🎥Maximized confidentiality
This document outlines the technical intricacies employed by Thorn to ensure heightened confidentiality.
The confidential EVM runtime
At the foundation of Thorn' confidentiality framework lies the Sapphire EVM runtime, a cutting-edge technology designed to operate within Intel SGX secure enclaves. These secure enclaves provide a fortified environment for the execution of transactions, enabling the decryption and processing of encrypted contract storage and transaction calldata with utmost security.
The private key required for decryption is generated exclusively within these secure enclaves, ensuring that access to decrypted data remains restricted even to validators. This robust encryption mechanism guarantees that sensitive information remains safeguarded from unauthorized access or manipulation.
Sapphire's confidential runtime facilitates seamless transitions between encrypted states, offering a trustless mechanism for data encryption and decryption. Unlike alternative methods such as zero-knowledge proofs or fully homomorphic encryption, Sapphire boasts minimal performance overhead, enhancing scalability and efficiency within the Thorn ecosystem.
Attack vectors and mitigations
While the confidential EVM runtime provides a robust foundation for confidentiality, Thorn acknowledges the presence of potential attack vectors that could compromise privacy within decentralized applications. This section identifies and addresses these vulnerabilities, underscoring Thorn' commitment to maintaining the highest standards of security and confidentiality.
Storage-based side-channel attacks
Despite the encryption of contract storage keys and values within the Sapphire runtime, interactions with storage present inherent risks. The deterministic nature of encrypted storage keys enables the identification of transactions updating the same storage slot based solely on ciphertext analysis. Thorn recognizes this vulnerability and implements stringent measures to mitigate the risks posed by storage-based side-channel attacks, ensuring the integrity of data stored within the Thorn ecosystem.
Out-of-band privacy leaks
In addition to addressing internal threats, Thorn remains vigilant against potential out-of-band privacy leaks that may compromise confidentiality. While Sapphire protocols prioritize confidentiality within applications, users must remain vigilant to prevent inadvertent leakage of information. Thorn highlights scenarios where users may inadvertently expose sensitive information, such as utilizing a confidential Automated Market Maker (AMM) to swap between addresses. By raising awareness of these risks, Thorn empowers users to take proactive measures to safeguard their privacy and security within the decentralized finance ecosystem.
In conclusion, Thorn Protocol stands at the forefront of innovation, leveraging advanced encryption technologies and robust security measures to ensure maximum confidentiality within its ecosystem. By addressing potential vulnerabilities and empowering users with knowledge and awareness, Thorn sets a new standard for privacy and security in decentralized finance.
Last updated