2

i am currently storing a secret (string) directly inside a smart contract. The idea is that the smart contract only allows authorized people to obtain the secret. The problem is that the smart contract is on the blockchain and everyone can simply decompile it.

What is the best practice to solve this issue?

As an example one could think of a bidding contract, which contains a secret (reward for the highest bidder). After a bidding round the secret can be obtained by the highest bidder. Is there a way to securely store the secret?

I'm mainly interested in a solution that does not contain a trusted third party.

Tauling
  • 33
  • 7

2 Answers2

1

It's impossible to store secret data in a smart contract. As you said, a smart contract is public, so anyone can see all data stored therein. All transactions are publicly visible too.

Even if you could somehow store a secret in a smart contract (which again, you can't), whatever conditions needed to be met in order to reveal that secret (like winning an auction), could be faked by a person duplicating your contract onto their private network and then winning the auction there. So they would find out the secret, but you wouldn't get anything.

Note: this is all assuming you don't know who the recipient of the secret information is ahead of time. You could encrypt a message off-chain, store it on chain, and then off-chain give the decryption key to the person who you want to receive the message, but this is essentially trusting a 3rd party.

AnAllergyToAnalogy
  • 3,553
  • 11
  • 23
0

Storing data on smart contract means everyone can read your data. Sending data to smart contract means everyone can read the payload of the transactions and see it.

The solution is encrypting the data you are going to store and then decrypting it after reading it.

in case of the bidding, I don't think it is necessary that the amount is kept secret. Besides sending money anonymously is the key thing of a blockchain.

Kaki Master Of Time
  • 3,060
  • 4
  • 19
  • 44