]\).

We use the number of times that the node \(i\) successfully participates in the aggregation \(h_d^i\) and the total number of times selected \(c_d^i\) as the service accuracy \(A_d^i\) of the node to the data source \(d\).

We set a hyper-parameter \(\alpha\) to determine the proportion of response time and accuracy in the QoS of the node to the data source \(d\). \(\alpha > 0.5\) indicates that we pay more attention to the response time of the node, while \(\alpha \leq 0.5\) indicates that we pay more attention to the service accuracy of the node.

When we get the result returned by \(Request(m,n,D,r)\)’s \(|D|\) subtask \(Request(m,n,d,r)\), we try to aggregate it to get the final result \(Result(s_1,\ldots,s_{|D|})\) and return the user contract. It can be found that the user contract expects a consistent result for the \(|D|\) results, but when the returned results are different in \(s_1,\ldots,s_{|D|}\) and it is difficult to reach an agreement, the user can set different aggregation strategies for multi-data source data according to their own needs.

5.1  Experiment Setting

The oracle system designed in this paper consists of on-chain contracts, off-chain oracle nodes, and TEE committee. The smart contract is written by Golang and deployed on the chainmaker blockchain [32], the on-chain and off-chain establish communication with the on-chain contract through the ChainMaker SDK. The total number of nodes \(N\) is 10, the number of nodes \(n\) selected for each task is 5, and the threshold \(m\) required for each task is 3.

5.2  Evaluation

In order to validate the effectiveness of the proposed scheme, we will analyze how the proposed scheme improves the efficiency of the system and reduces the response time. Then, we also experimentally verify the impact of scalability on the success rate of data aggregation.

5.2.1  Response Time

Figure 5 compares the average response time of our scheme with the other three selection strategies (random selection, only selecting the \(n\) nodes with the best QoS, and the \(n\) nodes with the worst QoS) in 100 tasks. Obviously, the proposed scheme has a significant performance improvement compared with the traditional random node selection scheme. The average response time per task is reduced by 9.92%, and the standard deviation of response time is reduced by 2.8%. Although the proposed node selection scheme cannot achieve the optimal performance, the weighted random method can maintain a certain randomness to prevent specific attacks against high-reputation nodes. It is consistent with our original intention to improve the performance of the oracle system while maintaining security. The above results also show that the proposed framework and QoS standard can effectively record and describe the behavior of nodes, and provide data support for upper-layer strategies such as node selection.

Fig. 5  Response time of different strategies in 100 request tasks.

In addition, as shown in Fig. 6, we also calculate the proportion of response time in oracle task. It can be found that the response time of the nodes off-chain accounts for more than 50% of the whole task time. Therefore, reducing the response time is of great significance to improve the execution efficiency of the oracle task. Furthermore, the time spent on an oracle task is also closely related to the efficiency of the blockchain used. However, it is foreseeable that the gradual improvement of blockchain consensus efficiency and the more complex network conditions in practical applications will further increase this proportion, and the advantages of the proposed scheme will be further highlighted.

Fig. 6  The proportion of response time in a task.

5.2.2  Effectiveness of QoS

Figure 7 shows the change of metrics after our scheme performs 100 request tasks on a data source on 10 oracle nodes. Obviously, it can be observed that there is a clear correlation between the node QoS and the successful completion of the task. This shows that the proposed scheme can identify nodes with slow response and reduce their QoS according to the actual operation status of nodes. This is consistent with our expectations. The higher the QoS of the high-performance nodes that can complete the task in time, the greater the probability of their selection.

Fig. 7  Effectiveness analysis of QoS computing.

5.2.3  Node Selection and QoS

In addition, we also analyze the relationship between QoS and the number of nodes selected more intuitively through the Fig. 8. We can find that with the decrease of QoS, the number of node selection is also decreasing. This shows that the proposed node selection scheme is effective.

Fig. 8  The relationship between node selection and QoS.

5.2.4  Expandability

Figure 9 shows the impact of system scalability on the success rate of data aggregation in real-time data acquisition tasks in the Internet of Things. We observe the effect of choosing a different number of nodes \(m\) per round on the success rate of oracle aggregation with a threshold \(n\) of 2. The result shows that selecting more nodes per round of tasks is more likely to result in successful aggregation under the same threshold. This is consistent with the original intention of our design, and it is also the reason why we design the hybrid TEE oracle architecture. Massive ordinary nodes are responsible for data acquisition tasks to improve system performance. A small number of secure TEE nodes form a fault-tolerant recording and verification committee, which is responsible for ensuring the security and credibility of data.

Fig. 9  The relationship between aggregation success rate and the number of participating nodes.

A.1 Hypothesis

We assume that \(n\) selected oracle nodes are given the data request task at the same time, their response times satisfy the \((\mu,\sigma)\) normal distribution, and the collection of data from IoT devices satisfies a periodic variation with a period of \(T\) [33]. As shown in the Fig. A\(\cdot\)1.

Fig. A･1  The relationship between node selection and QoS.

A.2 Question

The problem is defined as: in the normal distribution curve in the interval of \([0,+\infty]\) and x axis surrounded by the area of \(S_{total}\), Randomly scattered \(n\) points, the probability that the number of scattered points \(m\) in the \([x,x+T]\) interval area \(S_{t}\) is greater than or equal to the threshold value \(t\) of the threshold signature.

A.3 The Relationship between Threshold Requirement and \(n\)

The total probability interval area \(S_{total}\) is expressed as:

Because of \(\mu \ge 0\), so \(\frac{1}{2} \leq S_{total} \leq 1\).

The selected probability interval \(S_{t}\) in \(T\) time is:

Therefore, when test or select of 1 node, the probability of occurrence of event \(A\) is \(P\) \((0<p<1)\):

In \(n\) independent experiments, the probability that event \(A\) happens to occur \(m\) times is:

We transform the problem into an N-fold Bernoulli experiment, conduct \(n\) experiments or select \(n\) nodes, and the probability of successfully aggregating group signatures varies with \(n\) as follows (\(P_n(m \ge t)\) is the maximum probability that the threshold \(t\) can be met):

Since both \(S_t\) and \(S_{total}\) are independent of \(n\), \(P\) is also independent of \(n\).

Also, \(C_n^i = \binom{n}{i} = \frac{n!}{i!(n-i)!}\) is a positive correlation with \(n\).

And \(P_n(m\geq t)\) is an additive term. When \(n\) increases, \(P_n(m\geq t)\) increases monotonically.

Therefore, \(n\) is positively correlated with \(P\), and when \(n\) increases, \(P\) also increases.

A.4 Conclusion

Therefore, we can get a conclusion that when the number of nodes \(n\) selected for each task increases, the probability \(P\) of successful data aggregation obtained in changing data such as the Internet of Things also increases.