Episode 425

Secret Network – Bringing Privacy to Blockchain

Guy Zyskind
  • Play

  • Play

  • Play

  • Play

  • Play

  • Play

  • Play

Formerly Enigma, Secret Network is a blockchain-based, open-source protocol built using the Cosmos SDK. It uses Trusted Execution Environments on nodes to marry privacy-by-default with smart contracts.

We welcomed Guy Zyskind, Founder & CEO of Secret Network, back on the show to chat about the progression of the project into the new protocol and why this is now built on Cosmos, advantages and drawbacks in using Trusted Execution Environments and SGX technology over cryptography only, and why people might want to keep NFTs private.

Topics discussed in the episode

  • Guy’s background and how he got into crypto
  • How Enigma/Secret Network evolved
  • Why the Switch to Cosmos?
  • Trusted Execution Environment and SGX
  • The levels of privacy within the network
  • Why CosmWasm?
  • The future of SGX computation
  • Secret contracts interacting with other IBC enabled chains
  • The types of applications running on Secret today
  • NFTs on Secret

Sunny: Guy, welcome back onto the show, as I mentioned, you were here a long time ago back in 2018. Hopefully, we’ve gained a few listeners in that time, so maybe for any of the newer listeners who maybe didn’t listen to the previous episode, can you maybe start off with telling us a little bit about your background and how you got involved in crypto? 

Guy: Sure. So first of all, thank you for having me. Again, it has been a long time, so I’m excited to be here. Epicenter has always been my favorite podcast. About myself, I’ve been in the crypto space since 2013/2014 depending on how you count, 2014 is really when I dived in, I started grad school at MIT and just before I started grad school there was this MIT Bitcoin hackathon, which we built a cool product, this is pre-Ethereum even and we won that hackathon and that got me kind of excited about what we can do with this technology. I went to my professor and told him I want to focus my research on this emerging technology.

Fast forward, I very quickly became interested in how blockchain can have inherent privacy, not just in the transactional sense. Just like the Zcash or Minerva way of transferring assets with privacy, but if we’re thinking about blockchain as these more involved, replicated State machines, decentralized Cloud computers. Leaders need a way to handle sensitive data in those Web 3 applications. 

So I focused on that. I focused my entire research on it. I wrote a few papers. They got a bunch of citations, pretty substantial citations, and that kind of led to the Enigma project, which I spun out as a company, in 2016. Then in 2017 within an ICO we started building that network.

In 2017 we did a token sale for Enigma with the idea of building a network, not necessarily a blockchain, but a network that allows it to run privacy-preserving computations. And somewhere around 2019 we kind of realized that it’s not working the best way. That was about the same time that Cosmos was about, I think Ethereum just released their resDecay or was about to release the resDecay.

I was very fascinated with the delegated consensus. Then I looked into the SDK and said wow, this is much better. We should be using that and then we pretty much scratched everything and then between the end of 2019 and 2020 we just rebuilt our architecture around the Cosmos SDK. 

In early 2020 we released Secret Network, we used a different brand to kind of distinguish it. It had a new coin called Secret. Then in September 2020, we launched the Privacy capability. So basically, in Secret Network you can run encrypted smart contracts. Where the inputs, the State contract, and the outputs are encrypted. You can build end-to-end decentralized applications with privacy, and the network has been growing substantially since. I think one of the bigger Cosmos chains today and yeah, that’s kind of the history from 2014 to 2020. 

Friederike: Thank you. That was very comprehensive, I’d like to dig into the switch to Cosmos. So basically, you said that the Cosmos SDK was just a lot better than your previous technologies stack, can you kind of expand on that a little bit. 

Guy: Yeah, I mean look, our core capabilities are, how do we build privacy interest, smart contracts. Pre-Cosmos there was an option to fork Ethereum, but that didn’t work well and we didn’t want to do it. So we started building our P2P stack, our kind of consensus. It wasn’t consensus because we were relying on Ethereum for consensus, but we spent I think 80% of our development, our testing, and building that infrastructure that was just a waste of time. 

Cosmos have a great SDK, truth be told at the time, I think its improved today, but at the time, the SDK was great, the documentation was horrible, so it took us longer to get fully on board and work with Cosmos than we could have today, but still, all the parts are there and instead of focusing on building a P2P layer and a consensus layer. We have that and we can just focus on the other aspects of our technical stack. 

Friederike:  So, how were the reactions from the community when you rebranded and switched tech stacks?

Guy: So people were confused. 

We were selling ourselves for a long time as an L2 Ethereum, an L2 to other chains, at that time people did not believe in a cross-chain world. Everyone that relates to Smart Contracts was like, no, no, no, everything has to be on the Ethereum, what are you guys doing? 

So, we got mixed reviews, but we didn’t care. Not that much. I mean, it’s always better to get good feedback. But we just knew this was the right approach. And I think in the test of time, it’s pretty proven that this was the right course of action. 

Sunny: Looking back, is there anything you would have changed as to how that process went? 

Guy: There’s one element which I think the jury is still out on. So at that time, CosmWasm was just started, it was still a prototype as well. We’ve helped CosmWasm quite a bit. 

One of our team members became a core contributor to CosmWasm and I think there was a big question about whether we are doubling down on CosmWasm and WebAssembly or focusing on EVM.

My gut feeling is that we made the right call. I do think that going the CosmWasm WebAssembly route is the better approach. I feel that that’s what Cosmos is consolidating around. So I think it was the right decision, but I’m still not sure. I think we’ll know that in a year or two.

Sunny:  Would it be possible to support multiple VMs in the future or is the goal-focused, you lose composability benefits and stuff. Like if you start to do that. 

Guy: Yeah, it gets complicated. You most likely lose composability, we’re not 100% sure. It’s maybe a matter of effort. So supporting multiple VMs is a lot of effort once you are stuck with one. Now we can do it. But we are still a fairly small team in terms of the developers. But in terms of code developers were still small. So not sure that’s what we want to put our effort in. Maybe as you start to run, you run across problems like composability, other types of like Integrations. 

Yeah, there will be trade-offs for sure. 

Friederike: So guys, let’s talk about the Secret Network. So if I understand correctly there are currently 70 nodes. how is it determined? How many nodes can participate? Why is there an exact number? 

Guy: Right. So we initially set it to 50 nodes. The reason was that in our Network, one thing I didn’t mention was there was one requirement for rounding the validator, only Secret Network that other networks don’t need and that is you have to use SGX. We use secure enclaves to achieve privacy combined with security and encryption protocols. 

And there are some costs associated with it. So if you run it without SGX, it’s not multiple times faster, but you do get some speed reduction. And so we thought that starting with 50 nodes, basically smaller than I think the 100 or 150 that Cosmos. We felt that was the right number. 

It wasn’t an issue until like the last six months. Around six months ago, when the network was starting to grow fast. We got a lot of people who wanted to become validators and that’s why there was a network vote to increase that to 70 nodes. So, it was 50, but recently, it was increased to 70 to a vote. And I do think we will extend it over time. 

Also, a lot of our work for the next scene is around improving the VM and making that work faster and I think as we do it, it will be easier to grow the number of nodes.

Friederike: Guy. I think probably more than 50% of the listenership are familiar with what SGX is, but maybe for the rest. Can you, in a nutshell, explain what a trusted execution environment is and what kind of trusted execution environment SGX is. 

Guy: Sure. Sorry, a trusted execution environment is kind of like a segregated piece in your process or your memory, which is completely walled out for anything else happening in that system and no one can probe into it. Not even the person owning that physical machine.

It’s essentially a generalized hardware wallet. Your hardware wallet is essentially a piece of hardware where it allows you to run one computation which is to sign from the actions, but you can’t probe into that wallet and extract the sensitive data, which is the private key. 

So SGX works very similarly, but it allows you to run any kind of computation, and then any data that you push into that enclave, into that trusted execution environment can’t be seen by anyone, not even the validator running the machine.

Just one quick note. There are different kinds of trusted execution environments, pretty much any big vendor today that’s building processors has a version of it. So Arm has a version, Intel has a version It’s called SGX. That’s what we’re using right now. AMD has its version. 

Friederike: How does the network know whether the node trusted execution environment is legitimate?

Guy: Right. So that’s one of the first things that we did. We build a registration protocol. So that’s where we kind of diverge from like normal Cosmos. So when a new validator joins our Network, essentially you need to go through a registration process before you can start to validate blocks. 

So what you would do is you would run some code inside of your trusted execution environment. And that code says it generates a key, a private and public key, and then the enclave signs it. It’s a process called remote at the station signature, over the generated public key. 

That blob of information is then posted on the chain as proof that you’re running, a genuine enclave. So, essentially SGX and other systems allow you to verify externally that computation has happened inside of the enclave. It corresponds to a specific piece of code on-the chain correctly, and we chain on the genuine article.

Now that’s been put on a chain, everyone can validate that a new validator is running a secure enclave. They generated this keeper inside of the enclave. So the private key and the public are interested, but the private key that was generated never left the enclave. 

Now any other validator can take that information, the public knows that this was done in a genuine enclave, encrypted and encrypting some kind of seed, shared seed, that all validators share and put the encrypted seed on the blockchain.

Now the validator that’s registered can complete the registration by taking that encrypted seed because we know that the private key for that only lives in the enclave. We know that the validator can see them. See they pull it inside of their enclave and they decrypt it there. And now it’s an ongoing process and any new validator that comes in goes through the process and you get into a system where the base seed is shared by all enclaves that have been vetted. 

Now using that seed, you can derive new keys again, that only the enclave can use to decrypt information coming from the outside. You can use those keys again, all of them returned to the base entropy from that scene. You can use it from the outside to encrypt stuff and then send it to the validator’s enclaves.

 I hope that’s not too dense. I don’t know if anything is confusing a minute. Feel free to ask for clarifications. 

Friederike: Just to follow up on this. So does this process, I mean, it sounds like magic a little bit. So does this work without relying on the assertation of Intel, whichever chip manufacturer you’re using, so basically you can secure the Enclave, prove that it’s not being watched, how exactly do you come by that attestation?

Guy:  So the initial registration part does rely on intelligence. But it does rely on lntel to say, look we have that signature, that remote registration, which is essentially a signature from a genuine enclave that we manufactured.

Now, I do believe that in the next version of SGX, which we are working on including, there’s flexibility in that. There are ways to do it without actually going remotely to Intel servers. We have not implemented that yet, but it does exist. 

That said, the process that we are generating a private key and a public keeper inside of the enclave does mean that we only have to do it once for every validator, and then at that point, the network can really kind of self-manage and self-sovereign. 

Friederike: Quick. Can I follow up again on the SGX? So basically, if I have a consumer notebook, will that typically have an SGX or will I have to buy a special computer to have that included. 

Guy: It used to be the case. That is something, our network has an infrastructure committee that checks at all times, the quantity, supported hardware, and what you need. I think to be fair, we can talk philosophically if that’s the right direction, but to be fair, it seems that a lot of validators are becoming more professionals. So they’re not running notebooks anyway.

They’re running serious server infrastructure. Again, a philosophical question, but it used to be the case that any notebook would have SGX support. But I think in the latest chips they’ve decided to only enable that in servers. So the answer is no, at least new notebooks do not support SGX as far as I know, but again, I think it’s less of a problem because everyone in our network is mostly professional validators, that are running servers anyway. 

Sunny: Do you know what caused Intel to sort of reverse direction on that? 

Guy: So we have pretty good ties with Intel, I’ve asked that and I didn’t get a fully clear answer. I think that’s something that’s very internally important for them. But my thinking is that they want to focus on high-use SGX in the enclave and confidential computing in very, very high loads. And that works better with servers, they want companies to provide their services. You are protected by things like SGX and enclaves.

So, originally the idea of putting SGX, as far as I know, with every computer was so that let’s say a company gives you an agent software that you run locally not on the server and that agent would run inside of an enclave locally. So you as the end-user in the customer are comfortable that your software hasn’t been tampered with. I think that that didn’t pan out as a good business direction, and it was just costing them more money than it was giving them. 

Sunny: Plus, there’s a little bit of a DRM solution. I remember that was sort of one of the things that they were picturing early on. So then I guess it’s a different class of users. So to use Secret Network I don’t need to have an SGX on my computer to just be a client. 

If I just want to run a full node, not as a validator, do I still need an SGX?

And 2, how does the security model change throughout when you’re not running an SGX and you rely on a validator?

On one side. I feel maybe you can even improve the light client security model from normal because you can rely on certain aspects of the SGX to improve that. But on the other hand, how does the privacy model change then? 

Guy: I mean first of all this was mostly for simplicity, we thought about doing a hybrid model with full nodes, somewhere between a light client and a full node, and don’t have to run SGX, it was too complicated. I mean we can do it but again it’s a cost-benefit analysis. And so for now, even full nodes need to run SGX. End users and clients don’t need to involve. 

Sunny: You can check out how the light client would work because I know this has been a big issue in many privacy coins, like Z cash, especially where there is no light client that exists for Zcash. So is there a light client that exists for Secret? 

Guy: Not really, but when it comes to specific things. So there’s a concept of viewing keys and pretty much anything that’s encrypted you can give a viewing key. Then they can get read-only access to important information. So that’s usually the way that we are solving. 

But no, there’s no proper light client yet. 

Sunny: Yeah, so then back to the previous question. So, what kind of privacy guarantees do I get when I try to use Secret Network, 

Does the validator that I’m querying information from, can they learn about my data?

Guy: No, the validator for sure can’t. 

Secret itself the coin is not private. So there’s information in many systems, but now when you send your information to validate or and when it’s edited, the inputs, the state, and the outputs, they’re encrypted there only being decrypted inside of the enclave.

So there’s nothing that you miss and we basically, for correctness still take all of the benefits of Tendermint because of the key sharing process. Because of what I said in the beginning when you register you get a randomly generated seed, but then that seed is used to pseudo-randomly and deterministically generate the same set of keys for all nodes for all computations for everything that’s going on. 

So consensus doesn’t break. All validators even if they don’t see what they computed, at the end of the day, the blocks that are produced from the transactions, the outputs, all of them are the same. 

Sunny: I guess my question is, if I’m querying data from the blockchain, you mentioned these viewing keys. I’m querying a node saying, hey, I want to know what my balance in my account is. Can anyone see that? 

Can they see that I’m asking for a balance and from what token and can they see the balance itself?

Guy: So let’s say the example of querying for a token balance. So they would see the Secret wallet and they can see the address of the Secret wallet is querying for a balance. They will know which token their current because each token is its contract. They would not know that you’re asking for a token. They will just know that you’re interacting with the token contract from this secret address, and then the query would basically, would pull your balance from the state and they won’t see it because that part happens inside of The Enclave. 

Then before releasing it outside of the enclave. I mean, for each query or each transaction, there’s a derived key between the user and the enclave that only the enclave itself can see and the user can see. So what happens is, that the enclave uses that to encrypt the query result inside of the enclave for the user and then releases that. So only the user can client-side the privileged information. 

The other part is that there’s a viewing key so you can share a viewing key, for example of another service, you could get some kind of read-only access and can also decrypt the information from the query but those are the only parties that can see the results. Either the user or whomever they gave the key to. Does that make sense? 

Friederike: Thank you. That’s super interesting. Yeah, it makes total sense. I imagine there are particular challenges to building the user experience, building as a fully private chain. 

What are those? 

Guy: Several challenges both from a developer and from a user perspective, right up to whenever you’re doing something, you first have to give a viewer key permission for the wallet. Let’s say there’s a new token. So now there’s another click where you need to create a viewer key for that new token. Then let your wallet or the application use it in some way, usually your wallet. Just another click people are not often used to it because it’s only in Secret Network pretty much, that’s something that we’re working on. 

Recently, we’ve enabled the ability to use permits. I’m not even the best person to explain those, that is even still new to me, but they make the process much easier. It’s much more automated. So, that’s one challenge.

The other challenge that this creates is in many cases, let’s say there is a big NFT drop, right? And everyone is coming at the same time and they want to see their NFTs. Well, they first have to create viewing keys to see those. Again this is mostly solved with permits. But if you’re not using permits, then that creates a lot of transactions immediately on the network and we have seen that create some let’s say difficult stress on the network that in other networks you don’t see because you don’t have that functionality. 

So that’s another challenge and the third challenge is, if you look at Tera, in other networks a lot of them, catch the information. So let’s say you interact with the contract. There’s a lot of the same queries, there’s mostly just a few rights, so they would cash it on the centralized server to kind of reduce the load, the query load from the network but here because every user has access to only their row of information, no one can see the full state. And usually, each user just queries their row. You get a lot of queries, which you cannot cash, and that creates making optimization hard.

 I don’t think there’s a perfect solution there, we are doing quite a lot of work to improve. But that’s I think that’s part of the cost of riding with privacy enabled.

Sunny: How about from the developer’s standpoint of view? So as we mentioned CosmWosm is becoming sort of the standard across many Cosmos changes, especially Tera. Can I just go take a Tera contract and just one click redeploy it onto Secret Network or are there sort of additional hurdles that we developers have to go through to make their contract designs work with the privacy models? 

Guy: Very few hurdles as most of them are just because of eco-system tools. So, you know, Tera GX we have Secret GX but it’s pretty much the same thing. We’ve done it. Other people have done it. It’s really simple. It’s simpler than most people think. I think that’s the biggest benefit that we’re all converging to the same model with CosmWosm in words, very easy to cross deploy, and one of the things that we want to do in Q1 is we want to give a very easy guide on if you deploy your app on Tera, here’s how to convert it to Secret in five minutes. 

Sunny: How do I define this as viewing restrictions? Because I’m sure on most CosmWosm contracts anyone can just query any part of a contract. Here, I have to add additional restrictions to say, if you’re trying to carry this balance, you have to be the owner of this balance.

So are there additional sort of, I guess in the view from the read functions of the contract? I just must add more restrictions there, or is there anything more complicated than that?

Guy: I mean again, if you want privacy, if you want to do a lot more selective access control stuff like that you need to, that is up to you. Technically, you don’t have to do them, it would work without it. But if you want to use these functionalities, then you have to make slight changes. But again, they’re not big. They’re usually not big. 

Sunny: Can I when using Secret, do all contracts have to execute inside the SGX. So let’s say some things are because one thing before regarding that is how does computation expensiveness work, and relative compared to something. 

I know one of the restrictions with SGX is it’s slower than running on a normal GPU. You can’t do hyper multi-threading and you have less RAM and stuff. So what can you tell us a little bit about some of the restrictions that a developer might have there? 

Guy:o So it’s single-threaded, but I think most executions in Cosmos CosmWosm were single-threaded until recently. We are working right now on the multi-threaded support, that’s almost done. So we are going to support multi-threading in SGX. It wasn’t trivial but that’s one of the optimizations we’re doing.

The memory issues. There’s enough memory, but in many cases because of the way SGX works. Then you have a lot of cache misses and if you don’t efficiently load information inside of the enclave and outside, then that could take a long time. I think in our profiling we saw that every time we open an enclave, we reload the contract that is taken. In some cases, I think the majority of time is spent running the execution.

So yes, the considerations there. It’s not trivial. We are slowly improving these and resolving these. And I think we’re in a much better position. The slowdown is not that bad today, but it’s going to improve in the next year.

That’s one thing, the other thing which is slightly less an issue is SGX doesn’t for security reasons, it doesn’t use standard libraries and stuff like that. So using something like Wosmail, which is the go-to, I guess interpreter or just-in-time compiler for running Wosmcode. And that’s what I think CosmWasm uses natively.

We couldn’t use that easily so we replaced it and that took a lot of effort, but we replaced that with Wasmee, which is more of like a pure interpreter, and that works, but that is much slower than Wosmail as well. So again, one of our things on the to-do list is to go back. Reintegrate Wosmail in a way that is supported by SGX. 

Sunny: So then that case, can I opt to have certain contracts not run in the SGX. Let’s say there are heavy computation functions that I have no reason to keep private. Can I reduce my gas costs by running those not in the SGX? 

Guy: Not right now, but that’s a fantastic idea

Sunny: From a scalability perspective then right, where would you place the limit of where SGX computation can go? We have a spectrum, do you think SGX computation today, can you do more than you can in EVM or do you know can it ever get to native CosmWasm scale or Solana style scale. Where do you see the limits are? Assuming you can get all these optimizations you want, where do you think it will end up Landing?

Guy: Yeah. I think that won’t be an issue. I think these are engineering challenges and I think at the end of the day there will be a slowdown. It won’t be meaningful. I think the one place where I’m not sure is in cases where you need to access areas of information you want to run through all of the users at the same time. That might be the only place where I think it’s going to be problematic in the end. But everything else I think we can resolve.

Friederike: So, Secret Network is IBC right? So basically, how does the secret part work across different Cosmos-based blockchains? So can any IBC enable blockchain query smart contract? So how does it work?

Guy:  We kind of did what Tera did and I think most chains, Sunny I don’t know if you remember but you and your co-founder with Osmosis, you gave us the tip to do this. We only enabled semi-native assets on IBC right now between chain-to-chain. We do not support quoting one contract on our chain and another IBC chain, that is something that’s going to happen in let’s say IBC 2.0 upgrade which is going to happen sometime in 2022.

But so far, what you can do is you can transfer assets, and you can also do something which we are doing. For example, you can take Osmo or Atom or Luna or USD, you can transfer them to our chain, and then via IBC you can wrap them as a token and that token gives you privacy.

So for example, if you want to trade your Osmo privately then you can move it to Secret Network, and wrap it. We have a UI to do it very simply, and then you can transact with it. You can split it into different wallets. You can edit to Secret Swap, which is our AMM name, and trade there. You can exit back in time, you can unwrap it and exit back for IBC to whatever chain that you want. So those are the capabilities that are available right now. 

Friederike: And I was wondering. So can you use the SGX to do multi-party computation? 

Guy: I mean technically what we’re doing is multi-party computation, but we are using SGX. If the question is whether we can do the multiparty computation in its pure cryptographic form, then I would say that’s a very different implementation. We can do it, it can use SGX to simplify something. 

So some elements of SGX can make the MPC protocols that you use simpler because you can try if you take an assumption, for example, that SGX can protect correctness and whoever is running the code inside of an enclave will not break protocol. 

So you can use what we know is semi, but honest protocols, which assume participants will try to link data, but they will not change the protocol. So again, SGX can help us in developing these kinds of solutions in a much simpler and more scalable way. But you know, they’re another tool. It’s not that you get MPC for free. It’s still a very complicated thing to do and we talked about scalability so much. 

I think MPC for general-purpose computations, unfortunately, the cost increase and the speed reduction would be so heavy that I doubt that a developer would use that unfortunately today. 

Sunny: I think one of the interesting things what I see Secret Network is doing in, a lot of ways is, I think the SGX as a computer system, it provides you high levels of safety and privacy. But on its own, it doesn’t provide lightness. And so one of the things I see it as, I pitched Secret Network ads, when I explain it to people, I call it distributed SGX, where it adds lightness to the SGX platform. 

Can we also use it for things like being a custodian, for example, I know the Avalanche Bridge with Ethereum is running on a single SGX right now, which is kind of crazy to me but partially, and it’s kind of crazy mostly because if it’s a single SGX, it could have a lot of lightness issues. 

We entrust, the SGX with safety properties. But if that machine breaks down we’re in for a lot of trouble. So could we use the Secret Network as a distributed custodian in that sort of way?

Guy: I think we can, and we have some grants that are you know, taking the direction. 

We have a developer called Asaf, he just made an interesting tweet about how DAOs can now control private keys inside of their contracts and then IBC and other things essentially do stuff on other chains through the DAO because it controls, lightness is pretty much guaranteed.

By the way, I like your pitch I’m going to steal that if that’s okay. 

Sunny: So, okay. So here’s the other part, the big question I have for SGX. We’ve worked a lot on front-running resistance-related things and mempool privacy, and I know that’s something that the SGX also, Secret Network provides in a lot of ways. 

But for me, one of the biggest concerns I’ve had with the SGX is we see on a semi-regular basis, flaws found in the SGX. People can find vulnerabilities. 

In my opinion, how I see it is right now the value and finding a vulnerability that there isn’t even that high of a benefit right now. It’s been mostly just academic research teams that have been finding these vulnerabilities. But you know, as there’s more, and more economic value that’s happening. 

If you can extract MEV by breaking the security model of an SGX and extract billions of dollars of MEV then that’s essentially a billion-dollar bounty on breaking the SGX. Do you think that SGX can sustain that level of security budget?

Guy: I mean, I’m speaking from a position. I do believe that’s the case. I do believe for many use cases that’s the case. I like the idea that Secret Network is the biggest honey pot for testing secure enclaves at scale. So far we didn’t have problems and any time there’s a flaw, we immediately patch it through a network upgrade. Make sure that everyone is patched. We are very, even stricter than most other players, I’ve seen using SGX.

But I guess it’s to be seen from my perspective. Look, as you know, my background is in cryptography and PC. I’m very much excited about the future to include other kinds of technologies that are more cryptographic in Secret Network.

At this point I’m more concerned that you know, developers would not be willing to take this slow down and the cost increase of using proto-cryptographic technologies and many of them have other issues and constraints that people often overlook when they present them. 

So it’s a balancing act, we do feel this is the best solution for the problem right now. We like the idea that it allows us to check things at scale with high value and then over time hopefully that will help us to make our system enclave SGX, specifical enclaves, in general, more and more robust. 

But at the end of the day, if the technology allows it, the users and developers demand it I would be super excited to look again at MPC and even homomorphic encryption solutions at least in some aspects. and some use cases that are being built on our network. 

Friederike: I want to talk about the ecosystem. But now I have to follow up again. Damn, you Sunny. If I am a node in the network, how would I find out about the fact that some SGX was compromised or is being viewed by something that’s not the SGX? How would I catch on?

I mean, can I read somewhere because basically with a lot of the shielded protocols. There’s no way to check, right?

Guy: So first of all, I want to say that most vulnerabilities are academic researchers and they are way overblown. There have been very few of them, especially the ones in the early days which were I think devastating and easy to exploit, not easy but possible to exploit not in laboratory safety.

But putting that aside, once there’s an SGX issue we can trigger a hard fork. We can ask everyone to re-register, the relationship protocol that we mentioned, and we can trigger a hard fork. Post an enclave update and then everyone has to re-register every fork that happens. Everyone has to go through the registration protocol again. And at that point, if they are not running the fully patched version of SGX interval firmware and software, then they won’t be able to register. So that’s how people know, there’s a hard fork in the network.

Friederike: But that’s only if it is brought to your attention, right? That there is a vulnerability in the SGX. So basically how would you find out that there’s a vulnerability? If it’s not, someone with white or grey hair, to kind of make this publicly available information. 

Guy: If someone were to find a vulnerability, it’s a blackhead. They don’t disclose the way of it. We’re not aware of it. Then what happened that could have this service. Yes, I mean there’s no way to protect against that, very much like with the Z cash publication that was a bad situation and you could leak the keys if I remember correctly. If someone had found it and not disclosed it and someone did then they could exploit it. 

So there’s no way we could in that situation. 

Friederike: Okay, there’s no way to know. 

So, let’s move on to the ecosystem. So, tell us about the kind of applications that are currently running on Secret Network. 

Guy: Yeah, I’m pretty excited about that, we have a few Dex’s that are front runner resistant, that is great as Osmosis, but they are used. The frontrunner’s resistance is cool. The privacy aspect is cool. 

We have over 100 million in assets may be more than I recount in our network that originated by projects in our network or has been brought from Ethereum because we have an Ethereum page by the smart chain because we’re everybody’s smart chain and for other IBC, they put networks. So a lot of use cases around that.

Then we’ve released the Secret NFT standard which allows you to launch NFTs, and NFT collections and it’s the point of being secret NFTs, you can define private metadata such as only the owner can see the data, and that owner can give viewing access to other parties. If so, they choose. 

We announced yesterday with Quinten Tarantino that there’s an auction for his original screenplay of Pulp Fiction, which is something that no one has ever seen. It’s in his handwriting, there are a lot of things and details about the original script notes to himself, markups, markdowns, comments, and stuff that hasn’t been in the final movie and that has been something that he kept private for 25 years.

Now we said in those secret NFT and essentially that’s going to be in an auction in two weeks. And only the people who buy it would be able to see it and then they can decide if they want to give access to other people or not. 

So that’s another use case. There are just so many NFT use cases right now, there’s a marketplace called Stash that launched a month ago, and there’s been I think two thousand NFT drops and there’s a new one every day and each one of them uses the privacy aspects in very interesting ways. 

There are a few games building on our network and I think what we can provide what those other networks cant provide is we can allow you to build your games with the State on-the chain. So for example, if you do poker, you can do it fully on-the chain because you can keep the cards themselves, private for each participant until the right moment. So we see a lot of that. 

We see DeFi use cases, or those private lending coming out this month by a company called Sienna and another is Shade which is going to be the first privacy-preserving stable coin algorithmic stable code. It’s kind of a mix between Olympus DAO Reserve currency and a fully pegged privacy-preserving stable coin.

Then there are a bit more lofty ideas that I think are just going to be, they’re going to take time to be adopted. But I’m excited about them. There’s DataVault which is data is secured in a marketplace for all kinds of like use cases. 

A doctor tried to work on putting some form of medical data on the blockchain and allow Physicians to look into that. There’s a company-building credit scoring solution so that you know privacy-preserving credit score is so you can do maybe stuff like other collateralized loads on the blockchain.

 So a lot of things are being built right now. 

Sunny: Yeah, I think that’s cool. A lot of these use cases make a lot of sense. 

One thing I do want to ask though is for the NFTs it seems if at least from my social networks and stuff, I see a lot of people are pretty excited about the NFTs happening on Secret Network. 

Why do NFTs want that much privacy? It seems that usually NFTs are mostly about status signaling and I want people to know that I own, check out and look at NFTs.  You know vanity is what is sort of what’s driving the user demand behind private entities. 

Guy: Well, first of all, you can do really interesting things, we’re just scratching the surface. So there are now redacted drops, you can brag that you have the NFT. You see it with the watermark or low resolution or part of it is redacted, just like a redacted Club, but I think the eyes are redacted, stuff like that, but then the full picture you see for yourself. There were secret parts where the background was what only the owner could see.

SecretSkulls created really interesting economic dynamics. That idea was that you meet or excavate a skull that has its visible base properties. But now you have several times, where you can reveal traits one by one that created an interesting economic dynamic where people said maybe the things that are worth the most you just sell a fully unexcavated skull with all the traits still hidden.

Or maybe reveal one trait, kind of like in blackjack. I got a rare trait but maybe the other ones are crap, but it’s not worth that much. So, now there’s an interesting game theory. Do I sell it down or do I keep opening to hopefully increase the value further? 

So there are a lot of interesting things you can do that you can’t do with open NFTs. And if you want status, again, you can reveal a portion or lower resolution version or you could reveal the whole thing. That’s fine.

There’s a collection that does reveal the whole thing. But then the private metadata is aided to your telegram head and that takes you to a secret chat that no one else can know about or be added to. So, you know, it’s an interesting experiment and I feel with Quinten Tarantino’s approach. But a lot of NFT companies and providers said no to all of them because he said, what is the point of me uploading something that is already public, and then everyone can see it and download it. Why would anyone buy that? If they can already get a copy of it.

The idea of like keeping it a secret until the first person buys it clicked with him and we got that feedback from artists today that we talked to. So apparently there’s a need. 

Friederike: So Guy, thank you so much for coming on. People need to learn about secret Networks and find the docks and find the grant program and so on.

Guy: Right. So if you go to script. a network you should be able to find pretty much everything that you need and then you can find, @SecretNetwork on Twitter we have a Discord and you can follow me at GuyZyz on Twitter. 

If you want to apply for a grant, just hit me up on Twitter personally or come to the dev Channel or the general Channel, say hey, we have a grant, you ever want to talk about it and either I or one of the team members will talk to you. 

Friederike: Perfect. Thank you, Guy. 


  • Chorus One

    Start earning rewards and contribute to network security by staking with @ChorusOne, a staking provider securing $5bn in assets on over 25 decentralized networks. Head over now to https://chorus.one to start your staking journey.
  • ParaSwap

    ParaSwap aggregates all major DEXs and makes sure you beat the market price at every single swap and with the lowest slippage - paraswap.io/epicenter

0:00:00 | -:--:--

Subcribe to the podcast

New episodes every Tuesday