Ocean and Secret: Collaborating on Access Control and Private Compute for datatokens
Introducing a new collaboration between Ocean Protocol and Secret Network that will provide trustless and convenient access control for Ocean datatokens as well as decentralized private compute via Secret Network.
By Ocean Protocol and Secret Network
Ocean and Secret have long shared a vision for unlocking the true power and value of data via decentralized and privacy-preserving technologies. Leveraging the experience of our teams and the strength of our products and ecosystems, we are excited to announce a new collaboration that will create substantial opportunities for data publishers, data consumers, and developers.
This blog post summarizes the integration of Secret Network with Ocean Protocol so that data publishers on Ocean Market no longer have to choose between convenience versus full trustlessness.
We are also announcing Secret Network’s support for Ocean Protocol’s Data Economy Challenge, where Secret will be sponsoring an additional bonus prize and participating in judging! Read to the end of this post to learn more about this opportunity for developers.
There are two challenges in the Ocean ecosystem that an integration with Secret Network can help address:
1) Publishers of data to Ocean Market can either have convenience or fully trustless operation, but not both at once.
Currently the url of an Ocean data service is stored on-chain. Ocean “Provider” middleware encrypts and decrypts that url.
(a) For a given data service, the publisher can run their own Provider, which is trustless but not convenient.
(b) Or, they can use the Provider run by the operator of Ocean Market, which is convenient but allows the operator to see the decrypted url. The operator is Ocean Protocol Foundation.
Ocean Market actually only exposes (b) right now, but the tech for (a) is a small amount of work away, with no research needed. The goal is to get both (a) and (b) at once and Secret Network can help achieve this.
2) Publishers of Compute-to-Data services can either have convenience or fully trustless operation, but not both at once.
Compute-to-data can run any script and return results to the data consumer. However, there’s a risk that the script supplied leaks sensitive data, like Personally Identifiable Information (PII). The script can be malicious or simply overfit.
Malicious: the script has special code that sends the data to the script supplier. The supplier obfuscates this code via an easy-to-miss special import like “import sk_learn” (versus the correct version “import sklearn”). The special library wraps sklearn, but injects copying.
Overfit: the model learns too much detail so that sensitive data can be extracted from it. An extreme example is: in CART tree training, learning each branch only stops when the leaf node has a single datapoint. Or, a neural network could get overfit if it has a large number of parameters compared to its datapoints and it doesn’t do regularization in training.
To address the risk of leaking sensitive data, the publisher must choose what scripts to trust. Thus it’s the same entity that risks private data getting exposed and chooses what algorithm to trust. It is their choice to make, based on their risk-reward preference. To catch malicious scripts, they simply do inspection. To catch overfitting that leads to data leakage, some algorithms are easy to trust, like averaging or learning a logistic regression model. But for more advanced modeling, it’s a bit more of a burden. If the publisher is an AI expert, they can “vet” it themselves but it takes time. Otherwise they will need to rely on a trusted third party AI expert, or community-curated scripts.
To summarize the problem. Publishers can either have:
(a) convenience and rely on third parties to vet the scripts, or
(b) they can inspect for themselves which requires time and expertise.
The goal is to get both (a) and (b) at once. Secret Contracts, which enable privacy preserving computations, can help to address these challenges.
Alice is a data consumer (buying data) and Bob is a data provider (selling data).
Steps 1-3 solve challenge (1) described above. Additional step (4) solves challenge (2) above.
1) Bob publishes a dataset onto Ethereum via Ocean
- Bob stores his data (IPFS, S3 etc.) in an encrypted manner - platform / UX TBD
- Bob publishes a dataset on Ocean Market. This includes minting an Ocean ERC20 datatoken contract on Ethereum mainnet, with symbol LKYSQD-23 (Lucky Squid). Bob lists LKYSQD-23 for purchase on Ocean Market, with either fixed price or automatic (AMM-based) price.
- Bob deploys a “Secret Vault” contract for LKYSQD-23 onto Secret Network. The.decryption key from 1a) is stored in its state, and can only be accessed by LKYSQD-23 tokens of 1b).
2) Alice buys access to data by acquiring 1.0 LKY-SQD datatokens on Ethereum via Ocean Market or another marketplace / DEX.
3) Alice accesses dataset
- Using the Secret Ethereum bridge, Alice locks her 1.0 LKYSQD-23 on Ethereum, provides a Secret Network (SN) address and signs a Metamask TX.
- Multisig committee will mint LKYSQD-23 wrapped on SN to Alice’s address to make secretLKYSQD-23 (“LKYSQD-23, wrapped by Secret”).
- On SN, Alice sends her secretLKYSQD-23 to the vault contact from 1c) and she’s granted access (decryption key) to the data.
4) Alice is not allowed to access the data set (privacy), but will use data in her private algorithm
- Using the Secret Ethereum bridge, Alice locks her 1.0 LKYSQD-23 on Ethereum, provides a SN address and signs a Metamask TX. The multisig committee mints 1.0 secretLKYSQD-23 on SN.
- Alice also deploys a Secret contract for computation, to SN
- Alice sends her algorithm as an encrypted input to the computation contract in 4b)
- Alice sends her secretLKYSQD-23 and the secret contract address in 4b) to the vault contact in 1c)
- Data stored in SecretVault 1c) is sent to the computation contract in 4b)
- Alice receives the computation result
Secret Ocean Collaboration
This new collaboration between Ocean and Secret will be enabled by the following components and modules of Secret Network:
Secret contracts can accept algorithms and data as encrypted inputs to complete contract execution in a fully private manner. For reference, here is a contract guide and a contract walkthrough for a sealed bid auction contract.
Secret / Ethereum Bridge
The Ethereum / Secret Network bridge allows users to lock datatokens on Ethereum and mint on Secret Network. If desired, these datatokens can be minted as privacy tokens as well. The bridge has a M-by-N multisig committee that observes ETH and Secret to detect lock / burn transactions and mint or unlock funds in respective chains.
Secret Vault contract
The Secret Vault library can be used to create an access control contract that allows storing private keys in the state of the contact. Secret Vault contracts can be designed to expose the private keys to certain parties interacting with the contract, “unlocking” content or access. Padlock is a sample implementation of Secret Vaults for monetizing content on Web3, the result of a recent hackathon project.
The teams and communities supporting Secret Network and Ocean Protocol share a commitment to data decentralization and protection while leveraging the power of Web3-based technologies. As our collaboration continues, we are looking for more developers and data providers to work alongside us as well as utilize and improve our solutions.
If you’re working on complimentary technologies or products, or if you want to provide any feedback to our teams, send us a note:
firstname.lastname@example.org and email@example.com
In addition, Secret Network is excited to be collaborating with Ocean on the Ocean Protocol Data Economy Challenge: datatokens edition (DEC). Secret will be offering a bonus prize for best integration between Ocean Protocol and Secret Network, with the winning team receiving $2,000 in SCRT coins. Both Ocean and Secret communities would love to see hackers work towards addressing the challenges listed in this post:
Challenge 1) Publishers of data to Ocean Market can either have convenience or fully trustless operation, but not both at once. (recommended)
Challenge 2) Publishers of Compute-to-Data services can either have convenience or fully trustless operation, but not both at once. (extra credit)
In order to be eligible for a prize, project teams will need to open source their code and properly document their work.
Learn more about the Data Economy Challenge on the Ocean Protocol blog.
Let’s continue to revolutionize the Data Economy!
"We’ve long admired the work of Secret and Enigma and we’re thrilled to have Secret as a partner for the Data Economy Challenge. This collaboration gives us the opportunity to add Secret’s world-leading privacy infrastructure to Ocean V3 to offer users more options for secure data sharing."
Ocean Founder Bruce Pon
“Since the original Enigma whitepaper in 2015, we envisioned the existence of secure data marketplaces that would allow users to share data securely and process it privately. Combining the privacy-preserving power of Secret Network with Ocean’s world-leading work on data marketplaces, we are finally seeing this vision become reality. Our team and the entire Secret ecosystem are excited to work in collaboration with the Ocean Protocol team and community.”
Enigma CEO and co-founder Guy Zyskind
About Ocean Protocol
Ocean Protocol is an on-ramp for data services into crypto ecosystems, using datatokens. Each datatoken is a fungible ERC20 token to access a given data service. Ocean smart contracts, Ocean libraries, and Ocean-powered front-ends make it easy to publish data services (deploy and mint datatokens) and consume data services (spend datatokens). Therefore Ocean provides decentralized access control.
Ocean contracts run on Ethereum mainnet. Ethereum composability enables crypto wallets as data wallets, crypto exchanges as data marketplaces, data DAOs as data co-ops, and more.
Ocean Market is like a DEX tuned for data. It’s an open-source community marketplace for data that uses Ocean datatokens. Users can publish data, buy/sell data, consume data, and stake on data (curate). Each datatoken can have automatic price discovery via its own automated market maker (AMM) pool.
Ocean’s “Compute-to-Data” feature gives compute access on privately held data, which never leaves the data owner’s premises. With it, Ocean Market enables monetization of private data while preserving privacy.
About Secret Network
Secret Network is the first ever privacy-enabled Layer 1 blockchain, featuring privacy-preserving smart contracts (“secret contracts”) that utilize hardware-based and software-based privacy technologies to protect data. Secret contracts are unique in that they allow for encrypted inputs, outputs and state. Data on Secret Network is private by default, public when desired. Secret Network is also open-source and permissionless - anyone can operate a node, deploy an app, or contribute to the network and its ecosystem.
Applications built on Secret Network (Secret Apps) can utilize encrypted data without ever exposing the data itself, even to the nodes in the network performing computations. This groundbreaking ability unlocks valuable new use cases across a variety of critical Web3 fields, including decentralized finance, data sharing, access control, machine learning, non-fungible tokens, and many more.
The Secret vision is to bring “programmable privacy” to every public blockchain, enabling arbitrarily complex data privacy controls for Web3 applications. This finally gives users and developers the ability to provide privacy or transparency to any data they want, when they want to provide it. Secret Network is providing the critical missing piece to global adoption of Web3 technologies.
Secret Network is supported by multiple independent development teams and entities as well as a global community of passionate privacy advocates, including Enigma, Secret Foundation, Secretnodes.org, Chain of Secrets, 40+ mainnet validators, and many other developers and community members who contribute to network governance and growth.