Highlights of our November Office Hours
Last week we hosted our first developer-focused office hours. CTO Raymond Cheng and CPO Noah Johnson took questions and ran through a number of interesting demos that will help developers get started on the Oasis Devnet.
If you missed this month’s office hours, don’t worry — you can watch the office hours in full, or check out some highlights below.
Top Q&A and Demos
Getting started on the Oasis Devnet
Q: What is the Oasis Devnet?
A: The Oasis Devnet is the latest version of our platform built specifically for developers. We’ve created an environment for developers to test and build on the Oasis platform including new features to help developers of all kinds work on applications never before capable on blockchain.
There’s a lot of new development coming including new machine learning frameworks, new development toolkits, better ways of handling confidentiality, and access control libraries and we needed the ability to be flexible for our network as we add these. We want to be working closely with our developers so we can get feedback as we build.
You can also read more about the Devnet at its top features here.
Q: How does Web3c differ from web3.js?
A: At a high level, it exposes the exact same interface to web3.js and is a plug-and-play replacement. You can just install web3c and use that and require that instead of web3.js and you’ll have all the same APIs you would expect, but now you also hit these additional confidential smart contract end points.
Privacy-preserving smart contracts and examples of use cases
Q: How does Oasis specify confidential smart contracts?
A: Currently we prepend a keyword in front of the contract file (e.g. Confidential–[contract file]), and we’ve modified compilers to be able to automatically detect that prepended string and if it’s there it will compile it as a confidential smart contract. In practice we’re adding some metadata to the smart contract so the runtime nodes know how to interpret that smart contract at run time. But in terms of the development workflow all you need to worry about is to be able to signal to the compiler to compile it as a confidential smart contract, and that’s what we use that prepended string for.
For more details check out our documentation on confidential smart contracts.
Q: Are confidential smart contracts computationally more expensive than non-confidential smart contracts?
A: In the future we want to be able to support a variety of different ways to do confidentiality including multi-party computation and zero knowledge proofs. Currently the mechanism that we’re using for confidentiality is trusted execution environments or trusted hardware, which run on bare metal. There’s a bit of overhead in setting up the environment, but that’s a fixed cost and once it’s set up there’s really very little overhead required to run confidential smart contracts.
Currently on the Devnet, the gas model is set to the equivalent of existing non-confidential contracts. That will change over time.
Q: What would happen if you ran a secret voting DApp on Ethereum?
A: If this was built on Ethereum, then anyone could go to this transaction page and view the raw input and see specifically who I voted for. Because not only is contract code public on Ethereum but so is contract data. And this is why you don’t want to run this contract on platforms that don’t provide confidentiality.
Q: In the secret voting DApp example, can a keyholder go back and look at voting history?
A: Everything you want to do you actually have to write into the smart contract — it’s the final arbiter for who can see what. If you need to build auditing mechanisms or verification mechanisms, you can do that in the smart contract, but other people outside of the smart contract can’t arbitrarily take a look at that voting history.
There are a lot of things you can build to extend on this example — you can audit to make sure people aren’t voting more than once, make sure people are verified, you could put constraints on that history to make sure certain rules are enforced in that smart contract, but all of that has to be defined inside the smart contract. If it’s not defined in the smart contract then no, the keyholder can’t do anything with that data.
Q: What are the best use cases for privacy related to finance?
A: When you think of things like derivatives and exchanges or auctions there are a bunch of things that inherently need confidentiality. A simple example would be a second-price auction. In a second-price auction, the purpose is to actually hide the bids until the very end and reveal it when you get to the close of the auction. It’s important for these types of mechanisms to not reveal what those bids are until the very end. So some of these types of financial mechanisms are only possible with confidentiality.
In addition, some of the use cases that benefit from confidentiality might surprise you. For example, even games benefit from confidentiality. If you want to build a game on blockchain — so that you can integrate with other smart contracts, have token schemes, or store assets of the games as NFTs — oftentimes for competitors in games you need to make sure your opponent can’t cheat. So if the game is executed on the blockchain it’s important that the game state remain secret (for example if you’re playing poker and you don’t want competitors to see your cards) — both from other players, but also from miners, to ensure a malicious miner doesn’t collude with a player to cheat.
Using Rust for smart contract development
Q: What are the benefits of writing a smart contract in Rust instead of Solidity?
A: Now that we have solutions for scalability, a lot of people want to unlock the power of smart contracts — writing contracts that are more complex than ever before. Solidity is a great language for writing simple contracts like multistate wallets and tokens, but once you have the ability to write fundamentally more complex types of computations Solidity isn’t the best language. For example if you want to do something that involved machine learning or games, Solidity may not be the best language to do that.
For that reason, we’re trying very hard to make sure our architecture and run time support many different languages so developers have access to the right languages and the right tools for their specific application.
The first step for this is Rust. Rust is a general purpose language that allows you to write very low level code, systems level code, and lets you have access to a rich set of libraries developed by the Rust community. Our goal is to allow people who are familiar to write Rust without having to make major changes to code and have it automatically run as a smart contract.
Once we have these different backend languages, the community can build other tools and UI front ends that allow developers to use additional programming languages and workflows, and as long as those compile into those runtime languages they will work on Oasis. Rust support is an important first step to opening up the door to allow the development of smart contracts through a much richer set of tools and languages than you have today.
If you’re interested in developing on Rust learn more in our tutorial.
Additional resources
Q: What can I read to learn more about Oasis Labs and the Oasis Devnet?
A: While there are a number of great resources we recommend starting here:
- Learn more about building on the Oasis Devnet: Devnet Documentation
- Learn more about what we’re building towards: Non-technical Primer (now in English and Chinese)
- Take a deeper dive into some of our technology: Oasis Blog
- Get updates on new features, events, and hackathons: Oasis Newsletter
Q: How do I share feedback about the Oasis Devnet?
A: We would really love your feedback –– what you like, what needs improvement; what you’re building and what you wish you could build on the Devnet. To send us technical feedback just go to feedback.oasiscloud.io.
Q: How do I find out where Oasis is speaking next?
A: We try to share all our upcoming events on our website. In addition to events, you can also sign up for our monthly newsletter which provides new info and updates on everything we’re working on, the events we’ll be at next, and more.
For more information about Oasis Labs email us at info@oasislabs.com.
