Private and Verifiable Smart Contracts
Smart contracts are becoming the leading use case of public permissionless blockchains: nowadays, Ethereum is the main blockchain by the number of transactions (more than 50% compared to the rest of competitors) and more than 50% of those transactions are related to smart contracts.
Although there are multiple security solutions to protect the privacy of transactions (zk-SNARKS in ZCash, Ring Signatures in Monero, …), an adequate solution is not at present available to protect smart contracts: that is, the full encryption of the entire computation of any smart contract and not merely the resulting transactions (in reality, transactions are just a special kind of smart contracts). Remember that smart contracts executed on public permissionless blockchains leak their complete execution to everybody including the input parameters and full computation, and even the outputs (e.g., debugging trace of the execution of a smart contract).
These handicaps are limiting the growth and use of public blockchains to the set of smart contracts that can be safely executed in the public eye, a small percentage of the whole universe of possible smart contracts.
On the other hand, smart contracts must be correctly developed, otherwise expert hackers could exploit their weaknesses in order to steal or freeze their funds: for example, the frozen Parity wallets (>$700MM), the stolen Parity wallets (150.000 ETH) or the famous DAO hack ($50MM). According to current best practices, third parties must manually audit the smart contracts to fix any found error: however this process is not an actual formal verification and users executing the smart contract must either trust that the code auditing was correctly done or do it themselves, thus reversing the burden of proof to users.
In order to fix all the previous handicaps, we have been developing innovative technologies for the protection of smart contracts, including both the permissioned and the permissionless settings.
To protect the privacy of the computation, we offer the most efficient techniques for cryptographic secure computation (order of magnitude more efficient than zero-knowledge protocols):
And to guarantee the correctness of smart contracts, their code can be annotated and formally verified, discharging the formal proofs to users so they can certify them before their execution and thus ensure their complete correctness (Proof-Carrying Code). Additionally, smart contracts could prove their compliance to third-party formal specifications (regulatory entities, international economic organisms, NGOs) thus improving commercial trust between parties because their correctness can be checked before execution (zero-knowledge proofs only establish the integrity of the computation after it has been executed, and not the correctness).
Note that the combination of Proof-Carrying Code with cryptographic secure computation is of the greatest need: once smart contracts are being encrypted, additional guarantees are required before their execution in order to prevent malicious leakages, especially when unknown third-parties are involved. Moreover, easy-to-use user interfaces are made available such as “The Secure Spreadsheet” for all those of you that don’t have time to struggle with source code, thus enlarging the target market of users.
And although our smart contracts are general-purpose and could execute any kind of program, their more advantageous use is that of Cryptographically Secure Financial Instruments. More details can be obtained at the paper.