DEV Community: amio

A Defense-in-Depth Strategy for Security, Privacy, and Confidentiality in Web3 - The Pace-Setting Approach of the Oasis Network

amio — Sun, 12 Oct 2025 12:00:40 +0000

The foundational promise of Web3 is radical transparency, driven by open and permissionless blockchain networks. While transparency offers numerous societal benefits, it must be carefully balanced with robust privacy tools to ensure the confidentiality and data security of every on-chain user. As the industry matures, insight into technologies that fortify privacy, such as Fully Homomorphic Encryption (FHE), Multi-Party Computation (MPC), Zero-Knowledge Proofs (ZKPs) and Trusted Execution Environments (TEEs), becomes essential for understanding the future of decentralized applications (dApps).

While purely cryptographic methods like Fully Homomorphic Encryption (FHE) and ZKPs face limitations regarding complexity, cost, and generalized scalability, Trusted Execution Environments (TEEs) have emerged as the canonical hardware solution for efficient confidential computing. However, TEEs alone are insufficient; their vulnerabilities necessitate a defense-in-depth security model. The Oasis Network is setting the pace by integrating TEEs into a multi-layered security architecture designed to maintain confidentiality and integrity even when the underlying hardware is compromised.

This article emanated from security report of two physical attacks in October 2025 on TEE, Battering RAM and Wiretap; that successfully compromised Intel SGX and AMD SEV-SNP protections

The Mechanism and Promise of TEEs

A Trusted Execution Environment utilizes a hardware-based secure computing model. Its core function is to separate a region of the processor from the rest of the CPU, effectively isolating code execution from the host operating system, kernel, and hypervisor. Major CPU manufacturers, including Intel (SGX), ARM (TrustZone), and AMD (SEV), provide mechanisms for creating these secure enclaves.

Within a confidential blockchain context, TEEs receive encrypted data and execute computations that cannot be directly observed or tampered with by anyone, including the hardware host. This isolation relies on a secure enclave, a region of encrypted memory. If data is read from this region, it remains unintelligible and can only be decrypted and used on the fly when inside the CPU. TEEs are designed specifically to guarantee confidentiality (data inside the TEE is inaccessible to external software) and, optionally, attestability (providing verifiable evidence that the result originates from a genuine TEE running trusted code).

Crucially, TEEs are built for high performance under significant computational workloads, making them well suited for advanced smart contracts and data-heavy Web3 applications. Unlike ZKPs, which can be computationally expensive due to reliance on complex cryptographic operations, TEEs derive their security from hardware elements, leading to improved performance for complex workloads. TEEs are well suited for generalized smart contract execution, especially those needing to aggregate large amounts of private data.

The Imperfect Trust: Why Defense-in-Depth is Mandatory

Despite their isolation properties, TEEs are not immune to attacks. The distinction between TEEs and purely mathematical security (like FHE) is often highlighted by hardware-based side-channel attacks. Side-channel attacks attempt to exploit unintended information leakage from a system, such as monitoring power draw, system noise, or CPU execution time.

A fundamental challenge of TEEs is that for data to be used, it must be decrypted at some point within the processing hardware. It is incredibly difficult to ensure that no hardware side channels exist that could leak this decrypted information. Historic exploits, such as Spectre and Meltdown, exposed hardware vulnerabilities in speculative execution that overcame the isolation boundary model. More recently, the Æpic exploit (affecting Intel SGX) and disclosures about physical attacks like Battering RAM and Wiretap highlighted data leakage vulnerabilities.

Recognizing that current TEE designs cannot fully defend against sophisticated physical attacks and must contend with hardware vendor trust, protocol designers must operate under the principle of “Design for failure," assuming TEEs will eventually be compromised. This necessitates that TEEs be used primarily for privacy, not integrity; they should not be the sole tool protecting system integrity, thereby ensuring that an exploit remains a nuisance, not an existential risk.

Oasis Network’s Multi-Layered Security Architecture

The Oasis Network has proactively addressed these inherent TEE limitations through a meticulously designed, multi-layered security architecture. Oasis’s defense-in-depth strategy combines trusted hardware (TEEs) with strong cryptographic protocols, light client verification, and decentralized consensus.

Crucially, Oasis designed its architecture years ago to anticipate the threat model where TEEs are compromised. The network does not rely on TEEs for data integrity; including token balances, meaning that TEE vulnerabilities will never threaten data integrity or cause loss of funds on the Oasis Network.

Key elements of the Oasis defense-in-depth strategy include:

1. Strict On-Chain Governance and Committee Restrictions: The network separates concerns by ensuring that not all nodes require constant access to all keys, even when running in TEEs. Only SGX-enabled nodes elected to confidential ParaTime committees (like Sapphire and Cipher) are allowed to access encryption keys. Furthermore, committee membership is restricted to trusted operator partners. Joining the critical Oasis key manager committee requires governance approval, and for Sapphire/Cipher, participants must be validators with a significant stake (at least 5 million staked ROSE). These requirements are enforced on-chain and cannot be bypassed, even with a full TEE compromise.
2. Ephemeral Keys and Forward Secrecy: Transaction encryption utilizes ephemeral keys that rotate each epoch. This key rotation limits the damage from key exposure; if an attacker compromises a TEE and extracts a key, past transactions remain protected because those keys are securely erased and no longer exist.
3. Adaptive Security and Attestation: Nodes on the network must regularly refresh their attestations. Oasis maintains a dynamic CPU blacklist system to allow for rapid response to newly discovered hardware vulnerabilities. If a node fails to apply necessary security updates (such as CPU microcode patches for known exploits like Æpic), it becomes ineligible for election to confidential ParaTime committees and loses access to encryption keys.
4. Key Manager Service: The confidential runtimes (Sapphire and Cipher) hold secrets within the TEEs that must not be disclosed even to the node operator. The key manager service coordinates SGX-based runtimes, enforcing access control to key material based on a policy document that requires signing by a configured threshold of authorized keys.

The Oasis Advantage: Flexibility and Scalability

By leveraging TEEs, Oasis provides confidential ParaTimes such as Sapphire, the industry-first confidential EVM; which offer enormous flexibility to developers. Oasis abstracts away the security-critical details of dealing with TEEs (including remote attestation and tamper-proof storage).

For builders, the experience is simple; confidential applications on Sapphire can be built in days, as opposed to months or years using alternative privacy technologies. Developers can easily add encrypted state to any Solidity dApp, choosing precisely which aspects of state to encrypt and which to remain public.

Oasis’s multi-layered defense allowed the network to remain secure and operational with zero impact when attacks like Battering RAM and Wiretap compromised other TEE-based blockchain projects. This success validates the meticulous, multi-layered approach. By backing TEEs with robust architectural security, Oasis ensures that TEEs remain the most practical, flexible, and efficient solution for bringing wide-scale confidentiality to the evolving Web3 space

References
https://oasis.net/security-and-tees
https://optalysys.com/resource/the-distinction-between-fhe-and-tees-the-downfall-attack/
https://a16zcrypto.com/posts/article/trusted-execution-environments-tees-primer/
https://oasis.net/blog/comparing-zkp-tee-privacy
https://oasis.net/blog/oasis-tee-vulnerabilities

Exploring Decentralized Identity with Oasis Network's Runtime Offchain Logic(ROFL)

amio — Wed, 17 Sep 2025 11:53:40 +0000

Identity is the foundation of trust. In the physical world, passports, licenses, and ID cards help us prove who we are. In the digital realm, however, identity is fragmented, centralized, and vulnerable. What does this result? Massive data breaches, intrusive surveillance, and systems that trade user privacy for convenience.

What is Decentralized Identity?

Decentralized Identity is a cutting-edge method of managing digital identities that gives people and organizations the freedom to design, possess, and maintain their online identifiers and digital credentials independently of centralized authority. Decentralized identification uses technologies like digital ID wallets, blockchain, and verified credentials to enable safe, verifiable, and privacy-preserving digital interactions, in contrast to traditional identity systems run by governments, businesses, or third-party platforms. Credentials can be issued once, saved by the user in a safe digital wallet, and used again across platforms thanks to decentralized identity. Whether in supply chains, healthcare, education, financial services, or enterprise IAM, this significantly lowers friction, gets rid of pointless checks, and establishes a reliable, consistent method of information verification.

At the heart of decentralized identity is a three-party trust model: the issuer, the holder, and the verifier. These roles work together to create, manage, and verify digital credentials without relying on centralized databases.

What is Decentralized Identity set to solve?

Across industries, identity systems are fragmented. Whether it’s verifying a customer's ID, onboarding an employee, verifying a diploma, or approving a supplier, organizations rely on siloed databases, repetitive checks, and manual processes. These identity silos, where each system or organization manages identity independently, lead to duplicated effort, inconsistent records, and delays.

The impact is massive:

Siloed IAM systems force users to re-onboard across apps and departments.
Repetitive KYC processes lead to high abandonment rates. Employers struggle to prove qualifications quickly and securely.
Supply chains face rising fraud due to unverifiable supplier data.

By enabling user control, verifiability, and portability, decentralized identity addresses these issues. Decentralized ID enables credentials to be granted once, saved by the user, and used elsewhere, as opposed to each system generating its own isolated identity profile. This significantly lowers friction, boosts trust, and establishes a safe, uniform method of cross-sector information verification.

Web3 has long promised to fix all these with Decentralized Identity (DID). But despite progress, today’s DID frameworks still wrestle with three key problems: scalability, interoperability, and above all, privacy. If user credentials and sensitive data end up exposed on-chain, we’ve simply recreated the same issues on a decentralized ledger.

This is where Oasis Network’s Runtime Offchain Logic (ROFL) enters the picture, a powerful framework designed to bring privacy-preserving computation and verifiable trust to the world of decentralized identity.

The Oasis Privacy-First Approach

Oasis Network has always been built around the principle of Smart Privacy transparency where it matters, confidentiality where it counts. This makes it uniquely suited to tackle the challenges of decentralized identity.

Instead of forcing developers to choose between full transparency (public blockchains) or full secrecy (centralized databases), Oasis provides optional confidentiality. Developers can design systems where sensitive data is protected, but verifiable proofs are still available to the network.

ROFL extends this by offering a flexible, offchain execution environment. Computations happen securely inside Trusted Execution Environments (TEEs), with cryptographic guarantees that neither the network operator nor any third party can tamper with or access the data. The results, however, can be anchored on-chain for transparency and auditability.

Why ROFL Matters for Decentralized Identity

1. Confidential Computation
Identity verification often involves highly sensitive data: government IDs, biometrics, financial history. With ROFL, this information never has to touch the blockchain. It is processed privately in TEEs, ensuring compliance with data protection standards without sacrificing decentralization.

2. Selective Disclosure
One of the most promising features of DID is the ability to reveal only what’s necessary. ROFL enables this at scale. For example, instead of showing your full birthdate, you can simply prove that you’re over 18. The computation runs offchain, the proof goes on-chain, and your privacy remains intact.

3. Compliance Without Compromise
Regulators increasingly demand Know Your Customer (KYC) and Anti-Money Laundering (AML) checks for DeFi protocols and tokenized assets. With ROFL, these checks can happen privately, offchain, with only cryptographic attestations recorded on-chain. This bridges the gap between regulatory compliance and user privacy.

4. Developer Flexibility
Unlike smart contracts, which are limited to blockchain-specific languages like Solidity, ROFL allows developers to build in mainstream languages such as Rust or C++. This makes it easier to integrate existing identity frameworks, libraries, and standards into decentralized identity systems.

Potential Applications of DID + ROFL

DeFi & RWAs: Users can prove compliance with financial regulations without handing over personal data to centralized intermediaries.
Web3 Social: Reputation systems where users can verify authenticity without doxxing their entire identity.
Gaming & Metaverse: Prevent duplicate or bot accounts while preserving pseudonymity.
Healthcare & Government Services: Sensitive records processed in secure environments, with only necessary attestations shared publicly.

Each of these use cases requires the balance of privacy and verifiability; exactly what Oasis + ROFL is designed to deliver.

Why This Matters Now

The digital economy is moving toward a world where identity is not optional. From decentralized finance and tokenized real-world assets to AI-driven personalization, we need identity systems that are trustworthy, interoperable, and privacy-preserving.

ROFL provides the missing infrastructure: the ability to process identity data securely offchain, while keeping proofs auditable onchain. It transforms decentralized identity from an aspirational idea into a practical reality.

Conclusion

Decentralized identity is one of the most critical building blocks for Web3 adoption. But without privacy, it risks replicating the same surveillance-driven patterns of Web2.

By combining Oasis Network’s privacy-first design with the power of Runtime Offchain Logic, a new paradigm emerges: one where individuals control their identity, prove only what’s necessary, and interact in a digital economy built on trust and confidentiality.

The future of identity isn’t just decentralized. With Oasis and ROFL, it’s decentralized, private, and verifiable.

The Privacy-Transparency & Trust-Trustless Paradoxes in Web3: How Oasis Network’s "Smart Privacy" Architects a New Equilibrium

amio — Wed, 20 Aug 2025 12:01:54 +0000

Introduction

In Web3, the ideals of transparency and trustlessness present a profound paradox: a system designed for openness and decentralization paradoxically exposes sensitive information, while skipping intermediaries also shifts trust to intangible protocol layers. These paradoxes, the Privacy-Transparency Paradox and the Trust-Trustless Paradox are not solvable through thesis alone; they demand architectural innovations. The Oasis Network, through its “Smart Privacy and Confidential Compute” paradigm and modular design, provides a compelling synthesis of privacy and accountability, offering real technical mitigation to these tensions.

1. The Privacy-Transparency Paradox

Blockchains thrive on transparency: transaction data and smart contract logic must be auditable to ensure security, consensus, and decentralization. Yet, transparency creates vulnerabilities exposing personal, strategic, or proprietary data, enabling surveillance, front-running, deanonymization, or governance manipulation. Financial and governance confidentiality is not optional; in decentralized governance systems, visible voting records may incentivize coercion or retaliation, undermining true participation. Transparency thus subsists uneasily with privacy.

2. The Trust-Trustless Paradox

Web3 aspires to remove reliance on trusted intermediaries, purporting a "trustless" environment maintained by code and consensus. But trust does not magically vanish it merely migrates. Users must trust the protocol’s design, its correct implementation, validator behavior, and governance mechanisms. Moreover, social coordination remains indispensable; communities still need collective trust frameworks, reputation systems, and alignment despite decentralization. True “trustlessness” is thus a nuanced illusion.

3. Oasis Network: Engineering Trust and Privacy through Architecture

The Oasis Network confronts both paradoxes with concrete design:

Modular dual-layer architecture: Oasis separates the consensus layer from execution via ParaTimes parallel runtimes optimized for different needs, including confidential execution allowing private computations alongside transparent ones without mutual interference
Smart Privacy: Through its confidential Paratime called Sapphire, Oasis enables developers to craft dApps whose privacy levels are tunable “privacy when you need it, transparency when it matters” balancing confidentiality and verifiability.
Trusted Execution Environments (TEEs): Implementation of secure enclaves like Intel SGX or TDX ensures that sensitive computations occur within protected hardware, preserving confidentiality while remaining auditable and verifiable

Thus, Oasis embeds confidentiality into the execution fabric, allowing selective visibility. Sensitive logic and data remain concealed, while proofs or results stay transparent. This directly addresses the privacy-transparency paradox: both ideals co-exist via technical design.

On the trust side, Oasis removes central trusted intermediaries while introducing trust through cryptographic and hardware anchors: consensus remains decentralized (PoS validators), privacy is rooted in hardware-backed TEEs, and correctness is enforced via both software and hardware integrity. The user may trust hardware and protocol, but not central authority recalibrating where trust lies without requiring intermediaries.

4. Broader Context: Confidential Computing & Web3

Confidential computing, performing computations within hardware-based TEEs is increasingly recognized as critical to safeguarding data in use, complementing on-chain and at-rest encryption. Oasis emerges as a pioneer within blockchain for TEE adoption, integrating confidential execution where smart contracts can run with privacy intact.

Alternative approaches like zero-knowledge proofs, secure MPC, or homomorphic encryption have their merits but suffer from performance or complexity trade-offs. Oasis’s TEE-based approach offers pragmatic performance, scalability, and cryptographic assurance especially vital for real-world Web3 and AI applications.

Oasis’s off-chain compute framework, ROFL (Runtime Off-chain Logic), extends the promise: trustless yet confidential AI and decentralized compute, marrying off-chain efficiency with on-chain guarantees via TEEs. There is no boundaries, intersection of Offchain and Onchain

5. Oasis Network’s Role in Resolving Paradoxical Tensions

Privacy-Transparency Paradox: Oasis, via Sapphire and OPL (Oasis Privacy Layer), allows dApps to be built on any EVM chain with customizable privacy encrypting smart contract logic and inputs/outputs while still enabling proof of correctness or results.
Trust-Trustless Paradox: By shifting trust from intermediaries to protocol, hardware TEEs, and open consensus, Oasis reconfigures the trust relationship. Developers and users are not trusting humans, but a layered, verifiable architecture.

6. Use Cases, Relevance in Governance, DeFi, DAOs, AI

DeFi and Governance'

Confidential voting or private financial strategies mitigate manipulation, front-running, or governance retaliation. Smart Privacy gives protection while ensuring result auditability.
AI and Data Sovereignty: Oasis’s combination of TEEs and ROFL supports confidential model training, data sharing, or inference without exposing sensitive data essential for responsible AI and privacy-preserving dApps.
Cross-chain Interoperability: With OPL, existing EVM dApps can inherit smart privacy, increasing adoption potential across ecosystems.

Conclusion

The twin paradoxes of transparency versus privacy and trust versus trustlessness define core tensions in Web3. Oasis Network mediates both through architectural innovation: its modular ParaTime structure, confidential EVM (Sapphire), smart privacy principles, and TEE integration augmented by ROFL (Runtime Offchain Logic Framework) and interoperability via OPL offer a pragmatic reconciliation. It doesn’t eliminate the paradoxes but it transforms them from unsolvable dilemmas into manageable engineering questions, enabling hybrid systems that serve both openness and secrecy, decentralization and confidence.

By realigning trust away from central authorities and toward hardware-backed, verifiable computation, Oasis repositions the trust foundation of Web3. In doing so, it charts a promising path for a more confidential, scalable, and trustworthy decentralized future.

References

1, Oasis Doc
2, Dappradar - What is Smart Privacy in Web3 By Oasis Network
3, Amio — Unlocking Confidentiality: The Transformative Power of TEEs and FHE in the Blockchain Era, Featuring Oasis Network’s Pioneering Role with TEE
4, Wikipedia — Confidential Computing
5, Messari — Oasis Network: Growing a Responsible Data Economy with Privacy
6, Coinmarketcap — What is Oasis Network

Unlocking Confidentiality: TEEs and FHE in Web3, Featuring Oasis Network's Pioneering Role with TEE

amio — Mon, 21 Jul 2025 13:42:34 +0000

The blockchain landscape, celebrated for its transparency and trustless nature, faces a critical challenge: a fundamental lack of privacy. While the public ledger fosters trust and verifiable transactions, it simultaneously exposes sensitive data, hindering the adoption of blockchain technology in numerous high-value use cases. Imagine your entire financial history, voting record, or even a poker hand being publicly visible, this inherent transparency, while beneficial for some applications, becomes a nightmare for others requiring confidentiality. This deficiency has kept crypto in chains, preventing it from fulfilling its full potential. However, a new era of "Privacy 2.0" is emerging, driven by advanced privacy-enhancing technologies (PETs) like Fully Homomorphic Encryption (FHE) and Trusted Execution Environments (TEEs), along with Multi-Party Computation (MPC), promising to unlock new economies and applications through what is termed shared private state.

The Pervasive Problem: Fragmented Privacy and Data Vulnerability

Privacy in crypto is currently fragmented, incomplete, and stuck in its early phases. Phase 1, characterized by "special-purpose privacy" tools like mixers and shielded transactions (e.g., zk-SNARKs, Monero’s ring signatures), offers financial privacy but operates as isolated solutions, failing to address broader privacy needs or integrate into a unified system. Phase 2 introduced "Private State," leveraging Zero-Knowledge Proofs (ZKPs) for verifiable computations on private data, enabling programmable privacy within individual applications and blockchains, as seen with Aztec and Aleo. However, this phase remains limited; privacy is siloed, preventing collaborative, multi-party use cases and restricting composability and interoperability.

The true paradigm shift - Phase 3, or Shared Private State (Privacy 2.0) extends privacy to full-spectrum blockchain interactions, enabling advanced use cases like dark pools, private AI model training, and monetizable, privacy-preserving computation. Without this shared private state, crypto privacy remains insufficient for the complex demands of a digital-first world.

The stakes are high. Data breaches are not isolated incidents but symptoms of fundamentally flawed computation and storage systems that expose data during processing. The vulnerability is magnified in transparent blockchains, making critical industries hesitant to adopt the technology despite its potential. Modern AI platforms and cloud services also face similar risks, leading companies to restrict their adoption due to fears of data exploitation. Solving this privacy gap is not just about preventing breaches; it's about unlocking entirely new industries and use cases that were once unimaginable.

Critical applications demanding enhanced privacy include:

Dark pools and private trading strategies: Confidentiality is crucial for protecting trading strategies in dark pools, which constitute a significant portion of U.S. spot trading volume, a need blockchains alone cannot meet.
Confidential AI: The inability to perform private AI training, inferencing, and use private AI agents hinders breakthroughs in medicine, finance, and personalized models. Companies are stuck relying on public datasets due to the inability to securely train AI models on proprietary, high-value data.
Private DeFi: On-chain services are limited by the inability to securely share data like lending rates and collateral, exposing positions and limiting adoption of private DEXs and secure cross-chain swaps.
Hidden-Information Games: Transparency stifles innovation in games like poker or strategic bidding, which are essential for gaming and prediction markets.
Monetizing Personal Data: Individuals can securely share private data for AI training, research, or analytics, monetize it on their own terms, and remain anonymous, reclaiming control over their data's value from big tech.

The Technological Vanguard: FHE and TEEs

Privacy-enhancing technologies (PETs) like FHE, TEEs, and MPC have been in development for decades, with FHE and MPC conceptualized in the 1980s and TEEs emerging in the early 2000s. Today, these technologies are efficient and practical enough for real-world applications, driving the shift towards a confidential on-chain future.

Fully Homomorphic Encryption (FHE): The Holy Grail of Encryption

Fully Homomorphic Encryption (FHE) is a groundbreaking form of encryption that allows computations to be performed directly on encrypted data, producing an encrypted result that, when decrypted, is identical to the result of operations performed on plaintext data. Often hailed as the holy grail of encryption, FHE offers exceptional flexibility, enabling data to be stored anywhere, including on-chain, and processed without exposing it to the public or even the server owner. This capability is fantastic for retaining blockchain composability and flexibility.

However, FHE currently faces challenges related to high compute overhead and high latency. Despite these limitations, research teams are making significant progress, positioning FHE as a promising option for the near future. In terms of security, FHE is immune to side-channel attacks and, importantly, is based on lattice-based cryptography, which is believed to be resistant to quantum computing threats, making it a strong long-term solution for post-quantum security. While TEEs rely on attestation for integrity, FHE can achieve integrity through deterministic computation and, eventually, could integrate ZKPs for trustless verification. Currently, FHE is just beginning to enter production usage.

Trusted Execution Environments (TEEs): Practical Security Enclaves

A Trusted Execution Environment (TEE) is a secure enclave within a processor that enables computations on sensitive data without exposing it to the broader system. Within a TEE, data and code remain isolated and encrypted, ensuring both confidentiality and integrity even if the rest of the system is compromised. TEEs are often regarded as a practical solution for secure computation, offering a strong balance between security and performance.

Unlike FHE, TEEs rely on specialized hardware like Intel SGX or ARM TrustZone to provide this secure processing environment. This hardware dependency leads some to discount TEEs entirely. However, TEEs offer lower computational overhead and latency, making them an efficient option for real-world deployments today. While TEEs are vulnerable to certain side-channel attacks, ongoing research aims to address these, and side-channel attacks can be mitigated through protocol design. TEEs are already widely deployed in various blockchain applications, making them an accessible solution for current needs. Their security relies on conventional cryptographic principles and trusted hardware, meaning they are not inherently resistant to quantum attacks.

The Powerful Duo: FHE and TEEs Compared

The choice between FHE and TEEs often comes down to specific preferences and use cases, as both are vital for achieving confidentiality in the blockchain ecosystem. Here's a comparative overview:

Performance: TEEs offer fast execution due to their reliance on dedicated hardware for secure computation, making them efficient for real-time applications. FHE, by contrast, is currently slow and computationally intensive, though performance improvements are expected.
Compute: TEEs necessitate specialized trusted hardware components to create secure execution environments. FHE, using cryptographic methods, can theoretically run on any system.
Attack Risk: TEEs are known to be vulnerable to side-channel attacks, where information is extracted by analyzing power consumption or timing. FHE is immune to these but can be susceptible to collusion attacks in MPC setups, and without verifiable compute, the MPC network needs to trust the computation node.
Compute Verifiability: TEEs rely on attestation mechanisms to prove computation integrity, which requires trust in the hardware provider. FHE can achieve integrity through deterministic consensus mechanisms and potentially integrate ZKPs in the future for trustless verification.
Current Practicality: TEEs are widely deployed and accessible for blockchain applications today. FHE, while highly promising, is only just beginning to enter production usage.
Future Potential: TEEs will benefit from advancements in hardware security to address vulnerabilities, with mitigation strategies through protocol design. FHE is expected to see significant performance improvements, especially with specialized hardware acceleration, making it more viable for blockchain applications.
Quantum Resistance: TEEs are not inherently resistant to quantum attacks. FHE, based on lattice-based cryptography, is believed to be resistant to quantum computing threats, making it a strong long-term solution.

Multi-Party Computation (MPC): Collaborative Privacy

Multi-Party Computation (MPC) is another cornerstone of privacy-preserving technology, enabling multiple parties to collectively compute a function while keeping their individual inputs private. By distributing computations across participants, MPC eliminates the need for trust in any single entity, ensuring data confidentiality throughout the process. A key example is collaborative AI model training across organizations, such as hospitals jointly training a diagnostic AI model without sharing sensitive patient data. Data is split into cryptographic shares and distributed across an MPC network, where individual shares reveal no information.

MPC involves a typical lifecycle with two main phases:

Preprocessing Phase (Offline): Computationally expensive operations are performed upfront, before inputs are known, to optimize the online phase. This includes generating random values like Beaver triples and preparing cryptographic materials.

Online Phase: Parties provide their private inputs, which are split into shares and distributed. The actual computation is performed on these shared inputs, leveraging precomputed values from the preprocessing phase, ensuring input privacy. The final result is reconstructed by combining shares.

Post-Processing Phase may involve output verification or additional transformations.

MPC protocols (e.g., BGW, BDOZ, SPDZ) are designed for varying security and efficiency requirements. They operate under different security models that define trust (e.g., Honest Majority, where >50% must be honest, or Dishonest Majority, where privacy is preserved if at least one party is honest) and adversary behavior (e.g., Semi-Honest, who follow the protocol but try to infer information, or Malicious, who can arbitrarily deviate). Ensuring input privacy is straightforward with secret sharing, but detecting deviations requires advanced techniques and robust protocol design. Reputation serves as a foundational building block for ensuring trust assumptions hold, reducing collusion risks. To enforce honest behavior, protocols often incorporate staking/slashing mechanisms (penalizing misbehavior), Actively Validated Services (AVS) like EigenLayer, and cryptographic cheater identification.

Oasis Network: A Pioneer in TEE Adoption for Web3

The Oasis Network stands out as a TEE pioneer in Web3. It actively leverages TEEs to build a confidential decentralized ecosystem, addressing the core privacy challenges inherent in blockchain technology. Oasis's commitment is evident in its continuous research and development efforts, with its engineering team actively participating in ongoing discussions and R&D related to TEEs. Testament in one of their articles and doc

Oasis Network has demonstrated its leadership through key initiatives:

Sapphire: Oasis launched Sapphire, a native rollup that supports confidential dApps. Notably, Sapphire is the industry-first confidential Ethereum Virtual Machine (EVM) compatible ParaTime, providing a groundbreaking developer environment for building private and secure dApps. This directly supports the need for programmable privacy and addresses the limitations of Phase 2 by enabling confidential smart contracts that were previously unfeasible on transparent EVMs.

Runtime Offchain Logic: Oasis developed a framework that enables custom offchain logic that can be easily verifiable onchain, also relying on TEEs. This highlights the utility of TEEs in extending blockchain capabilities beyond the on-chain environment while maintaining verifiability.

Oasis recognizes that while TEEs introduce a hardware dependency, significant improvements in TEE infrastructure and protocol design have minimized possible vulnerabilities. By employing defense-in-depth methods, ongoing R&D efforts, and secure-via-physics design, Oasis aims to continuously improve security. The growing acceptance of TEEs within Web3, alongside ZKPs and FHE, further validates Oasis's strategic adoption.

The rationale behind Oasis Network's strong embrace of TEEs aligns with several critical advantages TEEs offer in the Web3 space:

Practicality and Readiness: TEEs provide a simple, efficient, and reliable way to implement private dApps. They are practical and production-ready today, offering an immediate solution for privacy in crypto, especially for applications like dark order books in DeFi.

Scalable Infrastructure Across Trust Boundaries: Flashbots' Rollup-Boost, leveraging TEEs, demonstrates how they enable scalable infrastructure across trust boundaries and harmonize efficiency with decentralization. This aligns with Oasis's vision for a robust and private blockchain ecosystem.

Confidential AI and Data Integrity: Oasis’s utilization of TEEs extends to securing advanced AI systems. OpenAI advocates for TEE adoption in AI accelerators to boost security, allowing GPUs to perform cryptographic self-checks and protect model weights. Researchers have highlighted how TEEs can be used to build scalable, privacy-protecting ML solutions and safeguard the IP embedded in models, ensuring tamper-proof results. TEEs are essential for AI safety, especially with the growth of Large Language Models (LLMs), as they enable isolated and verifiable code execution, adding integrity to AI workflows. Furthermore, TEEs can enable secure access to vast deep-web datasets previously unavailable to ML systems, bridging traditional web services and modern privacy requirements.

Transforming Trust in DePIN and Web3 Infrastructure: TEEs can evolve the notion of trust within Decentralized Physical Infrastructure Networks (DePIN) and other Web3 infrastructures from a traditional concept to one that is continuously verifiable. This capability is crucial for creating trustless and Web3-compliant AI computing by combining smart contract governance with clusterized TEE computing capacity.

Enhancing Rollup Security: Ethereum rollups, including projects like Scroll and Taiko, are adopting TEEs as part of multi-prover systems to bolster security. This approach, similar to client diversity, uses TEEs to add redundancy, mitigate risks from potential bugs in complex ZK circuits, enhance security without impacting finality or transaction costs, and pave the way for further decentralization of the proving process. Oasis's focus on a confidential EVM ParaTime with Sapphire suggests a similar approach to enhancing rollup security and decentralization through TEEs.

Enabling True Exclusive Ownership : TEEs provide the only way to achieve true exclusive ownership of digital assets and accounts, a feature not possible with FHE, MPC, or ZK proofs alone. Remote attestation offers cryptographic proof of non-interference, bridging Web2 authentication and Web3 autonomy with practical, production-ready implementation. This capability is revolutionary for managing blockchain assets privately, allowing for renting, sharing, and pooling of credentials without direct on-chain traces.

Addressing TEE Vulnerabilities: Oasis acknowledges and actively works on how to protect privacy despite TEE vulnerabilities. By leveraging TEEs, confidential ParaTimes like Sapphire and Cipher offer enormous flexibility to developers while implementing strategies to minimize risks.

The Confidential Future: A Multimodal Approach

From the above, the shift from fragmented transactional privacy to comprehensive digital privacy is redefining how we interact and protect our data. Technologies like MPC, FHE, and TEEs are advancing to a point where they are efficient and practical for real-world applications. While ZKPs are widely discussed, they are not designed to enable shared private state by themselves. Emerging approaches like zkML use ZKPs for verifiable inference, but shared private state is better addressed by MPC and FHE, with TEEs playing a complementary role.

The solution to blockchain's confidentiality problem is on the horizon, and both FHE and TEE approaches will be vital in realizing this future. They enable new use cases and pave the way for widespread Web3 adoption. This multimodal future, combining PETs for resilient systems, will be the catalyst for limitless innovation, solving real-world challenges from empowering individuals to monetize their data securely to enabling businesses to collaborate on sensitive information without risk, and paving the way for transformative use cases we haven't even imagined yet

Balancing Transparency and Privacy in Blockchain

amio — Fri, 13 Jun 2025 13:12:06 +0000

Blockchain technology is widely celebrated for its transparency and immutability, key pillars that ensure trustless transactions and tamper-proof records. These features have driven innovation across industries, from decentralized finance (DeFi) to supply chain management.

However, this same transparency can become a significant challenge when it comes to data privacy and confidentiality. Sensitive information is often exposed on public blockchains, creating a tension between openness and privacy that limits what kinds of applications can be safely and securely built.

This article explores the heart of this problem and how the Oasis Network is uniquely solving it with its Sapphire runtime and the ROFL framework, unlocking new horizons for secure, scalable, and private Web3 applications.

The Core Problem: Balancing Transparency and Privacy

Blockchains like Ethereum and Bitcoin offer pseudonymous accounts users are represented by cryptographic addresses, not real names. While this may seem private, blockchain analysis tools can link activity to real-world identities, exposing sensitive data about financial transactions, personal habits, or business operations.

In addition, because blockchains are immutable and public by default, any data written to them becomes permanently visible to anyone who queries the ledger. This is great for accountability and auditability but problematic for applications that handle sensitive or proprietary information.

This transparency vs. privacy dilemma has created major hurdles in blockchain adoption for sectors like:

Finance, where transaction confidentiality can be vital.
Healthcare, which requires strong data protection for patient information.
Enterprise supply chains, where proprietary data must remain shielded from competitors.

Current Approaches: Trade-offs and Limitations

Projects have tried to bridge the gap in different ways:

Pseudonymity: Using addresses instead of names, but these can be linked to real identities through transaction patterns.

Private blockchains: Restricting access to data and participants. However, they sacrifice the broad, open accessibility that public blockchains offer.

Permissioned access: Controlling who can read or write data. This helps confidentiality but reintroduces trust in centralized gatekeepers, undermining decentralization.

Off-chain solutions: Leveraging sidechains or state channels to reduce on-chain data exposure. While these add privacy and scalability, they’re often complex to implement and can create interoperability headaches.

Each approach improves either privacy or decentralization, but not both. The fundamental challenge has been to create private yet decentralized applications that preserve the auditability and openness of blockchain a challenge Oasis Network set out to solve.

Oasis Sapphire: Confidentiality by Design

Sapphire is the world’s first confidential EVM runtime. It seamlessly extends the familiar Ethereum Virtual Machine (EVM) environment to secure, private computation using end-to-end encryption. This innovation directly addresses the gap between transparency and privacy on public blockchains.

Here’s how Sapphire unlocks new possibilities:

Private storage for encrypted data
Smart contracts on Sapphire can store data in encrypted form, accessible only to authorized parties. Even though the data is stored on a public blockchain, it remains private.

Encryption precompiles
Sapphire provides built-in tools for secure random number generation, cryptographic keypair management, and digital signatures foundational for privacy-focused dApps and fair on-chain processes.

Web2 authentication tools
It bridges the best of Web2 (e.g., OAuth, SSO) with blockchain’s decentralization. This makes secure user onboarding easier, opening the door for more user-friendly privacy applications.

Free view calls
One of Sapphire’s most powerful features is that view calls (read-only contract queries) are free and can access encrypted state data. This eliminates the need for gas payments just to check private data, making private dApps not only possible but affordable and efficient for users.

In short, Sapphire offers private smart contracts on a public blockchain the best of both worlds.

ROFL: Bridging On-Chain Logic with Off-Chain Computation

Beyond encrypted smart contracts, many advanced use cases require interaction with external systems and data sources. This is where ROFL (Runtime Off-Chain Logic) comes in.

ROFL is a framework that enables secure off-chain components to interact directly with Sapphire’s encrypted smart contracts, unlocking a new level of composability and cross-domain integration.

Here’s what ROFL enables:

Secure external API access
Smart contracts can request data or computational results from off-chain sources while preserving the trust and privacy guarantees of blockchain.

Cross-chain dApps
ROFL facilitates cross-chain logic, allowing dApps to seamlessly combine data and functionality from multiple blockchains while maintaining encrypted execution on Sapphire.

Secure AI computation
For advanced applications like AI-driven credit scoring or predictive analytics, ROFL allows sensitive data to be processed off-chain and then securely integrated into blockchain workflows.

Unlocking New Use Cases

By combining the encrypted execution of Sapphire with the off-chain flexibility of ROFL, Oasis Network is transforming what’s possible for blockchain-based applications:

Healthcare
Patient data can be stored and processed in encrypted form, giving patients full control over who can access their medical history, while ensuring doctors and insurers see only the data they need.

Enterprise supply chains
Proprietary logistics and supplier data can be stored privately, preserving competitive advantage while enabling collaborative logistics tracking.

Fair randomness and gaming
Random number generation on Sapphire is verifiably fair and encrypted critical for blockchain gaming, lotteries, and other high-stakes applications.

Conclusion: Privacy, Transparency, and Composability Together

The core promise of blockchain is trustless verification ensuring data and transactions are legitimate without relying on intermediaries. But for blockchain to reach its full potential, it must also provide privacy and confidentiality for sensitive data.

Oasis Sapphire and ROFL prove that privacy and transparency can coexist. By combining:

End-to-end encryption
EVM compatibility for easy developer onboarding
Free, private view calls
Secure off-chain logic with ROFL

Oasis Network is paving the way for a new era of secure, scalable, and composable dApps.

This unlocks entirely new categories of applications that respect user privacy and leverage blockchain’s decentralized trust model, a future where blockchains are open, verifiable, and private by default.

Explore Oasis Network Sapphire and ROFL here

Reclaiming Privacy: How Social Media Fails Us, What Research Reveals, and Why Oasis Sapphire Offers Real Hope

amio — Tue, 20 May 2025 14:04:19 +0000

Introduction

In the digital age, personal data has become one of the most valuable commodities. With billions of people using platforms like Facebook, Instagram, TikTok, and X (formerly Twitter), social media giants have amassed unprecedented volumes of user data. Yet, the systems built to protect this data have consistently fallen short. This article delves into the state of data privacy on social media, drawing from leading academic and industry research. It further explores the limitations of current solutions and introduces how the Oasis Network’s Sapphire runtime offers a paradigm-shifting approach to safeguarding user data.

The Data Privacy Crisis on Social Media

Surveillance Capitalism
Shoshana Zuboff, in her groundbreaking book The Age of Surveillance Capitalism
(2019), outlines how tech companies commodify personal data to predict and influence user behavior. According to Zuboff, social media platforms do not merely collect data for service improvement they monetize it, turning users into products.

High-Profile Data Breaches

Incidents like the Cambridge Analytica scandal in 2018 underscore how social media can be weaponized for manipulation. A report by the UK Parliament's Digital, Culture, Media and Sport Committee (2019) confirmed how Facebook allowed unauthorized access to millions of user profiles. Similarly, TikTok has faced scrutiny over data transfers to China, raising national security concerns (U.S. Senate Committee on Homeland Security, 2022).

Academic Consensus on Privacy Deficiencies

Numerous studies highlight how existing privacy measures are insufficient. For example:

A 2021 Nature Human Behaviour study found that just four "likes" can predict a user's personality better than their friends can.
The ACM Computing Surveys (2020) reviewed over 150 privacy-preserving technologies and concluded that most social platforms lack true end-to-end confidentiality.

Current Privacy Solutions and Their Limitations

Opt-In Consent and Data Minimization

The GDPR and CCPA have introduced significant legal protections. However, researchers (Solove & Schwartz, Harvard Law Review, 2020) argue that consent-based models fail because users often don't understand what they are agreeing to. Data minimization strategies are also rarely enforced effectively.

Differential Privacy and Federated Learning

These approaches have shown promise. Apple and Google use differential privacy in limited applications. Federated learning decentralizes model training but is still vulnerable to gradient leakage attacks, as demonstrated in a 2021 IEEE Transactions on Information Forensics and Security paper.

End-to-End Encryption

Apps like Signal and WhatsApp have popularized encryption, but metadata the who, when, and where is still often exposed. According to the Electronic Frontier Foundation (EFF), this can be as revealing as the content itself.

Introducing Oasis Network and Sapphire: A New Hope

What Is Oasis Sapphire?

Sapphire is the Oasis Network’s confidential EVM-compatible runtime. Unlike typical Ethereum-compatible chains, Sapphire supports smart contracts with built-in privacy through trusted execution environments (TEEs). This enables secure computation over encrypted data.

Key Technical Features

Confidential Smart Contracts: Code executes within a secure enclave, keeping state and inputs hidden.
End-to-End Encryption: Developers can encrypt data client-side and maintain privacy throughout execution.
Compatibility: Fully EVM-compatible, making it easy for existing Ethereum dApps to integrate.
Randomness and Identity: Sapphire includes cryptographic primitives like randomBytes for fair randomness and can integrate with identity frameworks securely.

Research and Development Backing

The Oasis Network’s architecture is designed to serve the privacy and scalability needs of web3.
Oasis Sapphire, with confidentiality natively integrated into its architecture, is the perfect solution for integrating confidential mechanisms into Web3 platforms, this outlines Sapphire’s architecture and formal security guarantees, drawing from academic work on TEEs (IEEE Security & Privacy, 2016).

Real-World Use Cases

Private Voting: Projects like Waku and Snapshot are integrating Oasis Sapphire for on-chain, confidential voting.
Private DeFi: Confidential loans and zero-knowledge asset swaps.
Decentralized Identity: Identity credentials can be issued and verified without exposing underlying data.

Why Sapphire Is a Game Changer

Protecting Users Without Sacrificing Functionality

Sapphire enables decentralized applications that provide user-centric functionality while preserving privacy. This is crucial for future social platforms aiming to break from exploitative data models.

Empowering Developers with Tools and SDKs
Oasis provides a robust developer kit, including Web3.js and Ethers.js support, making it easy to build privacy-preserving apps. Tutorials and grants help fast-track adoption.

Compliance Without Compromise

Sapphire enables GDPR-compliant computation without giving third parties access to raw user data a holy grail for privacy engineers.

Looking Forward: Building a Privacy-First Social Web

To reclaim privacy, we must adopt technologies that make exploitation technically impossible, not just legally restricted. Projects like Lens Protocol and Farcaster, while decentralized, must still integrate privacy-preserving backends to fully protect users. Oasis Sapphire offers exactly this: a way to decentralize and be confidential.

Conclusion

The failure of social media platforms to protect user data is not merely a policy problem, it is a systemic flaw in how these platforms are architected. Decades of research have diagnosed the privacy crisis, but few solutions address it at the protocol level. With its confidential EVM and secure computation, Oasis Sapphire offers a radical and research-backed approach to rebuilding trust online. If we are to reclaim our digital sovereignty, embracing such technologies is not just preferable it is imperative.

Start building here

A Look At Chainlink VRF and Oasis Network's RNG Implementation - Onchain Randomness

amio — Sat, 19 Apr 2025 11:58:57 +0000

When I was reading an article on Oasis Network RNG, immediately Chainlink VRF came to mind and I started to find relationships between the two and how to make best use of the tools out there. The last time I wrote a lottery contract I used Chainlink VRF but after dissecting Oasis Network RNG implementations I was amazed. As a developer building dApps that demand fairness, unpredictability, and cryptographic security, selecting the right random number generation (RNG) method is critical. Whether you're powering a lottery, generating unique NFTs, or assigning randomized game mechanics, randomness becomes a cornerstone for security and trust.

This article provides a deep technical comparison between Chainlink’s Verifiable Random Function (VRF) and Oasis Network’s RNG implementation via Sapphire’s randomBytes precompile. Designed for researchers, smart contract developers, and protocol architects, this guide helps you make an informed decision when integrating RNG into your decentralized application.

Why Randomness Is Critical in Blockchain

Randomness enables decentralization to go beyond consensus, it introduces unpredictability in systems that would otherwise be fully deterministic. In blockchain, random number generation underpins:

Fair games: Ensuring unpredictability in outcomes (e.g., dice rolls, loot boxes)
NFT uniqueness: Assigning random traits to NFT drops
Secure identity/authentication: Creating non-repeating key pairs or seeds
Random governance selection: For leader election or jury mechanisms

Without secure randomness, these systems are prone to manipulation, predictability, or even exploitation, undermining user trust and protocol integrity.

Challenges of Onchain Randomness

Blockchains are deterministic by design, every node must produce the same output for a given input. This ensures consensus but makes integrating randomness difficult.

Some core challenges include:

Predictability: Simple methods (e.g., block.timestamp or blockhash) are predictable and manipulable by miners or validators.
Lack of entropy sources: Blockchains cannot access hardware sensors or external randomness without oracles or trusted execution environments (TEEs).
Verifiability: Users and other smart contracts must trust that the randomness was generated fairly and without tampering.

Secure, verifiable, and decentralized randomness requires advanced cryptographic systems like VRFs, commit-reveal, or TEE-backed entropy pools each with unique trade-offs.

How Chainlink VRF Solves It

Chainlink VRF is one of the most popular solutions for secure onchain randomness. It provides cryptographic proof that the randomness was not tampered with, even by the oracle node itself.

Architecture Overview:

A smart contract makes a randomness request to the Chainlink VRF Coordinator.
The oracle node generates a random number and a proof using its secret key and the request’s seed.
The VRF Coordinator verifies the proof on-chain before delivering the random output to the requesting contract.

Key Features:

Verifiability: Every random output comes with proof.
Decentralization (partially): Though the oracle is offchain, its response is verified by smart contracts.
Ease of use: Widely adopted with libraries available across major blockchains like Ethereum, Polygon, Arbitrum, etc.

Common Use Cases:

Chain-based gaming: Loot boxes, lotteries
NFTs: Trait randomization
Airdrops: Random selection of eligible addresses

Chainlink VRF is trusted but introduces some latency and cost, as it depends on off-chain computation and interaction with the VRF Coordinator contract.

How Oasis Does It Differently

The Oasis Network, especially through its Sapphire confidential EVM runtime, brings a fundamentally different approach. Rather than using external oracles, Oasis leverages confidential computing (TEE) and private ephemeral entropy.

Architecture Overview:

Ephemeral Key Generation: Every epoch, Oasis generates short-lived keys inside the Key Manager runtime, a secure enclave.
Per-block RNG: These keys produce block-level private entropy, which is never persisted and inaccessible to external actors.
Verifiable Root RNG: Oasis processes this entropy through VRF algorithms using TupleHash, KMAC256, and cSHAKE to derive a unique root RNG per block.
Per-transaction domain separation: With Merlin transcripts, Sapphire isolates each transaction’s RNG, ensuring fully private, unbiased, and non-replayable outputs.

Developer Interface:

The RNG is accessed through a simple Solidity call:

bytes memory randomPad = Sapphire.randomBytes(32, "");

This function delivers high-entropy randomness without needing an external oracle or additional infrastructure.

Privacy-first Design:

All entropy is generated inside a Trusted Execution Environment (TEE).
Only remotely attested runtimes can request and use this randomness.
Ephemeral keys and domain separation ensure unpredictability and non-reusability.

Usages of Oasis RNG Implementation

Oasis’ RNG implementation unlocks several privacy-preserving use cases:

Private gaming mechanics: Random rewards or states visible only to the player
ZK + RNG applications: Secure generation of secrets or inputs for zero-knowledge circuits
Secure key pair generation: For signing keys, session keys, or confidential tokens
Randomized airdrops with hidden selection logic
Decentralized lotteries that require tamperproof and private RNG

With a single precompile call, developers can focus on building their application logic without needing to manage randomness infrastructure or worry about third-party dependencies.

Conclusion

Choosing the right RNG mechanism depends on your application’s requirements—whether you prioritize verifiability, privacy, latency, or ease of use.

Use Chainlink VRF if your app requires publicly verifiable randomness and you're operating on major chains like Ethereum or Polygon.
Choose Oasis RNG (Sapphire) if your dApp demands confidentiality, low latency, and native integration within a privacy-preserving runtime.

As randomness becomes increasingly essential in blockchain-native applications, Oasis Network’s approach introduces a powerful, secure, and developer-friendly paradigm particularly for privacy-first and next-gen Web3 use cases.

Privacy, Trusted Execution Environment and The Oasis Network Ecosystem

amio — Thu, 06 Mar 2025 09:55:36 +0000

TEEs have existed for almost a decade and currently have a lot of real-world uses like smartphones. There are many definitions of a TEE, all of which refer in some way to isolated execution and secure storage. In very simple terms, it can be described as an area within a computer system that no one can access except with a trusted agreement.

Trusted Execution Environments (TEEs) are specialized secure areas within a processor that ensure code and data loaded inside are protected concerning confidentiality and integrity. They provide an isolated environment where sensitive computations can occur, shielding them from the rest of the system, including the operating system and hypervisors. This isolation ensures that even if the main system is compromised, the data and processes within the TEE remain secure.

Key Features of TEEs:

Confidentiality: Data processed within a TEE is inaccessible to unauthorized entities, ensuring privacy.
Integrity: Both the code and data inside a TEE cannot be tampered with, preserving their original state.
Isolation: TEEs operate separately from the main operating system, reducing potential attack vectors.

Common applications of TEEs include secure payment processing, digital rights management, and the protection of sensitive data in cloud computing environments.

The Oasis Network: A Privacy-First Blockchain

The Oasis Network is a Layer 1 decentralized blockchain platform designed with a strong emphasis on scalability, privacy, and versatility. Its architecture is divided into two primary components:

Consensus Layer: A high-throughput, secure, proof-of-stake consensus mechanism operated by a decentralized set of validator nodes.
ParaTime Layer: Hosts multiple parallel runtimes (ParaTimes), each representing a replicated compute environment with shared state. This separation allows for parallel transaction processing, enhancing scalability and flexibility.

Why TEEs are Crucial to the Oasis Network's Vision

The Oasis Network leverages TEEs to bolster its privacy features, particularly within its confidential ParaTimes like Cipher and Sapphire. In these environments, nodes are mandated to utilize TEEs, ensuring that data remains confidential during processing. This integration of TEEs allows Oasis to offer:

Confidential Smart Contracts: Developers can create smart contracts that handle sensitive data without exposing it to node operators or external entities.
Enhanced Security:By isolating sensitive computations within TEEs, the network mitigates potential vulnerabilities arising from malicious actors.
Data Privacy:Users can trust that their personal information is processed securely, fostering trust and encouraging broader adoption.

In essence, TEEs are foundational to the Oasis Network's mission of providing a privacy-centric blockchain platform, enabling secure and confidential decentralized applications.

Projects Building on Oasis and Utilizing Oasis Network privacy features

Several innovative projects have harnessed the capabilities of the Oasis Network: We explore some below

Neby Exchange : NEBY is a decentralized exchange (DEX) built on the Oasis Network, designed to offer efficient, secure, and scalable trading. It features advanced liquidity management with concentrated liquidity AMM (clAMM), flexible reward strategies, and 100% protocol fees for stakers, making it a comprehensive platform for traders, liquidity providers, and stakers.

Thorn Protocola decentralized exchange and automated market maker meticulously designed for the Sapphire Paratime of the Oasis Network, stands as a beacon of efficiency and security in the realm of cryptocurrency trading. Its core objective revolves around facilitating seamless transactions of stablecoins and volatile assets while upholding the principles of transparency and decentralization.

Zeph: An AI buddy that leverages Oasis Networ’s privacy features and run private, encrypted nodes to ensure that users data stay secure

Accumulated Finance Omnichain modular liquid staking and restaking. Boosted staking yields & extra rewards for stakers.

PinLink is the first RWA-tokenized DePIN platform, dedicated to driving down costs for AI developers and creating new revenue streams for DePIN asset owners.

Omo Protocolis the first multi-agent orchestration protocol for blockchain, enabling developers & users to build, deploy, and scale cooperative AI agent networks that seamlessly interact with any on-chain primitive

Midas:
Midas’s mission is to pioneer internet native investing, bringing investment-grade assets to the open web. By leveraging blockchain technology, it remove the traditional barriers that have long restricted access to high-quality financial products, making them available to everyone.

Rehide: Self-custody, zero-knowledge password manager and vault. Encrypt your data with your web3 wallet. Your data, your control.

Hatsfinance : Hats Finance offers Web3 native security solutions that align in all respects with the DeFi ethos. By leveraging the power of DeSec, blockchain technology, and community-driven security practices, it offer a suite of tools that include audit competitions and bug bounties.

Pixudi Pixudi is an RPG board game built on blockchain technology. Choose a board, invite opponents and roll the dice! Collect more treasures than others, strategically choose items to use or which way to go, play mini games to gain advantage and duel with other players.

Apillon is a Web3 development platform for developers and businesses building on Web3. By gathering unified API endpoints, it delivers the functionalities of Polkadot parachains adapted to the standard development process and user-preferred technology stack.

Bit Protocol Bit Protocol offers a unique approach to stablecoins with its focus on omnichain functionality, decentralized governance, and privacy-enhancing technology.

Reclaim Protocolenhances HTTPS security by routing requests through proxies that digitally sign website responses, enabling cryptographic proof of data integrity, like bank balances or Uber rides.

Ocean Protocol The privacy-preserving, data sharing protocol for AI and the new Data Economy

illumineXis a non-custodial and cross-chain privacy product offering gas-less Privacy Wallets with integrated private swaps and support for EVM & non-EVM chains, including native BTC.

Conclusion
The Oasis Network is pioneering privacy-first blockchain technology by integrating Trusted Execution Environments (TEEs) to enable confidential computing. By leveraging TEEs, Oasis ensures data privacy, secure smart contracts, and enhanced security for decentralized applications. This approach not only protects user information but also unlocks new use cases in Web3, such as private DeFi, confidential identity solutions, and secure data sharing. As the demand for privacy continues to grow in the blockchain space, Oasis stands out as a leading ecosystem driving innovation in secure and scalable decentralized applications. Explore Oasis Network Ecosystem

Trustless Large Language Models(LLMs)

amio — Fri, 07 Feb 2025 10:03:38 +0000

In the rapidly evolving landscape of artificial intelligence (AI), ensuring the integrity and confidentiality of Large Language Models (LLMs) is paramount. The concept of a "trustless" LLM one that operates without the need for trust in any single party has become increasingly significant. By deploying LLMs within Trusted Execution Environments (TEEs), we can achieve tamper-proof execution and maintain data confidentiality, empowering individuals and businesses to create custom LLMs with enhanced security. Various questions will come to mind. One will ask will use TEE over other verifiable computing technologies? Unlike more well-known verifiable computing technologies like ZKPs and FHE, which are optimistically 3-5 years away from practical implementations, TEE-based infrastructure is ready TODAY.

Understanding Trusted Execution Environments (TEEs)

“Rethinking the use of Trusted Execution Environments (TEEs), transforming it from a “trusted" environment into a "trusted due to verification" or TRUSTLESS Execution Environment, is essential. This is achieved by integrating smart contracts, cryptographic primitives, and widely used network technologies, leveraging TEE's embedded security to control operations within the TEE and ensure compliance through blockchain consensus mechanisms. By combining blockchain technology and TEEs, Web3 and AI can ensure trustless computing environments where computations are secure, verifiable, and transparent” These are the words of David Attermann on Trusted Execution Environment (TEE)

A Trusted Execution Environment (TEE) is a secure area within a processor that ensures code and data loaded inside are protected concerning confidentiality and integrity. This means that unauthorized entities cannot access or alter the data and code within the TEE. TEEs provide isolated execution, integrity of applications, and confidentiality of their assets, making them essential for secure computing.

The Role of TEEs in AI

Integrating TEEs into AI workflows offers several advantages:

Confidentiality: Data processed within a TEE remains confidential, ensuring that sensitive information is protected during AI model training and inference.
Integrity: TEEs guarantee that the AI model and its computations cannot be tampered with, preserving the model's integrity.
Verifiability: Operations within a TEE can be attested, providing proof that computations were executed as intended.

The following steps illustrate how TEEs achieve security and verifiability through encryption and attestation.

Source: Phoenixnap

These properties are crucial for developing trustless LLMs, as they ensure that the model operates securely and as expected.

Oasis Network's Contribution to Trustless LLMs

The Oasis Network leverages TEEs to enhance AI model security and verifiability. By integrating TEEs with the Oasis Runtime Offchain Logic (ROFL) framework, developers can create decentralized AI models with verifiable provenance. This integration ensures that AI models are not only secure but also transparent in their development and deployment processes.

There was an experiment geared at integrating a GPU-enabled TEE with the Oasis Network for fine-tuning an LLM in a TEE

Runtime Offchain Logic (ROFL) Framework

ROFL (Runtime OFf-chain Logic) is a framework that adds support for off-chain components to runtimes like Oasis Sapphire, enabling non-deterministic behavior and access to remote network resources. ROFL allows for off-chain components to seamlessly communicate with the on-chain realm, bringing about full composability across different blockchain platforms and off-chain computation stack.

The ROFL framework enables the execution of off-chain logic within TEEs, allowing for complex computations that are both verifiable and confidential. This is particularly beneficial for AI workloads, as it allows for the training and deployment of LLMs in a secure environment, ensuring that the models remain tamper-proof and that the data they process is kept confidential.

Trustless Agents and Autonomous AI

Building upon the foundation of TEEs and the ROFL framework, the concept of trustless agents emerges. These are autonomous AI entities that operate without human intervention, with their actions and decisions being verifiable and secure. By deploying LLMs within TEEs, these agents can perform tasks with a high degree of trustworthiness, making them suitable for applications that require stringent security and confidentiality measures.

With the introduction of TDX to
ROFL for its TEE implementation the range of what's possible inside a ROFL application is greatly expanded. Intel Trust Domain Extensions (Intel TDX) is Intel's newest confidential computing technology, announced by Intel in February 2022 and offered in public preview by cloud providers Microsoft Azure and Google Cloud Platform.

This hardware-based trusted execution environment (TEE) facilitates the deployment of trust domains (TD), which are hardware-isolated virtual machines (VM) designed to protect sensitive data and applications from unauthorized access.

A CPU-measured Intel TDX module enables Intel TDX. This software module runs in a new CPU Secure Arbitration Mode (SEAM) as a peer virtual machine manager (VMM), and supports TD entry and exit using the existing virtualization infrastructure. The module is hosted in a reserved memory space identified by the SEAM Range Register (SEAMRR).

Intel TDX uses hardware extensions for managing and encrypting memory and protects both the confidentiality and integrity of the TD CPU state from non-SEAM mode

TDX operates as a virtualization-based confidential computing environment, which results in better performance and fewer memory constraints. It allows for the straightforward deployment of legacy applications without requiring changes to the programming model.

Conclusion

The integration of LLMs within TEEs, facilitated by frameworks like ROFL on the Oasis Network, represents a significant advancement in creating trustless AI systems. This approach ensures that AI models are secure, verifiable, and capable of handling sensitive data, thereby empowering individuals and businesses to develop custom LLMs with confidence

Privacy-Preserving Web Searches: Safeguarding User Data in the Age of AI and the Data Economy

amio — Sat, 11 Jan 2025 07:59:47 +0000

In today's digital landscape, web searches are indispensable, serving as gateways to information, services, and knowledge. However, each query contributes to a vast data economy where personal information is collected, analyzed, and often monetized without user consent. This practice raises significant privacy concerns, especially as artificial intelligence (AI) systems increasingly leverage such data. The emergence of privacy-preserving web searches, underpinned by technologies like the Oasis Network's Sapphire and Runtime Off-Chain Logic Framework (ROFL), offers a promising solution to these challenges.

The Imperative for Privacy in Web Searches

Traditional search engines operate on a model that capitalizes on user data. Every search query, click, and interaction is tracked to build comprehensive user profiles, which are then utilized for targeted advertising and other purposes. This model presents several issues:

Data Ownership and Consent: Users often remain unaware of how their data is collected and used, leading to a loss of control over personal information.

Privacy Risks: Detailed user profiles can expose sensitive information, making individuals vulnerable to surveillance and data breaches.

AI Implications: AI models trained on such data may perpetuate biases or be exploited for unethical purposes.

Research has highlighted these concerns. For instance,a study on privacy-preserving web search protocols emphasizes the need for mechanisms that protect user queries from being exposed to search engines .

Oasis Network: Pioneering Privacy Solutions

The Oasis Network is a blockchain platform designed with a focus on privacy, scalability, and data sovereignty. Its innovative technologies, Sapphire and ROFL, are instrumental in enabling privacy-preserving web searches.

Sapphire: The Confidential EVM

Sapphire is the first confidential Ethereum Virtual Machine (EVM) that empowers developers to build decentralized applications (dApps) with integrated privacy features. Key attributes include:

Confidential Smart Contracts: Sapphire allows for the creation of smart contracts that can handle sensitive data securely, ensuring that user queries and interactions remain confidential .

EVM Compatibility: Being fully compatible with existing Ethereum tools and dApps, Sapphire facilitates the integration of privacy features without requiring developers to learn new programming languages or frameworks.

Scalability and Efficiency: Sapphire's design ensures that privacy-preserving computations are executed efficiently, maintaining the performance standards expected in modern web applications.

Runtime Off-Chain Logic Framework (ROFL)

ROFL extends the capabilities of the Oasis Network by enabling off-chain components to interact seamlessly with on-chain smart contracts. This framework is particularly beneficial for applications requiring intensive computations, such as AI models used in search algorithms. Features include:

Off-Chain Computation: ROFL allows complex AI models to run off-chain, reducing the computational load on the blockchain while maintaining verifiability and integrity .
Privacy Preservation: By leveraging trusted execution environments (TEEs), ROFL ensures that off-chain computations involving user data remain confidential.
Interoperability: ROFL facilitates communication between different blockchain platforms and off-chain systems, promoting a more integrated and versatile ecosystem.

The Role of AI in Privacy-Preserving Searches

Artificial intelligence plays a dual role in the context of web searches and privacy. On one hand, AI enhances search capabilities by providing personalized and relevant results. On the other hand, it poses privacy risks when trained on unprotected user data. Privacy-preserving web searches aim to harness the benefits of AI while mitigating its risks:

Personalization with Privacy: AI models can be trained on encrypted data, allowing for personalized search results without exposing individual user information.

Bias Mitigation: Privacy-preserving techniques can ensure that AI models are trained on diverse and representative data sets, reducing the risk of biased outcomes.

User Empowerment: By maintaining control over their data, users can choose how their information is utilized in AI models, fostering trust and transparency.

Research and Developments in Privacy-Preserving Web Searches

The academic community has been actively exploring methods to enhance privacy in web searches. Notable research includes:

Private Web Search Protocols: Studies have proposed protocols that allow users to perform web searches without revealing their queries to search engines, utilizing techniques like decomposable encryption .

Personalized Web Search with Privacy: Frameworks have been developed to enable personalized search results while protecting user privacy through methods such as user profile generalization .

Decentralized Search Systems: Research has introduced decentralized and privacy-preserving search systems that enable users to find documents via dedicated networks without compromising their privacy .

These studies underscore the feasibility and importance of implementing privacy-preserving mechanisms in web search technologies.

The Future of Privacy-Preserving Web Searches

As awareness of data privacy grows and regulations become more stringent, the demand for privacy-preserving web searches is set to increase. The integration of blockchain technologies, such as those offered by the Oasis Network, with advanced AI models presents a viable path forward. Future developments may include:

Enhanced User Control: Providing users with granular control over their data, including the ability to audit and manage how their information is used.
Regulatory Compliance: Ensuring that search platforms comply with global data protection regulations, thereby avoiding legal pitfalls and building user trust.
Ecosystem Integration: Developing interoperable solutions that allow privacy-preserving searches across different platforms and services, creating a cohesive user experience.

Conclusion

Privacy-preserving web searches represent a critical advancement in protecting user data in an era dominated by AI and the data economy. The Oasis Network's technologies, Sapphire and ROFL, offer robust solutions that enable secure, efficient, and private search capabilities. By embracing these innovations, we can move towards a digital ecosystem that respects user privacy while leveraging the full potential of AI, ensuring that the benefits of technology are realized without compromising individual rights.

For more insights into the Oasis Network and its commitment to privacy in Web3 and AI, you can explore their official YouTube channel

Developer Activities on Oasis Network: Key Indicator of Ecosystem Growth in 2024

amio — Tue, 03 Dec 2024 18:29:44 +0000

As blockchain ecosystems evolve, one powerful metric indicating their health and momentum is developer activity. On the Oasis Network, a privacy-first, layer-1 blockchain, developer engagement has surged, driven by advancements in confidential computing and privacy tools like the Sapphire runtime. Oasis’s developer activities, especially with new frameworks and initiatives like the ROFL and Hackathons ok the network, underscores its commitment to privacy and composability, bringing both technical and creative innovation to the platform.

According to data released by Santiment on September 16th, 2024, Oasis Network topped the chart for the highest development activity score among data and AI-oriented protocols. This uptick in developer engagement is critical not only for platform stability but also for attracting long-term investment and partnerships.

In 2024, the Oasis Network has rolled out several updates and improvements. Key milestones include advancements in ParaTime compute nodes, which support network versatility by allowing custom runtimes tailored to specific application needs. Sapphire ParaTimes has consistently demonstrated strong developer engagement. This reflects stable, incremental growth, showing a steady engagement from the developer community to improve network resilience and utility

The core driver of Oasis Network's ecosystem growth is its technical foundation, which includes features like the Sapphire paratime, the first confidential Ethereum Virtual Machine (EVM) that supports privacy for decentralized applications (dApps). By enabling developers to build apps that incorporate varying levels of privacy, Sapphire creates a distinctive environment attractive to developers interested in privacy-first applications across finance, AI, and more.

In 2024, developer engagement on Oasis has been bolstered by the integration of Runtime Off-chain Logic (ROFL). ROFL, a framework introduced this year, enables the blending of on-chain and off-chain logic, allowing for more complex decentralized applications. With ROFL, developers can create dApps that communicate with off-chain data sources, enabling non-deterministic, off-chain processing that adds substantial versatility to blockchain-based applications, enhancing user experience and functionality

One of the notable developer-driven initiatives is the P4W3 Hackathon, a flagship event by Oasis Network. Running from September to November 2024, this hackathon offered a $130,000 prize pool to participants creating applications with privacy as a core feature, using the Sapphire runtime and ROFL framework. The hackathon attracted developers focused on privacy-preserving applications. Projects from this initiative will not only highlight the unique capabilities of Oasis’s confidential EVM but also serve as proofs of concept for privacy-first dApps, setting a benchmark for future developers on the network.

Key judging criteria for the P4W3 Hackathon included project implementation quality, user experience, and innovative use of confidential computing tools. The event provided a hands-on opportunity for developers to integrate privacy-focused technology into their applications, accelerating the learning curve for new developers and strengthening the Oasis community through collaboration and mentorship from industry experts. By engaging the developer community with such events, Oasis has amplified its technical reach, fostering a growing interest in building privacy-centric solutions.

Oasis has also introduced several initiatives to support developers post-hackathons. Participants in hackathons were invited to join a broader support network within Oasis, including grants, incubation programs, and engineering support resources. This extended support is essential in transitioning from hackathon prototypes to fully realized dApps that can achieve adoption in real-world scenarios. In this light, it is pertinent to note that just late October this year (October, 2024) Oasis Foundation awarded a grant to Blockchain of Things (BoT), a standout project from the ETHDam hackathon earlier this year. BoT leverages the Sapphire runtime’s encryption capabilities to create a secure marketplace where IoT device operators can monetize their data streams while maintaining privacy. The platform’s subscription model and preview system allow data consumers to verify quality before purchase, establishing a sustainable framework for bringing verified real-world data onchain.

Moreover, the Oasis Privacy Layer (OPL) has enhanced cross-chain privacy, allowing developers to create privacy-protecting features that interact with other EVM-compatible networks. This added interoperability broadens Oasis’s appeal, providing developers with the flexibility to integrate privacy features into applications across multiple chains.

Through ongoing innovation, developer support, and initiatives like the P4W3 Hackathon, Oasis Network has solidified its position as a hub for privacy-centric blockchain development. As more developers leverage Oasis’s tools and frameworks, their contributions help propel the network forward, making developer activity a reliable indicator of Oasis’s ecosystem growth and resilience. With the continued development of privacy-preserving technology and strategic engagements like hackathons, Oasis Network is well-positioned to remain at the forefront of Web3’s privacy-focused future. This surge in development activity underscores the network’s commitment to fostering a robust ecosystem, especially in privacy-focused and data-centric blockchain solutions. Developer engagement, visible through GitHub commits, new features, and network improvements, is an indicator of the Oasis Network’s potential for continued growth and innovation in the Web3 and data privacy space. Start building on Oasis Network