MediBloc Panacea
main
Search
K

Verify a Remote Report

Verify Remote Report

Genesis Oracle

Synopsis

This document describes how to validate remote reports generated by an oracle.

Remote Report

Remote reports are one of the core elements of this protocol. This remote report must be submitted when the genesis oracle or a new oracle participant registers to Panacea. A remote report can verify that the genesis oracle or a new oracle participant is the correct oracle.
The correct oracle means the oracle with a unique ID agreed upon in Panacea. If the unique ID is different, it can be determined that one is an invalid oracle. See oracle-key-handshake documentation for details on this.
  • For the remote report generated by the genesis oracle, you can see genesis oracle section.
  • For the remote report generated by a new oracle registration, you can see oracle registration section.
  • On how to verify correct oracle via remote report, you can see confidential oracle section.

Validation a genesis oracle

To verify the genesis oracle, you need the oracle public key and a remote report generated based on the oracle public key. This information can be obtained from Panacea's oracle module parameters.
You need to create public_key_info.json file through the process below.
ORACLE_PUBLIC=$(panacead q oracle params --node <node-rpc-address> -o json)
ORACLE_PUBLIC_KEY=$(panacead q oracle params --node <node-rpc-address> -o json | jq -r .params.oracle_public_key)
ORACLE_PUBLIC_REMOTE_REPORT=$(panacead q oracle params --node <node-rpc-address> -o json | jq -r .params.oracle_pub_key_remote_report)
jq -n --arg public_key_base64 $ORACLE_PUBLIC_KEY --arg remote_report_base64 $ORACLE_PUBLIC_REMOTE_REPORT '{public_key_base64: $public_key_base64, remote_report_base64: $remote_report_base64}' > public_key_info.json
oracle_public_key_info.json
{
"public_key_base64": "<public-key-base64>",
"remote_report_base64": "<remote-report-base64>"
}
Move the generated json file to the oracle home path and perform remote report validation.
mv ./oracle_public_key_info.json <directory-you-want>/.oracle
docker run \
--device /dev/sgx_enclave \
--device /dev/sgx_provision \
-v <directory-you-want>:/oracle \
ghcr.io/medibloc/panacea-oracle:main \
ego run /usr/bin/oracled verify-report /home_mnt/.oracle/oracle_public_key_info.json
Output
time="2023-01-12T01:45:45Z" level=info msg="remote report is verified successfully"

Validation on a new oracle registration

To verify a newly registered oracle, the public key of the node registered by this oracle and the remote report are required. This information can be found in oracle registration store on Panacea.
ORACLE_REGISTRATION=$(panacead q oracle oracle-registration <unique-id> <oracle-address> --node <node-rpc-address> -o json)
NODE_PUBLIC_KEY=$(echo $ORACLE_REGISTRATION | jq -r .oracle_registration.node_pub_key)
NODE_PUBLIC_REMOTE_REPORT=$(echo $ORACLE_REGISTRATION | jq -r .oracle_registration.node_pub_key_remote_report)
jq -n --arg public_key_base64 $NODE_PUBLIC_KEY --arg remote_report_base64 $NODE_PUBLIC_REMOTE_REPORT '{public_key_base64: $public_key_base64, remote_report_base64: $remote_report_base64}' > node_public_key_info.json
Move the generated json file to the oracle home path and perform remote report validation.
mv ./node_public_key_info.json <directory-you-want>/.oracle
docker run \
--device /dev/sgx_enclave \
--device /dev/sgx_provision \
-v <directory-you-want>:/oracle \
ghcr.io/medibloc/panacea-oracle:main \
ego run /usr/bin/oracled verify-report /home_mnt/.oracle/oracle_public_key_info.json
Output
time="2023-01-12T01:45:45Z" level=info msg="remote report is verified successfully"
Last modified 1yr ago