The Geek Out: Too Many Secrets
Off the back of the news about Quentin Tarantino minting seven NFT’s using the Secret Network’s Secret NFT technology, this first Geek Out will take a deeper dive into the technology behind it, based in part on their Graypaper.
Motivation
While it would be wonderful if bouncers accepted zero-knowledge proofs, sometimes the more practical thing is to convey a secret. Your Hamilton backstage pass NFT could tell you that to get in, you have to rap the following:
The code word is “Rochambeau”, dig me? (Rochambeau!)
You have your orders now, go, man, go!
(OK, fine, you’d probably just show a QR code, but I like my version better.)
There is a problem, though: the blockchain’s transparency means stored state associated with smart contracts is visible. While there are many times this is a strength of blockchain technology and there is definitely a very strong preference for transparency by default in the community, this is not suitable for every application. This is also true of the companion decentralized storage technologies like IPFS. Even though the sharded content is encrypted and not visible to the storage nodes on the IPFS peer-to-peer network, when the content behind an IPFS hash gets reassembled for retrieval it is visible to all: if you know the hash, you can see the content. This is a classic case of “security by obscurity,” which is not good enough.
Because of these limitations, our hypothetical backstage pass NFT cannot contain a secret: at most you can establish that your account owns it, and that you are in control of that account. That may be good enough for this particular case (albeit a bit hard to do while standing in line) but there are many other use cases where this is insufficient. This is where the Secret Network comes in: they have built a custom blockchain and smart contract mechanism that allows for secret storage on-chain, and they have more recently built Secret NFT’s on top of this, which was the basis for the Tarantino project.
Before moving on, though, it’s also worth taking a moment to dwell a bit on the cultural insight behind this NFT application, which is uniquely enabled by the secret support. As I previously wrote on the Stoner Cats NFT, turning an NFT into a ticket to access exclusive content creates “Netflix with a velvet rope,” playing not only on growing comfort in societies with purely digital goods, but trends toward a preference for experiences over possessions, particularly in Generation Z. Say what you will about whether collectible NFT’s have intrinsic value, when they unlock access to experiences they get amplified. By enabling Easter Egg-like hidden content that only the owner can see, the Secret NFT taps into this same desire for exclusivity and experience.
Fundamentals
Like a number of blockchains, the Secret Network is built on the Cosmos SDK and the Tendermint Core consensus layer. As such it inherits not just a solid foundation for its distributed ledger but also features like the IBC Protocol, the Inter-Blockchain Communication, which makes it possible for Cosmos-based blockchains to interoperate. It also incorporates the WebAssembly-based virtual machine for smart contracts, CosmWasm. This means that the Secret Contracts built on the network are based on Rust, a high-performance programming language that can be compiled either to native code or to WebAssembly. There are a number of newer blockchains which have made this choice (e.g. Solana). Even Ethereum, which famously went its own way creating Solidity and the EVM for its virtual machine, has plans for incorporating it with Ewasm, though my understanding is there is no ETA at this time as they focus on their move to Proof-of-Stake. So it’s a solid choice.
Like other Cosmos blockchains, the Secret Network uses DPoS, Delegated Proof-of-Stake, rather than Bitcoin’s Proof-of-Work to secure the network. This means that a significant amount of their SCRT token is “bonded” into the network and they in fact have tried to design the economics in a way to push for an optimal level of 67% bonded, with a 21 day lock-up to unbond your tokens further disincentivizing rapid outflows. While it’s possible for anyone to run their own validator, currently the network is capped at 50 nodes, so most people staking are likely going to delegate to one of the 50 nodes. There is no reason given in the Graypaper for this parameter choice, and those in the community with a strong preference for decentralization may be wary, but some of the details of how secret secures the network suggest that supporting hundreds or thousands of validators might be challenging for them.
Verify, But Don’t Trust
You may be wondering by this point: if the Secret Network nodes are able to give you access to the secret content, could a malicious node leak the secret? In other words, what is our basis for trusting the network to do this sensitive operation on our behalf? This is, I think, one of the reasons for the limited number of nodes. When nodes enroll they need to provide proof that they are running on a CPU with a Trusted Execution Environment (TEE) based on a technology like Intel’s SGX. This can be thought of like a sandbox, a protected space within the CPU which is isolated from other processes at a very low level. The Secret Network requires that validator nodes execute code using this feature, and this helps provide some assurance that Secret Contracts can be run in a secure manner on a decentralized network where you, the end user, may not have a basis to trust the node executing your code. Without an even deeper dive I cannot really say how far this protection extends, but I believe in the cases where the Secret Contract operates on the secret internally during execution rather than returning the secret itself it is probably fairly robust as the secret would never leave the TEE.
Note the Secret Network is not the only decentralized project thinking to leverage TEE. In the decentralized cloud space (“DeCloud”) Akash has a proposal (DCS-12) to adopt TEE as a means of building trust in their platform: if you are running your Kubernetes cluster on a potentially malicious compute node, you could have serious problems. Closer to the Secret Network’s aims, the Oasis Protocol also uses TEE for its “confidential ParaTimes” (parallel runtimes) which also provide similar privacy-enabled smart contracts. If you are interested in the Secret Network, they are worth a look too — perhaps one for a future Geek Out!
Inception
The Secret Network’s bootstrapping mechanism is interesting. They essentially have to solve the problem of how do their validators share secrets network-wide, and where do those secrets come from? This is the $1M line in the Grayapaper:
The consensus seed is the most critical part of the Secret Network encryption schema as all other keys and therefore functionality of the protocol are contingent upon secure distribution of this originally generated consensus seed.
I am not a security expert. I am definitely not knowledgeable enough about cryptography to make any statements about their choices with regard to ciphers, elliptic key cryptography, etc.. But I think it’s fair to say that if anything ever goes horribly wrong with the Secret Network in production, it will have something to do with this one line. The first node in the network generates a seed which is used as the basis for every other subsequent joiner to decrypt and encrypt. If that gets compromised, I don’t see how the whole network maintains integrity. This isn’t highlighting a flaw, to be clear: I am sure the developers thought a lot about this. But to me this feels like a potential weak point in the whole system, and if I were staking in SCRT personally I would ask them a lot of questions, including asking for evidence of independent security audits of their code and protocol design.
On the plus side: if someone crack this, the world gets to see some very cool Pulp Fiction content for free. Fancy Bear: call me, maybe.
Lies, Damn Lies and Blockchain Benchmarking
Cosmos, like many of the newer Layer 1’s leveraging sharding and other techniques to scale, is potentially much higher throughput than Bitcoin or Ethereum 1.0. Unfortunately, there is no trusted equivalent to TPC’s database benchmarks in the blockchain space — if you know of one or even have a thought to create one, let me know! So there is a tremendous amount of FUD, shade-throwing, apples-to-oranges comparisons, quoting of unrealistic lab benchmark numbers and the like in the blockchain world about TPS, block times, what should actually count as a transaction, etc..
I thus honestly have no idea what that spread between 22 TPS and 10K TPS even means. It is either marginally faster than Ethereum 1.0 or blazingly fast but they just decided to put some arbitrary speed governor on it. Or not.
Caveat hackor.
The Future is Secret
Personally I think it’s inevitable that Secret Network’s innovations will be incorporated into other blockchains. Whether it’s for storing PII as part of Decentralized Identity (DID) standards or for NFT Easter Eggs, there are real-world applications to introducing private elements into the blockchain. It should not be the default in my opinion, but it has to be an option. So we may well see this backported into the Cosmos base layer or other Layer 1’s bolting on similar features in the future. The Flash Boys at Solana may introduce it as a hot-patch and accidentally encrypt every single validator node, taking down everything (we love you, Solana), or perhaps Cardano will devote 15 journal papers, three academic conferences and five years to contemplating maybe doing it eventually (we admire your integrity, Cardano). Or Vitalik will code it in a weekend while retiring in his posh crypto city villa and we will all be mildly embarrassed that, yeah, we could never pull that off.
