| Authors | SCRT Labs (Guy Zyskind, Carter Woetzel, et al.) |
|---|---|
| Year | 2020 |
| Project | Secret Network |
| License | MIT |
| Official Source | https://scrt.network/graypaper |
This page is an educational summary and analysis of an official whitepaper or technical paper, written for reference purposes. It is not a verbatim reproduction. CryptoGloss does not claim authorship of the original work. All intellectual property rights remain with the original author(s). The official document is linked above.
Secret Network is described in a 2020 graypaper by SCRT Labs (co-founded by Guy Zyskind, the MIT researcher who authored a foundational paper on blockchain-based privacy in 2015). Secret Network is a Cosmos SDK blockchain where smart contracts — called Secret Contracts — execute inside Intel SGX Trusted Execution Environments (TEEs), enabling encrypted inputs, encrypted state, and encrypted outputs.
This is the first production blockchain where arbitrary smart contract computation is private by default at the hardware level. Traditional blockchains (Ethereum, Solana, Cosmos) execute all contract computation publicly; every validator sees all state and inputs. Secret Network validators run SGX enclaves that execute contracts but cannot read the inputs or state — only the hardware can, and only within the isolated enclave.
> Graypaper: scrt.network/graypaper
Publication and Context
Guy Zyskind published “Decentralizing Privacy: Using Blockchain to Protect Personal Data” at the MIT ENIGMA project in 2015 — one of the first papers connecting privacy computation with blockchains. Secret Network is the production implementation of that research.
Secret Network originated as Enigma (2017 ICO, $45M raised) before a legal settlement with the SEC in 2020 resulted in a rebrand to Secret Network with a new native token launch (SCRT).
The 2020 launch coincided with the maturation of the Cosmos SDK and IBC, which Secret Network used as its blockchain infrastructure layer. This gave Secret Network immediate interoperability with the Cosmos ecosystem without needing to build consensus from scratch.
Intel SGX: Trusted Execution Environments
Intel SGX (Software Guard Extensions) is a hardware feature available in modern Intel processors that creates enclaves — isolated memory regions where code executes without being readable by the operating system, hypervisor, or other processes.
Properties Secret Network relies on:
- Memory encryption: Enclave memory (EPC) is encrypted by the CPU; even root-level OS access cannot read enclave memory contents
- Remote attestation: An SGX enclave can cryptographically prove (to a remote party) that it is running a specific code hash on genuine Intel SGX hardware — not a software emulation
- Sealed storage: A secret key is sealed to the enclave identity; if the code changes, the sealed secret is inaccessible
Secret Network bootstrap:
- Each validator’s SGX hardware generates a unique attestation key
- The attestation is submitted to Secret Network’s on-chain consensus key registration
- The network’s consensus key (used to decrypt transactions) is distributed to validators via SGX sealed secrets
- Validators can execute contracts using this consensus key — but only within their SGX enclaves
Secret Contracts
Secret Contracts are CosmWasm-compatible smart contracts compiled to WASM and executed inside SGX enclaves:
Private inputs: When a user calls a Secret Contract, the input is encrypted using the contract’s public key. Only the SGX enclave (running the contract) can decrypt and process the input.
Private state: Contract storage is encrypted before being written to the chain. Validators store encrypted blobs, not plaintext state. Only the SGX enclave can read and update state.
Private outputs: Contract outputs (events, return values) can be selectively encrypted — visible only to designated recipients.
Example use case — Private token (SNIP-20):
- SNIP-20 is Secret Network’s ERC-20 equivalent with private balances
- Every holder’s balance is encrypted; even nodes cannot read who holds how much
- Transfers reveal only a valid spending proof, not sender/receiver/amount
SNIP-20: Private Token Standard
SNIP-20 (Secret Network Improvement Proposal 20) is the private token standard:
- Extends CosmWasm’s CW-20 standard with viewing keys
- Balances are stored encrypted; to check your balance, you present a viewing key (a secret you generate and share selectively)
- Transfer amounts and parties are encrypted on-chain
- Auditors can be granted viewing key access for compliance
This is analogous to Zcash’s shielded transactions but for arbitrary tokens on a smart contract platform.
IBC and Cross-Chain Privacy
Secret Network connects to the Cosmos ecosystem via IBC:
- secretETH, secretXMR, secretATOM: SNIP-20 wrapped versions of other chain assets
- IBC tokens → SNIP-20: When assets cross to Secret Network via IBC, they can be wrapped into SNIP-20 form for private use
- seSCRT: Privacy-preserving version of SCRT for private transactions within the network
This enables a privacy layer for the broader Cosmos ecosystem: users can take a public asset, bridge it to Secret Network, use it privately, and bridge back.
Reality Check
Secret Network is a genuine production implementation of privacy smart contracts. SNIP-20 private tokens work, and applications like Shade Protocol (private DeFi) and SecretSwap (private AMM) are deployed.
Critical caveats:
- Intel SGX trust: SGX security depends on Intel’s hardware. Multiple academic groups have demonstrated side-channel attacks on SGX (Spectre, Meltdown variants, Plundervolt, SGAxe). While Secret Network has argued these are mitigated by their architecture, hardware-level trust remains a fundamental limitation absent from software-only ZK proof systems.
- Validator centralization around SGX: Only validators running genuine Intel SGX hardware can participate in consensus — a hardware requirement that limits decentralization and creates supply chain dependency on Intel.
- SGX deprecation risk: Intel has deprecated older SGX versions; Secret Network must track and migrate to newer SGX deployments.
- Performance: SGX context switches add overhead; Secret Contract execution is slower than equivalent public contract execution.
Legacy
Secret Network demonstrated that programmable privacy smart contracts are achievable in production using TEE hardware. Before ZK proof systems became powerful enough for large circuits, TEEs were the only practical approach to private computation. Secret Network’s work influenced later privacy projects and establishes a live production reference for encrypted on-chain computation. Guy Zyskind’s 2015 paper remains a cited reference in blockchain privacy research.
Related Terms
Research
- SCRT Labs. (2020). Secret Network: A Privacy-Protecting Blockchain. scrt.network.
— Primary graypaper; describes SGX integration, consensus key distribution, Secret Contract execution model, SNIP-20 token standard, and viewing keys.
- Zyskind, G., Nathan, O., & Pentland, A.S. (2015). Decentralizing Privacy: Using Blockchain to Protect Personal Data. IEEE Security & Privacy Workshops (SPW 2015).
— Foundational paper by Secret Network’s co-founder; first formal proposal for combining blockchain with TEE-based private computation.
- Van Bulck, J., et al. (2018). Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. USENIX Security 2018.
— One of multiple SGX side-channel attacks; relevant to understanding the hardware-trust caveats of Secret Network’s security model.