SecrETH

Screenshots

Problem Statement

As everyone knows, everything in Ethereum, and in most blockchains, is public and accessible by anyone. This makes the ecosystem transparent and reliable, but also imposes some limitations on what smart contracts can do. SecrETH enables smart contracts to go beyond these limitations, allowing smart contracts on Ethereum to store secrets that will only be revealed when and if the contract’s logic decides to do so. SecrETH is built on top of already available and battle-tested cryptographic techniques, without the need to make any changes in the functioning of the Ethereum protocol. It sounds like magic, but now a public blockchain can store, manage and reveal secrets!This opens the doors for developers to create a wide range of projects that were not possible before. An immediate use case is setting a secret to be revealed at a certain moment in the future, which can be implemented using SecrETH in just ten lines of Solidity. This is a whole research area in cryptography, known as “time-lock encryption”, and is currently an unsolved problem. SecrETH offers a solution for it! Another possible application of SecrETH is having POAPs with dynamic designs that are progressively revealed as more people collect the POAP, thus incentivizing people to collect it. A further use case is anonymous voting, which can be implemented in a very small contract with no need of complex math by combining SecrETH with homomorphic encryption cryptosystems. As you can see, SecrETH opens the doors to a wide range of innovative projects with no limit to what can be done with it. Thanks to SecrETH, the infinite garden is now even bigger :)SecrETH’s main component is its orchestrating smart contract. When a user wants to store a secret, they encrypt it with SecrETH’s public key. The result will be stored in a contract that states the logic of when and how that secret will be revealed. This contract will ‘register’ that encrypted secret in the SecrETH contract, so that no other entity can decrypt it. Whenever this contract wants to reveal this secret, it will call the ‘decrypt’ function in the SecrETH contract and, in a matter of minutes, the secret will have been revealed. No one else can decrypt this secret: if another contract or entity tries to decrypt it, the SecrETH contract will reject the petition. As we explain in the next section, this is all powered by threshold encryption.

Solution

Let’s get more technical! SecrETH performs the secret storing and conditional revealing using threshold encryption. Similar to an off-chain multisig, threshold encryption allows a secret key to be distributed among different entities, a part of which (the ‘threshold’) has to cooperate together in order to sign a message or decrypt a ciphertext associated with that key. If not enough entities are willing to cooperate, there is no possible way to generate the signature or decrypt the message.There is a set of addresses that operate as ‘signers’ in the SecrETH protocol, which anyone can join by staking some ETH. The SecrETH public key, with which the secrets are encrypted, is associated with a secret key distributed among all the SecrETH signers. Whenever a new signer joins SecrETH they get a share of the secret key. When a contract calls the ‘decrypt’ function of the SecrETH contract–requesting to decrypt an encrypted secret controlled by that contract address–each signer will calculate their part of the decrypted message. They do so by using their unique share of the protocol’s secret key. When the partial decryption is calculated, it is submitted to the SecrETH contract by the signer. Once enough parts of the decrypted message (this is, above the threshold) have been submitted to the blockchain by the signers, the final decryption will be calculated. If a contract tries to reveal an encrypted secret that does not belong to it, the signers will not provide their shares of the secret to do so, and the secret would remain a secret. If a signer behaves dishonestly or does not do its corresponding tasks for a certain period of time, its stake will be slashed.In SecrETH, all the cryptographic operations are done off-chain and, if required, only verified in the blockchain. This gives huge efficiency advantages without sacrificing security. Also for efficiency, multiple signatures can be aggregated into a single one, taking considerably less time to verify them. Despite all these optimizations, it is clear that SecrETH still requires a lot of transactions with the blockchain to be submitted all the time. For example, whenever a contract asks SecrETH to reveal a secret, most of the signers will have to submit their part of the decryption to the blockchain. This is why roll-ups and side-chains play such an important role in SecrETH. The SecrETH orchestrating contract is deployed in Optimism, Polygon, and Skale, allowing all these aforementioned transactions to be performed cheaply and with little delay, which would be impossible on mainnet. Even though we didn’t have time to do it this weekend, in the near future we plan to deploy a contract to mainnet that reads the state of our contracts in the roll-ups and side-chains, so we can perform the computation in these cheaper solutions while still getting the results on mainnet.As we mentioned, the off-chain client run by each signer is in charge of executing all the cryptographic operations. Consequently, we need this contract to be able to notice when it should execute these operations. One possible solution would be to require all SecrETH signers to run a node of each chain where SecrETH is deployed, but this would clearly be restrictive and end up reducing the number of signers. To solve this issue, we implemented The Graph and PUSH. Whenever a new decryption is requested, an event is emitted and included in a subgraph. Our clients run The Graph Live to stay up to date with the new events and execute the right operations whenever a new decryption is requested. At the same time, they may choose to receive a PUSH notification whenever these events are emitted. Hence, The Graph and PUSH are fundamental pieces to keep SecrETH light and scalable.To summarize, SecrETH consists of two main components: The SecrETH orchestrating contract, deployed in roll-ups and side-chains for efficiency reasons, with which contracts interact in order to store and reveal secrets. The SecrETH client, implementing The Graph to hear the petitions from contracts to SecrETH, and implementing all the threshold cryptography, submitting the results to the blockchain.In addition, we also developed a user interface that interacts with the client and the blockchain to showcase how the client works step by step. However, keep in mind that the client is a console program which runs automatically with no need for human interaction.All these three components have been completely implemented and can be found in our GitHub organization.As a final observation, we want to mention that an attacker cannot reveal a secret as long as (1 - n) or more entities are honest with n being the threshold needed to decrypt a message in the SecrETH threshold encryption scheme. For example, if the threshold is 70%, it will be impossible for an attacker to maliciously reveal a secret as long as 30% or more of the entities are honest. This makes SecrETH more secure than most protocols currently in use, since there does not exist the possibility of a 51% attack in SecrETH.In the long-run, it would be ideal for the SecrETH protocol of threshold signers to be natively implemented in Ethereum. All Ethereum validators would thus become signers, increasing the stake securing the protocol and thereby its security. In the meanwhile, however, it is important to emphasize that SecrETH has been completely developed without the need to modify the blockchain’s functioning at all, which differentiates it from all the other long-term proposals to add privacy to Ethereum.Although SecrETH involves multiple and complex programs, once implemented it makes it incredibly simple for any contract to make use of it. This makes it possible to develop great projects that we cannot even imagine right now!