1 of 18

Usecases

Storing Encrypted Data on Secret Network

One of SecretPath's key features is the ability to use encrypted payloads to send over confidential messages to a Secret Smart contract.

SecretPath can seamlessly handle encrypted payloads, as the master gateway contract on Secret automatically decrypts the payload and hands the decrypted payload over to the target contract.

The encryption of the payload is done using the , an algorithm.

The key for this symmetric encryption is created by using the (ECDH) scheme, comprising of two components:

An extra encryption public key provided from the Secret Gateway Contract
A randomly created (ephemeral) encryption private key on the user side (independent of the user wallet's private key)

Combining both of these keys together via the ECDH Scheme yields our encryption key, which we use to encrypt the payload with ChaCha20-Poly1305.

As a first example for this, we have used SecretPath to encrypt a string and subsequently store it in a Secret contract.

Key-Value store Developer Tutorial

Learn how to use SecretPath on EVM to encrypt payloads.

Overview

SecretPath seamlessly handles encrypted payloads on the EVM, which means EVM developers can use SecretPath to encrypt and decrypt messages cross-chain with little-to-no Rust experience required.

Check out the Key Value store demo here to see what you will build

This tutorial explains how to:

Upload your own Key-value store contract on Secret Network
Encrypt data on the EVM and transmit encrypted data cross-chain to Secret Network
Connect your key value store contract to a React frontend.

After this tutorial, you will have the tools you need to use SecretPath to encrypt messages on any EVM-compatible chain.

Getting Started

To get started, clone the EVM key value store repository:

git clone https://github.com/writersblockchain/evm-kv-store-demo.git

Configuring Environment

cd into secret-contract/node

cd secret-contract/node

Install the dependencies:

npm install

Upload the Key-value contract to Secret Network

In the node folder, open the upload.js file and review the instantiate message at line 56:

 let init = {
    gateway_address: gatewayAddress,
    gateway_hash: gatewayHash,
    gateway_key: gatewayPublicKeyBytes,
  };

gatewayAddress is the SecretPath gateway contract address for testnet
gatewayHash is the SecretPath gateway contract hash for testnet
gatewayKey is public key used for SecretPath encryption on Secret testnet

These three parameters remain constant and must be passed for every Secret Network contract that implements SecretPath. They can be found here for testnet.

To upload and instantiate the contract, run node upload:

node upload

Upon successful upload, a contractHash and address will be returned:

codeId:  5701
Contract_hash: "6311a3f85261fc720d9a61e4ee46fae1c8a23440122b2ed1bbcebf49e3e46ad2"
contract_address:  "secret1j0gpu6tlwnc9fw55wcfsfuml00kqpcnqz7dck7"

If you want to make any changes to the Secret smart contract before uploading it to Secret Network, you can do that too! Simply update the contract and then compile it by running make build-mainnet:

make build-mainnet

The compiled contract, called contract.wasm.gz, will be outputted in the secret-contract folder.

Encrypt a payload

Now that you have your key value store smart contract uploaded to Secret Network, let's use it to store encrypted messages passed from the EVM. Most of the ECDH cryptography has been abstracted away so there are only a few values you need to change.

cd into evm-kv-store-demo/kv-store-frontend:

cd evm-kv-store-demo/kv-store-frontend

Install the dependencies:

npm i

Open .env and change the routing_contract and routing_code_hash to the address and code hash for your contract:

REACT_APP_SECRET_ADDRESS="secret1neeyum9p9h6u0d5jkxlqx9w5nrz49hzrr63jsw"
REACT_APP_CODE_HASH="6994d8ff9ed1af73ef4685a9f5c8a5568804afb5fa5ce49ec8496fb271a9760a"

That's it! You dApp is now connected to your Secret smart contract and ready to encrypt key value pairs. To start the application, run:

npm run start

Now that you have successfully uploaded a key-value contract to Secret Network and connected it to a React frontend, let's examine the code to understand how SecretPath passes encrypted data from the EVM to Secret Network.

From a high-level, all that you need to know is there is a public SecretPath contract deployed on every EVM chain listed here, which communicates with a private SecretPath contract deployed on Secret Network, and it is these public/private contract pairs that encrypt your data and pass messages from the EVM to Secret Network.

When you create your cross-chain dApp, you simply need to format your data so that it can be transmitted successfully from the public SecretPath contract to the private SecretPath contract.

All of the data formatting for the public EVM contract happens in submit.js. This is almost entirely boilerplate code except for the variables handle and data:

  // The function name of the function that is called on the private contract
  const handle = "store_value";

  // Data are the calldata/parameters that are passed into the contract
  const data = JSON.stringify({
    key: key,
    value: value,
    viewing_key: viewing_key
  });

handle is the name of the function that we are executing in our private Secret smart contract, and data is the data that we pass to the function that we are executing in the Secret contract, which in the case of the key value contract is key, value, and viewing_key.

Let's now look at the Secret Network contract that we uploaded to better understand the store_value function and how it uses the parameters key, value, and viewing_key.

Understanding the Private (Secret) Contract

At line 109, we have a match statement, which includes the handle "store_value":

 // determine which function to call based on the included handle
    let handle = msg.handle.as_str();
    match handle {
        "store_value" => store_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        "retrieve_value" => retrieve_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        "change_value" => change_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        _ => Err(StdError::generic_err("invalid handle".to_string())),
    }

Since we pass the handle store_value from your dApp to your Secret contract, it knows to execute the store_value function!

Inside of the store_value function, we use the key, value, and viewing_key parameters that we pass from the EVM in order to create a key map with our key-value pairs:

let input: InputStoreMsg = serde_json_wasm::from_str(&input_values)
        .map_err(|err| StdError::generic_err(err.to_string()))?;
  
  // create a task information store
    let storage_item = StorageItem {
        value: input.value,
        viewing_key: input.viewing_key,
    };
    
  // map task to task info
    KV_MAP.insert(deps.storage, &input.key, &storage_item)?;

This data is encrypted and stored inside of your Secret smart contract. The data can now only be revealed with a query that uses the proper viewing_key:

const secretjs = new SecretNetworkClient({
                url: "https://lcd.testnet.secretsaturn.net",
                chainId: "pulsar-3",
            });

            const query_tx = await secretjs.query.compute.queryContract({
                contract_address: process.env.REACT_APP_SECRET_ADDRESS,
                code_hash: process.env.REACT_APP_CODE_HASH,
                query: {
                    retrieve_value: {
                        key: key,
                        viewing_key: viewingKey
                    }
                },
            });

Summary

In this tutorial, you've learned how to deploy a key-value store smart contract on Secret Network, encrypt and transmit messages from an EVM-compatible chain, and integrate the contract with a React frontend. Using SecretPath, you can now seamlessly handle encrypted payloads cross-chain with minimal Rust experience. By following the steps outlined, you're equipped to build decentralized applications that leverage SecretPath for secure, cross-chain communication and data storage.

If you have any questions or run into any issues, post them on the Secret Developer Discord and somebody will assist you shortly.

Sealed Bid Auction

Overview

A first-price sealed-bid auction, also known as a "blind auction", is a type of auction in which all bidders simultaneously submit sealed bids so that no bidder knows the bid of any other participant. The highest bidder pays the price that was submitted. In this tutorial you will learn how to create a cross-chain sealed bid auction dApp with encrypted bids using.

See a live demo !

SecretPath Contract Design

Contract Deployment: Participants initiate the process by deploying a Sealed Bid Contract to the Secret Network. This contract contains their auction items and encrypted bids, safeguarding the bid details from public exposure.
Contract Execution via Public Gateway:
- The execution sequence begins when the Sealed Bid Contract is interacted with via the Ethereum Virtual Machine (EVM).
- The SecretPath Public Gateway Smart Contract serves as the intermediary, facilitating communication between the EVM and Secret Network.
Secure Message Transmission:
- Messages and transactions pass through the Public Gateway to the Private Gateway Smart Contract, utilizing ECDH to ensure that the data exchanged remains confidential and tamper-proof, maintaining the integrity of the sealed bid throughout the process.
Finalization:
- Once the bidding period concludes, the Sealed Bid Contract processes the bids to determine the winner securely.
- The outcome is then communicated back through the gateway contracts to the relevant parties on the EVM.

Sealed Bid Auction Developer Tutorial

Overview

See a live demo ! See the fullstack frontend code implementation .

You will start by configuring your developer environment and then learn how to use SecretPath to enable cross-chain encryption and decryption, using Secret Network as a Confidential Computing Layer (CCL) for the EVM.

Getting Started

To get started, clone the SecretPath tutorials repository:

EVM Prerequisites

your Sepolia wallet.

Secret Network Prerequisites

Uploading Sealed Bid Contract

cd into sealed-bid-auctions/sealed-bid-contract

Compile the contract

cd into secret-contract/node:

Install the node dependencies

Set SecretPath parameters:

Upload and instantiate the contract:

List an Auction Item

Now that you've instantiated a sealed bid contract on Secret Network, it's time to create your first auction item with SecretPath!

cd into sealed-bid-auctions/evm-contract:

Install the dependencies

Configure env

Configure SecretPath

If you wanted to do this for mainnet, you would simply use the mainnet encryption key.

Now that you have all of your SecretPath code configured, execute the SecretPath Sepolia public gateway contract to send your auction item to the Secret contract:

Each auction item you create will have an associated ID; the first auction item has ID 1, the second has ID 2, and so on.

Upon successful execution, info about your SecretPath payload will be returned:

Bid On Auction Item

Note that the sealed bid contract is designed so that each auction item has an ascending index number starting with 1. So the first auction item you list is index 1, the second is index 2, and so on.

Once you have set your bid, execute the bid function:

Upon successful execution, info about your SecretPath payload will be returned. Now let's query your auction item and bids with secret.js.

Querying Auction Items and Bids

cd into sealed-bid-auctions/sealed-bid-contract/node:

Make sure you have added your Sealed bid contract address and codehash to your env file, and then query the auction item with node query_auction:

Note that you are querying with key 1, because the first auction item is stored at index 1, the second auction item is stored at index 2, and so on.

If your auction item was submitted successfully, it should be returned like so:

If the bidding is still open, it will return the message:

If the bidding is closed, it will return the highest bid:

Conclusion

Note that the end user of the application is not exposed to Secret Network and is only working directly in the EVM environment. However, the data is fully protected and cannot be viewed by anyone.

Confidential Voting

Introduction

Confidential voting on Secret Network enables developers to create and manage voting systems where proposals and votes remain encrypted and secure. This ensures confidentiality and integrity in voting processes across EVM-compatible chains. There are 2 cross-chain voting solutions on Secret Network, the first uses SecretPath, and the other ECDH cryptography.

Enabling Confidential Voting with SecretPath

Overview: Introduction to using SecretPath as a Confidential Computation Layer for EVM chains, allowing encrypted data transfer and storage on Secret Network. Description of how SecretPath functions as a bridge for encrypted data, facilitating the creation and voting on proposals within a Secret smart contract.
Setup and Deployment: Step-by-step guide on setting up the development environment, compiling and uploading the Secret contract, and configuring the frontend to interact with the SecretPath-enabled voting system.
Passing Encrypted Data: Detailed explanation of how to pass encrypted proposals and votes from the EVM to the Secret Network using SecretPath.

Encrypting and Decrypting Votes on EVM with ECDH cryptography

Introduction: Guide to encrypting and decrypting votes using Secret Network smart contracts, aimed at building confidential voting on any EVM chain.
Setup and Configuration: Instructions for setting up the developer environment, configuring environment variables, and generating cryptographic keys for encryption. Steps to upload and instantiate the Secret Network and Polygon smart contracts, enabling creation and voting on proposals.
Executing Contracts: Processes for creating proposals, voting, and decrypting votes using the deployed smart contracts on the Polygon testnet and Secret Network.

Confidential Voting Developer Tutorial with SecretPath

Learn how to use SecretPath to vote confidentially on the EVM

Overview

SecretPath enables EVM developers to use Secret Network as a Confidential Computation Layer (CCL) for all EVM-compatible chains.

In this developer tutorial, you will learn how to use SecretPath to enable confidential voting on the EVM.

See a fullstack cross-chain voting demo here.

Understanding SecretPath

At a high level, you can think of SecretPath as a confidential bridge that passes encrypted data from your EVM chain to a Secret Network smart contract where the data remains encrypted.

To work with SecretPath, you must first create a Secret smart contract that stores the encrypted data that you want to send from the EVM. For our purposes, we have created a Secret smart contract with 2 functionalities:

Create proposals
Vote on existing proposals

You create and vote on proposals from the EVM, and then that data is sent to your Secret smart contract via SecretPath where it remains encrypted . Pretty cool, right!? 😎 Let's start by examining our Secret voting contract, and then we will breakdown how to send messages to it from the EVM with SecretPath.

Secret Network Prerequisites

Getting Started with Secret Network

To get started, clone the examples repo:

git clone https://github.com/writersblockchain/secretpath-voting.git

cd into secretpath-tutorials/secretpath-voting/voting-contract:

cd secretpath-voting/voting-contract

Open contract.rs and examine the match statement at line 67:

match handle {
        "create_proposal" => create_proposal(deps, env, msg.input_values, msg.task, msg.input_hash),
        "create_vote" => create_vote(deps, env, msg.input_values, msg.task, msg.input_hash),

        _ => Err(StdError::generic_err("invalid handle".to_string())),
    }

This handle msg is where you define the functionality of your SecretPath contract. For our purposes, we have written the functions create_proposal and create_vote. You can examine those functions in more detail if you'd like and make adjustments as you see fit 🤓.

Compiling and uploading the Secret contract

Update the env file with your Secret Network wallet mnemonic, and rename it ".env" instead of ".env.example"

Compile the contract

make build-mainnet

cd into voting-contract/node:

cd node

Install the node dependencies

npm install

Set SecretPath parameters:

Open upload.js and configure the SecretPath gatewayAddress, gatewayHash, and gatewayPublicKey:

const gatewayAddress = "secret10ex7r7c4y704xyu086lf74ymhrqhypayfk7fkj";

const gatewayHash =
 "ad8ca07ffba1cb26ebf952c29bc4eced8319c171430993e5b5089887f27b3f70";

const gatewayPublicKey =
"0x046d0aac3ef10e69055e934ca899f508ba516832dc74aa4ed4d741052ed5a568774d99d3bfed641a7935ae73aac8e34938db747c2f0e8b2aa95c25d069a575cc8b";

gatewayAddress, gatewayHash, and gatewayPublicKey are needed for instantiating contracts that utilize SecretPath and can be found in the docs here. You will always use these same 3 parameters for instantiating a SecretPath-compatible contract on testnet.

Upload and instantiate the contract:

node upload

Upon successful upload and instantiation, add the contract codeHash and address to your env.

Send encrypted data to your Secret Contract on the EVM

Now that you have instantiated your confidential voting contract on Secret Network, it's time to pass your encrypted data from the EVM to Secret Network. Remember the create_proposal and create_vote functions from the Secret contract? Now you will execute those functions and send encrypted data to the voting contract! 🤯

Bootstrapping the frontend

Let's create and vote on your first proposal with SecretPath!

cd into secretpath-voting/frontend:

cd secretpath-voting/frontend

Install the dependencies

npm i

Configure env

Configure the envwith your confidential voting contractAddress and codeHash.

Run the application

npm run start

You should see the following React application running locally in the browser:

Now, create and vote on a proposal to understand the frontend functionality. Then, let's look at the underlying code to understand how we are passing encrypted data from the EVM to Secret Network 🙂

Passing Encrypted Data with SecretPath

As stated above, we have two functions we are executing with SecretPath: create_proposal and create_vote. In our React application, there are two corresponding components which execute these functions: CreateProposal and VoteonProposal.

Create a Voting Proposal

Open CreateProposal.js and navigate to the handleSubmit function, which contains all of our SecretPath logic.

The majority of the handleSubmit function is boilerplate code used for SecretPath verification, signing, and converting contract inputs into correctly formatted packets and vice versa.

For our purposes, we only need to examine 2 lines of code, data on line 88 and handle on line 218.

data is the encrypted data that we are passing from the EVM to the Secret Network voting contract. It takes a user input of name, description, and end_time. This corresponds with the ProposalStoreMsg in the Secret contract.
handle is the function that is actually being called in the Secret contract that you deployed. You are passing the create_proposal handle, which executes the create_proposal function in your Secret voting contract.

Now that you have all of your SecretPath code configured, execute the frontend to send your voting proposal to the Secret contract!

Upon successful execution, your SecretPath transaction hash will be logged in the console.

Vote on a Proposal

Open VoteonProposal.js and navigate to the handleSubmit function, which, again, contains all of our SecretPath logic.

data is the encrypted data that we are passing from the EVM to the Secret Network voting contract. It takes a user input of vote, ("yes" or "no"), wallet_address (the wallet address of the voter), and index.This corresponds with the VoteStoreMsg in the Secret contract.

The voting contract is designed so that each proposal has an ascending index starting with 1. The first proposal you create is index 1, the second is index 2, etc. So when you vote, the React application passes the corresponding index of the proposal that is to be voted on 🙂

handle: You are passing the create_vote handle, which executes the create_vote function in your Secret voting contract.

Execute the frontend to vote on an existing proposal and send the encrypted vote to the Secret contract!

Upon successful execution, your SecretPath transaction hash will be logged in the console.

Secret Queries - retrieving proposals and votes from Secret contract storage

Perhaps you are wondering how the React frontend queries the Secret voting contract to display the data that we pass from the EVM. This is possible with secret.js, the javascript SDK for Secret Network.

We have 2 query functions defined in our Secret voting contract, RetrieveProposals and RetrieveVotes. Once you have created proposals with votes, you can use execute these query functions with secret.js to:

These queried proposals and their associated votes are then displayed in our React frontend.

Conclusion

Congrats! You deployed your very own confidential voting contract on Secret Network and used SecretPath to send cross-chain encrypted votes on an EVM chain. See the fullstack demo here. You now have all of the tools you need to start building your own cross-chain SecretPath contracts on the EVM 🎉

Note: the end user of the application is not exposed to Secret Network and is only working directly in the EVM environment. However, the data is fully protected and cannot be viewed by anyone because it is stored in encrypted Secret contracts 😮‍💨

If you have any questions or run into any issues, post them on the Secret Developer Discord and somebody will assist you shortly.

SecretPath - a deep dive

Let's dive a little deeper into the boilerplate SecretPath code to understand how our data is encrypted, signed, and formatted by SecretPath. The following comments are for the handleSubmit function of our CreateProposal component:

// Load the contract ABI into an ethers Interface.
const iface = new ethers.utils.Interface(abi);

// Load routing contract address and code hash from environment variables.
const routing_contract = process.env.REACT_APP_SECRET_ADDRESS;
const routing_code_hash = process.env.REACT_APP_CODE_HASH;

// Connect to the Ethereum network through a web provider (e.g., MetaMask).
const provider = new ethers.providers.Web3Provider(window.ethereum, "any");

// Request user accounts from the Ethereum provider.
const [myAddress] = await provider.send("eth_requestAccounts", []);

// Generate a new random wallet and extract private key and public key.
const wallet = ethers.Wallet.createRandom();
const userPrivateKeyBytes = arrayify(wallet.privateKey);
const userPublicKey = new SigningKey(wallet.privateKey).compressedPublicKey;
const userPublicKeyBytes = arrayify(userPublicKey);

// Hardcoded public key for the gateway and conversion to bytes.
const gatewayPublicKey = "A20KrD7xDmkFXpNMqJn1CLpRaDLcdKpO1NdBBS7VpWh3";
const gatewayPublicKeyBytes = base64_to_bytes(gatewayPublicKey);

// Compute a shared key using Elliptic Curve Diffie-Hellman (ECDH) and hash it with SHA-256.
const sharedKey = await sha256(
  ecdh(userPrivateKeyBytes, gatewayPublicKeyBytes)
);

// Get the selector (method ID) for the `upgradeHandler` function from the ABI.
const callbackSelector = iface.getSighash(
  iface.getFunction("upgradeHandler")
);
const callbackGasLimit = 300000;  // Set the gas limit for the callback.

// Create the data object from form state for payload.
const data = JSON.stringify({
  name: name,
  description: description,
  end_time: minutes,
});

// Determine the appropriate client address based on the network (chainId).
let publicClientAddress;

// Mainnet client addresses by chain ID.
if (chainId === "1") { publicClientAddress = mainnet.publicClientAddressEthereumMainnet; }
// Add similar conditions for other chain IDs, both mainnet and testnet.

// Lowercase the client address to ensure consistency.
const callbackAddress = publicClientAddress.toLowerCase();

// Log relevant information.
console.log("callback address: ", callbackAddress);
console.log(data);
console.log(callbackAddress);

// Construct the payload with necessary information for processing.
const payload = {
  data: data,
  routing_info: routing_contract,
  routing_code_hash: routing_code_hash,
  user_address: myAddress,
  user_key: bytes_to_base64(userPublicKeyBytes),
  callback_address: bytes_to_base64(arrayify(callbackAddress)),
  callback_selector: bytes_to_base64(arrayify(callbackSelector)),
  callback_gas_limit: callbackGasLimit,
};

// Serialize the payload to JSON and prepare it for encryption.
const payloadJson = JSON.stringify(payload);
const plaintext = json_to_bytes(payload);
const nonce = crypto.getRandomValues(bytes(12)); // Generate a nonce for encryption.

// Encrypt the payload using ChaCha20-Poly1305, obtain the ciphertext and authentication tag.
const [ciphertextClient, tagClient] = chacha20_poly1305_seal(
  sharedKey,
  nonce,
  plaintext
);
const ciphertext = concat([ciphertextClient, tagClient]);

// Compute the hashes of the ciphertext and prepare it for signature.
const ciphertextHash = keccak256(ciphertext);
const payloadHash = keccak256(
  concat([
    text_to_bytes("\x19Ethereum Signed Message:\n32"),
    arrayify(ciphertextHash),
  ])
);

// Sign the payload hash using the user's account.
const msgParams = ciphertextHash;
const params = [myAddress, msgParams];
const method = "personal_sign";
const payloadSignature = await provider.send(method, params);

// Recover public key from the signature to verify it.
const user_pubkey = recoverPublicKey(payloadHash, payloadSignature);

// Bundle info for the transaction.
const _info = {
  user_key: hexlify(userPublicKeyBytes),
  user_pubkey: user_pubkey,
  routing_code_hash: routing_code_hash,
  task_destination_network: "pulsar-3",
  handle: "create_proposal",
  nonce: hexlify(nonce),
  payload: hexlify(ciphertext),
  payload_signature: payloadSignature,
  callback_gas_limit: callbackGasLimit,
};

// Encode the transaction data using the interface.
const functionData = iface.encodeFunctionData("send", [
  payloadHash,
  myAddress,
  routing_contract,
  _info,
]);

// Fetch the current gas price and calculate the transaction cost.
const gasFee = await provider.getGasPrice();
let amountOfGas;
if (chainId === "4202") {
  amountOfGas = gasFee.mul(callbackGasLimit).mul(100000).div(2);
} else {
  amountOfGas = gasFee.mul(callbackGasLimit).mul(3).div(2);
}

// Set up transaction parameters.
const tx_params = {
  gas: hexlify(150000),
  to: publicClientAddress,
  from: myAddress,
  value: hexlify(amountOfGas),
  data: functionData,
};

// Send the transaction and handle the response.
try {
  const txHash = await provider.send("eth_sendTransaction", [tx_params]);
  console.log(`Transaction Hash: ${txHash}`);

  setIsModalVisible(true); // Show the modal on success
} catch (error) {
  console.error("Error submitting transaction:", error);
}

VRF

Implementing VRF into any EVM Contract

Got improvements or suggestions on how to improve SecretVRF or this tutorial ? Please ask in the Secret Network Telegram or Discord.

For a detailed demonstration, you can watch our video tutorial available here:

After we've gone through an extensive example on how our example contract works, here's how to implement SecretVRF via SecretPath in your own contract in 4 easy steps:

Importing the Interface

First, import the ISecretVRF interface into your Solidity Contract:

/// @notice Interface of the VRF Gateway contract. Must be imported. 
interface ISecretVRF { 
    function requestRandomness(uint32 _numWords, uint32 _callbackGasLimit) external payable returns (uint256 requestId); 
}

Set the SecretVRF gateway contract

Second, set your gateway address to the Secret VRF Gateways that you can find and . You only need to make sure that your contract knows the correct SecretVRF Gateway address, for example:

/// @notice VRFGateway stores address to the Gateway contract to call for VRF
address public VRFGateway;

address public immutable owner;

constructor() {
   owner = msg.sender;
}

modifier onlyOwner() {
    require(msg.sender == owner, "UNAUTHORIZED");
    _;
}

/// @notice Sets the address to the Gateway contract 
/// @param _VRFGateway address of the gateway
function setGatewayAddress(address _VRFGateway) external onlyOwner {
    VRFGateway = _VRFGateway;
}

Call the SecretVRF Gateway contract

Now, we implement the function that calls the SecretVRF Gateway on EVM. Note that you have to pay an extra amount of your gas token as CallbackGas:

/// @notice Event that is emitted when a VRF call was made (optional) 
/// @param requestId requestId of the VRF request. Contract can track a VRF call that way 
event requestedRandomness(uint256 requestId);

/// @notice Demo function on how to implement a VRF call using Secret VRF
function requestRandomnessTest(uint32 _numWords, uint32 _callbackGasLimit) external payable {
    // Get the VRFGateway contract interface 
    ISecretVRF vrfContract = ISecretVRF(VRFGateway);

    // Call the VRF contract to request random numbers. 
    // Returns requestId of the VRF request. A  contract can track a VRF call that way.
    uint256 requestId = vrfContract.requestRandomness{value: msg.value}(_numWords, _callbackGasLimit);

    // Emit the event
    emit requestedRandomness(requestId);
}

The callback gas is the amount of gas that you have to pay for the message coming on the way back. If you do pay less than the amount specified below, your Gateway TX will fail:

/// @notice Increase the task_id to check for problems 
/// @param _callbackGasLimit the Callback Gas Limit

function estimateRequestPrice(uint32 _callbackGasLimit) private view returns (uint256) {
    uint256 baseFee = _callbackGasLimit*block.basefee;
    return baseFee;
}

Since this check is dependent on the current block.basefee of the block it is included in, it is recommended that you estimate the gas fee beforehand and add some extra overhead to it. An example of how this can be implemented in your frontend can be found in this example and here:

//Then calculate how much gas you have to pay for the callback
//Forumla: callbackGasLimit*block.basefee.
//Use an appropriate overhead for the transaction, 1,5x = 3/2 is recommended since gasPrice fluctuates.

const gasFee = await provider.getGasPrice();
const amountOfGas = gasFee.mul(callbackGasLimit).mul(3).div(2);

Wait for the callback

From here, the SecretVRF Gateway will take care of everything, just wait 1-2 blocks for Gateway to provide you the random number by getting it from the Secret Networks on chain VRF and do the callback.

The SecretVRF gateway contract will always call the contract that called the VRF contract (using msg.sender) with the function selector bytes 0x38ba4614, which is the function:

function fulfillRandomWords(uint256 requestId, uint256[] calldata randomWords) external

Now, the SecretVRF Gateway contract will verify the validity of the call and when all checks pass, it will call this function. In this case, we just emit a log as an example to finish our demo. Emitting a log is not obligatory and optional.

event fulfilledRandomWords(uint256 requestId, uint256[] randomWords);
/// @notice Callback by the Secret VRF with the requested random numbers
/// @param requestId requestId of the VRF request that was initally called
/// @param randomWords Generated Random Numbers in uint256 array
function fulfillRandomWords(uint256 requestId, uint256[] calldata randomWords) external {
    // Checks if the callback was called by the VRFGateway and not by any other address
    require(msg.sender == address(VRFGateway), "only Secret Gateway can fulfill");

    // Do your custom stuff here, for example:
    emit fulfilledRandomWords(requestId, randomWords);
}

VRF Developer Tutorial

Learn how to use SecretPath on EVM to access on-chain verifiable random numbers.

Overview

SecretVRF over SecretPath enables EVM developers to access on-chain verifiable random numbers at a fraction of the cost and block time of traditional RNG oracles such as ChainlinkVRF. With fewer than 100 lines of code, you will have access to an infinite supply of randomness.

See a fullstack cross-chain SecretVRF demo here

To learn how SecretVRF works underneath the hood, refer to the docs here. 🤓

Getting Started

To get started, clone the repo:

git clone https://github.com/SecretFoundation/evm-secretpath-rng.git

EVM Prerequisites

Configuring Environment Variables

Install the node dependencies:

npm install

Update the env file with your EVM wallet private key and Infura API key.

Make sure your Infura API key is configured for Amoy testnet 😎

Upload & Instantiate RandomnessReceiver.sol

Compile your Solidity smart contract:

npx hardhat compile

Once the contract is compiled successfully, upload the contract to Polygon testnet:

npx hardhat run scripts/deploy.js --network polygon

Note the contract address:

RandomnessReceiver deployed to: 0x08D05bC52e503C68c38A32c1fA997FB521e614C4

Add the RandomnessReceiver contract address to your env file:

RANDOMNESS_RECEIVER_CONTRACT_ADDRESS="0x08D05bC52e503C68c38A32c1fA997FB521e614C4"

Execute RandomnessReceiver.sol

Now that you've uploaded your contract, it's time to set the SecretPath gateway address for Polygon Amoy and then request on-chain verifiable random numbers!

Gateways are the on-chain smart contracts that handle the broadcasting, receipt, packaging, and verification of messages.

Set Gateway Contract

First, set the gateway address for Polygon Amoy testnet. You can do this by executing set_gateway.js:

npx hardhat --network polygon run ./scripts/set_gateway.js

This tutorial is for Polygon testnet, but you can find a list of additional EVM gateway contract addresses here.

Create Randomness Event Listener

Next, create an event listener so you can listen to when the random numbers that you request have been fulfilled.

Create the event listener by executing fulfill_randomness_event.js:

npx hardhat --network polygon run ./scripts/fulfill_randomness_event.js

Request Random Numbers

Now it's time to request random numbers! Currently, request_random.js is configured to request 3 random numbers, but you can update how many numbers you would like to request here (up to 2000 for this example).

Once you have configured how many random numbers you want to request, execute request_random.js:

npx hardhat --network polygon run ./scripts/request_random.js

Upon successful execution, your terminal will log the following:

Current gas price: 1.500000016 gwei
Amount of gas: 202500002160000
Transaction hash: 0x47efe733c6b64a5c65fae68a5fa0f2eb39be107a7d4930325104dfcee36474c2
Random Numbers requested successfully!

Navigate to your event listener terminal to see the returned random numbers:

Random numbers fulfilled for request ID: 7
Random Numbers: 94412630379044474934232934838909700375960606882138821083837396872559692127250,113337239238407277551866961530595655396141218773986266698805816049961297644274,27422614896457590254145871678336430245204859898445275988406473498974116581231

Congrats! You've just used SecretPath to request your first verifiable on-chain random numbers! 🎉

Conclusion

Secret VRF offers an innovative and cost-effective solution for EVM developers seeking access to verifiable random numbers. By following this guide, you've successfully set up your environment, deployed the RandomnessReceiver.sol contract, and interacted with the SecretPath network to request and receive random numbers. Dive into the world of decentralized randomness with SecretPath, where security meets simplicity. 🌟

Performance figures of SecretVRF vs competitors

SecretVRF stands out in the competitive landscape of verifiable random functions (VRFs) by offering a significant cost and speed advantage over its principal competitors. Notably, it provides approximately a 4 times cost benefit, which is a massive saving for projects that rely on random number generation at scale. This economic efficiency is largely due to its optimized gas usage, which minimizes the on-chain transaction cost.

In addition to its cost benefits, SecretVRF is also twice as fast as its closest competitor. This speed improvement is critical for applications that require almost real-time randomness, such as gaming, lotteries, and various DeFi protocols.

To demonstrate, we have this small video here outlining all of the advantages of SecretVRF vs. its biggest competitor:

Gas Figures for SecretVRF vs Competitors

An example contract call using SecretVRF on Ethereum Sepolia which requests 20 random words is compared for its gas usage. Here, we use the example contracts provided in the documentation of Chainlink. In both cases, response time for Secret VRF is at around 1-2 blocks, so around 10s.

For calling the VRF for 20 random numbers (less is better):

94k Gas with Secretpath: Etherscan Sepolia

300k+ Gas for Chainlink VRF with their example project: Etherscan Sepolia

For the Callback (less is better):

55k gas with Secretpath: Etherscan Sepolia

200k+ gas for Chainlink VRF with their example project: Etherscan Sepolia

In total, we also do not need to pay in special LINK tokens and instead can just pay in the native gas token of the chain (here: Sepolia ETH), which saves you additional costs.

To summarize, SecretVRF's combination of cost efficiency, speed, and EVM chain compatibility makes it a compelling choice for developers and projects seeking reliable and economical verifiable random functions. Its technical innovations position it as a leader in the space, offering tangible benefits that can significantly enhance the performance and cost-effectiveness of a wide range of blockchain applications.

Using encrypted payloads for VRF

Need help with using encrypted payloads with Secretpath or want to discuss use cases for your dApp? Please ask in the Secret Network or Discord.

Install and import dependencies

First, install all of the the dependencies via NPM:

Next, import the following into your code:

In your vite.config.ts in the project, you need to add the support for bigInt into the esbuildOptions:

Defining variables

To start, we first define all of our variables that we need for the encryption, as well as the gateway information:

Initializing the Ethereum client

Next, init the Ethereum client that you are using to call the contract with. Here, we init the chainId to use the Ethereum sepolia testnet and use ethers.js to retrieve the address.

Generating the encryption key using ECDH

Define the Calldata for the secret contract & Callback information

Next, you define all of the information that you need for calling the private contract on Secret + add the callback information for the message on its way back.

We begin by defining the function that we are going to call on the private secret contract, here it's request_random . Next, we add the parameters/calldata for this function, which is ("{ numWords: Number(numWords) }"and convert it into a JSON string.

Next, we define the callback Information. In this case, we are using the gateway contract as an example callback. Here, you would typically put in your own custom callback address and callback selector in.

After defining the contract call and callback, we now construct the payload:

Encrypting the Payload

Next, we encrypt the payload using ChaCha20-Poly1305. Then, we hash the encrypted payload into a ciphertextHash using Keccak256.

Signing the Payload with Metamask

Next, we use Metamask to sign the ciphertextHash using personal_sign. Then, we recover the user_pubkey from this signed message, which will be also passed into the Public Gateway.

Internally, Metamask takes the ciphertextHash, preprends the "\x19Ethereum Signed Message:\n32" string and then hashes it using Keccak256, which results the payloadHash. Metamask actually signs the payloadHash to get the signature. Keep this in mind when verifying the signature against the payloadHash and NOT the ciphertextHash.

Estimate the Callback Gas

The callback gas is the amount of gas that you have to pay for the message coming on the way back. If you do pay less than the amount specified below, your Gateway TX will fail:

Packing the Transaction & Send

Lastly, we pack all the information we collected during previous steps into an info struct that we send into the Gateway contract. We the encode the function data. Finally, we set the tx_params. Please make sure to set an approiate gas amount for your contract call, here we used 150k gas. For the value of the TX, we send over the estimated callback gas that we calculated above.

Converting from Chainlink VRF to Secret VRF in four steps

Got improvements or suggestions on how to convert your ChainlinkVRF contract to SecretVRF ? Please ask in the Secret Network or Discord.

Converting from Chainlink VRF to Secret VRF is easier than you expect. Within four easy steps you can free your contract from bloat and use the lightweight and faster Secret VRF solution.

We start off with the example code from Chainlink from :

Removing Chainlink bloat

In the first step, we remove the imports and the inheritance of the VRFConsumerBaseV2 and add our SecretVRF interface from this. There is no

to get to this:

Here, the behavior of the callbackGasLimit is different than in ChainlinkVRF. The callback Gas limit is simply all of the gas that you need to pay in order to make callback, which includes the verification of the result as well. The callback gas is the amount of gas that you have to pay for the message coming on the way back. We recommend at least using 100_000+ in Callback gas to ensure that enough gas is available. In case you did not pay enough gas, the contract callback execution will fail.

Simplifying the Constructor

Next, we can also simplify the constructor since we do not need to define any extra variables or subscriptionIds. Going from this:

to this

Change request randomness function

Next, we need to slightly adjust the behavior of the function rollDice(address roller) function and how it calls the Request Randomness function within Secret VRF. Here, we need to use the Secret VRF gateway and call it directly instead.

Make sure to now mark this function as payable!

Please make sure to actually prepay the right amount of callback gas directly as a value transfer into the contract. The callback gas is the amount of gas that you have to pay for the message coming on the way back. If you do pay less than the amount specified below, your Gateway TX will fail:

Add a check for the Secret VRF Gateway

Lastly, we'll add a small check to ensure that we actually got an incoming call from the SecretVRF gateway contract. For this, remove the internal and override flags on the function and add the require:

Conclusion

That's all that you need to convert your contract from ChainlinkVRF to SecretVRF.

Confidential Document Sharing

Learn how to store and share confidential documents on the EVM using Secret Network.

Introduction

In this tutorial you will learn how to implement the to store, view, and share confidential documents on the EVM using Secret Network as a confidential storage layer.

By using our SDK, you will have the possibility to:

Store a new document
See the contents of this document
Grant/Revoke access to the document to another wallet address

When using our SDK, your EVM wallet address is linked to a Secret Network wallet address that enables you/your users to retrieve confidential documents.

Note that when you want to share a document with another wallet address, you need to provide the Secret Network address of the person you want to share it with.

See the fullstack Polygon Mainnet demo .

Getting Started

Create an empty wagmi project:

During the install process, wagmi will ask you to select a framework and a variant. To follow along with this tutorial, select React for framework, and Next for variant. Once you have installed your wagmi project, cd into your project:

Install the dependencies & the sdk:

This tutorial will teach you how to use the SDK on Polygon Mainnet. Update your wagmi.ts file for Polygon Mainnet configuration like so:

Create a .env file with the following content since we are interacting with the Polygon Mainnet contract:

Custom chain

Storage API Keys

React Imports & State Variables

Navigate to /src/page.tsx.

Configure your React imports + state viarables like so:

Your environment is now configured to store confidential documents on Polygon Mainnet using Secret Network!

Initialize the Client

Configure the SDK client like so:

Store a File

View a File

Download a File

You also have the ability to get existing file access, delete viewing access, and transfer file ownership. See the commented out code above for examples.

Summary

This documentation provides a step-by-step guide on how to implement the @secret-network/share-document SDK to securely store, view, and share confidential documents on the EVM using Secret Network as a confidential storage layer. You learned how to create a new wagmi project, configure it for Polygon Mainnet, and integrate the Secret Network SDK. By following this guide, you can now store documents, view their content, and manage access permissions all on the EVM chain of your choosing.

Special Thanks

Cross-Chain NFTs with SecretPath and OpenAI

Learn how to mint cross-chain privacy-preserving NFTs with SecretPath

Overview

enables EVM developers to use Secret Network as a Confidential Computation Layer (CCL) for .

In this developer tutorial, you will learn how to use SecretPath to enable cross-chain NFTs on the EVM. You will mint an NFT on Sepolia testnet that uses a on Secret Network to store private metadata, which can only be accessed by a private password stored in the Secret Contract. And to spice things up, we will generate the NFT image with OpenAI 🔥.

Generate an AI image with OpenAI
Pin the newly generated image with Pinata to create the token URI
Mint the NFT on Sepolia with your token URI
Send the confidential metadata to your Secret Contract with SecretPath

Getting Started

Git clone the repository:

Deploying Secret Network Sister Contract

cd into secretpath-nft/secret-contract

Compile the contract:

If you are on a Mac and run into compilation error:

error occurred: Command “clang”

cargo clean

AR=/opt/homebrew/opt/llvm/bin/llvm-ar CC=/opt/homebrew/opt/llvm/bin/clang cargo build --release --target wasm32-unknown-unknown

Once the contract compiles successfully, install the dependencies to upload it to testnet:

Upload the contract:

Upon successful upload, your contract address will be returned:

Before we upload the EVM contract which mints the NFT, let's examine what the Secret Network sister contract does.

Navigate to the state.rs file to the ConfidentialMetadata struct:

This is the confidential metadata that you will be storing in the Secret Network smart contract for each NFT that you mint on the EVM. There is an owner, token_id, uri, private_metdata, and password, all of which will be associated with each NFT you mint.

Now open contract.rs and navigate to the execute_store_confidential_metadata function.

Here we have a keymap called CONFIDENTIAL_METADATA, which maps the token id of your EVM NFT to a ConfidentialMetadata struct. So for every NFT you mint on EVM, it has an associated private metadata stored in the Secret Contract. Pretty cool, right!

Note that this is for demo purposes only, if you were doing this in production you should use a more secure way of linking the EVM NFT to the Secret Network sister contract, such as a ZK proof.

Now let's deploy our EVM Minting contract 😊

Deploying EVM NFT Contract

cd into evm-contract:

Install the dependencies:

Once you have your env file configured, upload the minting contract:

Upon successful upload, a contract address will be returned:

Congrats! You now have a private metadata contract deployed on Secret Network and a minting contract deployed on Sepolia testnet! Now let's learn how to use SecretPath to send data confidentially from the EVM to Secret Network 😎

Sending Cross-Chain Confidential Metadata with SecretPath

It's time to connect your EVM minting contract and your Secret confidential metadata contract to a frontend and SecretPath! You will need to create a Pinata JWT key as well as an OpenAI API key, which is outlined below :D

Setting up the frontend environment

cd into secretpath-nft/frontend and install the dependencies:

Once you have added all of your environment variables, it's time to execute the contracts with our frontend!

Minting your NFT

We will dive into the SecretPath code shortly, but first, let's create your first cross-chain NFT with SecretPath :D

cd into frontend:

Then run the program:

The frontend is designed so that the description of your NFT will be sent to OpenAI to as the prompt to generate your NFT image. So choose wisely, or not. 😂

The NFT confidential message and password is stored in your Secret Contract, which is linked to the tokenID of the NFT stored on Ethereum. Only your unique password can reveal the private metadata.

Better yet, view the NFT on your frontend to see it paired with the Secret Network sister contract with confidential metadata:

Congrats on minting your first cross-chain encrypted NFT! 🚀

Putting it all together

Let's walkthrough the minting steps, and then examine the SecretPath code:

The majority of the SecretPath encryption code is boilerplate; you don't need to change a thing!

The only code you are updating is:

Summary

SecretPath allows EVM developers to leverage Secret Network as a Confidential Computation Layer (CCL) for EVM-compatible chains, enabling cross-chain NFTs with confidential metadata. This tutorial guides developers through minting an NFT on Sepolia testnet, using a sister contract on Secret Network to store private metadata accessible only via a private password in the Secret Contract. The process includes generating an NFT image with OpenAI, pinning it with Pinata, minting the NFT on Sepolia, and sending confidential metadata to Secret Network using SecretPath.

Tokens

Learn how to send tokens cross-chain from EVM to Secret Network and vice versa

An Axelar is a temporary one-time address created and monitored by Axelar’s Relayer Services.

Deposit addresses generally function for up to 24 hours.

The following tutorials will teach you how to create Axelar deposit addresses to send Axelar USDC cross-chain from EVM to Secret Network and from Secret Network to EVM.

From EVM to Secret

Learn how to send testnet USDC from EVM to Secret Network using Axelar

Installing the dependencies

Create a new package.json file and install axelarjs

Add type "module" to package.json:

Creating the deposit address

Run node evm-to-secret to execute createDepositAddress:

A deposit address will be returned in your terminal:

Sending USDC from EVM to Secret Network

Add the Sepolia USDC token to your wallet. Sepolia USDC token contract address:

Fund your wallet with testnet Sepolia USDC by bridging AXL to sepolia USDC.

Now, simply send Sepolia USDC from your wallet to the deposit address that you created earlier!

Summary

From Secret to EVM

Coming soon :D

Confidential Voting Developer Tutorial with SecretPath

Learn how to use SecretPath to vote confidentially on the EVM

Overview

SecretPath enables EVM developers to use Secret Network as a Confidential Computation Layer (CCL) for all EVM-compatible chains.

In this developer tutorial, you will learn how to use SecretPath to enable confidential voting on the EVM.

See a fullstack cross-chain voting demo here.

Understanding SecretPath

At a high level, you can think of SecretPath as a confidential bridge that passes encrypted data from your EVM chain to a Secret Network smart contract where the data remains encrypted.

Create proposals
Vote on existing proposals

Secret Network Prerequisites

Getting Started with Secret Network

To get started, clone the examples repo:

git clone https://github.com/writersblockchain/secretpath-voting.git

cd into secretpath-tutorials/secretpath-voting/voting-contract:

cd secretpath-voting/voting-contract

Open contract.rs and examine the match statement at line 67:

match handle {
        "create_proposal" => create_proposal(deps, env, msg.input_values, msg.task, msg.input_hash),
        "create_vote" => create_vote(deps, env, msg.input_values, msg.task, msg.input_hash),

        _ => Err(StdError::generic_err("invalid handle".to_string())),
    }

Compiling and uploading the Secret contract

Update the env file with your Secret Network wallet mnemonic, and rename it ".env" instead of ".env.example"

Compile the contract

make build-mainnet

cd into voting-contract/node:

cd node

Install the node dependencies

npm install

Set SecretPath parameters:

Open upload.js and configure the SecretPath gatewayAddress, gatewayHash, and gatewayPublicKey:

const gatewayAddress = "secret10ex7r7c4y704xyu086lf74ymhrqhypayfk7fkj";

const gatewayHash =
 "ad8ca07ffba1cb26ebf952c29bc4eced8319c171430993e5b5089887f27b3f70";

const gatewayPublicKey =
"0x046d0aac3ef10e69055e934ca899f508ba516832dc74aa4ed4d741052ed5a568774d99d3bfed641a7935ae73aac8e34938db747c2f0e8b2aa95c25d069a575cc8b";

Upload and instantiate the contract:

node upload

Upon successful upload and instantiation, add the contract codeHash and address to your env.

Send encrypted data to your Secret Contract on the EVM

Bootstrapping the frontend

Let's create and vote on your first proposal with SecretPath!

cd into secretpath-voting/frontend:

cd secretpath-voting/frontend

Install the dependencies

npm i

Configure env

Configure the envwith your confidential voting contractAddress and codeHash.

Run the application

npm run start

You should see the following React application running locally in the browser:

Passing Encrypted Data with SecretPath

Create a Voting Proposal

Open CreateProposal.js and navigate to the handleSubmit function, which contains all of our SecretPath logic.

The majority of the handleSubmit function is boilerplate code used for SecretPath verification, signing, and converting contract inputs into correctly formatted packets and vice versa.

For our purposes, we only need to examine 2 lines of code, data on line 88 and handle on line 218.

data is the encrypted data that we are passing from the EVM to the Secret Network voting contract. It takes a user input of name, description, and end_time. This corresponds with the ProposalStoreMsg in the Secret contract.
handle is the function that is actually being called in the Secret contract that you deployed. You are passing the create_proposal handle, which executes the create_proposal function in your Secret voting contract.

Now that you have all of your SecretPath code configured, execute the frontend to send your voting proposal to the Secret contract!

Upon successful execution, your SecretPath transaction hash will be logged in the console.

Vote on a Proposal

Open VoteonProposal.js and navigate to the handleSubmit function, which, again, contains all of our SecretPath logic.

data is the encrypted data that we are passing from the EVM to the Secret Network voting contract. It takes a user input of vote, ("yes" or "no"), wallet_address (the wallet address of the voter), and index.This corresponds with the VoteStoreMsg in the Secret contract.

handle: You are passing the create_vote handle, which executes the create_vote function in your Secret voting contract.

Execute the frontend to vote on an existing proposal and send the encrypted vote to the Secret contract!

Upon successful execution, your SecretPath transaction hash will be logged in the console.

Secret Queries - retrieving proposals and votes from Secret contract storage

These queried proposals and their associated votes are then displayed in our React frontend.

Conclusion

If you have any questions or run into any issues, post them on the Secret Developer Discord and somebody will assist you shortly.

SecretPath - a deep dive

// Load the contract ABI into an ethers Interface.
const iface = new ethers.utils.Interface(abi);

// Load routing contract address and code hash from environment variables.
const routing_contract = process.env.REACT_APP_SECRET_ADDRESS;
const routing_code_hash = process.env.REACT_APP_CODE_HASH;

// Connect to the Ethereum network through a web provider (e.g., MetaMask).
const provider = new ethers.providers.Web3Provider(window.ethereum, "any");

// Request user accounts from the Ethereum provider.
const [myAddress] = await provider.send("eth_requestAccounts", []);

// Generate a new random wallet and extract private key and public key.
const wallet = ethers.Wallet.createRandom();
const userPrivateKeyBytes = arrayify(wallet.privateKey);
const userPublicKey = new SigningKey(wallet.privateKey).compressedPublicKey;
const userPublicKeyBytes = arrayify(userPublicKey);

// Hardcoded public key for the gateway and conversion to bytes.
const gatewayPublicKey = "A20KrD7xDmkFXpNMqJn1CLpRaDLcdKpO1NdBBS7VpWh3";
const gatewayPublicKeyBytes = base64_to_bytes(gatewayPublicKey);

// Compute a shared key using Elliptic Curve Diffie-Hellman (ECDH) and hash it with SHA-256.
const sharedKey = await sha256(
  ecdh(userPrivateKeyBytes, gatewayPublicKeyBytes)
);

// Get the selector (method ID) for the `upgradeHandler` function from the ABI.
const callbackSelector = iface.getSighash(
  iface.getFunction("upgradeHandler")
);
const callbackGasLimit = 300000;  // Set the gas limit for the callback.

// Create the data object from form state for payload.
const data = JSON.stringify({
  name: name,
  description: description,
  end_time: minutes,
});

// Determine the appropriate client address based on the network (chainId).
let publicClientAddress;

// Mainnet client addresses by chain ID.
if (chainId === "1") { publicClientAddress = mainnet.publicClientAddressEthereumMainnet; }
// Add similar conditions for other chain IDs, both mainnet and testnet.

// Lowercase the client address to ensure consistency.
const callbackAddress = publicClientAddress.toLowerCase();

// Log relevant information.
console.log("callback address: ", callbackAddress);
console.log(data);
console.log(callbackAddress);

// Construct the payload with necessary information for processing.
const payload = {
  data: data,
  routing_info: routing_contract,
  routing_code_hash: routing_code_hash,
  user_address: myAddress,
  user_key: bytes_to_base64(userPublicKeyBytes),
  callback_address: bytes_to_base64(arrayify(callbackAddress)),
  callback_selector: bytes_to_base64(arrayify(callbackSelector)),
  callback_gas_limit: callbackGasLimit,
};

// Serialize the payload to JSON and prepare it for encryption.
const payloadJson = JSON.stringify(payload);
const plaintext = json_to_bytes(payload);
const nonce = crypto.getRandomValues(bytes(12)); // Generate a nonce for encryption.

// Encrypt the payload using ChaCha20-Poly1305, obtain the ciphertext and authentication tag.
const [ciphertextClient, tagClient] = chacha20_poly1305_seal(
  sharedKey,
  nonce,
  plaintext
);
const ciphertext = concat([ciphertextClient, tagClient]);

// Compute the hashes of the ciphertext and prepare it for signature.
const ciphertextHash = keccak256(ciphertext);
const payloadHash = keccak256(
  concat([
    text_to_bytes("\x19Ethereum Signed Message:\n32"),
    arrayify(ciphertextHash),
  ])
);

// Sign the payload hash using the user's account.
const msgParams = ciphertextHash;
const params = [myAddress, msgParams];
const method = "personal_sign";
const payloadSignature = await provider.send(method, params);

// Recover public key from the signature to verify it.
const user_pubkey = recoverPublicKey(payloadHash, payloadSignature);

// Bundle info for the transaction.
const _info = {
  user_key: hexlify(userPublicKeyBytes),
  user_pubkey: user_pubkey,
  routing_code_hash: routing_code_hash,
  task_destination_network: "pulsar-3",
  handle: "create_proposal",
  nonce: hexlify(nonce),
  payload: hexlify(ciphertext),
  payload_signature: payloadSignature,
  callback_gas_limit: callbackGasLimit,
};

// Encode the transaction data using the interface.
const functionData = iface.encodeFunctionData("send", [
  payloadHash,
  myAddress,
  routing_contract,
  _info,
]);

// Fetch the current gas price and calculate the transaction cost.
const gasFee = await provider.getGasPrice();
let amountOfGas;
if (chainId === "4202") {
  amountOfGas = gasFee.mul(callbackGasLimit).mul(100000).div(2);
} else {
  amountOfGas = gasFee.mul(callbackGasLimit).mul(3).div(2);
}

// Set up transaction parameters.
const tx_params = {
  gas: hexlify(150000),
  to: publicClientAddress,
  from: myAddress,
  value: hexlify(amountOfGas),
  data: functionData,
};

// Send the transaction and handle the response.
try {
  const txHash = await provider.send("eth_sendTransaction", [tx_params]);
  console.log(`Transaction Hash: ${txHash}`);

  setIsModalVisible(true); // Show the modal on success
} catch (error) {
  console.error("Error submitting transaction:", error);
}

Cross-Chain NFTs with SecretPath and OpenAI

Learn how to mint cross-chain privacy-preserving NFTs with SecretPath

Overview

enables EVM developers to use Secret Network as a Confidential Computation Layer (CCL) for .

Generate an AI image with OpenAI
Pin the newly generated image with Pinata to create the token URI
Mint the NFT on Sepolia with your token URI
Send the confidential metadata to your Secret Contract with SecretPath

See Cross-Chain NFT demo .

Getting Started

Git clone the repository:

git clone https://github.com/writersblockchain/secretpath-nft.git

Get Secret Network testnet tokens from
Get Sepolia testnet tokens from

Deploying Secret Network Sister Contract

cd into secretpath-nft/secret-contract

cd secretpath-nft/secret-contract

Compile the contract:

make build-mainnet-reproducible

If you are on a Mac and run into compilation error:

error occurred: Command “clang”

Make sure you have the of Xcode installed and then update your clang path by running the following in your terminal:

cargo clean

AR=/opt/homebrew/opt/llvm/bin/llvm-ar CC=/opt/homebrew/opt/llvm/bin/clang cargo build --release --target wasm32-unknown-unknown

See for instructions on updating your clang path.

Once the contract compiles successfully, install the dependencies to upload it to testnet:

cd node && npm i

Create an and add your Secret wallet mnemonic:

MNEMONIC="your mnemonic words to go here"

Upload the contract:

node upload

Upon successful upload, your contract address will be returned:

Contract hash: 9391c79a8dcceb8a58334e0a78e357e328eff872b75af6ebc7d267bbdc9b32dc

contract address: secret1cndts3q2shapmkmjsmf74r8v6u6drvwjl52v7p

Before we upload the EVM contract which mints the NFT, let's examine what the Secret Network sister contract does.

Navigate to the state.rs file to the ConfidentialMetadata struct:

pub struct ConfidentialMetadata {
    pub owner: String,
    pub token_id: u64,
    pub uri: String,
    pub private_metadata: String, 
    pub password: String,
}

Now open contract.rs and navigate to the execute_store_confidential_metadata function.

Note that this is for demo purposes only, if you were doing this in production you should use a more secure way of linking the EVM NFT to the Secret Network sister contract, such as a ZK proof.

Now let's deploy our EVM Minting contract 😊

Deploying EVM NFT Contract

cd into evm-contract:

cd evm-contract

Install the dependencies:

npm i

Create a and add your EVM PRIVATE_KEY and for Sepolia testnet:

PRIVATE_KEY=5766fdksdfldsfjdlfd84749393j0d
INFURA_KEY=7bb38fdsfjddkfjdfaljf9d82

Once you have your env file configured, upload the minting contract:

npx hardhat run scripts/deployNFT.js --network sepolia

Upon successful upload, a contract address will be returned:

0x0061b1aecAAe02Ddd3ce9De631a2C817c5be18F8

Sending Cross-Chain Confidential Metadata with SecretPath

Setting up the frontend environment

cd into secretpath-nft/frontend and install the dependencies:

cd frontend && npm i

Create an and add the following:

# Secret Contract Address and CodeHash
REACT_APP_SECRET_CONTRACT_ADDRESS="your secret contract address"
REACT_APP_SECRET_CODE_HASH="your secret contract codehash"

# EVM Minting Contract Address 
REACT_APP_CONTRACT_ADDRESS="your evm minting contract address"

# SecretPath Address for Sepolia
REACT_APP_SECRETPATH_ADDRESS="0x3879E146140b627a5C858a08e507B171D9E43139"

# ChainID for Sepolia ( hexadecimal)
REACT_APP_CHAIN_ID='0xAA36A7'

# Pinata API Key
REACT_APP_PINATA_JWT="Your Pinata JWT Key"

# OpenAI API Key
REACT_APP_OPENAI_API_KEY="Your OpenAI API Key"

Create a Pinata JWT key
Create an OpenAI API key

Once you have added all of your environment variables, it's time to execute the contracts with our frontend!

Minting your NFT

We will dive into the SecretPath code shortly, but first, let's create your first cross-chain NFT with SecretPath :D

cd into frontend:

cd frontend

Then run the program:

npm run start

The frontend is designed so that the description of your NFT will be sent to OpenAI to as the prompt to generate your NFT image. So choose wisely, or not. 😂

Once you mint your NFT, navigate to to see it in all its glory.

Better yet, view the NFT on your frontend to see it paired with the Secret Network sister contract with confidential metadata:

Congrats on minting your first cross-chain encrypted NFT! 🚀

Putting it all together

Let's walkthrough the minting steps, and then examine the SecretPath code:

to create the token URI
with your token URI
with SecretPath

The majority of the SecretPath encryption code is boilerplate; you don't need to change a thing!

The only code you are updating is:

the Secret Network

const routing_contract = process.env.REACT_APP_SECRET_CONTRACT_ADDRESS;
const routing_code_hash = process.env.REACT_APP_SECRET_CODE_HASH;

the that you pass to the Secret Network sister contract

  const data = JSON.stringify({
        owner: myAddress,
         token_id: token_id,
            uri: uri,
         private_metadata: secretMessage, 
         password: password
     
       });

and the function that you are calling in the Secret sister contract

 const _info = {
      user_key: hexlify(userPublicKeyBytes),
      user_pubkey: user_pubkey,
      routing_code_hash: routing_code_hash,
      task_destination_network: "pulsar-3",
      handle: "execute_store_confidential_metadata",
      nonce: hexlify(nonce),
      payload: hexlify(ciphertext),
      payload_signature: payloadSignature,
      callback_gas_limit: callbackGasLimit,
    };

The execute_store_confidential_metadatahandle executes the

Summary

If you have any questions or run into any issues, post them on the and somebody will assist you shortly.

// SPDX-License-Identifier: MIT pragma solidity ^0.8.7; import {VRFCoordinatorV2Interface} from "@chainlink/contracts@1.0.0/src/v0.8/vrf/interfaces/VRFCoordinatorV2Interface.sol"; import {VRFConsumerBaseV2} from "@chainlink/contracts@1.0.0/src/v0.8/vrf/VRFConsumerBaseV2.sol"; contract VRFD20 is VRFConsumerBaseV2 { uint256 private constant ROLL_IN_PROGRESS = 42; VRFCoordinatorV2Interface COORDINATOR; // Your subscription ID. uint64 s_subscriptionId; // Sepolia coordinator. For other networks, // see https://docs.chain.link/docs/vrf-contracts/#configurations address vrfCoordinator = 0x8103B0A8A00be2DDC778e6e7eaa21791Cd364625; // The gas lane to use, which specifies the maximum gas price to bump to. // For a list of available gas lanes on each network, // see https://docs.chain.link/docs/vrf-contracts/#configurations bytes32 s_keyHash = 0x474e34a077df58807dbe9c96d3c009b23b3c6d0cce433e59bbf5b34f823bc56c; // Depends on the number of requested values that you want sent to the // fulfillRandomWords() function. Storing each word costs about 20,000 gas, // so 40,000 is a safe default for this example contract. Test and adjust // this limit based on the network that you select, the size of the request, // and the processing of the callback request in the fulfillRandomWords() // function. uint32 callbackGasLimit = 40000; // The default is 3, but you can set this higher. uint16 requestConfirmations = 3; // For this example, retrieve 1 random value in one request. // Cannot exceed VRFCoordinatorV2.MAX_NUM_WORDS. uint32 numWords = 1; address s_owner; // map rollers to requestIds mapping(uint256 => address) private s_rollers; // map vrf results to rollers mapping(address => uint256) private s_results; event DiceRolled(uint256 indexed requestId, address indexed roller); event DiceLanded(uint256 indexed requestId, uint256 indexed result); constructor(uint64 subscriptionId) VRFConsumerBaseV2(vrfCoordinator) { COORDINATOR = VRFCoordinatorV2Interface(vrfCoordinator); s_owner = msg.sender; s_subscriptionId = subscriptionId; } function rollDice( address roller ) public onlyOwner returns (uint256 requestId) { require(s_results[roller] == 0, "Already rolled"); // Will revert if subscription is not set and funded. requestId = COORDINATOR.requestRandomWords( s_keyHash, s_subscriptionId, requestConfirmations, callbackGasLimit, numWords ); s_rollers[requestId] = roller; s_results[roller] = ROLL_IN_PROGRESS; emit DiceRolled(requestId, roller); } function fulfillRandomWords( uint256 requestId, uint256[] memory randomWords ) internal override { uint256 d20Value = (randomWords[0] % 20) + 1; s_results[s_rollers[requestId]] = d20Value; emit DiceLanded(requestId, d20Value); } function house(address player) public view returns (string memory) { require(s_results[player] != 0, "Dice not rolled"); require(s_results[player] != ROLL_IN_PROGRESS, "Roll in progress"); return getHouseName(s_results[player]); } function getHouseName(uint256 id) private pure returns (string memory) { string[20] memory houseNames = [ "Targaryen", "Lannister", "Stark", "Tyrell", "Baratheon", "Martell", "Tully", "Bolton", "Greyjoy", "Arryn", "Frey", "Mormont", "Tarley", "Dayne", "Umber", "Valeryon", "Manderly", "Clegane", "Glover", "Karstark" ]; return houseNames[id - 1]; } modifier onlyOwner() { require(msg.sender == s_owner); _; } }