SMAUG: a decentralized marketplace for smart lockers built with SOFIE

Scenario 1: it is August and very hot outside. You want to go to your favorite swimming pool. You get going, you arrive, you get ready to dive into the water, but… where do you leave your personal belongings? Maybe the facility offers a locker or cabinet included in the price, maybe not. In the former case, all is good then. But what about the latter case? What if the facility does not provide secure storage?

Scenario 2: as an after-work activity to sponsor the company you happily work for, you have organized a laser tag afternoon with 30 interested people, that might become future employees of the company. You expect a good part of the people attending to come directly from the library, school, or from work. This is why they might need to drop their stuff somewhere before starting to run around trying to shoot at each other. After they are exhausted from the game, you then plan to give a brief presentation about what your company does, how amazing it is, and why you are looking for great, talented people like the ones that decided to attend the event. How can you provide the secure storage the attendees need?

Welcome SMAUG 

This is where SMAUG joins the game. SMAUG stands for Secure Marketplace for Access to Ubiquitous Goods and, as the name suggests, provides a secure and decentralized blockchain-based marketplace to rent access to smart lockers for more or less short periods. SMAUG has been designed to natively integrate the SOFIE framework components: this allowed the small development team to develop a fully-featured marketplace in slightly more than six months.

What features does SMAUG provide?

 SMAUG makes use of all the SOFIE framework components, but especially large use of the SOFIE Marketplace component to enable interactions between the owner of smart lockers and potential smart locker renters. Specifically, an owner of one or more SMAUG-compliant smart lockers (SMAUG has developed a standard smart locker semantic description that will be shared with the larger community) can publish on the marketplace a time interval for which interested renters can purchase access, either for the whole duration or for part of it. In SMAUG terms, this is called request creation (which means creating a request for offers – by interested renters), while the process of making offers for a specific request is called offer creation.

SMAUG allows smart locker owners to create two types of requests, in a very similar way to other, more centralized marketplace solutions out there: auction-only requests and auction-and-instant-rent requests. In auction-only requests, people must “compete” with each other to present the best offer for the smart locker owner to choose from. On the other hand, in auction-and-instant-rent requests, people can either participate to the auction or, when sure and instant access to a smart locker is needed, submit an instant rent offer, the outcome of which will be immediately returned to the offer presenter: either offer valid (access is granted) or not valid.

Fig 1: smart locker owners and smart locker renters interact with each other on the SMAUG decentralized marketplace.

How does SMAUG work?

 Since SMAUG extends the functionalities provided in the SOFIE Marketplace component, all the marketplace interactions take place in the form of Ethereum transactions sent to the SMAUG marketplace smart contract. Even though using the Ethereum blockchain theoretically allows anyone to create a marketplace smart contract and become the manager of that specific marketplace instance, SMAUG implements a semi-open marketplace. Other than smart locker owners and renters, a typical SMAUG deployment also includes a marketplace owner: this is the entity deploying the SMAUG marketplace smart contracts and the SMAUG marketplace backend to integrate the features provided by the smart contract. In a real-world scenario, this would be a big player in the marketplace space that has the resources to develop the marketplace components and the reputation to attract supply and demand on the marketplace.

To publish a new request on the marketplace, a smart locker owner must first obtain a valid access token from the marketplace owner by interacting with the marketplace backend. The access token is cryptographically linked to the smart locker owner Ethereum account (the only one able to perform the transaction on the marketplace smart contract), the smart contract account (so that the same token cannot be used with a different instance of the same marketplace), and a nonce that prevents smart locker owners to use the same token more than once. This is a design choice in SMAUG, since it is in the interests of the marketplace owner to charge smart locker owners depending on their usage of the marketplace, by monitoring e.g. how many access tokens the smart locker owner has requested, or how much money he/she has been received as the result of successful market transactions).

On the other side of the marketplace are the smart locker renters, willing to rent access to smart lockers. For them, it is sufficient to know the location of a marketplace instance (i.e., what Ethereum network the smart contract is deployed on, and what is its address) to be able to interact with it. Weather to interact with a given marketplace then boils down to the renter’s judgment, depending on the trust he/she has towards the marketplace owner. This openness concerning potential customers does not impact the security guarantees of the system since the SOFIE Interledger component is used to log each action in the marketplace and to keep transactions secure.

Upon making an offer, a smart locker renter also escrows Ethers in the marketplace smart contract: this proves to the marketplace that the offer creator will be able to pay if he/she gets access to the smart locker. In the case of auctions, it is up to the smart locker owner (either manually or via some automated agents) to select all the winning for a given request, using a set of criteria that can vary for each smart locker owner. For instance, since an offer can also request access for a part of the time specified in a request – e.g., only from 10 AM to 3 PM -  a smart locker owner might select a set of winning offers such that the total amount of time unrented for a given request is the smallest. On the other side, in the case of instant rent, the entire decision process is automated and handled entirely by the smart contract. If the offer presented matches the instant rent conditions of the request, the contract selects the offer as the only winning one for the current request and discards any other pending ones previously submitted as part of the auction process.

The selection of one or more winning offers triggers an Interledger event, propagating the information about the winning offers to another Ethereum blockchain, deployed by the marketplace owner, used for authorization purposes. On this blockchain there will be several agents - likely offered as-a-Service by third-party providers – each monitoring events for a set of smart lockers. When an Interledger event is received for one of the smart lockers under its responsibility, an agent generates a JSON Web Token (JWS for short) valid only for the time specified in the offer and logs it on a smart contract deployed on the authorization blockchain, provided by the SOFIE Privacy and Data Sovereignty component. Since the smart contract runs on an Ethereum blockchain, which allows anyone to read data from it, the JWT is encrypted using a key that the offer creator had included in the offer upon its creation. In this way, only the agent that created the JWT and the authorized user will know the unencrypted content of the JWT.

Once a JWT has been created and logged for each winning offer, the agent then triggers a second Interledger transaction, this time in the reverse direction, which includes all the encrypted access tokens logged and the offers they refer to.

When the information reaches the SMAUG marketplace smart contract, the winning and losing parties will be notified, so that the winning offer creators will be able to retrieve the encrypted access token, decrypt it, and use it to access the smart locker, and the losing offer creators will be able to claim their money back. An illustration of this process is given in Fig. 2.

Fig. 2: an illustration of the Interledger mechanism in SMAUG. When one or more offers are selected for a given request (step 1), the Interledger protocol is triggered, which makes use of an Interledger smart contract deployed on the authorization blockchain (step 2) to propagate the event to all the interested listeners (step 3). When an interested listener has issued one or more access tokens in response to the Interledger event received (step 4), a second Interledger transaction is performed by calling the Interledger smart contract (step 5), which will then propagate the event payload back to the marketplace blockchain, where the SMAUG smart contract will be listening (steps 6 and 7).

As the last step in the process, once an offer creator has retrieved and decrypted a JWT, he/she has to wait for the beginning of its rental period to approach the smart locker and present the unencrypted JWT via its mobile app. The smart locker will be able to verify offline whether the JWT presented is valid and, if so, will magically open up to the person in front of it.

So, going back to our initial two scenarios:

-       Scenario 1: you can find a nearby SMAUG smart locker which is also available for rent in the next two hours, make your instant rent offer, wait for it to be confirmed, put your stuff inside, lock the locker and go swimming!

-       Scenario 2: since this is a planned event, you can search for available SMAUG smart lockers in the venue that have open auctions closing before the start of the event. You can make an auction for each of the smart lockers and wait for the smart locker owner to select the winning offers. If you want to make sure you will have some smart lockers available, you can always make instant rent offers, and be sure that those lockers will be under your control for the whole duration of the event. You can then distribute one JWT to each participant.

What are the advantages of SMAUG?

 -     Traceability: since the most important operations are all blockchain-based, it is possible, in case of disputes, to understand what exactly went wrong. Based on that, the marketplace can then act accordingly.

-     Openness: SMAUG will provide an open semantic description for smart locker creators. This means that any mobile client will be able to interact with the smart lockers and the different marketplaces in a standard way, fostering competition and interoperability.

-     Ease of deployment: the smart lockers can grant access to requesting users solely based on the information embedded in the JWT presented by the user. This allows, for instance, a smart locker to be deployed in basements or other places where an Internet connection is not available. Furthermore, the smart lockers do not need to directly communicate with the blockchain, which means that the hardware requirements to build a SMAUG-compliant smart locker are noticeably lowered.

-     Limited third-party trust: while it is true that the marketplace owner plays a central role in the whole system if the marketplace smart contract is deployed on the public Ethereum blockchain, users of the marketplace can be sure that no data will be tampered with, because of the security guarantees the public Ethereum network provides.