Integritee has developed TEE-validated L2 sidechains and has demonstrated private transactions based on its SDK in Q1 2022. One year has passed and we are now close to providing this technology to all substrate-based L1 chains, as well as to the Polkadot and Kusama relay chains — without the need to change one line of code on L1 runtimes.
The Dotsama ecosystem is highly transparent nowadays. The information, who is transacting with whom and how much, who you nominate, how you vote, and whom you elect to the council is publicly visible to anyone. While this does have its advantages when it comes to accountability, it is not a sound setup for everyday actions.
The inherent linkability of everything that happens on transparent blockchains prohibits a wide range of use cases — or would you really want to disclose personal identity attributes on i.e. KILT in order to gain access to a certain service, if you know that this information can be linked back to your original DOT presale participation and trading history? Or your votes on a controversial topic on any other parachain, linkable through XCM? Follow the money and you’ll be able to retrieve a lot of personal sensitive information way beyond token balances.
Because of transaction fees, you can’t just start with a new account out of nothing. You need a minimum amount of tokens in order to get active on Dotsama chains — and most blockchains in general. This means you have to send funds from an existing account to your new one. Thereby, you’re linking all future events back to that original account with very weak deniability. You can use centralized exchanges to make it harder to link both of your accounts by following the money. But the linkable information then resides on that exchanges’ servers and is subject to arbitrary access by law enforcement or, occasionally, hackers.
As we will show in this article, Integritee is not opposed to adequate law enforcement insight. On the contrary: a possible future solution could be a system where the balance between maximum privacy and full insight for law enforcement is a matter of on-chain governance, selectively per account and information in question.
Alice would like to transfer funds from her account to Bob’s privately. She sends tokens to the sidechain’s vault account. The sidechain’s light client will subscribe to all transfers to its vault account and will endow the sender’s account with the amount received. Then, Alice can trigger all kinds of transactions on L2. In our example, she directly transfers tokens from her shielded account to Bob’s. Bob can then trigger unshielded tokens to his L1 account. After this process, there is no way to directly link information on L1.
In order to gain practical unlinkability, one has to avoid the linkability of amounts or timing of the process. Mixers can be used to hide the exact time and amount of transfers. This means that the degree of privacy enhancement depends on the number of users that are simultaneously active on our sidechain. The more users sending similar amounts, the better the k-anonymity.
Thanks to the Trusted Execution Environments (TEE) technology, not even the operators of the sidechain “validateers” can learn anything about L2 transactions on our sidechains. Validateers are Integritee’s own validators operating our second-layer sidechains — the block production and validation happen inside TEEs. This means validateers can trust each other and the consensus protocol is greatly simplified.
Sidechain blocks are produced by validateers, asynchronously to layer one at a higher block rate. Despite the TEEs’ integrity guarantees, these blocks are not yet final because forks on the sidechain can still happen. Every sidechain block hash is anchored to the layer one blockchain and gets finalized on layer one with the block that includes its anchoring extrinsic.
Our sidechains support multiple validateers operating within TEEs, a hardware-encrypted area of a CPU securing data in use. The added value of our sidechains is that once verified, all validators can trust each other, thus enabling sub-second block times with up to 2,000 TPS on each sidechain. In combination, this provides a cumulative capacity of up to 1 million TPS over the entire Integritee Network for well-shardable use cases.
Computations done inside TEEs can be independent and isolated from the mainnet, providing developers with a set of attractive benefits: scalability, confidentiality, and independent economics on L2. If you’re interested in knowing more about our sidechains and their features, check out this article.
Sidechain validateer operators will pay fees for remote attestation and sidechain finality in TEER on the Integritee Network. The Integritee network treasury may, subject to its governance, offer TEER grants to common good validateer operators. The end users, on the other hand, need not care about TEER because our sidechains will use the native token of the target L1 as their native token, which is needed to pay fees on L2 (KSM in the case of Statemine). This greatly simplifies UX while still ensuring economic viability for sidechain operators.
Essential when deploying Trusted Execution Environments (TEEs), remote attestation is the process of authenticating the TEE and signing a report confirming its genuineness — it basically tells you that what’s running inside the secure environment is, in fact, what you intended.
This process also confirms the hash of the binary that the secured environment is executing. Such a report also includes the TEE’s public signing key, so we can rest assured that we are truly talking to the right TEE by verifying its signature. Remote attestation provides verification for three things: (1) the application’s fingerprint, (2) its integrity (that it has not been tampered with), and (3) that it is running securely within a genuine machine.
Integritee decouples this process from the TEE manufacturer, in our case Intel for the time being, such that no Intel attestation services are needed and the validation happens in a decentralized manner.
We aim to provide reasonable privacy for web3 users, but we are not interested in protecting and fostering criminal activity. That is why we plan to allow selective disclosure of data under well-defined circumstances. But who should decide who shall be granted access to sensitive data? Should there be a democratic vote for each request? One person-one-vote or token weighted? Should there be representative powers like judges and the police, represented by well-known accounts? And if so, from what national jurisdiction should they originate? Should they be granted X inquiries per day and subscriptions to a maximum of Y accounts to make sure the surveillance is limited?
These questions are beyond our pay grade and competence. We can just provide the tech to implement, what the community will request. And here comes the power of general-purpose TEEs: in contrast to pure cryptography like ZKP, TEEs can be programmed to be compliant with regulations — while still providing a reasonable amount of privacy for the masses.
Any insight authorization will be restricted: Integritee sidechains prune blocks after a short period of time. Therefore, historical queries are not easily possible a posteriori — by design. What is technically possible, is:
We will start with a pilot deployment on Statemine, Kusama’s common-good hub for tokenized assets of many kinds. As soon as we have a stable and well-tested deployment, our sidechain shall be deployed for Statemint on Polkadot as well.
The first incarnation will be a functional sidechain for transactions of KSM tokens only. No privacy will be available at this stage. In order to foster trust in our technology, we will start with a transparent deployment that allows all users to query the inner workings of the sidechain. This also allows us to rescue funds based on balance snapshots if necessary.
Moreover, we will only allow to shield limited amounts. This is a precaution in the beta phase against both loss and legal issues. Limits are set high enough to endow accounts and be active, but low enough to hinder money laundering once we switch on privacy.
From a user perspective, we will only offer a command line client for power users at this stage.
We will switch to a first privacy-enhancing mode. From now on you can only query your own account’s state along with some public information like sidechain block height.
In order to protect privacy further, we will provide tooling to assist mixing to obscure the trail left by amounts and timing from shielding to unshielding.
At this stage, we will open our sidechain to all fungible assets on Statemine. This means you will be able to transact stablecoins as well as all other tokens on Kusama and Polkadot parachains that are available on Statemint/e.
Our sidechain API will be compatible with js/api json-rpc at this point and integrate well with established wallets. This may involve that we upstream our authentication procedure for queries, so we will be looking for collaborations to make private transactions as smooth as can be.
We shall allow law enforcement to request selective disclosure of certain data concerning certain accounts. A governance process needs to be specified that ensures due audit of such requests. We will seek community feedback as well as legal opinions on the requirements for compliance. After these questions are clarified, we may be able to lift amount limits for shielding transactions.
While we will focus on Statemine and Statemint, our technology can be adopted by any substrate chain to get a private L2. There is no reason why our sidechains couldn’t also provide an L2 to Bitcoin and Ethereum, they could even host EVM or WASM smart contracts, as we have demonstrated with a PoC.
Integritee aims to let anyone use our technology and even operate competing sidechains in parallel. Our implementation will be open source under the Apache 2 license. Our sidechains will allow anyone to run a validateer who can pass remote attestation. For the best possible user experience, transaction fees on our sidechains will by default be payable in the target L1’s native token. Any parachain in the Dotsama ecosystem can deploy sidechains on their own.
As this technology can benefit the users of any para- or relay chain without requiring them to hold and pay TEER, we consider it a common good and we will seek treasury funding from Kusama and/or Polkadot, as highlighted in this Polkassembly post.
Bear With Us: Blockchain Technology is Still Relevant, Even when Crypto Declines
Series 2 – The Integritee Network | Episode 4 – Integritee Sidechains
The Imperative for Privacy in Blockchain: TEEs & Privacy-Preserving Software
Series 2 – The Integritee Network | Episode 3 – Integritee Technology
Monthly Wrap-Up October 2023: Joining an Accelerator Program, Launching the New Website, Educational Content & More!
Series 2 – The Integritee Network | Episode 2 – Integritee Architecture & Components
How Blockchain is Benefiting Numerous Industries: From Sustainability to Brand Quality Control
KYC in Web3: How DiD is Saving the Day for Projects & Companies
Series 2 – The Integritee Network | Episode 1 – Introducing Integritee
Monthly Wrap-Up September 2023: Winning an Award, Talking at Sub0, Partnering with OVH & More!
Series 1 – All you need to know about TEEs | Episode 6 – TEE Limitations
OVH Releases Whitepaper on How Integritee Is Re-Inventing Blockchain Security & Confidentiality Using Intel SGX Technology & OVHcloud
Series 1 – All you need to know about TEEs | Episode 5 – TEE Principles & Threat Models
Monthly Wrap-Up August 2023: Launching the Attesteer, Encointer’s PoP Badge & More
Series 1 – All you need to know about TEEs | Episode 4 – TEE Application Development
Launching Integritee’s Attesteer
Series 1 – All you need to know about TEEs | Episode 3 – TEE Technologies
DAOs: How Fair can Decision-Making be and Why is Private Voting Essential?
Monthly Wrap-Up July 2023: Video Releases, Tech Updates & More
Series 1 – All you need to know about TEEs | Episode 2 – TEE Use Cases
Monthly Wrap-Up June 2023: Polkadot Decoded, New Add-Ons and More
Integritee’s Teeracle Available on the Securitee Platform as an Add-On
Monthly Wrap-Up May 2023: Governance Platform Launch, New Environments and More
Integritee Launches New Governance Platform with Polkassembly
Monthly Wrap-Up April 2023: Tech Upgrades, Partnerships & Upcoming News
Monthly Wrap-Up March 2023: Product Releases, a Privacy Sidechain & More
Securitee & enclaive Team Up to Offer Ready-To-Use TEE-Secured Solutions
Securitee Launches Confidential Computing Platform to Protect Data in Use
Introducing Integritee’s Teeracle: A Framework to Build TEE-Based Oracles
Monthly Wrap-Up February 2023: Launching Roadmap, Partnerships and More!
SDK v0.11.0: Increased Performance and Faster Processes
OLI Systems Develops Innovative Energy Market Place by Building on Integritee
Integritee Network: Roadmap 2023
Monthly Wrap-Up January 2023: Slot Swap, Davos Touchdown and Much More
Community Updates: Discord, Twitter Raids & More
2022 at Integritee: Winning Parachains, Hosting Events, Integrating with Projects & Much More
Monthly Wrap-Up November 2022: Lisbon Happenings, Bifrost Integration & More
XCM Integration of Integritee and Bifrost Completed
Integritee Welcomes Sergei Medvedev as New Advisory Board Member
Monthly Wrap-Up October 2022: Travels, Interviews, Tech Updates & More
Monthly Wrap-Up September 2022: Integritee SDK Release, Token2049 & More
Integritee & Securitee: Connecting the Dots
Integritee’s SDK: A New Era of Web3 Application Building
Monthly Wrap-Up August 2022
Integritee Sidechain Performance Benchmark
Integritee & Crust Team Up for Publicly Verifiable Decentralized Content Storage
Integritee’s Polkadot Crowdloan
Monthly Wrap-Up July 2022: Winning a Slot on Polkadot, Integrating with Karura & Much More
From Web 2.0 to Web3: A Step Forward
Polkadot: The Next Step in Integritee’s Growth and Development
Integritee Rewards Structure: Early Birds, Loyal Followers, Family, Friends, and More!
The Integritee Polkadot Crowdloan Campaign Starts Today!
XCM Integration: What Is It and How Does It Work?
Monthly Wrap-Up June 2022: Kraken listing, Talking at Polkadot Decoded & More!
XCM integration of Integritee & Moonriver Completed
Here’s What You Need to Know About XCM Integration on Polkadot
Integritee Completes 2 Key Milestones Towards Decentralization
Monthly Wrap-Up May 2022: Decentralization, International Events, Virtual Worlds & Much More
The Complete Guide to TEER Tokens
How Integritee combines the benefits of Web2 and Web3 technologies
Sidechain 101: What are sidechains and why do we need them on Polkadot?
Monthly Wrap-Up April 2022: Networking, Technical Updates and Business Growth
Monthly Wrap-Up March 2022: Migrating to Kusama & Building Our Community
Update On Integritee Parachain Migration
What Should Integritee Present at Polkadot Decoded 2022? You Decide.
TEE Time with Integritee
A Healthier Approach to Wearables
Event Series: Learn How Integritee Is Taking Gaming to the Next Level With Ajuna
Monthly Wrap-Up February 2022: A New Listing, Sidechains & Other Updates
TEE 101: How Intel SGX works and why we use it at Integritee
After the Crowdloan: What’s Happening Next
Integritee Achieves Feature-Complete Sidechains
Enterprise-Focused Securitee Expands Integritee’s Ecosystem
Kusama Parachain Bid – And the Slot Goes to Integritee!
Integritee Year in Review 2021: Milestones Reached, Partnerships Forged
Integritee Launches its First Web3 Oracle
Introducing the Integritee Ambassador Program
The Integritee Mainnet is Live!
All Systems Go: Mainnet, Token Sale and TEER Giveaway!
How Decentralized Networks Can Cure the Privacy Pandemic
Integritee and Fractal Team Up for Fair Data Exchange
Integritee to Collaborate with KILT Protocol for SocialKYC Authentication
Integritee Partners with Decentralized Gaming Platform Ajuna
Confidential Computing Will Secure Our Secrets in Web3
The How, Why and What of the Kusama Crowdlending