Skip to content Skip to footer
Back to course

Oasis 101

Course Content

Oasis 101 Sapphire — Privacy-Enabled EVM

Sapphire — Privacy-Enabled EVM

anca 3 Courses

Understanding EVMs and Sapphire

Let’s begin by examining how data storage operates within Ethereum and how Sapphire builds on these principles to ensure privacy and security.

Ethereum Data Storage

Ethereum employs a world state, essentially a vast tree data structure. Each node in this tree consists of a 32-byte key paired with a 32-byte value. This design applies to all data on the network, including transactions and variables within smart contracts.

Each piece of data, whether a transaction or a smart contract variable, is associated with an address derived from the contract address and the specific location within the contract. However, storing larger values requires concatenation across consecutive nodes.

Given blockchain’s transparency, extracting the complete storage of any contract is possible. This raises the question: wouldn’t encrypting data provide essential privacy? The challenge lies in managing the encryption key. If stored on-chain, the key’s visibility compromises data confidentiality. How can data be securely encrypted on-chain without exposing the encryption key?

What Should a Confidential EVM Look Like?

A confidential Ethereum Virtual Machine (EVM) addresses these concerns with significant architectural advancements:

  • Web Gateway Enhancements: While the hardware setup remains similar, the web Gateway is extended to securely access confidential primitives.
  • Encrypted Communication: HTTP requests are now wrapped in peer-to-peer encryption, ensuring end-to-end data security between nodes.
  • Trusted Execution Environment (TEE): Computation occurs within a secure enclave of the TEE on each node. This ensures that smart contract operations and associated data remain private, even from node operators.

This paradigm shift enables innovations such as the Sapphire Confidential EVM, which offers a privacy-centric evolution in blockchain technology.

Sapphire Confidential EVM

Sapphire represents a groundbreaking integration of the EVM with privacy and security enhancements. Here’s what sets Sapphire apart:

  • Encrypted Storage: Data stored on nodes is encrypted. While publicly accessible, it remains confidential and secure.
  • Flexible Transactions: Sapphire supports both encrypted and unencrypted transactions, allowing users to select the privacy level that suits their needs.
  • Trusted Execution: Computations within the TEE ensure confidentiality regardless of transaction type. Users can confidently choose between public transparency and private security.

This flexibility allows for scenarios like verifying smart contract deployments or auditing transactions while maintaining privacy where necessary. Sapphire’s design ensures that encryption and transparency coexist harmoniously, catering to diverse user requirements.

How Sapphire Executes Contracts

The architecture of Sapphire enables secure and efficient execution of smart contracts. Here are the key components and processes:

  1. Sapphire Node in TEE: The core where smart contracts execute within the TEE, ensuring data confidentiality and computational integrity.
  2. Key Manager: Operates alongside a subset of compute nodes. When a transaction needs access to confidential storage, the Sapphire Node requests the necessary key from the Key Manager. This key is retrieved from a dedicated key-value database for the contract and provided temporarily to the Sapphire environment.
  3. Transaction Processing: The transaction is processed within Sapphire, which involves:
    • Reading and writing to confidential storage.
    • Computing new IO roots for block proposers.
    • Returning computation results and emitted events to the user.
  4. Security Measures: Sapphire doesn’t store keys. Keys are only provided temporarily during computation and are discarded afterward. Security relies on the Key Manager nodes, which securely manage keys. Attestation mechanisms validate the integrity of the TEE, ensuring secure execution.

By segregating key management from computation and implementing robust security protocols, Sapphire offers a reliable and private framework for Ethereum-compatible smart contracts.

Sapphire Public Endpoints

Developers can easily integrate with Sapphire using the following endpoints:

With these tools, anyone familiar with Ethereum development can quickly bootstrap and deploy contracts on Sapphire using standard Ethereum tooling.

Previous Lesson
Back to Course
Next Lesson