Advantages of secret contracts on Enigma blockchain

Hi everyone,

Building on @guy’s great post that explaining secret contracts on Enigma blockchain, I am writing to discuss trade-offs and highlight advantages of secret contracts on the Enigma Blockchain built with Cosmos SDK. I will explain the benefits of the new architecture within the context of certain solutions ideas we have previously discussed: Salad - transactional privacy tool, secret auctions, secret voting, deadman switch and decentralized trade coordinators to eliminate front-running in DEXs.

The main issues with discovery were:

  • Time - We didn’t have a way to verify ethereum blocks in Enigma, hence we had no way to determine time in Discovery. Now our network has its own blocks - thus we can determine approximate time in a decentralized manner

  • Account balances - Discovery couldn’t verify Ethereum balances easily., now our network has its own balances

  • Task records - Since Discovery had no consensus build in, users needed to store tasks (hashes of inputs) on Ethereum. This meant each Discovery interaction required at least two transactions, even if a secret contract had no Ethereum call-backs. This also meant that users need to pay network fees both for Ethereum and Discovery networks. Now, we don’t need task records at all.

Let’s explore how each of these problems affected the use cases mentioned above.

Time

Salad

A “deal” (completed mix) in Salad is triggered when a quorum of participants is met and a set amount of time has passed. These parameters are important to ensure the mix actually does result in anonymity of the participants… As we had no way of telling time, a Salad mix could only be triggered by an operator. Though operators were constrained in many ways from malicious behavior and had financial incentives to act honestly, they still presented a central point of failure.

Secret voting

Votes are tallied after a certain amount of time. Knowing when the tally should be counted in Discovery was a challenge. While an operator/relayer could have performed this function (as it does in Salad), unlike Salad, it was challenging to create the right financial incentives for the operator to not censor votes.

Deadman switch

This application requires users to interact with the contract at least once in a given time period (“proof of life”) in order to prove to the contract that the user is active, and therefore the contract should not release the secret. Under Discovery, a deadman switch secret contract would be deployed on Enigma, so that the secret could remain hidden until the switch is triggered, and the “proof of life” (user interaction) would take place on Ethereum. As a result, it is difficult for the secret contract to verify that the correct amount of time has passed in a reliable way. Using an operator/oracle was an option, but brought with it additional risks and attack surfaces.

In Discovery, we needed to introduce centralized operators to solve these issues. Now that Enigma network has blocks, we can determine time inside the Enigma network.

Account balances

Secret auctions

A secret auction meant user bid amounts needed to remain private. This required deposits equal to, or larger, than the bid amount to be deposited in a deposit contract on Ethereum. Then, the encrypted bid would be sent to Discovery. However, Discovery had no way of easily verifying whether the user has deposited enough funds to honor his / her bid. Once again, doing this would have necessitated a trusted oracle or operator, with associated risks.

Token weighted secret voting

This variety of voting enables larger token holders to have a proportionally larger say in governance. While the encrypted votes (Yes / No / Abstain) and token weights (how many tokens are dedicated to this choice) can be sent to Discovery, Discovery has no direct way to verify token deposits on Ethereum, thus no way to easily verify whether a user participating in governance has locked enough tokens.

In Discovery, we often relied on an Ethereum deposit contract, where users could deposit funds that would be required for bidding or voting. We would then require an oracle / operator to verify these balances. For example, the operator in Salad would verify balances on Ethereum. Now, with Enigma blockchain, we have access to balances of all users, so we no longer require oracles / operators and the associated complexity.

Task records

Task records on Ethereum meant that users needed to pay two transaction fees, to Ethereum and Enigma (even for applications that did not need to interact with Ethereum). This is not only costly for the user but also unacceptable in cases where execution speed is important.

Decentralized Trade Coordinators

This idea is to use a centralized trade coordinator (running inside a TEE), which would timestamp transactions before they can be submitted to Ethereum. This was initially proposed by 0x in order to eliminate trade collisions and front-running attacks. Enigma had the opportunity to create a decentralized coordinator in Discovery, but because of task records all messages sent to Enigma also needed to be mined on Ethereum. This prevented the decentralized trade coordinator from being a viable option

Dark pool

A Dark Pool is an order book which has full privacy-- you can’t see all buy and sell orders. While the concept of building dark pools on Enigma is an exciting opportunity, the fact that order placements and cancellations would take two transactions each prevented this idea from being viable. Decentralized exchanges require low latency and fast, low-cost transaction confirmation. In this case, latency was compounded by extra fees users had to pay.

In the design of Discovery, there was not a good way to get around task records. We introduced an operator in Salad, which would batch transactions and obfuscate user fees so that we could work around these issues in Discovery. However, the Enigma blockchain now accepts inputs directly without relying on Ethereum, meaning we can avoid such workarounds.

As these concrete examples show, moving to our own chain has a lot of advantages and is the right technical direction going forward. That said, we acknowledge that now we need to find a way to bring privacy to the Ethereum ecosystem. While secret contract functionality is our top priority, supporting Ethereum ecosystem is of utmost importance to us and most likely will be our next major milestone.

7 Likes