Programmable Privacy: Turning Smart Contracts into Secret Contracts
How giving full control of data privacy (and transparency) to end users and developers, instead of data monopolies, unlocks the true value of the decentralized web.
Last decade, after the successful application of Bitcoin in creating a formidable, decentralized digital currency, an old and important idea resurfaced. That idea, today more commonly known as smart contracts, posited that if we can solve the problem of trust in transactions through code, why not do the same for every other kind of application?
The years that followed would describe this forming movement as the new decentralized web, one that avoids centralizing too much power in the hands of just a few large organizations, which has been the prevailing theme of the internet in the past two decades. Blockchain and similar technologies have been a cornerstone of this movement to create a more user-centric internet, and now what used to be a fringe idea has been mainstreamed by enterprises and governments around the world.
Enabling true decentralization can have many benefits indeed. Applications built on top of decentralized networks enjoy the benefit of being robust, unstoppable, censorship-resistant, and transparent. All of these are important properties that minimize the role of unnecessary middlemen and increase security.
However, all blockchains, and by extension smart contracts, have one glaring and near-fatal problem - all data stored on them is public. In that sense, blockchains are worse than anything that came before them. Instead of trusting your data with a single organization (e.g., as is the case with Facebook, Google, your bank, etc), you now have to trust everyone. For all intents and purposes, data on the blockchain becomes public domain.
This, of course, is unacceptable in the real world. No business or organization would ever agree to make their most sensitive or valuable data public. If Amazon, the dominant cloud provider today, were to make all data residing in its data centers public, it would cease to exist. Therefore, it’s not hard to see that a digital world without privacy is not one that can exist in practice. More importantly, privacy is a basic human right - so designing the technology foundation for the next web has to be built with privacy-by-design in mind.
"The flexible encryption capabilities and controls offered by programmable privacy unlock the potential value of the decentralized web."
We need privacy, not just correctness.
To address this concern, we need to go back to the drawing board and redefine the problem. In the nomenclature of blockchains, a smart contract is a unit of code, that is executed not only by a single computer, but by all the nodes in a blockchain network. Together, these reach an agreement about some state of the world, making it infeasible for an attacker to tamper with that state, or convince any honest actor that some false claim is in fact, true.
Take the trivial example of value transfer: if Alice sends Bob five coins, then everyone in the network would agree that the total amount of coins Alice holds has decreased by five, and similarly that Bob gained five new coins. No bad actor would be able to convince honest participants otherwise. This idea is often defined in the academic literature as the correctness property of a distributed system. Smart contracts (and more generally, blockchains) can solve this problem. However, as we’ve already established, they fail at solving the equally important problem of privacy.
But what if you could program smart contracts that not only solved for correctness, but also for privacy? What if you could encrypt input and output data as well as network state, keeping it hidden from all parties, including the nodes executing the smart contract? With these new types of contracts, users and applications can operate in an environment where it’s safe to include sensitive data, which most real-world use cases require. This is the concept of “secret” smart contracts that Secret Network introduces.
Secret contracts allow for programmable privacy, allowing for arbitrarily complex data privacy controls to be implemented inside applications. The flexible encryption capabilities and controls offered by programmable privacy unlock the potential value of the decentralized web. It allows for privacy how you want, for anything you want, when you want it, and from whom you want it.
To give an example of programmable privacy as implemented with secret contracts, imagine a straightforward DeFi (decentralized finance) lending app that can autonomously give out loans to users. To function, it operates a smart contract that tests each individual’s eligibility by scanning their wallets and prior transactions, then computing if the individual should receive a loan (and if so — how big it should be). For example, it may examine if you asked for loans in the past, and whether you paid them back on time.
With a normal smart contract, a user would need to disclose all of their transactions publicly. This means that everyone would have complete visibility to your finances. Since most users aren’t likely to opt into such a service, the only option left to the application provider is to keep the actual computation of eligibility centralized, in order to limit the exposure of the sensitive data to the provider itself. In this hybrid approach the application is no longer autonomous or trust-minimized, as it cannot operate without the aid of the provider. The “decentralized” application thus retains all of the weaknesses of centralized applications, with few of the advantages.
Instead, in a setting where secret contracts exist, a user can share their transaction history safely and securely with the secret contract itself. The nodes can execute the contract and receive the eligibility result without being able to observe the user’s transactions. There is no longer a need to create a hybrid dApp. This dApp could be autonomous end-to-end, while guaranteeing both correctness (if a user is eligible for a loan, she will get a loan) and privacy (no one but the user can see their transaction history).
Secret Network introduces programmable privacy.
To date, work on privacy in the blockchain space has been mostly limited to concealing transactions (transactional privacy), which is a very narrow form of programmable privacy. Several technologies have been proposed for this task (e.g., coin mixers, confidential transactions/pedersen commitments, ring signatures, zero-knowledge proofs), but these do not generalize well to the privacy of smart contracts, and are therefore inapplicable for the realization of programmable privacy.
Zero-knowledge proofs (ZKP) in particular, while an important technology and an incredible achievement, are often poorly represented as the de-facto solution to all privacy problems. In practice, ZKPs are useful when a party with access to the data wants to prove a claim to others, without revealing the data to them. But in cases where we want to outsource computations, often involving multiple parties, there isn’t a single party we can trust with seeing all of the data. This is exacerbated in the smart contract setting, where the parties executing the computation are untrusted and pseudonymous.
To enable programmable privacy and secret contracts, we need to look at other technologies that have not yet been explored in the context of blockchains. For smart contracts, the main technological requirement is distributed consensus — but as we’ve seen, that alone is not enough.
For secret contracts, the missing piece comes from an area in cryptography known as secure computation, an umbrella term for different technologies that enable computing over encrypted data. Primarily, these technologies are able to hide the state itself from the nodes in the network (as well as the public) while preserving the ability to execute and validate computations. This is the critical value of Secret Network.
Secret Network offers a unique platform to build censorship-resistant applications that keep data encrypted, making use of TEEs (Trusted Execution Environments) to conceal data from the network. Rather than letting specific organizations manage private data, Secret relies on a decentralized network of secure processors. Every node operator is equipped with specialized hardware that allows them to run code inside secure enclaves. Nobody, including node operators, can access the raw information being decrypted and processed.
Secret Network is an independent blockchain with its own consensus. Validators on the network run nodes equipped with secure enclaves and perform verifiable computations. This independence enables a flexible approach to developing and upgrading Secret Network. However, part of our vision has always been bringing privacy to any smart contracting platform. We are preparing the network to interoperate with many different networks, including other Cosmos SDK-based networks, Ethereum, and more.
Excitingly, what was once a dream is now finally reality: the code for secret contracts has been completed. The first public testnet for secret contracts is launching July 20th, with another public testnet in August, followed by a planned proposal of secret contracts to the existing Secret Network mainnet. We would be excited to have you participate in these testnets, so if you are interested, please fill out the following form:
If you’re interested in programmable privacy and developing your own secret contracts on Secret Network, please fill out this form:
Enabling programmable privacy is one of the biggest opportunities for the decentralized web. Secret contracts and Secret Network set the stage for this next exciting step in building out decentralized systems in general, and blockchains in particular. By clearly defining the problems, outlining possible solutions, and clarifying current misconceptions about privacy and blockchain technology, we hope that we will be able to more easily converge on real solutions. After all, to admit we have a problem is part of the solution already.
Guy Zyskind - CEO and cofounder, Enigma