Quality of Secret Contracts

Is the writer of the Secret Contract responsible for writing their contract in a way where the data cannot be deduced from the calculation or is there some other mechanism?

For example:

sum(int x, int y) = 2

There can be some assumptions on the inputs.

1 Like

Yes, this is why the secret contract code is public and not encrypted.
However, one feature of Discovery which is new is that outputs can be encrypted as well, for particular recipients.
Thus, the user could input her data, and get the result directly without that result being available to the contract creator or anyone observing the output of the computation.
The optimal design is fairly specific to the use case (i.e., games have different requirements than PII data).

1 Like

Thanks for clarifying, that was my interpretation as well.

Food for thought: It may be helpful for create a best practices document for new Secret Contract developers. Especially in early phases of adoption, having well constructed contracts seems crucial to expressing the potentials of the platform without having excessive vulnerabilities in the first dapps.

1 Like

I think that’s a really good idea. We have already thought about doing this for some things (i.e., discussing how developers can incorporate fee abstraction, relayers), but guidelines around the contracts themselves could also be very useful.
Right now, the factors I am thinking that could be included in such a guide…

  • checks to ensure that computations do not de-anonymize data (if it is relevant)
  • suggestions to minimize contract size

Let me know if you think of anything that should be added to this list.