🛡️ Share confidential documents by using Secret Network - Privacy as a Service
Secret Network is introducing a groundbreaking functionality to utilize its blockchain as a service. This innovation offers new possibilities, such as the ability to execute contracts on Polygon while leveraging the privacy features of Secret Network. This approach ensures the security of a primary blockchain while harnessing the privacy capabilities of Secret Network for external computations.
In our proposal, we aimed to create a robust mechanism for securely sharing documents on the blockchain with specific recipients. This solution addresses a critical need for businesses and decentralized autonomous organizations (DAOs) seeking to share sensitive administrative and confidential data to a selected audience. Currently, the challenge lies in sharing documents on-chain while safeguarding the privacy of users. We firmly believe that Secret Network's cutting-edge technology can effectively address this use case by enabling individuals to share documents with the assurance of privacy and data encryption, thus redefining the way confidential information is shared within a blockchain ecosystem.
🤝 What our project brings
Product Input: Our project commits to providing valuable feedback on Secret Network tools and documentation. This feedback will help Secret Network refine its tools and enhance its developer resources, leading to an improved experience for all developers building on the network.
Experience Sharing: We are eager to share our Secret Network experiences and success stories, aiming to offer valuable insights and practical examples to fellow participants within the ecosystem.
Open-Source Contribution: We will create open-source code that can be readily utilized by any Dapp looking to build on Secret Network.
Increased Adoption: Our partnership with Secret Network will serve as a magnet for both users and developers, expanding the ecosystem. Through the creation of privacy-focused dApps, we aim to attract new users who highly value confidentiality and security.
❓Why
Our private file sharing system leverages Secret Network's encrypted transactions and secret contracts to enable truly confidential document sharing. Users can share files selectively with specific recipients, without publicly revealing document contents or the sharing activity. Secret Network's privacy-preserving technology allows building a file sharing solution that provides confidentiality and access control missing in public blockchains
🔑 Key Takeaway
End-to-end encryption - Documents are encrypted before being uploaded to Secret Network. The contents remain encrypted while stored on-chain, ensuring data privacy.
Selective visibility - File access can be restricted to specific recipients through secret contracts. This enables selective sharing without publicly revealing participation.
User privacy - Identities and activities of the users sharing and accessing files are obfuscated through anonymity features.
Tamper-proof records - Storing document hashes on-chain creates immutable and verifiable records of file sharing. The documents themselves remain private.
📋 Use cases
Sharing confidential documents and records within organizations - Companies can securely share private documents like contracts, financial reports, product designs etc. selectively with employees.
Medical data exchange - Healthcare providers can share medical records, scan reports, lab tests privately with specific personnel or even patients.
Legal document sharing - Law firms and clients can exchange sensitive case files, evidence, legal agreements within involved parties.
Regulatory disclosures - Financial institutions can share mandatory disclosures and reports privately with regulators.
Secure media distribution - Artists/publishers can share early media content like songs, manuscripts, and screeners with select reviewers before public release.
Anonymous whistleblowing - Whistleblowers can share confidential documents with journalists without revealing their identity.
Private snail mail - Users can share physical postal mail by uploading scans/photos privately to recipients.
Personal document archive - Individuals can store important documents like credentials, certificates privately on-chain.
💭 Technical proposal
Storage of the document
In order to store a document on the blockchain, we need to encrypt it. We can use a classical algorithm like AES-256-GCM for encryption. To use this algorithm, we need to generate and provide a key that can be used for both encryption and decryption of the document. This key will be unique per document.
The encrypted file can then be stored on the blockchain, as only the people who have access to the key can decrypt the document and read its content. There are multiple services available for storing the file. For small data information, we can think to store the content directly on Secret. However, for larger files, it can be interesting to use other services such as Arweave or IPFS. In our implementation, we will have two ways of storing the file information, first directly on secret for small data. The second implementation will be on Arweave. Of course, we will think about implementing a modular approach allowing other storage services depending of future use cases or constraints such as fees and document size limitations.
Secret Smart Contract - Storage of confidential information
On the Secret Network side, since everything is encrypted, we can store information confidentially. In our proposed use case, the file information can be broken down into three parts: the content, the encryption key, and the storage location (storage URL).
We can store the encryption key used to encrypt/decrypt the document and the link where the file is stored in the Secret smart contract. Since those information are stored privately, we can share it with other users. To control the sharing of the document, we need to control its access.
In Secret Network, we can use a Viewing Key or, eventually, a Signing Permits system to control user access.
Therefore, for storing and managing confidential information, we propose having a single Secret smart contract in our implementation. This contract will store confidential information dedicated to the file and manage its access.
Each information stored will be link to a specific key. This key will be require to access the information and it will be necessary to have it if you want to see the content of it. Given the key, we can retrieve the information on the smart contract. Here, we can get the storage URL and the encryption key stored by the owner. Also, each key, will have a metadata associated to the owner of the file. The owner will be the only one to update or revoke the information stored on chain.
Additionally, we can think about a read/write mechanism inside the smart contract where each item stored in our smart contract will be linked to a set of rights. We will have the owner, the people who can read and those who can write.
Proposition - PaaS - Create a new document
By using Secret Network as PaaS, a new user can create a request that will create a new document entry on the Smart Contract on Secret. We will call the Axelar bridge that will transfer the creation request to the Secret Smart Contract. This request will create a new entry in the Smart Contract, allowing the user to store the metadata information of the file.
When building the request, the user will generate a key for the encryption file and the associated link where the file is stored. Then, he will create a payload with those two information and he will use his private key from metamask to create a secret account. He can then build his transaction and send it using the Axelar bridge. For querying information on the Secret chain, the user can directly make a query request without having to pay fees.
When the creation request is done, the user will have in his possession a viewing key that allows him to see the information/metadata of the file. He can then prove to the Secret Smart contract that he has access to it and also have the possibility to update the information as he is the owner of the item.
Share the document with other
To share a document, a user can share a link with the document ID and the viewing key, which allows the user to retrieve the file information on the Secret Network contract.
When sharing a document, we can also think about rights that a given address could have, possibility to read or modify the content. This could be a possibility to have in our Secret smart contract.
Finally, in our proposed solution, we cannot control what the user will do with the document. If the user shares the key with others or if the user gains access to the document, decrypts it, and shares it with other people, we will not have access to it.
Decipher the document and get access to the IPFS link
To retrieve the information of the contract and gain access to the key, this can be queried directly on the Secret Network. Since it is a query, there will be no fees. We can use metamask information and SecretJS to retrieve data stored on the Secret chain.
In our proposed method, we do not want to add an additional wallet as Keplr because we believe the strength of using PaaS is to obfuscate all the blockchain interaction from the user perspective. They can rely on its security and enjoy a facilitated user experience and on-boarding.
Workflow Diagram - Create a new document
Here, we describe the workflow of a document creation. It will help us to better understanding the different steps and visualise it.
⚠️Constraints
Maintain a user-friendly and transparent interface, minimizing user interactions with wallets. Investigate the feasibility of deploying the solution via Polygon to reduce user friction.
Assess the necessity of pop-up notifications and consider the associated fees.
Discuss the technical aspects with the Secret team, especially ensuring the avoidance of any data leakage or poorly designed software/interaction.
🛫 Deliverable
Secret Smart Contract
Store any kind of file. Event file attached to an NFT can be store. The NFT will still have an IPFS link, but will need to use Secret Smart Contract to retrieve the key allowing him to decrypt it.
View the file using user generated access control (viewing key/permit)
File needs to be transferable to another EVM address, confirmation secret item is also transferred as owner required.
Contract on Secret side is a database where each item is will have some data, an owner and potentially different roles attached as editing or viewing rights.
Develop an SDK for integrating the private sharing services. (Determine the appropriate form in consultation with the Secret Network)
Create comprehensive documentation for the project.
A functional web app on testnet, where a user can interact and use our file encryption system on the EVM side. This implementation will use Metamask and use the same interface, we do not want to have multiple wallet connected to interact with our proposed implementation.
A easy guide to deploy the smart contract and the UI for other use case.
Milestone 1 - early january - beginning - Research and Design : 3.3K
Explore Secret Network tech stack and capabilities in-depth
Define requirements and scope for dApp and data sharing project
Create technical design docs covering architecture, smart contracts, frontend, etc.
Draft product requirements document
Writing docs & feedback
Milestone 2 - end January- Core Development - The PoC : 8.5k
Implement core smart contracts for dApp and access control logic
Develop backend APIs and integration with Secret Network nodes
Build frontend applications and user interfaces
Write thorough tests and audit smart contract code
Set up infrastructure and deployments
Writing docs & feedback
Milestone 3 - end February - Minimum Viable Product : 11.2k
Launch MVP version on testnet with basic functionality
Open up to community testing and feedback
Fix issues and enhance based on feedback
Hardening security and final audit (based on our knowledge)
Writing docs & feedback
💰Budget
Development: 21K
Audit and code study: Allocate resources for reviewing and analyzing the codebase.
Architecture: Design the integration of private document-sharing tools into the protocols.
Dev: Dapp development and integration of the sharing tools to have a full implementation open source.
Project management: Manage devs and relations with Secret Network
Test: Allocate resources for thorough testing of the integrated functionality, ensuring reliability, performance, and security.
Consulting/feedback: Engage with Secret Network for consultations and feedback throughout the development process, ensuring smooth integration and addressing any challenges that may arise.
UX/UI: 1K
Work on user experience (UX) and user interface (UI) aspects of integrating all the steps needed for users to activate their email, allow others to contact them, and manage their preferences for all kinds of emails…
🛡️ Share confidential documents by using Secret Network - Privacy as a Service
Secret Network is introducing a groundbreaking functionality to utilize its blockchain as a service. This innovation offers new possibilities, such as the ability to execute contracts on Polygon while leveraging the privacy features of Secret Network. This approach ensures the security of a primary blockchain while harnessing the privacy capabilities of Secret Network for external computations.
In our proposal, we aimed to create a robust mechanism for securely sharing documents on the blockchain with specific recipients. This solution addresses a critical need for businesses and decentralized autonomous organizations (DAOs) seeking to share sensitive administrative and confidential data to a selected audience. Currently, the challenge lies in sharing documents on-chain while safeguarding the privacy of users. We firmly believe that Secret Network's cutting-edge technology can effectively address this use case by enabling individuals to share documents with the assurance of privacy and data encryption, thus redefining the way confidential information is shared within a blockchain ecosystem.
🤝 What our project brings
❓Why
Our private file sharing system leverages Secret Network's encrypted transactions and secret contracts to enable truly confidential document sharing. Users can share files selectively with specific recipients, without publicly revealing document contents or the sharing activity. Secret Network's privacy-preserving technology allows building a file sharing solution that provides confidentiality and access control missing in public blockchains
🔑 Key Takeaway
📋 Use cases
💭 Technical proposal
Storage of the document
In order to store a document on the blockchain, we need to encrypt it. We can use a classical algorithm like AES-256-GCM for encryption. To use this algorithm, we need to generate and provide a key that can be used for both encryption and decryption of the document. This key will be unique per document.
The encrypted file can then be stored on the blockchain, as only the people who have access to the key can decrypt the document and read its content. There are multiple services available for storing the file. For small data information, we can think to store the content directly on Secret. However, for larger files, it can be interesting to use other services such as Arweave or IPFS. In our implementation, we will have two ways of storing the file information, first directly on secret for small data. The second implementation will be on Arweave. Of course, we will think about implementing a modular approach allowing other storage services depending of future use cases or constraints such as fees and document size limitations.
Secret Smart Contract - Storage of confidential information
On the Secret Network side, since everything is encrypted, we can store information confidentially. In our proposed use case, the file information can be broken down into three parts: the content, the encryption key, and the storage location (storage URL).
We can store the encryption key used to encrypt/decrypt the document and the link where the file is stored in the Secret smart contract. Since those information are stored privately, we can share it with other users. To control the sharing of the document, we need to control its access.
In Secret Network, we can use a Viewing Key or, eventually, a Signing Permits system to control user access.
Therefore, for storing and managing confidential information, we propose having a single Secret smart contract in our implementation. This contract will store confidential information dedicated to the file and manage its access.
Each information stored will be link to a specific key. This key will be require to access the information and it will be necessary to have it if you want to see the content of it. Given the key, we can retrieve the information on the smart contract. Here, we can get the storage URL and the encryption key stored by the owner. Also, each key, will have a metadata associated to the owner of the file. The owner will be the only one to update or revoke the information stored on chain.
Additionally, we can think about a read/write mechanism inside the smart contract where each item stored in our smart contract will be linked to a set of rights. We will have the owner, the people who can read and those who can write.
Proposition - PaaS - Create a new document
By using Secret Network as PaaS, a new user can create a request that will create a new document entry on the Smart Contract on Secret. We will call the Axelar bridge that will transfer the creation request to the Secret Smart Contract. This request will create a new entry in the Smart Contract, allowing the user to store the metadata information of the file.
When building the request, the user will generate a key for the encryption file and the associated link where the file is stored. Then, he will create a payload with those two information and he will use his private key from metamask to create a secret account. He can then build his transaction and send it using the Axelar bridge. For querying information on the Secret chain, the user can directly make a query request without having to pay fees.
When the creation request is done, the user will have in his possession a viewing key that allows him to see the information/metadata of the file. He can then prove to the Secret Smart contract that he has access to it and also have the possibility to update the information as he is the owner of the item.
Share the document with other
To share a document, a user can share a link with the document ID and the viewing key, which allows the user to retrieve the file information on the Secret Network contract.
When sharing a document, we can also think about rights that a given address could have, possibility to read or modify the content. This could be a possibility to have in our Secret smart contract.
Finally, in our proposed solution, we cannot control what the user will do with the document. If the user shares the key with others or if the user gains access to the document, decrypts it, and shares it with other people, we will not have access to it.
Decipher the document and get access to the IPFS link
To retrieve the information of the contract and gain access to the key, this can be queried directly on the Secret Network. Since it is a query, there will be no fees. We can use metamask information and SecretJS to retrieve data stored on the Secret chain.
In our proposed method, we do not want to add an additional wallet as Keplr because we believe the strength of using PaaS is to obfuscate all the blockchain interaction from the user perspective. They can rely on its security and enjoy a facilitated user experience and on-boarding.
Workflow Diagram - Create a new document
Here, we describe the workflow of a document creation. It will help us to better understanding the different steps and visualise it.
⚠️Constraints
🛫 Deliverable
🙏 Team
Team website : https://www.fiftywei.co/
🛣️ Roadmap
Milestone 1 - early january - beginning - Research and Design : 3.3K
Milestone 2 - end January- Core Development - The PoC : 8.5k
Milestone 3 - end February - Minimum Viable Product : 11.2k
💰Budget
Development: 21K
Audit and code study: Allocate resources for reviewing and analyzing the codebase.
Architecture: Design the integration of private document-sharing tools into the protocols.
Dev: Dapp development and integration of the sharing tools to have a full implementation open source.
Project management: Manage devs and relations with Secret Network
Test: Allocate resources for thorough testing of the integrated functionality, ensuring reliability, performance, and security.
Consulting/feedback: Engage with Secret Network for consultations and feedback throughout the development process, ensuring smooth integration and addressing any challenges that may arise.
UX/UI: 1K
Work on user experience (UX) and user interface (UI) aspects of integrating all the steps needed for users to activate their email, allow others to contact them, and manage their preferences for all kinds of emails…