1 of 18

Usecases

Storing Encrypted Data on Secret Network

One of SecretPath's key features is the ability to use encrypted payloads to send over confidential messages to a Secret Smart contract.

SecretPath can seamlessly handle encrypted payloads, as the master gateway contract on Secret automatically decrypts the payload and hands the decrypted payload over to the target contract.

The encryption of the payload is done using the ChaCha20-Poly1305, an authenticated encryption with additional data (AEAD) algorithm.

The key for this symmetric encryption is created by using the Elliptic-curve Diffie-Hellman (ECDH) scheme, comprising of two components:

An extra encryption public key provided from the Secret Gateway Contract
A randomly created (ephemeral) encryption private key on the user side (independent of the user wallet's private key)

Combining both of these keys together via the ECDH Scheme yields our encryption key, which we use to encrypt the payload with ChaCha20-Poly1305.

As a first example for this, we have used SecretPath to encrypt a string and subsequently store it in a Secret contract.

Key-Value store Developer Tutorial

Learn how to use SecretPath on EVM to encrypt payloads.

Overview

SecretPath seamlessly handles encrypted payloads on the EVM, which means EVM developers can use SecretPath to encrypt and decrypt messages cross-chain with little-to-no Rust experience required.

Check out the Key Value store demo to see what you will build

This tutorial explains how to:

Upload your own Key-value store contract on Secret Network
Encrypt data on the EVM and transmit encrypted data cross-chain to Secret Network
Connect your key value store contract to a React frontend.

After this tutorial, you will have the tools you need to use SecretPath to encrypt messages on any .

Getting Started

To get started, clone the EVM key value store repository:

git clone https://github.com/writersblockchain/evm-kv-store-demo.git

Configuring Environment

cd into secret-contract/node

cd secret-contract/node

Install the dependencies:

npm install

Upload the Key-value contract to Secret Network

 let init = {
    gateway_address: gatewayAddress,
    gateway_hash: gatewayHash,
    gateway_key: gatewayPublicKeyBytes,
  };

gatewayAddress is the SecretPath gateway contract address for testnet
gatewayHash is the SecretPath gateway contract hash for testnet
gatewayKey is public key used for SecretPath encryption on Secret testnet

To upload and instantiate the contract, run node upload:

node upload

Upon successful upload, a contractHash and address will be returned:

codeId:  5701
Contract_hash: "6311a3f85261fc720d9a61e4ee46fae1c8a23440122b2ed1bbcebf49e3e46ad2"
contract_address:  "secret1j0gpu6tlwnc9fw55wcfsfuml00kqpcnqz7dck7"

If you want to make any changes to the Secret smart contract before uploading it to Secret Network, you can do that too! Simply update the contract and then compile it by running make build-mainnet:

make build-mainnet

The compiled contract, called contract.wasm.gz, will be outputted in the secret-contract folder.

Encrypt a payload

Now that you have your key value store smart contract uploaded to Secret Network, let's use it to store encrypted messages passed from the EVM. Most of the ECDH cryptography has been abstracted away so there are only a few values you need to change.

cd into evm-kv-store-demo/kv-store-frontend:

cd evm-kv-store-demo/kv-store-frontend

Install the dependencies:

npm i

REACT_APP_SECRET_ADDRESS="secret1neeyum9p9h6u0d5jkxlqx9w5nrz49hzrr63jsw"
REACT_APP_CODE_HASH="6994d8ff9ed1af73ef4685a9f5c8a5568804afb5fa5ce49ec8496fb271a9760a"

That's it! You dApp is now connected to your Secret smart contract and ready to encrypt key value pairs. To start the application, run:

npm run start

Now that you have successfully uploaded a key-value contract to Secret Network and connected it to a React frontend, let's examine the code to understand how SecretPath passes encrypted data from the EVM to Secret Network.

When you create your cross-chain dApp, you simply need to format your data so that it can be transmitted successfully from the public SecretPath contract to the private SecretPath contract.

  // The function name of the function that is called on the private contract
  const handle = "store_value";

  // Data are the calldata/parameters that are passed into the contract
  const data = JSON.stringify({
    key: key,
    value: value,
    viewing_key: viewing_key
  });

handle is the name of the function that we are executing in our private Secret smart contract, and data is the data that we pass to the function that we are executing in the Secret contract, which in the case of the key value contract is key, value, and viewing_key.

Let's now look at the Secret Network contract that we uploaded to better understand the store_value function and how it uses the parameters key, value, and viewing_key.

Understanding the Private (Secret) Contract

 // determine which function to call based on the included handle
    let handle = msg.handle.as_str();
    match handle {
        "store_value" => store_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        "retrieve_value" => retrieve_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        "change_value" => change_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        _ => Err(StdError::generic_err("invalid handle".to_string())),
    }

Since we pass the handle store_value from your dApp to your Secret contract, it knows to execute the store_value function!

Inside of the store_value function, we use the key, value, and viewing_key parameters that we pass from the EVM in order to create a key map with our key-value pairs:

let input: InputStoreMsg = serde_json_wasm::from_str(&input_values)
        .map_err(|err| StdError::generic_err(err.to_string()))?;
  
  // create a task information store
    let storage_item = StorageItem {
        value: input.value,
        viewing_key: input.viewing_key,
    };
    
  // map task to task info
    KV_MAP.insert(deps.storage, &input.key, &storage_item)?;

This data is encrypted and stored inside of your Secret smart contract. The data can now only be revealed with a query that uses the proper viewing_key:

const secretjs = new SecretNetworkClient({
                url: "https://lcd.testnet.secretsaturn.net",
                chainId: "pulsar-3",
            });

            const query_tx = await secretjs.query.compute.queryContract({
                contract_address: process.env.REACT_APP_SECRET_ADDRESS,
                code_hash: process.env.REACT_APP_CODE_HASH,
                query: {
                    retrieve_value: {
                        key: key,
                        viewing_key: viewingKey
                    }
                },
            });

Summary

In this tutorial, you've learned how to deploy a key-value store smart contract on Secret Network, encrypt and transmit messages from an EVM-compatible chain, and integrate the contract with a React frontend. Using SecretPath, you can now seamlessly handle encrypted payloads cross-chain with minimal Rust experience. By following the steps outlined, you're equipped to build decentralized applications that leverage SecretPath for secure, cross-chain communication and data storage.

Sealed Bid Auction

Overview

A first-price sealed-bid auction, also known as a "blind auction", is a type of auction in which all bidders simultaneously submit sealed bids so that no bidder knows the bid of any other participant. The highest bidder pays the price that was submitted. In this tutorial you will learn how to create a cross-chain sealed bid auction dApp with encrypted bids using SecretPath.

See a live demo here!

SecretPath Contract Design

Contract Deployment: Participants initiate the process by deploying a Sealed Bid Contract to the Secret Network. This contract contains their auction items and encrypted bids, safeguarding the bid details from public exposure.
Contract Execution via Public Gateway:
- The execution sequence begins when the Sealed Bid Contract is interacted with via the Ethereum Virtual Machine (EVM).
- The SecretPath Public Gateway Smart Contract serves as the intermediary, facilitating communication between the EVM and Secret Network.
Secure Message Transmission:
- Messages and transactions pass through the Public Gateway to the Private Gateway Smart Contract, utilizing ECDH to ensure that the data exchanged remains confidential and tamper-proof, maintaining the integrity of the sealed bid throughout the process.
Finalization:
- Once the bidding period concludes, the Sealed Bid Contract processes the bids to determine the winner securely.
- The outcome is then communicated back through the gateway contracts to the relevant parties on the EVM.

Sealed Bid Auction Developer Tutorial

Overview

See a live demo here! See the fullstack frontend code implementation here.

You will start by configuring your developer environment and then learn how to use SecretPath to enable cross-chain encryption and decryption, using Secret Network as a Confidential Computing Layer (CCL) for the EVM.

Getting Started

To get started, clone the SecretPath tutorials repository:

git clone https://github.com/writersblockchain/sealed-bid-auctions.git

EVM Prerequisites

Fund your Sepolia wallet.

Secret Network Prerequisites

Uploading Sealed Bid Contract

cd into sealed-bid-auctions/sealed-bid-contract

cd sealed-bid-auctions/sealed-bid-contract

Update the env file with your Secret Network wallet mnemonic, and rename it ".env" instead of ".env.example"

Compile the contract

make build-mainnet

cd into secret-contract/node:

cd node

Install the node dependencies

npm install

Set SecretPath parameters:

Open upload.js and configure the SecretPath gatewayAddress, gatewayHash, and gatewayPublicKey:

const gatewayAddress = "secret10ex7r7c4y704xyu086lf74ymhrqhypayfk7fkj";

const gatewayHash =
  "012dd8efab9526dec294b6898c812ef6f6ad853e32172788f54ef3c305c1ecc5";

const gatewayPublicKey = "0x046d0aac3ef10e69055e934ca899f508ba516832dc74aa4ed4d741052ed5a568774d99d3bfed641a7935ae73aac8e34938db747c2f0e8b2aa95c25d069a575cc8b";

gatewayAddress, gatewayHash, and gatewayPublicKey are needed for instantiating contracts that utilize SecretPath and can be found in the docs here. You will always use these same 3 parameters for instantiating a SecretPath-compatible contract on testnet.

Upload and instantiate the contract:

node upload

Upon successful upload and instantiation, add the contract codehash and address to your env.

List an Auction Item

Now that you've instantiated a sealed bid contract on Secret Network, it's time to create your first auction item with SecretPath!

cd into sealed-bid-auctions/evm-contract:

cd sealed-bid-auctions/evm-contract

Install the dependencies

npm i

Configure env

Configure the envwith your sealed bid auction contract address and codehash, and rename it ".env" instead of ".env.example".

Configure SecretPath

Open scripts/create_auction.js and navigate to line 44, the publicClientAddress. This is the SecretPath gateway address for Sepolia testnet.

If you wanted to send messages on another chain, such as Base or Polygon, you would simply update this publicClientAddress with the corresponding address found here.

Similarly, there is a SecretPath gateway encryption key, which is on line 63. This is used for ChaCha20-Poly1305 Payload encryption and can be found in the docs here.

If you wanted to do this for mainnet, you would simply use the mainnet encryption key.

Next, configure the auction name, description, and end_time to your liking (end_time is the amount of minutes that the auction will be live for), and note the handle variable, which is the function that is actually being called in the Secret contract that you deployed. You are executing the create_auction_item handle, which executes the create_auction-item function in your sealed bid contract.

Now that you have all of your SecretPath code configured, execute the SecretPath Sepolia public gateway contract to send your auction item to the Secret contract:

npx hardhat run scripts/create_auction.js --network sepolia

Each auction item you create will have an associated ID; the first auction item has ID 1, the second has ID 2, and so on.

Upon successful execution, info about your SecretPath payload will be returned:

Payload Hash: 0x6a822118ea803fe9274c502d354dfd6b24e99f9a67b8b4b11032649dc4b82da1
Payload Signature: 0x77e3a0fd7bb8ea7d96889ed82521672ee0a7e0c5cb81cdc2187e7253407e8f136204d578f13a832dcacb1b2509118114b4aca0635984bb1d7d673579572cf9261b
Recovered public key: 0x0423d8d8b518902cd6b0da592af0424719c355a724687cb74d96bd1171eb148edb87f3e9ca67f9ccecde109333461162af4dc09b33604c7e82242852a7142878ec
Verify this matches the user address: 0x49e01eb08bBF0696Ed0df8cD894906f7Da635929
_userAddress: 0x49e01eb08bBF0696Ed0df8cD894906f7Da635929
  _routingInfo: secret1xw2ge736z7la2fwuwwh89edwcxks4dv3qf2mg8 
  _payloadHash: 0x6a822118ea803fe9274c502d354dfd6b24e99f9a67b8b4b11032649dc4b82da1 
  _info: {"user_key":"0x026c4af0a833ed26f82058d882a0e18114ac398eebdc05b206d11a9060c075026c","user_pubkey":"0x0423d8d8b518902cd6b0da592af0424719c355a724687cb74d96bd1171eb148edb87f3e9ca67f9ccecde109333461162af4dc09b33604c7e82242852a7142878ec","routing_code_hash":"6d38a8569aba096b0849253dbf8de09b9c72dd693f2a6d1d87697fc0877cbc29","task_destination_network":"pulsar-3","handle":"create_bid","nonce":"0x0d0075c1a22be720ad003eba","payload":"0x0b47475944f9a0c966f9b8be7f779f291c31eb11a78132a19fb23aef1b97a92b189e938b5d1975d81836f2ff0aa89e0ade4b48140c609e996ba7d5efb4c0a99272ad1858db46721cb7b9868afd57aeccaa9166270b9e0ca5f8d4d9bf0cc8907a648b1587bf6f2c4081fbbb7b480848ebd7dd3f9872586583293f1f0ae68cf45c4f5c7cc190efd4d9989d5fba0237114fa63b68ed737a1936ab76f974862e072e2f84e445e5968aff6ca085186e0cb8139a29a262587735706eb68ec9a655114d317a777b3394d3221bb94d5f8ed689e71a770be1c56e9dd1bfea4e5fc191b00cbc3323b851064bfe18ba2e4b8720e618d212634b3d048478c90a004b4cd7a751ce8c8ed43323245ce064fdd82ebaa6d6e41e2256c73525afd092b77917e6e6281a9a0ba72836e66cd539e99d335c83decb91ee53d15cab8bf699b44c4aea43ffa34bc64c57f3873b3159d02e6439d8650d974b62053ef9c56122fb83d2b69a7c870b87ca44358fbb74435ea03faaf3303dc4025194030270b2dd32d125bb839d4e0e6f984835a788fde0464a068658c5b6a1d7c30ba46603ba8c870f940a87c1b2e3577d741d4b8b1120561ac85d7b6898f80a5e57c43dbfe456da501fcab2837a81f1755a6db7f928f3d3f23793e71f108fc6b4b6257317b8279c0c2b00019e08b90f28658eb9fc211f554b3b9325d5add78c2db37b6d48793e","payload_signature":"0x77e3a0fd7bb8ea7d96889ed82521672ee0a7e0c5cb81cdc2187e7253407e8f136204d578f13a832dcacb1b2509118114b4aca0635984bb1d7d673579572cf9261b","callback_gas_limit":300000}
  _callbackAddress: 0x3879e146140b627a5c858a08e507b171d9e43139,
  _callbackSelector: 0x373d450c,
  _callbackGasLimit: 300000
Transaction sent! Hash: 0xae5dd78f381b67e470a70eaf757c306a1ee605f145007cd7a6e4f4cb8d56be4b
Transaction confirmed! Block Number: 5683035

Bid On Auction Item

Now it's time to place an encrypted bid on your listed auction item. Open bid.js and adjust the amount that you want to bid as well as the index of the auction item.

Note that the sealed bid contract is designed so that each auction item has an ascending index number starting with 1. So the first auction item you list is index 1, the second is index 2, and so on.

Once you have set your bid, execute the bid function:

npx hardhat run scripts/bid.js --network sepolia

Upon successful execution, info about your SecretPath payload will be returned. Now let's query your auction item and bids with secret.js.

Querying Auction Items and Bids

cd into sealed-bid-auctions/sealed-bid-contract/node:

cd sealed-bid-auctions/sealed-bid-contract/node

Make sure you have added your Sealed bid contract address and codehash to your env file, and then query the auction item with node query_auction:

node query_auction

Note that you are querying with key 1, because the first auction item is stored at index 1, the second auction item is stored at index 2, and so on.

If your auction item was submitted successfully, it should be returned like so:

{
  name: 'auction item #1',
  description: 'this is the 1st auction item',
  end_time: 4397696,
  message: 'Retrieved value successfully'
}

NOTE: end_time is converted from minutes to Secret Network block height in the sealed bid auction contract 😎

Now, query the encrypted bids by running node query_bid:

node query_bid

If the bidding is still open, it will return the message:

{ message: 'Bidding is open' }

If the bidding is closed, it will return the highest bid:

{ message: 'Bidding is closed. The highest bid is: 300' }

This is programmed in the retrieve_bids_query function of the Sealed Bid contract and can be adjusted to your liking 😊

NOTE: Be sure to update the index of the query for subsequent auction item queries

Conclusion

Congrats! You deployed your very own sealed bid auction contract on Secret Network and used SecretPath to send cross-chain encrypted bids on Sepolia testnet. See the fullstack demo here. You now have all of the tools you need to start building your own cross-chain SecretPath contracts on the EVM 🎉

Note that the end user of the application is not exposed to Secret Network and is only working directly in the EVM environment. However, the data is fully protected and cannot be viewed by anyone.

If you have any questions or run into any issues, post them on the Secret Developer Discord and somebody will assist you shortly.

Confidential Voting

Introduction

Confidential voting on Secret Network enables developers to create and manage voting systems where proposals and votes remain encrypted and secure. This ensures confidentiality and integrity in voting processes across EVM-compatible chains. There are 2 cross-chain voting solutions on Secret Network, the first uses SecretPath, and the other ECDH cryptography.

Enabling Confidential Voting with SecretPath

Overview: Introduction to using SecretPath as a Confidential Computation Layer for EVM chains, allowing encrypted data transfer and storage on Secret Network. Description of how SecretPath functions as a bridge for encrypted data, facilitating the creation and voting on proposals within a Secret smart contract.
Setup and Deployment: Step-by-step guide on setting up the development environment, compiling and uploading the Secret contract, and configuring the frontend to interact with the SecretPath-enabled voting system.
Passing Encrypted Data: Detailed explanation of how to pass encrypted proposals and votes from the EVM to the Secret Network using SecretPath.

Encrypting and Decrypting Votes on EVM with ECDH cryptography

Introduction: Guide to encrypting and decrypting votes using Secret Network smart contracts, aimed at building confidential voting on any EVM chain.
Setup and Configuration: Instructions for setting up the developer environment, configuring environment variables, and generating cryptographic keys for encryption. Steps to upload and instantiate the Secret Network and Polygon smart contracts, enabling creation and voting on proposals.
Executing Contracts: Processes for creating proposals, voting, and decrypting votes using the deployed smart contracts on the Polygon testnet and Secret Network.

VRF

Performance figures of SecretVRF vs competitors

SecretVRF stands out in the competitive landscape of verifiable random functions (VRFs) by offering a significant cost and speed advantage over its principal competitors. Notably, it provides approximately a 4 times cost benefit, which is a massive saving for projects that rely on random number generation at scale. This economic efficiency is largely due to its optimized gas usage, which minimizes the on-chain transaction cost.

In addition to its cost benefits, SecretVRF is also twice as fast as its closest competitor. This speed improvement is critical for applications that require almost real-time randomness, such as gaming, lotteries, and various DeFi protocols.

To demonstrate, we have this small video here outlining all of the advantages of SecretVRF vs. its biggest competitor:

Gas Figures for SecretVRF vs Competitors

An example contract call using SecretVRF on Ethereum Sepolia which requests 20 random words is compared for its gas usage. Here, we use the example contracts provided in the documentation of Chainlink. In both cases, response time for Secret VRF is at around 1-2 blocks, so around 10s.

For calling the VRF for 20 random numbers (less is better):

For the Callback (less is better):

In total, we also do not need to pay in special LINK tokens and instead can just pay in the native gas token of the chain (here: Sepolia ETH), which saves you additional costs.

To summarize, SecretVRF's combination of cost efficiency, speed, and EVM chain compatibility makes it a compelling choice for developers and projects seeking reliable and economical verifiable random functions. Its technical innovations position it as a leader in the space, offering tangible benefits that can significantly enhance the performance and cost-effectiveness of a wide range of blockchain applications.

Sealed Bid Auction Developer Tutorial

Overview

See a live demo here! See the fullstack frontend code implementation here.

Getting Started

To get started, clone the SecretPath tutorials repository:

git clone https://github.com/writersblockchain/sealed-bid-auctions.git

EVM Prerequisites

Fund your Sepolia wallet.

Secret Network Prerequisites

Uploading Sealed Bid Contract

cd into sealed-bid-auctions/sealed-bid-contract

cd sealed-bid-auctions/sealed-bid-contract

Update the env file with your Secret Network wallet mnemonic, and rename it ".env" instead of ".env.example"

Compile the contract

make build-mainnet

cd into secret-contract/node:

cd node

Install the node dependencies

npm install

Set SecretPath parameters:

Open upload.js and configure the SecretPath gatewayAddress, gatewayHash, and gatewayPublicKey:

const gatewayAddress = "secret10ex7r7c4y704xyu086lf74ymhrqhypayfk7fkj";

const gatewayHash =
  "012dd8efab9526dec294b6898c812ef6f6ad853e32172788f54ef3c305c1ecc5";

const gatewayPublicKey = "0x046d0aac3ef10e69055e934ca899f508ba516832dc74aa4ed4d741052ed5a568774d99d3bfed641a7935ae73aac8e34938db747c2f0e8b2aa95c25d069a575cc8b";

Upload and instantiate the contract:

node upload

Upon successful upload and instantiation, add the contract codehash and address to your env.

List an Auction Item

Now that you've instantiated a sealed bid contract on Secret Network, it's time to create your first auction item with SecretPath!

cd into sealed-bid-auctions/evm-contract:

cd sealed-bid-auctions/evm-contract

Install the dependencies

npm i

Configure env

Configure the envwith your sealed bid auction contract address and codehash, and rename it ".env" instead of ".env.example".

Configure SecretPath

Open scripts/create_auction.js and navigate to line 44, the publicClientAddress. This is the SecretPath gateway address for Sepolia testnet.

If you wanted to send messages on another chain, such as Base or Polygon, you would simply update this publicClientAddress with the corresponding address found here.

Similarly, there is a SecretPath gateway encryption key, which is on line 63. This is used for ChaCha20-Poly1305 Payload encryption and can be found in the docs here.

If you wanted to do this for mainnet, you would simply use the mainnet encryption key.

Now that you have all of your SecretPath code configured, execute the SecretPath Sepolia public gateway contract to send your auction item to the Secret contract:

npx hardhat run scripts/create_auction.js --network sepolia

Each auction item you create will have an associated ID; the first auction item has ID 1, the second has ID 2, and so on.

Upon successful execution, info about your SecretPath payload will be returned:

Payload Hash: 0x6a822118ea803fe9274c502d354dfd6b24e99f9a67b8b4b11032649dc4b82da1
Payload Signature: 0x77e3a0fd7bb8ea7d96889ed82521672ee0a7e0c5cb81cdc2187e7253407e8f136204d578f13a832dcacb1b2509118114b4aca0635984bb1d7d673579572cf9261b
Recovered public key: 0x0423d8d8b518902cd6b0da592af0424719c355a724687cb74d96bd1171eb148edb87f3e9ca67f9ccecde109333461162af4dc09b33604c7e82242852a7142878ec
Verify this matches the user address: 0x49e01eb08bBF0696Ed0df8cD894906f7Da635929
_userAddress: 0x49e01eb08bBF0696Ed0df8cD894906f7Da635929
  _routingInfo: secret1xw2ge736z7la2fwuwwh89edwcxks4dv3qf2mg8 
  _payloadHash: 0x6a822118ea803fe9274c502d354dfd6b24e99f9a67b8b4b11032649dc4b82da1 
  _info: {"user_key":"0x026c4af0a833ed26f82058d882a0e18114ac398eebdc05b206d11a9060c075026c","user_pubkey":"0x0423d8d8b518902cd6b0da592af0424719c355a724687cb74d96bd1171eb148edb87f3e9ca67f9ccecde109333461162af4dc09b33604c7e82242852a7142878ec","routing_code_hash":"6d38a8569aba096b0849253dbf8de09b9c72dd693f2a6d1d87697fc0877cbc29","task_destination_network":"pulsar-3","handle":"create_bid","nonce":"0x0d0075c1a22be720ad003eba","payload":"0x0b47475944f9a0c966f9b8be7f779f291c31eb11a78132a19fb23aef1b97a92b189e938b5d1975d81836f2ff0aa89e0ade4b48140c609e996ba7d5efb4c0a99272ad1858db46721cb7b9868afd57aeccaa9166270b9e0ca5f8d4d9bf0cc8907a648b1587bf6f2c4081fbbb7b480848ebd7dd3f9872586583293f1f0ae68cf45c4f5c7cc190efd4d9989d5fba0237114fa63b68ed737a1936ab76f974862e072e2f84e445e5968aff6ca085186e0cb8139a29a262587735706eb68ec9a655114d317a777b3394d3221bb94d5f8ed689e71a770be1c56e9dd1bfea4e5fc191b00cbc3323b851064bfe18ba2e4b8720e618d212634b3d048478c90a004b4cd7a751ce8c8ed43323245ce064fdd82ebaa6d6e41e2256c73525afd092b77917e6e6281a9a0ba72836e66cd539e99d335c83decb91ee53d15cab8bf699b44c4aea43ffa34bc64c57f3873b3159d02e6439d8650d974b62053ef9c56122fb83d2b69a7c870b87ca44358fbb74435ea03faaf3303dc4025194030270b2dd32d125bb839d4e0e6f984835a788fde0464a068658c5b6a1d7c30ba46603ba8c870f940a87c1b2e3577d741d4b8b1120561ac85d7b6898f80a5e57c43dbfe456da501fcab2837a81f1755a6db7f928f3d3f23793e71f108fc6b4b6257317b8279c0c2b00019e08b90f28658eb9fc211f554b3b9325d5add78c2db37b6d48793e","payload_signature":"0x77e3a0fd7bb8ea7d96889ed82521672ee0a7e0c5cb81cdc2187e7253407e8f136204d578f13a832dcacb1b2509118114b4aca0635984bb1d7d673579572cf9261b","callback_gas_limit":300000}
  _callbackAddress: 0x3879e146140b627a5c858a08e507b171d9e43139,
  _callbackSelector: 0x373d450c,
  _callbackGasLimit: 300000
Transaction sent! Hash: 0xae5dd78f381b67e470a70eaf757c306a1ee605f145007cd7a6e4f4cb8d56be4b
Transaction confirmed! Block Number: 5683035

Bid On Auction Item

Now it's time to place an encrypted bid on your listed auction item. Open bid.js and adjust the amount that you want to bid as well as the index of the auction item.

Note that the sealed bid contract is designed so that each auction item has an ascending index number starting with 1. So the first auction item you list is index 1, the second is index 2, and so on.

Once you have set your bid, execute the bid function:

npx hardhat run scripts/bid.js --network sepolia

Upon successful execution, info about your SecretPath payload will be returned. Now let's query your auction item and bids with secret.js.

Querying Auction Items and Bids

cd into sealed-bid-auctions/sealed-bid-contract/node:

cd sealed-bid-auctions/sealed-bid-contract/node

Make sure you have added your Sealed bid contract address and codehash to your env file, and then query the auction item with node query_auction:

node query_auction

Note that you are querying with key 1, because the first auction item is stored at index 1, the second auction item is stored at index 2, and so on.

If your auction item was submitted successfully, it should be returned like so:

{
  name: 'auction item #1',
  description: 'this is the 1st auction item',
  end_time: 4397696,
  message: 'Retrieved value successfully'
}

NOTE: end_time is converted from minutes to Secret Network block height in the sealed bid auction contract 😎

Now, query the encrypted bids by running node query_bid:

node query_bid

If the bidding is still open, it will return the message:

{ message: 'Bidding is open' }

If the bidding is closed, it will return the highest bid:

{ message: 'Bidding is closed. The highest bid is: 300' }

This is programmed in the retrieve_bids_query function of the Sealed Bid contract and can be adjusted to your liking 😊

NOTE: Be sure to update the index of the query for subsequent auction item queries

Conclusion

Note that the end user of the application is not exposed to Secret Network and is only working directly in the EVM environment. However, the data is fully protected and cannot be viewed by anyone.

If you have any questions or run into any issues, post them on the Secret Developer Discord and somebody will assist you shortly.

Key-Value store Developer Tutorial

Learn how to use SecretPath on EVM to encrypt payloads.

Overview

SecretPath seamlessly handles encrypted payloads on the EVM, which means EVM developers can use SecretPath to encrypt and decrypt messages cross-chain with little-to-no Rust experience required.

Check out the Key Value store demo to see what you will build

This tutorial explains how to:

Upload your own Key-value store contract on Secret Network
Encrypt data on the EVM and transmit encrypted data cross-chain to Secret Network
Connect your key value store contract to a React frontend.

After this tutorial, you will have the tools you need to use SecretPath to encrypt messages on any .

Getting Started

To get started, clone the EVM key value store repository:

git clone https://github.com/writersblockchain/evm-kv-store-demo.git

Configuring Environment

cd into secret-contract/node

cd secret-contract/node

Install the dependencies:

npm install

Upload the Key-value contract to Secret Network

In the node folder, open the upload.js file and review the instantiate message at :

 let init = {
    gateway_address: gatewayAddress,
    gateway_hash: gatewayHash,
    gateway_key: gatewayPublicKeyBytes,
  };

gatewayAddress is the SecretPath gateway contract address for testnet
gatewayHash is the SecretPath gateway contract hash for testnet
gatewayKey is public key used for SecretPath encryption on Secret testnet

These three parameters remain constant and must be passed for every Secret Network contract that implements SecretPath. They can be found for testnet.

To upload and instantiate the contract, run node upload:

node upload

Upon successful upload, a contractHash and address will be returned:

codeId:  5701
Contract_hash: "6311a3f85261fc720d9a61e4ee46fae1c8a23440122b2ed1bbcebf49e3e46ad2"
contract_address:  "secret1j0gpu6tlwnc9fw55wcfsfuml00kqpcnqz7dck7"

make build-mainnet

The compiled contract, called contract.wasm.gz, will be outputted in the secret-contract folder.

Encrypt a payload

cd into evm-kv-store-demo/kv-store-frontend:

cd evm-kv-store-demo/kv-store-frontend

Install the dependencies:

npm i

Open and change the routing_contract and routing_code_hash to the address and code hash for your contract:

REACT_APP_SECRET_ADDRESS="secret1neeyum9p9h6u0d5jkxlqx9w5nrz49hzrr63jsw"
REACT_APP_CODE_HASH="6994d8ff9ed1af73ef4685a9f5c8a5568804afb5fa5ce49ec8496fb271a9760a"

That's it! You dApp is now connected to your Secret smart contract and ready to encrypt key value pairs. To start the application, run:

npm run start

Congrats! You now have now deployed a fullstack cross-chain decentralized application that passes encrypted key-value pairs from the EVM and stores them on Secret Network

SecretPath - a deep dive

From a high-level, all that you need to know is there is a public SecretPath contract deployed on every EVM chain listed , which communicates with a private SecretPath contract deployed on Secret Network, and it is these public/private contract pairs that encrypt your data and pass messages from the EVM to Secret Network.

When you create your cross-chain dApp, you simply need to format your data so that it can be transmitted successfully from the public SecretPath contract to the private SecretPath contract.

All of the data formatting for the public EVM contract happens in . This is almost entirely boilerplate code except for the variables and :

  // The function name of the function that is called on the private contract
  const handle = "store_value";

  // Data are the calldata/parameters that are passed into the contract
  const data = JSON.stringify({
    key: key,
    value: value,
    viewing_key: viewing_key
  });

Let's now look at the Secret Network contract that we uploaded to better understand the store_value function and how it uses the parameters key, value, and viewing_key.

Understanding the Private (Secret) Contract

At, we have a match statement, which includes the handle "store_value":

 // determine which function to call based on the included handle
    let handle = msg.handle.as_str();
    match handle {
        "store_value" => store_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        "retrieve_value" => retrieve_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        "change_value" => change_value(deps, env, msg.input_values, msg.task, msg.input_hash),
        _ => Err(StdError::generic_err("invalid handle".to_string())),
    }

Since we pass the handle store_value from your dApp to your Secret contract, it knows to execute the store_value function!

Inside of the store_value function, we use the key, value, and viewing_key parameters that we pass from the EVM in order to create a key map with our key-value pairs:

let input: InputStoreMsg = serde_json_wasm::from_str(&input_values)
        .map_err(|err| StdError::generic_err(err.to_string()))?;
  
  // create a task information store
    let storage_item = StorageItem {
        value: input.value,
        viewing_key: input.viewing_key,
    };
    
  // map task to task info
    KV_MAP.insert(deps.storage, &input.key, &storage_item)?;

This data is encrypted and stored inside of your Secret smart contract. The data can now only be revealed with a query that uses the proper viewing_key:

const secretjs = new SecretNetworkClient({
                url: "https://lcd.testnet.secretsaturn.net",
                chainId: "pulsar-3",
            });

            const query_tx = await secretjs.query.compute.queryContract({
                contract_address: process.env.REACT_APP_SECRET_ADDRESS,
                code_hash: process.env.REACT_APP_CODE_HASH,
                query: {
                    retrieve_value: {
                        key: key,
                        viewing_key: viewingKey
                    }
                },
            });

You can view the frontend component for querying your Secret contract !

Summary

If you have any questions or run into any issues, post them on the and somebody will assist you shortly.