Lines

A Privacy Sidechain for All Polkadot & Kusama Chains

Project UpdateMarch 21, 2023
New image

Integritee has developed TEE-validated L2 sidechains and has demonstrated private transactions based on its SDK in Q1 2022. One year has passed and we are now close to providing this technology to all substrate-based L1 chains, as well as to the Polkadot and Kusama relay chains — without the need to change one line of code on L1 runtimes.

The Dotsama ecosystem is highly transparent nowadays. The information, who is transacting with whom and how much, who you nominate, how you vote, and whom you elect to the council is publicly visible to anyone. While this does have its advantages when it comes to accountability, it is not a sound setup for everyday actions.

The inherent linkability of everything that happens on transparent blockchains prohibits a wide range of use cases — or would you really want to disclose personal identity attributes on i.e. KILT in order to gain access to a certain service, if you know that this information can be linked back to your original DOT presale participation and trading history? Or your votes on a controversial topic on any other parachain, linkable through XCM? Follow the money and you’ll be able to retrieve a lot of personal sensitive information way beyond token balances.

Because of transaction fees, you can’t just start with a new account out of nothing. You need a minimum amount of tokens in order to get active on Dotsama chains — and most blockchains in general. This means you have to send funds from an existing account to your new one. Thereby, you’re linking all future events back to that original account with very weak deniability. You can use centralized exchanges to make it harder to link both of your accounts by following the money. But the linkable information then resides on that exchanges’ servers and is subject to arbitrary access by law enforcement or, occasionally, hackers.

As we will show in this article, Integritee is not opposed to adequate law enforcement insight. On the contrary: a possible future solution could be a system where the balance between maximum privacy and full insight for law enforcement is a matter of on-chain governance, selectively per account and information in question.

How it works

Alice would like to transfer funds from her account to Bob’s privately. She sends tokens to the sidechain’s vault account. The sidechain’s light client will subscribe to all transfers to its vault account and will endow the sender’s account with the amount received. Then, Alice can trigger all kinds of transactions on L2. In our example, she directly transfers tokens from her shielded account to Bob’s. Bob can then trigger unshielded tokens to his L1 account. After this process, there is no way to directly link information on L1.

In order to gain practical unlinkability, one has to avoid the linkability of amounts or timing of the process. Mixers can be used to hide the exact time and amount of transfers. This means that the degree of privacy enhancement depends on the number of users that are simultaneously active on our sidechain. The more users sending similar amounts, the better the k-anonymity.

Thanks to the Trusted Execution Environments (TEE) technology, not even the operators of the sidechain “validateers” can learn anything about L2 transactions on our sidechains. Validateers are Integritee’s own validators operating our second-layer sidechains — the block production and validation happen inside TEEs. This means validateers can trust each other and the consensus protocol is greatly simplified.

What is the role of the Integritee Network parachain in this use case?

Sidechain blocks are produced by validateers, asynchronously to layer one at a higher block rate. Despite the TEEs’ integrity guarantees, these blocks are not yet final because forks on the sidechain can still happen. Every sidechain block hash is anchored to the layer one blockchain and gets finalized on layer one with the block that includes its anchoring extrinsic.

Our sidechains support multiple validateers operating within TEEs, a hardware-encrypted area of a CPU securing data in use. The added value of our sidechains is that once verified, all validators can trust each other, thus enabling sub-second block times with up to 2,000 TPS on each sidechain. In combination, this provides a cumulative capacity of up to 1 million TPS over the entire Integritee Network for well-shardable use cases.

Computations done inside TEEs can be independent and isolated from the mainnet, providing developers with a set of attractive benefits: scalability, confidentiality, and independent economics on L2. If you’re interested in knowing more about our sidechains and their features, check out this article.

Do you need TEER tokens to use the privacy sidechain?

Sidechain validateer operators will pay fees for remote attestation and sidechain finality in TEER on the Integritee Network. The Integritee network treasury may, subject to its governance, offer TEER grants to common good validateer operators. The end users, on the other hand, need not care about TEER because our sidechains will use the native token of the target L1 as their native token, which is needed to pay fees on L2 (KSM in the case of Statemine). This greatly simplifies UX while still ensuring economic viability for sidechain operators.

Remote Attestation

Essential when deploying Trusted Execution Environments (TEEs), remote attestation is the process of authenticating the TEE and signing a report confirming its genuineness — it basically tells you that what’s running inside the secure environment is, in fact, what you intended.

This process also confirms the hash of the binary that the secured environment is executing. Such a report also includes the TEE’s public signing key, so we can rest assured that we are truly talking to the right TEE by verifying its signature. Remote attestation provides verification for three things: (1) the application’s fingerprint, (2) its integrity (that it has not been tampered with), and (3) that it is running securely within a genuine machine.

Integritee decouples this process from the TEE manufacturer, in our case Intel for the time being, such that no Intel attestation services are needed and the validation happens in a decentralized manner.

Reasonable Privacy vs. Law Enforcement Access

We aim to provide reasonable privacy for web3 users, but we are not interested in protecting and fostering criminal activity. That is why we plan to allow selective disclosure of data under well-defined circumstances. But who should decide who shall be granted access to sensitive data? Should there be a democratic vote for each request? One person-one-vote or token weighted? Should there be representative powers like judges and the police, represented by well-known accounts? And if so, from what national jurisdiction should they originate? Should they be granted X inquiries per day and subscriptions to a maximum of Y accounts to make sure the surveillance is limited?

These questions are beyond our pay grade and competence. We can just provide the tech to implement, what the community will request. And here comes the power of general-purpose TEEs: in contrast to pure cryptography like ZKP, TEEs can be programmed to be compliant with regulations — while still providing a reasonable amount of privacy for the masses.

Any insight authorization will be restricted: Integritee sidechains prune blocks after a short period of time. Therefore, historical queries are not easily possible a posteriori — by design. What is technically possible, is:

  • Authorized queries of the actual state of the sidechain
  • Authorized disclosure of transactions in the current block (i.e. involving a certain account)
  • Authorized subscriptions for account activity

Roadmap

We will start with a pilot deployment on Statemine, Kusama’s common-good hub for tokenized assets of many kinds. As soon as we have a stable and well-tested deployment, our sidechain shall be deployed for Statemint on Polkadot as well.

Pilot 1: Battle-Test the Basics

The first incarnation will be a functional sidechain for transactions of KSM tokens only. No privacy will be available at this stage. In order to foster trust in our technology, we will start with a transparent deployment that allows all users to query the inner workings of the sidechain. This also allows us to rescue funds based on balance snapshots if necessary.

Moreover, we will only allow to shield limited amounts. This is a precaution in the beta phase against both loss and legal issues. Limits are set high enough to endow accounts and be active, but low enough to hinder money laundering once we switch on privacy.

From a user perspective, we will only offer a command line client for power users at this stage.

Pilot 2: Some Privacy

We will switch to a first privacy-enhancing mode. From now on you can only query your own account’s state along with some public information like sidechain block height.

Pilot 3: Better Privacy. More Assets. Better UX

In order to protect privacy further, we will provide tooling to assist mixing to obscure the trail left by amounts and timing from shielding to unshielding.

At this stage, we will open our sidechain to all fungible assets on Statemine. This means you will be able to transact stablecoins as well as all other tokens on Kusama and Polkadot parachains that are available on Statemint/e.

Our sidechain API will be compatible with js/api json-rpc at this point and integrate well with established wallets. This may involve that we upstream our authentication procedure for queries, so we will be looking for collaborations to make private transactions as smooth as can be.

Pilot 4: Enabling Law Enforcement Access

We shall allow law enforcement to request selective disclosure of certain data concerning certain accounts. A governance process needs to be specified that ensures due audit of such requests. We will seek community feedback as well as legal opinions on the requirements for compliance. After these questions are clarified, we may be able to lift amount limits for shielding transactions.

Outlook

While we will focus on Statemine and Statemint, our technology can be adopted by any substrate chain to get a private L2. There is no reason why our sidechains couldn’t also provide an L2 to Bitcoin and Ethereum, they could even host EVM or WASM smart contracts, as we have demonstrated with a PoC.

A Common Good

Integritee aims to let anyone use our technology and even operate competing sidechains in parallel. Our implementation will be open source under the Apache 2 license. Our sidechains will allow anyone to run a validateer who can pass remote attestation. For the best possible user experience, transaction fees on our sidechains will by default be payable in the target L1’s native token. Any parachain in the Dotsama ecosystem can deploy sidechains on their own.

As this technology can benefit the users of any para- or relay chain without requiring them to hold and pay TEER, we consider it a common good and we will seek treasury funding from Kusama and/or Polkadot, as highlighted in this Polkassembly post.

You Might Also Like

New image
Project UpdateMarch 19, 2024

DEXs: The What, The Why & The How of Decentralized Exchanges

New image
Project UpdateMarch 05, 2024

Monthly Wrap-Up February 2024: Crowdloan, Governance and Treasury

New image
Project UpdateFebruary 05, 2024

Monthly Wrap-Up January 2024: Launching the Incognitee Testnet, Winning a Hackernoon Award & Much More!

New image
Project UpdateFebruary 02, 2024

Polkadot Crowdloan: Campaign Kicks Off on February 7th!

New image
Project UpdateJanuary 30, 2024

2023 at Integritee: Product Releases, Partnerships, a Privacy Sidechain & Much More

New image
Project UpdateJanuary 19, 2024

OLI Systems Releases Research Paper about a DLT-Based Local Energy Market Model

New image
Project UpdateJanuary 05, 2024

Monthly Wrap-Up December 2023: New Products, Fresh Content & More

New image
Project UpdateJanuary 03, 2024

2023 Integritee Content: Giving Back to Our Community

New image
Product UpdateDecember 11, 2023

Unlocking Privacy in Transfers: The Power of Integritee’s Private Sidechain Model

New image
Project UpdateDecember 05, 2023

Monthly Wrap-Up November 2023: New Content, TEER Recover & Tech Updates

New image
Project UpdateNovember 06, 2023

Monthly Wrap-Up October 2023: Joining an Accelerator Program, Launching the New Website, Educational Content & More!

New image
Project UpdateOctober 06, 2023

Monthly Wrap-Up September 2023: Winning an Award, Talking at Sub0, Partnering with OVH & More!

New image
Project UpdateSeptember 27, 2023

OVH Releases Whitepaper on How Integritee Is Re-Inventing Blockchain Security & Confidentiality Using Intel SGX Technology & OVHcloud

New image
Project UpdateSeptember 04, 2023

Monthly Wrap-Up August 2023: Launching the Attesteer, Encointer’s PoP Badge & More

New image
Product UpdateAugust 30, 2023

Launching Integritee’s Attesteer

New image
Project UpdateAugust 08, 2023

Monthly Wrap-Up July 2023: Video Releases, Tech Updates & More

New image
Project UpdateJuly 06, 2023

Monthly Wrap-Up June 2023: Polkadot Decoded, New Add-Ons and More

New image
Project UpdateJune 06, 2023

Monthly Wrap-Up May 2023: Governance Platform Launch, New Environments and More

New image
NewsMay 09, 2023

Integritee Launches New Governance Platform with Polkassembly

New image
Project UpdateMay 04, 2023

Monthly Wrap-Up April 2023: Tech Upgrades, Partnerships & Upcoming News

New image
Project UpdateApril 06, 2023

Monthly Wrap-Up March 2023: Product Releases, a Privacy Sidechain & More

New image
Project UpdateApril 04, 2023

Securitee & enclaive Team Up to Offer Ready-To-Use TEE-Secured Solutions

New image
Product UpdateMarch 30, 2023

Securitee Launches Confidential Computing Platform to Protect Data in Use

New image
Product UpdateMarch 23, 2023

Introducing Integritee’s Teeracle: A Framework to Build TEE-Based Oracles

New image
Project UpdateMarch 06, 2023

Monthly Wrap-Up February 2023: Launching Roadmap, Partnerships and More!

New image
NewsMarch 03, 2023

SDK v0.11.0: Increased Performance and Faster Processes

New image
NewsFebruary 21, 2023

OLI Systems Develops Innovative Energy Market Place by Building on Integritee

New image
Project UpdateFebruary 09, 2023

Integritee Network: Roadmap 2023

New image
Project UpdateFebruary 06, 2023

Monthly Wrap-Up January 2023: Slot Swap, Davos Touchdown and Much More

New image
Project UpdateJanuary 03, 2023

Community Updates: Discord, Twitter Raids & More

New image
Project UpdateJanuary 03, 2023

2022 at Integritee: Winning Parachains, Hosting Events, Integrating with Projects & Much More

New image
Project UpdateDecember 01, 2022

Monthly Wrap-Up November 2022: Lisbon Happenings, Bifrost Integration & More

New image
Project UpdateNovember 16, 2022

XCM Integration of Integritee and Bifrost Completed

New image
Project UpdateNovember 14, 2022

Integritee Welcomes Sergei Medvedev as New Advisory Board Member

New image
Project UpdateNovember 10, 2022

Monthly Wrap-Up October 2022: Travels, Interviews, Tech Updates & More

New image
Project UpdateOctober 06, 2022

Monthly Wrap-Up September 2022: Integritee SDK Release, Token2049 & More

New image
Project UpdateSeptember 20, 2022

Integritee & Securitee: Connecting the Dots

New image
Project UpdateSeptember 08, 2022

Integritee’s SDK: A New Era of Web3 Application Building

New image
Project UpdateSeptember 05, 2022

Monthly Wrap-Up August 2022

New image
Project UpdateAugust 30, 2022

Integritee Sidechain Performance Benchmark

New image
Project UpdateAugust 24, 2022

Integritee & Crust Team Up for Publicly Verifiable Decentralized Content Storage

New image
Project UpdateAugust 23, 2022

Integritee’s Polkadot Crowdloan

New image
Project UpdateAugust 03, 2022

Monthly Wrap-Up July 2022: Winning a Slot on Polkadot, Integrating with Karura & Much More

New image
Industry InsightsJuly 27, 2022

From Web 2.0 to Web3: A Step Forward

New image
Project UpdateJuly 18, 2022

Polkadot: The Next Step in Integritee’s Growth and Development

New image
Project UpdateJuly 13, 2022

Integritee Rewards Structure: Early Birds, Loyal Followers, Family, Friends, and More!

New image
Project UpdateJuly 11, 2022

The Integritee Polkadot Crowdloan Campaign Starts Today!

New image
Industry InsightsJuly 07, 2022

XCM Integration: What Is It and How Does It Work?

New image
Project UpdateJuly 05, 2022

Monthly Wrap-Up June 2022: Kraken listing, Talking at Polkadot Decoded & More!

New image
Project UpdateJuly 01, 2022

XCM integration of Integritee & Moonriver Completed

New image
Industry InsightsJune 20, 2022

Here’s What You Need to Know About XCM Integration on Polkadot

New image
Project UpdateJune 09, 2022

Integritee Completes 2 Key Milestones Towards Decentralization

New image
Project UpdateJune 03, 2022

Monthly Wrap-Up May 2022: Decentralization, International Events, Virtual Worlds & Much More

New image
Project UpdateMay 26, 2022

The Complete Guide to TEER Tokens

New image
Industry InsightsMay 16, 2022

How Integritee combines the benefits of Web2 and Web3 technologies

New image
Project UpdateMay 11, 2022

Sidechain 101: What are sidechains and why do we need them on Polkadot?

New image
Project UpdateMay 03, 2022

Monthly Wrap-Up April 2022: Networking, Technical Updates and Business Growth

New image
Project UpdateApril 07, 2022

Monthly Wrap-Up March 2022: Migrating to Kusama & Building Our Community

New image
Project UpdateApril 05, 2022

Update On Integritee Parachain Migration

New image
Project UpdateApril 01, 2022

What Should Integritee Present at Polkadot Decoded 2022? You Decide.

New image
Project UpdateMarch 22, 2022

TEE Time with Integritee

New image
Industry InsightsMarch 08, 2022

Event Series: Learn How Integritee Is Taking Gaming to the Next Level With Ajuna

New image
Project UpdateMarch 02, 2022

Monthly Wrap-Up February 2022: A New Listing, Sidechains & Other Updates

New image
Industry InsightsFebruary 23, 2022

TEE 101: How Intel SGX works and why we use it at Integritee

New image
Project UpdateFebruary 17, 2022

After the Crowdloan: What’s Happening Next

New image
Project UpdateFebruary 10, 2022

Integritee Achieves Feature-Complete Sidechains

Lines