Posted on

8 Blockchain Projects Enlist Early to Test Secret Enigma Contracts

Can you keep a secret?

For many blockchain projects – whose underlying architecture is a public ledger of transactions – that can be a challenging ask. But Enigma, a project incubated at MIT Media Lab that raised $45 million in an ICO last year, is hoping to make that possible by developing privacy-enabled smart contracts it calls “secret contracts.”

And in a sign of the broad applicability of that idea, as revealed exclusively to CoinDesk, eight diverse blockchain projects will be incorporating Enigma’s protocol into their services when the contracts launch later this year.

These “launch partners,” said Enigma co-founder and CEO Guy Zyskind, are already building on the current version of the technology, called “Discovery,” within the testnet, so when the protocol actually goes live, they’ll be processing user’s data without revealing it to any outside party.

Blockchains have always had a complicated relationship with privacy. Despite bitcoin’s early adoption by Silk Road drug pushers, the cryptocurrency has proven to be far from anonymous.

And in recent years, smart contract platforms such as ethereum have struggled to reconcile the public nature of on-chain data with users’ privacy demands – especially when it comes to sensitive use cases.

Enigma’s protocol is notable in that it works on top of existing blockchains. Sure enough, several of the launch partners – Colendi, Datawallet, Ocean Protocol, ReBloc and Datacoup – are built (or are building) on ethereum.

The protocol ensures user data “stays completely encrypted from the point of view of the network parties that are executing these secret contracts,” said Zyskind, while remaining “tamper proof” like a normal smart contract.

He added:

“If you’re thinking about true blockchain adoption, you’ve got to have both. No one is going to build applications where sensitive information is just live on the blockchain for everyone in the world to see.”

Stop oversharing

We live in a world of oversharing – from what people ate for lunch to what they think about their boss to how much they drank last night.

And while that has proven problematic for some, it’s generally seen as the prerogative of the poster.

But some data needs to stay private. For instance, Colendi – one of Enigma’s launch partners – is building an ethereum-based application for both decentralized credit scoring and microlending.

Bulent Tekmen, the project’s co-founder, said Colendi “requires sensitive information from borrowers,” such as bills, bank statements and national identification numbers. Not only does Enigma’s protocol allow such data to be run through Colendi’s algorithms in an encrypted form, it also avoids creating an Equifax-like honeypot for hackers to go after, he suggested.

This idea that some data is too sensitive to put on a public blockchain is the same reason Ocean Protocol will use Engima as soon as it launches.

While Ocean Protocol is creating “a decentralized ecosystem aimed at unlocking data for AI consumption,” some datasets, particularly medical data, cannot be bought and sold unencrypted, said co-founder Don Gossen.

As such, Enigma “makes logical sense” for Ocean’s marketplace, Gossen said.

Another data marketplace launch partner is Datawallet, which aims to let users monetize data from applications, such as social media, by selling them to advertisers, for example. The application’s goal is “complete user empowerment and data ownership,” CEO Serafin Lion Engel told CoinDesk.

In Datawallet’s case, Engel said, the protocol will provide Sybil protection, that is, prevent bad actors from spinning up multiple digital identities to swamp the platform. While plugging in existing social media accounts is a good way to provide such protection, Enigma’s Zyskind added, some “people don’t want to connect their Facebook account and give you their data.”

Enigma also announced partnerships with Portal Network, which turns wallet and smart contract addresses on multiple blockchains into human-readable IDs; Eximchain, a supply chain solution based on Quorum; ReBloc, an ethereum-based real estate data marketplace; 2key, a second-layer network that aims to disrupt social networks; and Datacoup, a platform for monetizing personal data, which is transitioning to ethereum.

More to come

Enigma has not announced an exact date for launching the Discovery network live, but Zyskind said that the deadline is the end of 2018. When the protocol is live, computers or “nodes” on the network will be incentivized to perform secret contract operations with the native ENG tokens Enigma sold in its ICO.

For those familiar with the Enigma white paper, which caused a minor sensation when it was published in 2015, Discovery represents an intermediate step to the fully fledged Enigma protocol.

The network described in the white paper would run computations on encrypted data using a process known as secure multiparty computation (SPMC), in which encrypted information is split up into separate pieces for different nodes to work on separately – while still encrypted.

It’s then reassembled into a final, encrypted result.

In other words, the smart contracts perform operations on the data without ever having – or getting – to decrypt it, so this approach is considered especially secure.

What’s more, even if all the nodes were able to break the encryption, they would all have to collude to reconstruct the original, sensitive data. A single honest node could prevent the data from leaking.

While that’s the end goal, though, that technology won’t be ready for the initial launch.

The mainnet launch of Discovery will bring secret contracts to ethereum, but they’ll be housed in what are called trusted execution environments (TEEs), rather than functioning through SMPC.

Zyskind said TEEs still provide excellent security, however, because “any input data that needs to go inside the computation, inside the execution, is being encrypted on the outside with a key that only exists inside the enclave.”

As for SMPC, Zyskind said:

“Expect it in 2019.”

Enigma machine image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

'Secret Contracts' Developer Engima Launches Test Blockchain

A built-from-scratch blockchain aiming to enable private contracts between users has officially entered testing.

Announced Saturday, the news marks the latest step in a journey for startup Engima to launch its own technology – developed at the MIT Media Lab, the project is based on a white paper published in 2015. Initially aimed at the hedge fund sector, Enigma now brands itself as a protocol for “secret contracts,” which it demonstrated last month at CoinDesk’s Consensus 2018 event.

As such, the announcement means that the technology, a form of modified smart contracts designed to obfuscate the origin of a transaction, as well as allow a blockchain to compute contracts without decrypting them, closer to real-world use.

However, in remarks, project leaders were quick to caution expectations.

Stressing the novel nature of the technology, they wrote:

“We acknowledge that development of these types of innovative technologies is non-linear and an ongoing, iterative process. We’re not simply forking an existing platform – we’re building something completely new and essential, something that will take (and has taken) many people and many days and nights to build.”

Still, signs are others are beginning to take an interest in the technology, even at this early stage.

Earlier this month, Enigma announced it was working with technology giant Intel to further develop its platform, as well as applications to run on the protocol.

After the testnet launch, Enigma plans to prepare for a mainnet launch within the next three months, according to its roadmap.

Decryption image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Enigma Protocol to Integrate Smart Contracts Tech With Intel Systems

Intel is working with blockchain startup Enigma to help secure its privacy-enhancing smart contracts.

As previously reported by CoinDesk, secret contracts are a type of smart contract for public blockchains that use cryptographic tricks to keep transaction data hidden from view. Enigma – a startup that grew out of efforts at the Massachusetts Institute of Technology, with the goal of creating a more private platform for decentralized applications – wants to boost their privacy by incorporating Intel’s Software Guard Extensions (SGX), a move slated for the second half of 2018.

An Enigma spokesperson told CoinDesk:

“Privacy is currently the biggest barrier to smart contract adoption. Blockchains are good at correctness, but bad at privacy by design. Smart contracts and decentralized applications will need to be able to use private and sensitive data to see global adoption.”

Enigma plans to work with Intel and other industry partners to develop applications that support the protocol and SGX, later this year launching a proof-of-concept that showcases the potential of combining the two technologies.

Both teams are also conducting R&D into trusted execution environments (TEEs), which are an integral part of Intel’s SGX technology that securitizes data and code. Specifically, TEEs refer to space on a device’s main processor that is separate from its operating system and is responsible for storing and protecting data in a secure environment. In this regard, Intel and Enigma’s goal is to create “production-level software that can be used at scale.”

The collaboration is a timely one, given that high-stakes attacks have already taken place. The most prominent of these is perhaps the DAO hack in 2016, where 3.6 million ether, valued at around $50 million at the time, was stolen from the decentralized and autonomous venture capital fund as a result of vulnerabilities in a smart contract.

In an April Medium post, Enigma CEO Guy Zyskind highlighted the need for secret contracts given the issues affecting other forms of privacy tech. These include problems with coin-mixing and zero-knowledge proofs, the latter of which he said are particularly vulnerable in multi-party cases where several “untrusted and pseudonymous” parties are executing computations.

Therefore, Zyskind said, secret contracts provide the “missing piece” by executing computations using encrypted data that stays hidden from network nodes.

Looking further ahead, Enigma will also be launching its testnet and mainnet – a fully functioning, live network– in Q1 and Q2 of 2018, respectively, according to its roadmap.

Padlock image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Four Projects Seek to Solve Ethereum's Privacy Paradox

Ethereum is transparent to the core.

Much like bitcoin, the platform uses this transparency as part of its security – with it in some ways ensuring that users cannot fake transactions. However, new anxieties are emerging regarding this transparency and the potential problems that such data exposure might have for businesses.

In the past, these privacy concerns have gotten sidelined for other pressing issues, such as scaling, but signs are emerging that the subject is now receiving a fair amount of developer attention.

Indeed, last month, ethereum creator Vitalik Buterin came forward to state his newly evolved perspective on the topic.

“I’m considerably more pro-privacy than I was a few years ago,” Buterin wrote.

And it’s not just Buterin; several other developers and the businesses they work for have been building technology that could obfuscate some of the information that currently gets blasted over the network that some users might want to conceal.

“From a blockchain perspective we always say privacy but it’s more like data security,” said Can Kisagun, co-founder of Enigma, a startup building privacy-enhancing technology for the ethereum network.

In fact, it’s perhaps become an even more pressing issue since the European data protection law, GDRP, took effect in May. And while it’s still unclear how GDPR will impact companies operating on ethereum, beyond that certain applications are simply non-feasible if all information is exposed.

According to Kisagun, countless ethereum projects, such as those dealing with voting, location data, social media and identity, will likely be restricted by the radical transparency of the blockchain.

Jutta Steiner, the CEO of Parity Technologies, ethereum’s second-largest software provider, echoed that, stating that without a privacy layer ethereum will not achieve its goal of becoming a decentralized world computer.

Steiner told CoinDesk:

“I believe blockchain is in itself powerful, but it becomes even more interesting when you combine it with other cryptographic technologies that allow you to build this eventually perfect anonymous computer, global computer, that you can rely on, that’s fast.”

The secret store

Parity is one of the company’s at the forefront of developing privacy-enhancing tech for ethereum.

Just last month, Parity released “Secret Store,” a software that encrypts information while distributing keys to selected authorities who can access it. In this way, the software allows permissioned clients to create and manage cryptographic secrets on ethereum.

“It encrypts both the storage and the actual code of the smart contract, so in that way, under the assumption that you trust the authorizers not to collude, it provides privacy of any transaction that the contract models and implements,” Steiner explained.

While Steiner emphasized Secret Store is still in its early phase and has yet to be scrutinized by third-party auditors, the software is already being tested as part of the company’s partnership with the Global Farmer Network.

“They use it in order to enable the sharing of data between parties that don’t trust each other in the supply chain,” Steiner said.

And while Steiner said using the software on Parity’s permissioned clients is a perfect fit, in the future, Parity hopes to release the tech to run on the ethereum mainnet as well. Because in the case of proper data protection, Steiner said, there’s been a lot of innovation that remains to be released –decentralized technologies that have been prohibited due to the risks that ethereum’s transparency might pose to sensitive data.

Secret Store and other privacy tools “would lead to a lot of innovation in the space that we haven’t seen because of strict privacy limitations,” Steiner said. “Medical data, for example, should not sit on a centralized server, I should be in charge of it, I should be an authority that is required to retrieve the data.”

And as it relates to GDPR compliance, there might be even more complications ahead.

Indeed, Parity has already shut down an identity tool – the Parity ICO Passport Service that registered identities with ethereum addresses to allow companies to comply with Know Your Customer (KYC) requirements – due to the legislation.

Still, Steiner said that in some ways, the GDPR is aligned with Parity’s privacy vision. She told CoinDesk:

“As a tool, [the Secret Store] implements similar goals to the GDPR. In our perspective we share the same goals, but in principle blockchain is fundamentally not complicit.”

Secret contracts

Another privacy project, Enigma’s “secret contracts,” looks to provide decentralized application (dapp) developers with some flexibility in concealing some data.

In an upcoming release, secret contracts will provide a trusted execution environment for dapp developers to spin up ethereum smart contracts without publishing that information on-chain. That trusted execution environment will be private storage facilities that Enigma secures the data in.

As such, even the nodes that have performed the computation are blind to its contents.

The verification of that computation, though, is fed back to the ethereum blockchain, so there is some kind of immutable, transparent record of the transaction.

“We’re starting with trusted execution environments, simply because it gives a much better developer experience for our customers, which are developers building applications on ethereum,” said Kisagun, one of several MIT graduates that founded Enigma.

Going forward, the startup intends to implement a more decentralized approach, using multi-party computation as a way of securing complex data sets. And while this approach may have performance tradeoffs, Kisagun said, it’s more reliable when it comes to highly sensitive data.

While Enigma plans on taking its technology to other smart contract platforms in the future, the team is currently focused on solving ethereum privacy problems first.

“Ethereum obviously has the most vibrant community right now, it has the most mindshare synced into it, and we want to tap into this vibrant developer ecosystem,” Kisagun told CoinDesk, adding:

“I think in crypto it’s fair to say you’re as strong as your ecosystem and that’s why we’ve chosen this initial trajectory.”

Time-locked secrets

Built at a 36-hour ethereum hackathon in Argentina last month, Kimono is a privacy project that seeks to combine encryption with game theory.

Conceived by four developers from San Francisco-based software startup Hill Street Labs – Paul Fletcher-Hill, Feridun Mert Celebiat, Graham Kaemmer, and Daniel Que – the project aims to solve a problem long discussed within blockchains, that of the time-locked secret.

Kimono works by combining a type of algorithm called Shamir’s Secret Sharing, that splits up data into parts, and uses an incentive scheme to ensure participants reveal the data at the agreed time. If users try to game the system, by falsifying data or publishing it too early, they’ll be penalized as a result.

While other similar methods, like commit and reveal schemes, already exist, Kimono seeks to improve the user experience of time-locking by outsourcing the effort to a network of incentivized participants.

“We see it as the concept of time locking as an important primitive and we would like to improve it and get it to a level where it’s actually truly decentralized and trustless,” Celebiat said.

Going forward, Celebiat theorized the incentive scheme could be extended, so that time is not the only variable that releases a secret.

“We could have a way to structure that, that it’s revealed after a certain event happens – not only relying on the function of time as a variable but maybe other conditions being met on the blockchain,” he told CoinDesk.

Currently, the software is live on ethereum’s Rinkeby testnet, and will eventually be integrated with an upcoming project by Hill Street Labs.

Speaking about the benefit of the technology, Celebiat told CoinDesk:

“Time locking is a pretty useful primitive for decentralized networks because as more and more more people move onto ethereum there will be more use for privacy and anonymity.”

More secrets

Finally, while still in the proposal phase, a code change called EIP 1024 designed by developer Tope Alabi seeks to introduce a simple encrypt-decrypt function on the ethereum blockchain.

Explaining the proposal, Alabi told CoinDesk, “EIP 1024 allows you to generate an encryption key pair using your ethereum private key. This new encryption key pair can then be used to securely send data to any other ethereum address.”

Again, while similar technologies exist already, such as those advanced by Parity and communication protocol Whisper, EIP 1024 dictates a standard that would work across the entirety of ethereum.

“This means app developers don’t have to worry about building for multiple encryption implementations and can just focus on building their app,” Alabi told CoinDesk.

According to him, the standard, which would work to secure messaging and token transfers, will become increasingly important as newcomers join blockchain technology.

“Privacy may very well be the catalyst that onboards the next billion users onto the blockchain,” Alabi said, adding:

“In a blockchain world where your public and private keys are basically your digital identity, we need a way to pass around sensitive private information in a way that cannot be censored by any central body.”

Locked cable image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Blockchain Startup Enigma to Demo 'Secret Contracts' Privacy Tech

Enigma will conduct the first public demonstration of its privacy-oriented, blockchain-based protocol at CoinDesk’s Consensus 2018 conference on Tuesday.

Former MIT researcher and Enigma co-founder and CEO Guy Zyskind first introduced the technology in 2015, seeking to rebuild the foundational layer of ethereum to address the blockchain’s privacy-related shortcomings. The protocol essentially allows nodes to compute using encrypted fragments of the smart contracts without having to decrypt them, which other blockchains cannot do.

The protocol, dubbed “secret contracts,” also facilitates “coin mixing” – a tactic that obscures the original source of ether used within the protocol.

Likewise, it stands apart from other privacy-guarantee mechanisms like zk-SNARKs in which one party can prove its possession of information to another party without revealing the information or interacting with the other party. Enigma’s protocol, on the other hand, uses a trusted execution environment in which the cryptography is relied upon for certainty and neither party has any information on their respective data inputs and outputs.

The company, which plans to launch its testnet on June 15, claims that the data privacy furnished by the protocol is crucial for the widespread adoption of decentralized applications (dapps).

In particular, the tech can be utilized for use cases in industries like healthcare and finance that frequently handle sensitive data and must comply with legal measures like the EU’s General Data Protection Regulation (GDPR).

Co-founder and chief product officer Can Kisagun added in a statement that “It also solves real-world problems with data sharing, data matching and other important, complex issues facing global organizations.”

Because computations are done off-chain, Enigma argues that the protocol will also enable the use of dapps at a larger scale than current iterations – such as CryptoKitties, for example.

“With Enigma, decentralized applications will move from novelty to necessity,” Kisagun claimed.

Enigma website image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Hacks, Scams and Attacks: Blockchain's Biggest 2017 Disasters

Hard forks? Soft forks? ICOs?

Bombarded by no shortage of unfamiliar technical terms in 2017, consumers in the blockchain sector once again proved a ripe target for hackers and criminals. But, not all hacks and scams were created equal. Some rose above the froth – either due to their size or impact – as well as what they said about the state of blockchain technology and the industry itself.

Still, the impacts of these incidents were far from academic. Whether it was a simple wallet hack, fraudulent ICO or a bug in a piece of software code, investors lost millions, with nearly $490 million taken in the incidents below.

So far, none of the perpetrators of these crimes has been caught or even identified, and it’s questionable whether most of these funds can be found or returned.

1. CoinDash ICO Hack

Payment and shipment startup CoinDash launched an initial coin offering (ICO) campaign early this summer, but it quickly had to pump the brakes after its ethereum address was compromised.

The startup raised $7.3 million before a hacker changed the address, causing donations to go to an unknown party. The company shut down the ICO, but promised to send its native token award, CDT, to those who attempted to donate.

While the company stated that donations sent after it had released its statement would not be honored, some investors continued to show support by donating to the hacked address, inadvertently raising the amount of stolen funds from $7 million to $10 million at the time.

All in all, the incident showcases the growing pains experienced by ICOs, which despite raising massive amounts of funds, still had to navigate the complexities of an early-stage technology.

2. Parity Wallet Breach

It was a tough year for cryptocurrency wallet provider Parity, which has the rare distinction of being cited twice on our year-end list.

Issues began in July when the U.K.-based startup discovered a vulnerability in version 1.5 of its software, resulting in at least 150,000 ethers being stolen from user accounts.

The bug was found in its multi-signature wallets, compromising several companies’ ICO fundraisers. At the time, the ethers were worth roughly $30 million, but are worth closer to $105 million as of mid-December.

The issue was deemed “critical,” with the company’s CTO, Gavin Wood, announcing at least three compromised addresses and saying efforts were being made to prevent further loss of funds.

It was later found that more than 70,000 ethers were already cashed out or otherwise redeemed in some way, ensuring that their loss was permanent.

3. Enigma Project Scam

Back in ICO-land, issues weren’t limited to compromised addresses.

Blockchain startup Enigma saw its website, mailing lists and an administrator account on its Slack channel compromised when fraudsters launched a fake token pre-sale in August, defrauding potential investors of more than 1,500 ethers.

The hijacked accounts promised a large return on investment, and masquerading as the genuine operators of the project, those behind the effort were able to convince unsuspecting consumers to donate to the compromised website.

While the team behind Enigma was able to recover control of the company’s accounts, the ether wallet used by the hacker was emptied, and the funds were not recovered.

4. Parity Wallet Freeze

Perhaps the year’s biggest security incident, this entry on the list is also distinguished by being one the few to take place without the apparent aid of a malicious party.

Occurring suddenly this November, a Parity user accidentally found a bug in the software code, freezing more than $275 million in ether in the wallet’s second major incident of 2017.

But, one of two widely used clients for ethereum, the miscue effectively called into question what was and is a central infrastructure component of the network, prompting some to doubt the company’s offerings and renewing criticisms of ethereum itself.

In subsequent updates, developers have pushed to restore the funds, though it’s now believed that doing so would require all ethereum users to upgrade their software.

5. Tether Token Hack

In another incident notable for its unresolved controversies, more than $30 million was stolen from the cryptocurrency proxy marketplace Tether in late November.

At the time, Tether claimed that roughly $31 million’ worth of tokens were taken from their virtual treasury and sent to an unknown bitcoin address.

Not a significant number in the cryptocurrency economy, the hack was more relevant as it effectively renewed long-standing criticisms of Tether the company, prompting scrutiny in the form of blog posts and mainstream news exposes.

The company later moved to blacklist the tokens stolen through an update to the Omni protocol, the blockchain on which it is based. Still, the company continues to be dogged by allegations in which the incident played no small part.

6. Bitcoin Gold Scam

Think forks were confusing? So did scammers, and those seeking to cash out bonus tokens awarded in blockchain splits often proved all too easy to target.

Shortly after the launch of a bitcoin fork called bitcoin gold, for example, some users had their cryptocurrency wallets drained after using a service seemingly endorsed by the project’s development team.

Marketed as a way to authenticate whether a user was eligible for the funds (effectively free money), the website’s operators instead stole more than $3 million in bitcoin, bitcoin gold, ethereum and litecoin.

Bitcoin gold’s development team claimed no formal relationship with the website’s developer, arguing he reached out offering to build a wallet checking service and offering to make his code open-source. The site’s developer initially claimed the site was hacked, but later wiped his GitHub and ceased responding to users on the fork’s Slack channel.

All in all, however, it was another case of consumers falling into traps over promises of free funds.

7. NiceHash Market Breach

That’s not to say that long-standing companies were spared by the year’s attacks.

This was the case when cryptocurrency mining marketplace NiceHash, a well-known marketplace for mining power, reported being hacked early in December, later confirming that about 4,700 in bitcoin was stolen. At the time, that was worth approximately $78 million.

An employee’s computer was compromised, allowing the perpetrator to gain access to the marketplace’s systems and remove bitcoin from the company’s accounts.

NiceHash CEO Marko Kobal later announced that his team was trying to determine how the hack occurred, but that it would take time to establish what happened.

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Enigma.

Various images courtesy Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Interested in offering your expertise or insights to our reporting? Contact us at news@coindesk.com.