Tor Bair of Secret on Why Private Smart Contracts Are Important | Cryptonate

Tor Bair of Secret on Why Private Smart Contracts Are Important

Secret Network is a privacy-first, permissionless layer 1 blockchain built for computational privacy. Tor Bair, founder of Secret Foundation, a developer of Secret Network, discusses what makes Secret Network unique, including smart contract privacy, private metadata for NFTs, and how regulators should treat privacy tech in blockchain. Show highlights:

  • how Tor fell down the crypto rabbit hole
  • what the Secret Network is and how it is bringing privacy to blockchain
  • why public blockchains are problematic
  • what makes Secret Network different from Monero or Zcash
  • how Secret Network works from a technical perspective
  • what type of applications Secret Network can support that public blockchains cannot
  • why blockchain voting is probably a bad idea (for now)
  • what attack vectors exist regarding Secret Network
  • how Secret Network nodes work and why there are only 50 of them
  • how Secret Network fixes miner extractable value (MEV)
  • what DeFi applications are possible on Secret Network
  • how NFTs on Secret Network are different from public blockchain NFTs
  • how regulators should treat Secret Network

Thank you to our sponsors!

Crypto.com: https://crypto.onelink.me/J9Lg/unconfirmedcardearnfeb2021

Nodle: https://bit.ly/3AXGydJ

 

Episode Links

Tor Bair

Secret Network

Enigma

Transcript:

Laura Shin:

Hi, everyone. Welcome to Unchained, your no-hype resource for all things crypto. I’m your host, Laura Shin, a journalist with over two decades of experience. I started covering crypto six years ago, and, as a senior editor at Forbes, was the first mainstream media reporter to cover cryptocurrency full-time. This is the November 2nd, 2021 episode of Unchained.

Crypto.com:

Buy, earn, and spend crypto on the Crypto.com App! New users can enjoy 0 credit card fees on crypto purchase in the first 30 days. Download the Crypto.com App and get $25 with the code “LAURA” – link in the description.

Nodle:

The Nodle Cash App makes earning crypto on your smartphone as easy as turning on your bluetooth. Nodle Cash is private, secure, and available on IOS and Android. Visit nodle.io/cash to start earning.

Laura Shin:

Today’s guest is Tor Bair, founder of Secret Foundation. Welcome, Tor.

Tor Bair:

Hey, thank you for having me. It’s a pleasure to be here.

Laura Shin:

Tell us about yourself. How did you get involved in crypto and come to found Secret?

Tor Bair:

I got involved in crypto first as a speculative enterprise. I feel like it’s okay to say that now that I’ve worked in it for so many years as a technologist. I started my career after college as an options trader and market maker. When you’re an options market maker, what attracts you to something is volatility and chaos. You want to see something that has people excited, that moves all the time, but you don’t really care if it goes up or down, you don’t really care what makes it work. That’s how I got introduced to Bitcoin, as a hyper speculative product. Nobody tried to explain to me what the technology did, how it could empower people. It was kind of off my radar until I showed up at grad school.

So I went back to grad school after being a trader — trading really wasn’t for me in the long term. While I was in grad school, I was lucky. I went to grad school at MIT for my business degree, and I took one of the very first blockchain courses that were taught there. I got really double lucky because one of the instructors of that course was doing research at the time on privacy solutions for blockchain. So he was just years ahead of his time, with ideas that were already seeing how privacy can be an issue for blockchains, which I’m sure we’ll get into. I was exposed to these very novel ideas in a very novel space, very early.

So that professor is the founder of Enigma, this amazing development company. I had the privilege of working at Enigma for a number of years as the head of growth. And then when Secret Network was launched I was able to leave and start Secret Foundation, which is an independent entity that also supports the network.

Enigma still remains the core developer for the network. We have a number of other organizations supporting the network. I would say a few dozen now of independent developers and node operators. My start was very much thinking that this was a fun thing to speculate on and it very much ended up thinking that this might be the one thing that could help us have a global revolution, not just for how money is saved and spent, but also for how we engage with each other online and protect each other online and actually protect our freedom and individuality online. That’s where I ended up, but it’s not really where I began. I’m okay to say that now.

Laura Shin:

And so tell us what is the Secret Network?

Tor Bair:

It’s a layer one blockchain. It’s the only layer one blockchain to this point that has managed to integrate privacy-preserving smart contracts. That’s really the differentiator. Otherwise, it’s a layer one blockchain like in Ethereum, like a Solana smart contract network. But what’s unique about Secret is that you can use private data as inputs, private data as outputs, and you can have a private state for the contract itself.

When you start thinking about what that actually means for developers and users, it starts to seem like a really revolutionary concept. To date, every blockchain has been public by default. What you get with Bitcoin, what you get with Ethereum is pseudonymity. You have all these addresses. People can’t really say, oh, that address belongs to Tor. That address really belongs to Laura. People don’t really see that on the chain. But if they know that, if it’s ever associated with your identity, then it’s the same as having your entire bank account and your entire credit history and everything you’ve ever done financially, public to everyone else.

And when you’re talking about a smart contract application network, not just like a transactional network, it’s everything you’ve done on any application that’s now public to everyone. It would be like if you leaked all of your Facebook data all the time, not because Facebook sold it to somebody, but just because that was the way that the application worked by default. So we thought, if we are going to have sustainable application ecosystems, these smart contract platforms that can do more than just transfer money from point a to point b, privacy is even more essential to the user of applications, even more so than their financial history.

We’re seeing the consequences of a lack of web2 to privacy. We don’t want to make the same mistakes with web3. We don’t want users to suffer from the consequences of not having privacy in the web three world.

Otherwise, all we’ve done is really build away worst version of web2, that instead of being more empowering, just becomes a perfection of the type of surveillance capitalism that’s already dominating the web2. world. And the way that we think about it is we’re motivated because we think it’s a race against time. The faster we can get these technologies to market, the more people we can protect, the more that we can show that there’s another path for web3 scaling and empowering people, not the public by default way, but the way that really ends up with users holding the control in the system, not just the platforms.

Laura Shin:

So I understand, just kind of on a gut level, how yes, once your wallet becomes public, then everybody can see your history transactions. And obviously that’s not ideal for anybody. But are there specific problems that you feel arise in terms of transacting or any of the other things that people do using blockchains that you’re trying to solve with Secret.

Tor Bair:

I would say everything that you do with a blockchain, you should assume is public to not just whoever happens to be looking at the time, but this becomes an immutable part of your history — forever. And that’s not really the way that I think the digital world should work. And it’s certainly not the way that the actual meet-space world really works. You need to be able to leave control in the hands of the users. By giving up everything by default, all of your data, we already had this problem in the web2 world, and we’re just doing it again. There are multiple companies that have raised now at multi-billion dollar valuations for explicitly harvesting on-chain blockchain data. And a lot of the latest startups in the blockchain space rely on further harvesting of data, whether it’s people’s retina scans or something else. So much of what I hear about just seems like bad science fiction. And now it seems to be like reality, potentially.

That’s really the problem that I see, not just what blockchain gn is already being used for, but how it has the potential. Blockchain is just a tool. It could easily be used to take freedoms away, having that type of surveillance by default, that really deeply concerns me. And as blockchains get more utilized, and as we start to see more real-world use cases, not just the things that feel like toys, but like real financial applications with trillions in adoption, if blockchains are going to do that, I’m really scared for what that means for the end-user — if the surveillance blockchain economy becomes the default.

Laura Shin:

I was being interviewed for another show earlier today and it’s not a crypto one. It has a more general audience. But when I was talking about the digital yuan I had to throw in there that also they were using it to surveil their the users of the digital yuan. Hopefully if the US government adopt such a thing, well I know that they wouldn’t do too much of that because there’d be so much protesting.

But anyway, so at this moment we have a number of popular privacy-preserving technologies and different processes in crypto. It ranges from things that are kind of older, like CoinJoin to kind of newer things like ZK Snarks. So how does Secret work?

Tor Bair:

Yeah. CoinJoin and these types of stuff. It’s important to start with the distinction between transactional privacy and computational privacy. A lot of what’s existed and been scaled to date in the blockchain space revolves around transactional privacy because the first blockchains we had all focused around transactional use cases. In the big bubble of 2013, I hesitate to call anything a bubble of course, because where we are today is so much more advanced than where we were then. So clearly that wasn’t a bubble. It was just sort of an over-speculation that turned out to be ahead of its time. But in 2013, these were mostly transactional coins and transactional platforms.

Then in the next cycle in 2017, we started to get these smart contract platforms. They weren’t really used as much, mostly they were used to issue tokens and then people speculated on the tokens and then people were doing transactions with the tokens.

It’s only this cycle that we’ve really started to care about application-level use cases for blockchain, between all these composable DeFi applications, composable NFT applications, that’s this cycle. So to date, most of what was built and optimized and scaled where the transactional privacy use cases, the very trivial use case where it’s just, I need to send value from one destination to another destination. I don’t want all of the details of that transaction to be public, to all parties on the blockchain. That’s how you got things like mixers. That was kind of the intention. What that starts to sound like, if you’re a regulator, right, is we created a platform for money laundering. Transactional privacy is never going to sound good on paper. But what it really is just saying is that nobody else should have the right to surveil all of my transactional activity unless I consent to it, which in the real world is true, but on the blockchain suddenly is false, but it was still clear that there was tremendous user demand for that, not because they were necessarily doing something illegal, but just because they wanted the same protections in the blockchain world that they already had in the legacy financial system.

Computational privacy is something different. It really hasn’t existed up until this point because there wasn’t even demand for blockchain based applications. What computational privacy gives you is, you can build an application that uses private inputs, private outputs. And then, as I said, like encrypted state for the contract itself. It’s like if a transaction is the most trivial version of a computation, right? You’re just saying, here’s my entire computation, move value from a to b. But it could really be anything. It could be infinitely programmable. So we call computational privacy in our network, we also call it programmable privacy because not only is the contract code programmable, like what should happen under what conditions, but e’re also saying the data privacy and the access control is programmable.

So for us, the way that it works, is we actually use a combination of software based cryptography solutions and hardware based solutions. The software based ones are like key encryption, key sharing protocols. The hardware based ones involve trusted enclaves. So the same sort of things that are like in your smartphone, making sure that the part of your phone processing your fingerprint scanning, isn’t the same part of your phone that’s doing all of the other computation. It is just another form of security. And by combining the two, we have a very interesting blockchain, that is one of a kind for the time being of course, but we expect that over time many more blockchains may decide to embrace privacy at layer 1. That’s the two technologies we primarily use.

It gets quite technical as to, should you use the ZK-snarks? Should you use fully homomorphic encryption? Should you use secure multi-party computation? These are all different types of software-based cryptographic methods that are used for protecting privacy. But what we chose to do was focus on combining hardware plus software, because we wanted to have a balance between performance and cost and security. And ultimately, a lot of the pure cryptographic privacy solutions are probably a decade away, at least from being usable in production for generalizable smart contract use cases, versus very narrow use cases like key management, where, where some of these software based methods are good enough, but that’s not generalizable. That’s just a very specific but important function. All of this is essential. Every piece of the blockchain stack should have some sort of privacy built-in. So we support all privacy technologies. This is just what we chose to use based on our purposes.

Laura Shin:

Tell me if I’m understanding this correctly, essentially you’re distinguished from things like Zcash and Monero in more than just one way. First of all, it’s the fact that your privacy extends beyond just transactional privacy. But then on top of that, it’s that the way that you provide the privacy is through multiple methods, not just through software encryption, but also through the hardware. Is that kind of a good way to put it?

Tor Bair:

That’s completely correct. And I might start explaining it that way. It is a good way to think about it. And again, like there’s so many differentiators for crypto projects out there. And unless you’re not, not just knee-deep, but neck-deep in the space, it is hard to kind of get a handle on how these projects differentiate. But ultimately, I do think that from an ethos perspective, we share a lot of Zcash’s goals, which is financial empowerment, user security, all of these things. We have a lot in common with the project. We just have a very different approach and we have a very different purpose at the technological level, but that allows us to be great collaborators. We definitely think of ourselves as collaborators within not just the privacy space in crypto, but the entire crypto space at large.

Laura Shin:

And so I’m sure you’ve probably heard that a lot of critics of privacy technologies say that this is something that only criminals would want to use. What do you say to that?

Tor Bair:

I’ve heard it all the time. Then people are like privacy is bad. Like governments don’t like privacy. And then I say to them, well governments love privacy — they just don’t love your privacy. And corporations love privacy. They just don’t love your privacy. Google and Facebook can build trillion dollar business models based on exploiting user privacy, clearly, but at the same time, they want to protect their own internal documents because obviously it’d be obvious that they’re an unregulated monopoly or two or three. Like they clearly care about privacy. They don’t want that public, but they need your data to build their business model. I find it hypocritical to be able to say privacy when it’s yours is bad, privacy when it’s ours is good.

And a lot of the people advancing that argument about privacy is for criminals are absurdly protective of their own privacy. And they certainly don’t think of themselves as criminals, even if they are participating in what I would consider to be criminal activity. There are plenty of governments around the world that might say that privacy is a tool of criminals, while doing things to their own populations that I would consider awful violations of human rights. So first, we have to look at who’s advancing the argument. But there’s certainly very reasonable people who still hold onto that belief. And it’s because criminals do use cryptocurrency. Cryptocurrency is a tool, blockchains are a tool. The U S dollar is a tool. It’s whatever the systems will permit that determine what happens. And then the people using these tools within those systems determine what happens with them.

There’s not a good way to stop a criminal from using a technology if they have access to that technology. Criminals very clearly have access to the US dollar and they very clearly use it for more money laundering purposes than they currently do any cryptocurrency. I would say that just the availability of privacy technologies does not create criminals. Certainly providing privacy technologies to law abiding citizens does not make them criminals, nor does it make the provider a criminal. What it does is advance the cause of security and empowerment for the end-user. Something that I would say, governments don’t do a particularly good job at, but should. These are their citizens and they should be protected. And more often than not, I see that social contract really being broken.

I hope that people come to see cryptocurrency as a liberating force. And more and more they are. Rather than as a force for criminals to get around perfectly good policy. I think, especially when we look at countries in the developing world, there is a revolution that’s already started where people do see cryptocurrency and privacy technologies as a way for them to become more empowered in some of the most oppressive regimes. And that’s what excites me about working in this space, is thinking that at some level, these technologies make a difference to the people who need a difference to be made the most.

Laura Shin:

Disclosure: I do write a Facebook Bulletin newsletter. So speaking about this technology and how you’re applying it in different ways, what are some examples of things that cannot be done with previous blockchains that you think are now possible with something like Secret?

Tor Bair:

Almost any useful application you can think of would be tough to achieve just with the current blockchain stack on a public by default blockchain. So a simple example is something like a Facebook. Where you’re trying to build some sort of decentralized social network. Well, how do you want your access control to work right now on Facebook? Right now, you’re going to go into your settings. You’re going to click a button that says, only share this with my friends, or maybe you click a button that says, don’t share these details with advertisers. If there’s one thing I’ve learned about working at any of these companies, and, and I used to work at Snapchat, I was a data scientist at Snapchat. So I have some credibility in saying those buttons don’t work the way that you think that they work, or they don’t work the way that they would claim.

The control still lies in the hands of the platform. And one failure on the part of the platform can cause all of that security to be lost. That’s the web2 world. In the web three world, you don’t have to wait around for the platform to leak all your data or to violate your privacy. It happens by default. If you wanted to build a decentralized social network on a public by default blockchain, like an Ethereum, for example, so much of what you’d have to do to create those access control permissions would have to be done on something centralized — outside of Ethereum. And the way that it looked for for years is you’re getting the worst of both worlds. You have all of the usability problems of nascent bleeding, edge, web3 technology, and all the privacy problems of Facebook. And that, to me, was not a better solution just cause it was like a different platform that wasn’t Facebook, didn’t mean it would eventually end up benefiting the end-user more.

Now with a platform like Secret, you can build a platform on a decentralized blockchain, right? There’s all kinds of pieces to this web3-stack: decentralized storage, decentralized access control. All of these pieces of the stack allow you to build these more complex applications on top. And privacy was just one of those missing pillars. We’re providing that missing pillar. But alone Secret, isn’t the only thing that’s going to allow you to build these complex web three applications, just like AWS is not the only thing that allows you to build web2 applications. We’re enabling a new part of the design space. In that design space, users will find more security, more usability, more privacy, and more control. And that’s, what’s been missing to date in blockchain, was especially that aspect of control for users and developers who just want to do something even as simple as saying, this data should be public to this party, but not this one. As soon as it touches the blockchain, it’s public to everyone. And for trivial use cases, it doesn’t matter. But for meaningful use cases, as people are finding out, it really, really does.

Laura Shin:

What you were saying about Ethereum, it makes sense because I’m just thinking of an etherscan. Sometimes you look at a transaction and it looks like nothing happened, but then I can’t remember what it’s called. Is there something called hidden transactions in etherscan, but then you can see, do you know what I’m talking about? It’s like, sometimes there are these transactions, they look like a zero whatever. And then later on, you find the area where actually you can see what happened. So this is just to say, yeah, by default, even when something like that happens, it is still something that you can’t see.

Tor Bair:

It’s all on the chain, regardless of what’s happening on on a particular explorer, right? There’s all different ways to visualize the on-scene activity. The chain is the source of truth. Anything we try to do at a higher layer of abstraction above the chain, like you can obscure something within a centralized platform. You can choose not to display something in the UX, but it’s on the blockchain. And once it’s on the blockchain, it’s public to everyone. There’s no way to get the genie back in the bottle or the cat back in the bag. So these solutions have to happen, at least in our perspective, right? At layer one, you need that layer one privacy. And then on top of that, the question then becomes scalability, interoperability: the same questions that every developer has to think of when they’re building a web3 application.

But without privacy, by default, you’ve really eliminated 99% of what I would consider to be useful use cases. Here’s an even better example. How many times have you heard somebody suggest that blockchains would solve our problems with voting? I feel like every election cycle, somebody tried to convince me that our elections would work better if only we could put them all on the blockchain. That is a terrible idea. The privacy reason only being part of it, but like folks are not private on a blockchain and they cannot be. On a public by default blockchain. Like you can cast your vote, but it’s always attributable back to you. That’s not how voting works in the real world. Our votes are private. We can see that somebody did vote, but we can’t see the nature of their vote.

Like that’s what’s public and the records. There are probably very good reasons for that in a lot of public governance in democratic countries. But on a public by default blockchain, we don’t even give an application that choice of control. You build on-chain governance and it’s public by default. Everyone’s vote is public for eternity. It’s maybe good for certain aspects of accountability, but there’s a lot of danger to making those votes public. And you open yourself up to bribery attacks, which Vitalik has written about, and you open yourself up to all kinds of manipulation and vote-buying. I think that there’s very good reasons to allow for private voting.

Laura Shin:

So then are you saying that you think that actually voting on Secret would be a good way, to vote?

Tor Bair:

I would not go as far as to say we should use voting on Secret for democratic elections in 300 million person countries. But we do already have DAOs, for example, and applications on Secret leveraging private governance, where the outcome of the vote is provable. You can say this many people voted, this was the breakdown of votes weighted by stake, and this is the outcome, but you can’t attribute each vote back to the individual address. You could even see which addresses interacted with the voting contract and say, these addresses definitely showed up, which is the same way that voting registries work in the real world. You can see if somebody voted in the last election. But if you go back and you look on a block explorer for Secret, for example, you’re not going to see, for these on chain applications that have private governance, every single vote that was cast.

And I think that that is a good thing and it’s working, but there’s all kinds of other reasons you shouldn’t put like an election for a multi million-person country directly on a blockchain today. I mean, what you should be doing it trying to solve other issues with identity that are really challenging to solve. Self-sovereign identity is one of the hardest problems that exists. So that’s more what I think we have to think about, but that said like there are immediate applications for private voting and we’re already seeing them being explored on Secret, which is exciting.

Laura Shin:

So let’s understand this security a little better. As you mentioned, Secret relies on these trusted hardware enclaves. And you had told me previously, in another discussion, that such hardware enclaves have never been exploited. Now that some of them will be securing money in this fashion, I wondered if that incentive would make them more vulnerable to attack. And I wondered, does that create some kind of single point of failure or is it that the software element kind of reduces that? Obviously with hardware it’s much harder to upgrade than software. You know, there have been times in Ethereum’s history when they were undergoing a dos attack or something, and they were able to roll out patches even within like a matter of a few hours. But if there’s a vulnerability in a hardware, then that takes quite a long time to resolve. This is a two-part question. I also wondered I in those instances that I’m thinking of with Ethereum, the fact that it was a multi-client network was kind of the saving grace and I know there’s a very small number of validator nodes in Secret, but I didn’t know if that was a model that you were aiming for so as to shore up security.

Tor Bair:

I mean, these are great questions and they are complicated. And the way I would start answering it is to say that there is no such thing as bulletproof security for any solution, privacy or otherwise. Everything ends up being a trade off. Lots of platforms will trade centralization for security. They would rather be more centralized in the short-term, progressively decentralize, but allow themselves to have higher security properties in the short term. And if you start off with some idea of perfect decentralization, what that sounds like to me is you’ve balanced a bunch of stones, with the smallest one on the bottom and the largest one on top. Like you’re just hoping that nobody shelves the largest one-off first, it’s not necessarily sustainable. And a lot of what we care about is sustainability, but we also care about generalizability. We care about programmability.

So the solutions that we’re using today, this balance of hardware technologies and key sharing technologies, that’s a deliberate architectural choice. Not because it’s perfect, but because, given the available technologies, it’s the best we can do while preserving user security, the end-user experience, generalizability, right? We could have other choices where we make things even more centralized and will improve performance. We could have a solution where we support more types of hardware in the short term, but it would open up the attack surface more broadly to enable that type of broader support, especially when a lot of that is nascent. There is no way to completely eliminate the incentive for people to attack any type of blockchain network, especially the more that it secures. There’s always incentive for somebody to attack the contracts that exist on the network, even if they’re not compromising the hardware that secures it.

And that’s true for any blockchain. You constantly see DeFi protocols getting exploited. So that incentive kind of always exists. There’s no way to fully eliminate it, but what you can do is at least try to make deliberate choices based on the best available technology. The reason we put so much money and time and people into research and privacy research and these new technologies that are arriving, and the reason so many people in the blockchain space share that research broadly, is so that these types of better solutions get socialized faster. So if there are better technologies that we can put to work in Secret, Secret was built to flexibly enable new types of hardware support and encryption. Like we want it to be a privacy network that gives choice to developers and gives choice to users. If something better exists and we can implement it, we will.

And in the meantime, to your first question, we can’t eliminate the incentive for somebody to try to exploit the hardware. But certain aspects of the network are the network making a best effort to protect itself. For example, for any patch that already exists, even for the ones where they’re like not really required or recommended, all those hardware patches must be installed for a node to register with the network. It’s an even higher bar of security than I would think in, in most web2 or any web2 application that relies on the same sort of trusted hardware technology. It’s an even higher bar than that because it’s a permissionless network. You have to take more precautions as a permissionless network when you’re requiring people to connect to the network with a hardware compliant node, that bar becomes even higher.

And, of course, any of these speculative attacks, they require direct access to the hardware itself to perform. So in a decentralized network, you also mitigate some of that. But again, I don’t want to have it come off at this point in the podcast that there’s some idea that I would be promising perfect security or the elimination of the attack incentive. What it is is just a lot of people making a best effort with technologies. And before we start asking people to put their US election votes on the blockchain or secure their social security numbers, or do things of that level of security, understand that if you are choosing to engage with these networks, they’re bleeding edge technology, as long as people understand what they’re getting into and what the trade-offs can be, it’s a very exciting space to build in if your expectations are sort of set appropriately for what that means. But it is some of the best and most ethical people at least I’ve found working in the world on these types of solutions within our network. And that gives me a lot of confidence that we’re doing as well as anybody can to address them.

Laura Shin:

So in a moment, we’ll talk a little bit more about security and also other fun applications of Secret network, but first, a quick word from the sponsors who make this show possible.

Crypto.com:

Join over 10 million people using Crypto.com: the easiest place to buy, earn, and spend over 150 cryptocurrencies.

New users enjoy zero credit card fees on crypto purchases in their first 30 days.

With Crypto.com Earn, you can get industry-leading interest rates of up to 8.5% on over 40 coins, including Bitcoin and earn up to 14% on stablecoins.

With the Crypto.com Visa Card, you can spend your crypto anywhere. Enjoy up to 8% cashback instantly, plus 100% rebates for your Netflix, Spotify, and Amazon Prime subscriptions, and zero annual fees!

Download the Crypto.com App and get $25 with the code “LAURA” – link in the description.

Nodle:

The Nodle Cash App makes earning crypto on your smartphone as easy as turning on your bluetooth. Nodle Cash is private, secure, and available on IOS and Android. Visit nodle.io/cash to start earning.

Laura Shin:

Back to my conversation with Tor. So as I alluded to earlier, there are only 50 Secret nodes in the active validator set. And I wondered, could that be another security failure? And I realized in Secret, it’s not the 51% attack, it’s the 52% attack.

Tor Bair:

For us, the way that it works right now is that there’s 50 nodes that are considered to be in the active set, meaning they can produce and sign the next block on the network. That’s actually managed through governance. That can be increased. And with the upcoming supernova upgrade, that’s actually one of the things that’s most actively being discussed in on-chain governance, is should the cap be raised? And the idea is over time, that’s progressive decentralization. That’s the approach a lot of projects will take. it’s not 50 nodes being operated by a single entity. These are 50 independent entities that have to participate in governance to make these sort of decisions on behalf of the network. And we have about, I think the current number is like 20,000 delegators or something like that in the network who are actively voting.

And these are not one person with 20,000 accounts. These are real users. So it’s a very decentralized governance methodology for people to say, okay, well, it’s time to raise the cap. And it’s time to decentralize. And supernova gives us some confidence that we’re ready to take that step as a network. And then we can raise the cap even further 70, 80, 100 nodes. Over time, the idea is this improves. There’s also like side chain and second layer solutions that could be even more decentralized, but we still treat this as the base layer of the network. Right? All of these are possibilities in the future, just like Ethereum is getting its own L2 solutions. Very easily, so could Secret. And with IBC, which is this interoperability protocol that exists in the Cosmos universe. Now actually a lot of these chains will be using each other as like second layers for security, and second layers for computations. Like it becomes sort of like a mesh network of blockchains. So it’s really exciting to see this evolve. To date, this is not really something that we’ve seen working in practice. All of this is highly experimental. But you know, some of the biggest blockchains in the world have an even more centralized model than this, right? Like Binance Smart Chain has like 20 validators or something like that. And that’s one of the blockchains in the world that secures the most value. There’s other networks where they have very centralized models for bridging between chains. Like at some degree, at every point in some network stack, the way that things look today, everything is centralized. Everything has points of failure, everything of his points of decentralization.

For us 50, is actually quite a lot for what we’re asking the network to do, especially since they’re operated by independent entities and permissionlessly managed by the network. When you hear 50, and you’re an end-user, it doesn’t sound as decentralized as it could be. And that’s what we’re working towards, is continuing to decentralize the network. But as we said, decentralization always has a trade off with performance, has a trade off with cost, has a trade-off with security. And as we expand the nodes in the network, like you have to be very cautious and cognizant of those costs. But if you are, I think as a community, as an ecosystem, people will make good decisions about what the network is ready to actually support.

Laura Shin:

So it sounds like we may see an increase sometime soon, but generally over time you will try to increase that number based on the performance of the technology.

Tor Bair:

To be clear, anybody can still operate a note in the network and operate a full node in the network. It’s just the 50 nodes that have the highest stake in the network are in the active set and can actually process the blocks and thus earn the rewards. So like other proof of stake networks, there is an incentive to have nodes and attract delegations and self delegate your own coins just to increase network security, because that increases the costs of attacking a proof of stake network, to have a lot of the stake in the network distributed and bonded. That’s the security property that matters the most for proof of stake network, is that level of decentralization, and having a high number of the available supply of the coin, actually be staked and not moving and locked up for like a certain period. For us it’s a 21 day period of bonding and the network, if you choose to unstake, that’s how long it takes to stop. These security properties are really essential for convincing developers this network is something you can rely on for your own applications. So that’s the other trade-off to consider here is this is a delegated proof of state network. It incentivizes new nodes to join the network, attract delegations, increase the bonded rate. And that just becomes part of the economic game theory that helps create the security for the network.

Laura Shin:

So let’s now talk about DeFi. Obviously that has been something that has taken off on Ethereum, but is probably restricted a little bit by fees and scaling there. But on something like Secret where there’s this added feature of privacy, what are new types of DeFi transactions or smart contracts or protocols that are possible in Secret that would not be possible on Ethereum or another public blockchain?

Tor Bair:

So with Secret, the big thing that we think about it, I guess for DeFi, one major thing is front running, which again gets a little technical, but I think people listening to the show has probably heard this term before. the idea that miners on Ethereum and other public by default blockchains, they effectively can see the future. They see what the transactions are going to be, before those transactions actually come to be. And there’s this concept of miner extractable value, that the miners, the block producers in the network are always able to capture value from the applications built on the network because of that ability to see the future. And in DeFi, I think there’s been some calculations done. I think it’s gone well into the billions of value that has been extracted by miners. And it’s a huge cost. I might also make the argument that it’s somewhat not legal in the real world to be a front runner, to actually front-run transactions on the chain.

And what does it mean that a miner even has the capability to do that? Is that compliant if a miner can front-run transactions in the network? So one of the things that you get with DeFi applications built on Secret network is this idea of front running resistance by default. Because the validators in the network can’t see the interactions coming in for them to process. They can’t see them because they’re encrypted. They get decrypted only inside the enclave. So effectively the nodes don’t know what’s happening until they’ve already done it. And that means they don’t see the future anymore. So they can’t do all these sort of injection attacks where they can put their own transaction ahead of yours or the sandwich attacks or any of these things in the Ethereum ecosystem that people are solving through very complex and very centralized means of solving these issues.

You sort of get that resistance by default in the Secret universe. So that’s one aspect, and that happens at the protocol level. So any DeFi application built on the network benefits from that property. But the other thing that you get is you do get privacy for the input data and output data of the applications. So for, if you wanted to build a dark pool application, which this is a massive application in the real world, even though it sounds kind of nefarious, this is actually driving trillions of dollars of economic value around the world. If you work in a major bank, you know dark pools are a big deal. But even in the blockchain world, if you were to have a dark pool application, really what that means is you can transact with people, but the orders are not always public.

Transactions will just sort of happen when there’s two orders that are sort of matched against each other, but you don’t have a public order book. You can build those types of private applications on Secret network quite easily because of the programmable privacy controls. But it begs the question of, well, if everything is private DeFi, I don’t know if you were going here, but how compliant is that really going to be? My answer to that is always that actually the programmability of privacy is the solution to that. Because what you could do is build an application on Secret where you white list addresses. There is some sort of off-chain verification that needs to occur to say, this is a compliant entity that’s now interacting with this dark pool. We know that this is a bank. So they’re using this dark pool application, but you still can’t see the orders.

The data is private, but the identities of the people participating in the system are known. So now you have compliant DeFi, that’s decentralized, but you don’t need to make everything public in order to use it. There needs to be a balance between auditability and accountability that you can get from like that whitelisting process and being able to protect the security of the applications themselves and the security of the data in order for this to be usable either by institutions or by like retail users, that’s kind of essential. And only with the added flexibility of programmable privacy, can you build those types of applications. Otherwise the choice on Ethereum,is the same choice for everyone, expose everything or don’t build it at all. And to me, that’s no choice that’s, that’s just restrictions.

Laura Shin:

That’s so fascinating when you were describing that, I immediately realized that there’s an opportunity there for something to be built somewhat similar to what Paxos is building, where they’re doing that enterprise blockchain for different financial players to trade stocks and have a lower settlement time. But this I think would be something that then you wouldn’t have to have a company necessarily at the center that was managing it all. So, sounds like a business opportunity for somebody out there.

Tor Bair:

We would love for people to build these types of things on Secret. Because again, we’re trying to do this the web3 way. I’m using finger quotes for those listening on audio-only. The web three-way being more decentralized, more permissionless, more end-user access, anybody can run a node, deploy a contract. There’s a lot of ways to solve a lot of privacy issues if you gate it, if you put it inside a fully permissioned chain, right? Like to me, I say permissioned to versus permissionless, because private versus public is a little misleading. Secret is a permissionless network, but it has privacy. And if you build a permissioned blockchain that only certain people can use, only certain people can read, a lot of those use cases, I personally feel, are better served with some sort of other sort of distributed database technology.

Why use a blockchain? Why put a coin on it? But you know, those are really valuable use cases, but the same way that institutions are starting to lean towards the public Ethereum chain for actually building and deploying their applications and participating in governance on Ethereum, as opposed to like really chasing down a lot of these enterprise ledgers, that’s been our thesis all along. We just also think that privacy should exist in that web3 world. Not only in the permissioned chain world. We’re trying to be that center of that Venn diagram. And I ultimately, I think enterprises, institutions will understand what that means for them. They will choose the web3 solution. They won’t choose the total walled garden when they realize that these types of applications really are possible on a permissionless chain.

Laura Shin:

We’ll have to see what timeframe that happens on or if at all. So another thing that you and I had previously discussed was NFTs on Secret. And I’m curious to hear you describe how NFTs on Secret would be different. And then I have a question for you after that.

Tor Bair:

Of course. So NFTs on Secret. It’s not just a hypothetical, right? Like everything we’re describing now, this is not some day on Secret. Like Secret has been on the mainnet for about a year and a half with privacy-preserving contracts for about 13 months. So I probably should have emphasized a little more strongly that we’re having this conversation because these aren’t hypotheticals, because the technology does exist and people are using it. So we do have DeFi applications built on Secret. We do have AMMS and DEXs built on Secret. We have a lending platform being built. We have a stablecoin being built on Secret all with these front running resistance and privacy-preserving properties. So similarly, with NFTs, this exists, you can deploy NFTs on Secret. Just like you can deploy an NFT on Ethereum, just like you can deploy an NFT on Solana.

But as we talked about with the DeFi side, yes, things work a little differently on Secret, but in a way tha

Tags
2021 Shows Unchained Blockchain Crypto Defi Nfts Privacy Secret network