Hi, I was wondering if anyone here could help me with a conceptual question about secret contracts. Mainly, is it possible for an Enigma secret contract to keep data hidden that it can access autonomously without a user sending a message to retrieve it?
As a specific example, let’s say that I as a user send a message using a Dapp to the Enigma network. The secret contract encrypts and stores this message with a key that it holds, but no one else can access. Now I want the contract to be able to retrieve and decrypt this message on its own, using that key.
From the docs, it seems like this data would either be encrypted with my public key, or the derived key composed from the client’s private key and the enclave public key. I don’t know if Enigma would have access to the client’s private key in order to decrypt this data on its own.
The Enigma network doesn’t need access to the client’s private key in order to decrypt the message (that would be horrible). Instead, when a user shares an encrypted argument, it does so with a derived encryption key that can be generated in two ways: (client private key, enclave public key) or (client public key, enclave private key).
Since the enclave public key is publicly known, the user can independently generate such an encryption key, use it to encrypt the value, and store it on-chain. From the symmetry above, the enclave can at a later time independently generate the same key, without the user being online. I believe this is what you meant by autonomously, but let me know if that wasn’t your meaning.
By the way, this property is also known as a non-interactive protocol.
Thank you for the response, Guy! This symmetric derivation is really neat. I did indeed mean that I’d like the enclave to independently generate a derived key at a later time, without the user being online.
I can only find code in the Enigma repo to generate the derived encryption key with (client private key, enclave public key) here. Am I correct in assuming this method is meant to be used on the user side, and not by the enclave? Does the Enigma library provide a method to derive the key with (client public key, enclave private key), or is this implemented by the client?
If I understand the question correctly, in the MVT release (current public release), the results of a computation are committed to Ethereum by invoking the “callback” function specified by the client. So there is no need for the enclave to encrypt the function outputs for the client (i.e. derive a key from the client public key / enclave private key). In our next release, the function outputs (whatever the function returns) will be delivered to the client encrypted. So we are working on this encryption scheme in enclaves but this code is not published yet.
Okay, so just to reiterate: since the client doesn’t currently need to decrypt the return result from the enclave, there’s no need at this point to have this result encrypted by the enclave using the enclave’s private key.
Thanks for the update fredfortier, I’ll follow the code releases so I can try out the symmetric encryption functionality once it is published.