DCO: DEOS Computing Oracle
Verifiable off-chain computation for smart contracts
Version 1.0, January 2026
Summary
DCO is a verifiable computation layer for blockchain applications. The standard answer to "how do we trust off-chain computation" is redundancy: run the same job on N nodes and take the median or the majority. That works, but it pays N times the cost for one job's worth of output. DCO runs the job once and proves the result with deterministic replay, backed by an optimistic fraud-proof model with the same security profile as Arbitrum or Optimism. The cost difference is roughly an order of magnitude.
1. The problem
1.1 What smart contracts can and cannot do
Smart contracts have hard limits.
| Limit | Practical impact |
|---|---|
| Gas costs | Anything beyond simple math is too expensive to run on-chain |
| Block gas limit | About 30M gas caps computation per block |
| No external data | Contracts cannot call APIs, read databases, or fetch URLs |
| No floating point | Arithmetic is integer-only |
| Determinism requirement | No randomness, no I/O, no nondeterministic ops |
The combined effect is that nontrivial computation has to happen off-chain. Once it does, the on-chain contract needs some way to trust the result.
1.2 The oracle problem
Off-chain computation introduces a trust question: how does a smart contract know the off-chain answer is correct? The current answer is redundancy.
Traditional oracle model:
- N nodes independently compute the same result
- Results are aggregated (median, majority)
- Trust = economic stake + redundancy
- Cost = N * computation cost
This is secure but inefficient. For every job, N machines do identical work.
1.3 What the market is paying
| Operation | On-chain cost | Chainlink cost | Actual compute cost |
|---|---|---|---|
| Random number | Impossible | About $3 to $5 | $0.001 |
| Price aggregation | $50+ in gas | $1 to $2 | $0.01 |
| Complex calculation | $100+ in gas | $5 to $10 | $0.01 |
| AI inference | Impossible | Not offered | $0.10 |
The market pays 100x to 1000x more than the compute itself costs. The premium is for verifiability, and most of it is wasted on redundancy rather than going to verification.
2. The DCO model
2.1 The shift
Computation only needs to happen once if it can be verified. So instead of N redundant executions:
DCO model:
- 1 node executes the computation
- Execution is deterministic and logged
- Anyone can replay and verify after the fact
- Fraud is cryptographically provable
- Cost = 1 * computation cost
2.2 The substrate
DCO runs on DEOS, a deterministic event-sourced operating system. Four properties carry the model:
- Deterministic execution. Same inputs always produce the same outputs.
- Event sourcing. Every operation is logged to a tamper-evident chain.
- Replay capability. Any execution can be re-run from the log and produce the same result.
- Content addressing. All data is referenced by hash.
These properties together let computation be verified without being repeated.
2.3 Trust model
Optimistic fraud proof, the same model that secures Arbitrum and Optimism:
1. Operator executes the computation.
2. Operator posts the result, the execution hash, and a stake.
3. A challenge period opens (1 hour by default).
4. Anyone can challenge by initiating a replay.
5. If fraud is proven, the operator loses the stake.
6. If no challenge fires, the result finalizes.
Security comes from verifiability rather than redundancy. The honest operator gets paid. The dishonest operator gets slashed.
3. Architecture
3.1 Components
+-----------------------------------------------------+
| User / Smart Contract |
+-------------------------+---------------------------+
| Request
v
+-----------------------------------------------------+
| DCO Gateway |
| - Request validation |
| - Operator selection |
| - Result aggregation |
+-------------------------+---------------------------+
|
v
+-----------------------------------------------------+
| DEOS Runtime |
| +---------------------------------------------+ |
| | Computation Environment | |
| | - WASM execution | |
| | - Deterministic scheduling | |
| | - Event logging | |
| +---------------------------------------------+ |
| +---------------------------------------------+ |
| | Verification Layer | |
| | - Execution hash generation | |
| | - Replay capability | |
| | - Fraud proof generation | |
| +---------------------------------------------+ |
+-------------------------+---------------------------+
|
v
+-----------------------------------------------------+
| On-Chain Contracts |
| - Result registry |
| - Stake management |
| - Dispute resolution |
+-----------------------------------------------------+
3.2 Request flow
Step 1: Request submission
--------------------------
User or contract -> DCO Gateway
{
"computation": "0x..." (WASM bytecode hash),
"input": "0x..." (input data hash),
"callback": "0x..." (callback address),
"maxFee": "0.1 ETH"
}
Step 2: Operator selection
--------------------------
Gateway picks an operator based on:
- Available stake
- Historical reliability
- Current load
Step 3: Execution
-----------------
DEOS runtime executes the computation:
- Load WASM module
- Execute with input
- Log all operations
- Generate execution hash
Step 4: Result submission
-------------------------
Operator -> on-chain registry
{
"requestId": 12345,
"result": "0x...",
"executionHash": "0x...",
"stake": "1 ETH"
}
Step 5: Challenge period
------------------------
- Window: 1 hour, configurable
- Anyone can challenge
- No challenge: result finalizes
Step 6: Callback
----------------
Registry -> user contract
callback(result, executionHash)
3.3 What the execution environment supports
Supported:
WASM modules (compiled from Rust, C, AssemblyScript, etc.)
Deterministic execution
Memory isolation
Bounded computation (gas metering)
Not supported:
Network access during execution
Non-deterministic operations
Unbounded loops
3.4 Where determinism comes from
| Source of nondeterminism | What DEOS does |
|---|---|
| Random numbers | RDRAND is trapped and logged |
| Timestamps | RDTSC is trapped and logged |
| Thread scheduling | Single deterministic scheduler |
| Memory layout | Fixed allocation patterns |
| Floating point | IEEE 754 strict, see the FP Determinism Spec |
Any execution can be replayed and will produce the same result.
3.5 The execution hash
executionHash = hash(
computationHash, // WASM bytecode
inputHash, // input data
outputHash, // result
eventChainHash // hash of all logged events
)
The hash uniquely identifies the execution. If any aspect of the computation differs (different code, different input, different output, different intermediate events), the hash changes.
4. Security model
4.1 Threats and mitigations
| Threat | Mitigation |
|---|---|
| Operator submits wrong result | Fraud proof via replay |
| Operator refuses to execute | Timeout, request reassigned |
| Challenger submits false fraud claim | Challenger loses stake |
| Network partition | Extended challenge period |
| Operator collusion | Economic infeasibility (stake exceeds profit) |
4.2 Fraud proof mechanism
When a result is challenged:
1. Challenger posts stake.
2. Arbitration contract requests a replay.
3. Independent verifiers replay the execution.
4. If hashes match, challenger loses stake.
5. If hashes differ, operator loses stake.
4.3 Stake requirements
Operator stake has to exceed the potential gain from fraud:
Required stake = value at risk * safety margin
Example:
Computation affects $10,000 in DeFi position
Safety margin: 1.5x
Required stake: $15,000
4.4 Challenge economics
| Scenario | Operator | Challenger |
|---|---|---|
| Honest operator, no challenge | Keeps stake, earns fee | n/a |
| Honest operator, frivolous challenge | Keeps stake, earns fee | Loses stake |
| Dishonest operator, valid challenge | Loses stake | Earns bounty |
| Dishonest operator, no challenge | Keeps stake (rare) | n/a |
The last case is mitigated by watchtowers and by economic incentives for monitoring high-value requests.
4.5 Comparison to Chainlink security
| Aspect | Chainlink | DCO |
|---|---|---|
| Trust basis | N-of-M consensus | Cryptographic replay |
| Fraud detection | Minority opinions ignored | Fraud provable by anyone |
| Attack cost | Corrupt N/2 nodes | Stake exceeds profit from fraud |
| Verification | Count votes | Deterministic math |
Both are secure. DCO is more efficient.
5. Economics
5.1 Fee structure
User pays:
Base fee: $0.01 to $0.10 (computation)
Verification: $0.01 (on-chain costs)
Priority: variable (faster execution)
Total: $0.02 to $0.20 per request
5.2 Operator economics
Operator:
Stake: $10,000 (example)
Max concurrent: 100 requests at $100 value each
Fee per request: $0.05
Requests/day: 1,000
Daily revenue: $50
Monthly revenue: $1,500
Annual revenue: $18,000
ROI: 180%
5.3 Fee split
User fee
|
+-- 80% -> Operator
|
+-- 15% -> Protocol treasury
|
+-- 5% -> Insurance fund
5.4 Staking tiers
| Tier | Stake | Max value per request | Fee discount |
|---|---|---|---|
| Bronze | $1,000 | $1,000 | 0% |
| Silver | $10,000 | $10,000 | 10% |
| Gold | $100,000 | $100,000 | 20% |
| Platinum | $1,000,000 | $1,000,000 | 30% |
5.5 No token needed
DCO uses ETH for staking and payments.
- Staking: operators stake ETH.
- Payments: users pay in ETH.
- Slashing: denominated in ETH.
This keeps the system simple and avoids regulatory exposure. A native token may be introduced later for governance if the community wants one.
6. Use cases
6.1 DeFi: complex risk calculations
Protocols need sophisticated risk models but cannot run them on-chain.
Protocol: "Calculate liquidation risk for position X"
-> DCO runs the risk model with current market data
-> Returns risk score plus proof
-> On-chain: adjust collateral requirements based on the verified score
Targets: Aave, Compound, MakerDAO, GMX.
6.2 DEX: optimal trade routing
Finding the optimal route across many pools is computationally expensive.
User: "Swap 10 ETH for the maximum USDC"
-> DCO computes optimal route across all pools
-> Returns route plus proof of optimality
-> On-chain: execute the proven route
Targets: Uniswap, 1inch, Paraswap.
6.3 NFT: verifiable rarity
Rarity scores are calculated off-chain today with no proof attached.
Marketplace: "Calculate rarity for NFT #1234"
-> DCO analyzes traits against the collection
-> Returns rarity score plus proof
-> On-chain: verified rarity in listing
Targets: OpenSea, Blur, Rarible.
6.4 Gaming: anti-cheat and fairness
Game logic runs on untrusted clients.
Game: "Verify this player action sequence"
-> DCO replays the game logic against the inputs
-> Returns valid/invalid plus proof
-> On-chain: award or reject rewards
Targets: on-chain games, prediction markets.
6.5 DAO: verifiable vote counting
Complex voting schemes (quadratic, conviction) are expensive on-chain.
DAO: "Count votes with quadratic weighting"
-> DCO processes all votes with the algorithm
-> Returns results plus proof
-> On-chain: execute the proposal based on the verified result
Targets: Snapshot, Tally, governance contracts generally.
6.6 AI agents: verifiable decision trails
AI agents make decisions today with no accountability trail.
Agent runs on DEOS
-> Every decision is logged
-> Execution hash is generated
-> Result: provable trail of what the agent did and why
Targets: DeFi protocols using AI, automated trading.
7. Comparison to alternatives
7.1 DCO vs Chainlink
| Aspect | Chainlink | DCO |
|---|---|---|
| Model | N-of-M consensus | Optimistic fraud proof |
| Cost | N * computation | 1 * computation |
| Latency | Aggregation delay | Single execution |
| Compute complexity | Limited (all nodes run) | Unlimited (one node runs) |
| AI support | No | Yes (via DEOS) |
| Customization | Predefined feeds | Any WASM computation |
DCO is roughly 10x to 30x cheaper at equivalent security.
7.2 DCO vs Gelato
| Aspect | Gelato | DCO |
|---|---|---|
| Use case | Task automation | Verifiable computation |
| Verification | None (trusted execution) | Cryptographic replay |
| Complexity | Simple triggers | Arbitrary computation |
Gelato is trusted. DCO is verified.
7.3 DCO vs ZK coprocessors
| Aspect | ZK coprocessors | DCO |
|---|---|---|
| Proof type | Zero-knowledge | Optimistic fraud proof |
| Proof generation | Expensive (minutes) | Cheap (milliseconds) |
| On-chain verification | Expensive always | Cheap, only on dispute |
| Flexibility | Constrained by circuit | Any WASM |
| Latency | High (proof generation) | Low (immediate result) |
ZK is more trustless but slower and more constrained. DCO offers the practical tradeoff for most workloads. ZK and DCO can coexist for different security tiers.
7.4 Summary
| Solution | Cost | Speed | Flexibility | Trust model |
|---|---|---|---|---|
| Chainlink | High | Medium | Low | Consensus |
| Gelato | Low | Fast | Medium | Trusted |
| ZK coprocessor | High | Slow | Low | Cryptographic |
| DCO | Low | Fast | High | Optimistic |
8. Roadmap
Phase 1: Foundation (Q1 2026)
- WASM runtime integration in DEOS
- Basic DCO Gateway API
- Solidity verifier contract
- Testnet deployment (Sepolia)
- Documentation and SDK
Phase 2: Launch (Q2 2026)
- Mainnet deployment (Ethereum)
- First operator onboarding
- Integration with 2 or 3 DeFi protocols
- Basic monitoring and analytics
- Bug bounty program
Phase 3: Scale (Q3 and Q4 2026)
- Multi-chain deployment (Arbitrum, Base, Optimism)
- Operator marketplace
- Advanced dispute resolution
- Performance optimizations
- Enterprise features
Phase 4: Ecosystem (2027)
- Third-party operator network
- Developer grants program
- Governance framework
- AI agent integrations
- Cross-chain verification
9. Conclusion
DCO is an attempt to fix one specific inefficiency in the off-chain computation market. The market today pays for verifiability by paying for redundancy: N machines do the same work because that is the only way the contract can trust the result. The cost is real.
If the computation is deterministic and replayable, redundancy is unnecessary. Run it once. Hash it. Let anyone challenge by replaying. Pay for the work that was actually done, not for N copies of it.
For most off-chain workloads where ZK proofs are too expensive and trusted execution is too risky, DCO is the right shape: provable, cheap, fast, and flexible enough for any WASM computation.
References
- DEOS Determinism Model:
/whitepapers/determinism-model - DEOS Floating-Point Determinism Specification:
/whitepapers/fp-determinism - Cryptographic Verification of Deterministic Replay in Multi-Core Operating Systems:
/whitepapers/replay-proof - Chainlink 2.0 Whitepaper
- Optimism Fraud Proof Specification
- Arbitrum Nitro Technical Documentation
- WebAssembly Specification