CORE SERVICE v1.0.2

Privacy Oracle

The Morpheus Privacy Oracle allows smart contracts to request off-chain data from any HTTP(S) source with end-to-end encryption. Unlike public oracles, Morpheus ensures that API keys, auth tokens, and sensitive parameters are never exposed on-chain or to the infrastructure operator.

End users should not call the worker endpoints directly. The supported production path is: encrypt locally, submit the JSON payload through the on-chain Oracle contract, and wait for the callback. Neo N3 mainnet Oracle: 0x017520f068fd602082fe5572596185e62a4ad991 via oracle.morpheus.neo.

Request Lifecycle

1

Parameter Sealing

User dApp encrypts secret parts of the request (e.g., API keys) locally using the Oracle X25519 public key.

2

On-Chain Submission

User contract submits requestType + payload bytes to MorpheusOracle and pays or sponsors the request fee.

3

Enclave Execution

The worker receives the request through the relayer, unseals the data inside the TEE, performs the fetch, and signs the result.

4

Verified Callback

The Relayer submits the TEE-signed result back to the user's contract via a callback function.

Data Sealing (Parameter Encryption)

To ensure API keys, authentication tokens, and private identifiers never leak on-chain, Morpheus provides a zero-knowledge parameter sealing mechanism. You encrypt the sensitive parts of your request locally.

1. Structure your Confidential JSON

The encrypted patch is merged into the public payload inside the TEE. Common confidential fields include headers, query, body, json_path, and even script.

json
{
  "headers": {
    "Authorization": "Bearer sk_live_123456789",
    "X-Project-ID": "proj_xyz"
  },
  "query": {
    "private_customer_id": "cust_999"
  },
  "json_path": "data.score"
}

2. Encrypt Locally (X25519)

Fetch the Oracle's current public key and encrypt the JSON string. This operation happens entirely on the client side.

javascript
// 1. Fetch TEE Public Key
const { public_key } = await fetch("/api/oracle/public-key").then(r => r.json());

// 2. Encrypt the Confidential JSON
const ciphertext = await encryptWithOracleX25519(JSON.stringify(secrets), public_key);
// Returns a Base64 encoded encrypted blob: "vF9+kx..."

Smart Contract Integration

Now, place the encrypted blob into the JSON payload that your contract submits on-chain. The relayer delivers it to the TEE, which decrypts the blob using the sealed transport key, executes the request, and returns the callback envelope.

Neo N3 (C#)

csharp
public static BigInteger RequestData(ByteString encryptedParams) {
    string payloadJson =
        "{"provider":"twelvedata","symbol":"NEO-USD","encrypted_params":""
        + (string)encryptedParams
        + "","json_path":"price","target_chain":"neo_n3"}";

    return (BigInteger)Contract.Call(
        OracleHash,
        "request",
        CallFlags.All,
        "privacy_oracle",
        (ByteString)payloadJson,
        Runtime.ExecutingScriptHash,
        "onOracleResult"
    );
}

Neo X (Reference Solidity Interface)

solidity
function requestData(string calldata encryptedParams) public payable {
    uint256 fee = oracle.requestFee();
    require(msg.value == fee, "incorrect request fee");
    bytes memory payload = abi.encodePacked(
        '{"provider":"twelvedata","symbol":"NEO-USD","encrypted_params":"',
        encryptedParams,
        '","json_path":"price","target_chain":"neo_x"}'
    );

    oracle.request{value: fee}(
        "privacy_oracle",
        payload,
        address(this),
        "onOracleResult"
    );
}

Transformation Logic

Instead of using only a static json_path like "price", you can embed a full Javascript function or WASM module inside the JSON payload. That logic executes inside the TEE after the HTTP fetch completes and only the derived result is returned.

Advanced Mapping: Oracle custom JS functions use process(data, context, helpers). The HTTP body is passed as data, request metadata is passed as context, and helper functions are passed as helpers. For stronger isolation, use WASM.

Previous Starter StudioNextEnclave Compute
REVISION 1.0.2LAST UPDATED: 2026-03-11