Enigma— decentralized privacy layer: full review


Enigma is a decentralized computation platform with guaranteed privacy. Their goal is to enable developers to build ’privacy by design’, end-to-end decentralized applications, without a trusted third party.

Enigma is private. Using secure multi-party computation (sMPC or MPC), data queries are computed in a distributed way, without a trusted third party. Data is split between different nodes, and they compute functions together without leaking information to other nodes. Specifically, no single party ever has access to data in its entirety; instead, every party has a meaningless (i.e., seemingly random) piece of it.

Enigma is scalable. Unlike blockchains, computations and data storage are not replicated by every node in the network. Only a small subset perform each computation over different parts of the data. The decreased redundancy in storage and computations enables more demanding computations.


Design overview
Enigma is designed to connect to an existing blockchain and off-load private and intensive computations to an off-chain network. All transactions are facilitated by the blockchain, which enforces access-control based on digital signatures and programmable permissions.

Code is executed both on the blockchain (public parts) and on Enigma (private or computationally intensive parts). Enigma’s execution ensures both privacy and correctness, whereas a blockchain alone can only ensure the latter. Proofs of correct execution are stored on the blockchain and can be audited. They supply a scripting language for designing end-to-end decentralized applications using private contracts, which are a more powerful variation of smart contracts that can handle private information (i.e., their state is not strictly public).

The scripting language is also turing-complete, but this is not as important as its scalability. Code execution in blockchains is decentralized but not distributed, so every node redundantly executes the same code and maintains the same public state. In Enigma, the computational work is efficiently distributed across the network. An interpreter breaks down the execution of a private contract, as is illustrated in Figure 1, resulting in improved run-time, while maintaining both privacy and verifiability.

The off-chain network solves the following issues that blockchain technology alone cannot handle:

1. Storage. Blockchains are not general-purpose databases. Enigma has a decentralized offchain distributed hash-table (or DHT) that is accessible through the blockchain, which stores references to the data but not the data themselves. Private data should be encrypted on the client-side before storage and access-control protocols are programmed into the blockchain. Enigma provides simple APIs for these tasks in the scripting language.

2. Privacy-enforcing computation. Enigma’s network can execute code without leaking the raw data to any of the nodes, while ensuring correct execution. This is key in replacing current centralized solutions and trusted overlay networks that process sensitive business logic in a way that negates the benefits of a blockchain. The computational model is described in detail in section 5.

3. Heavy processing. Even when privacy is not a concern, the blockchain cannot scale to clearing many complex transactions. The same off-chain computational network is used to run heavy publicly verifiable computations that are broadcast through the blockchain.

Off-chain storage
Off-chain nodes construct a distributed database. Each node has a distinct view of shares and encrypted data so that the computation process is guaranteed to be privacy-preserving and fault tolerant. It is also possible to store large public data (e.g., files) unencrypted and link them to the blockchain. Figure 2 illustrates the database view of a single node.

On a network level, the distributed storage is based on a modified Kademlia DHT protocol with added persistence and secure point-to-point channels, simulated using a broadcast channel and public-key encryption. This protocol assists in distributing the shares in an efficient manner. When storing shares, the original Kademlia distance metric is modified to take into account the preferential probability of a node.

Privacy-enforcing computation
To use Enigma, developers write high-level code, where public parts are executed on the blockchain and private parts are run off-chain, on Enigma’s platform. They call these private contracts, since they are smart contracts that can handle private information.

Hierarchical secure MPC
Information-theoretic results show that secure MPC protocols require each computing node to interact with all other nodes (O(n2) communication complexity) and a constant number of rounds. In the case of a LSSS, this computational complexity applies to every multiplication operation, whereas addition operations can be computed in parallel, without intercommunication.

Cohen et al recently proposed a method of simulating an n-party secure protocol using a logdepth formula of constant-size MPC gates, as illustrated in Figure 3. We extend their result to LSSS and are able to reduce the communication-complexity of multiplication from quadratic to linear, at the cost of increased computation complexity, which is parallelized. Figure 4 illustrates how vanilla MPC is limited by the number of parties, while their implementation scales up to arbitrarily large networks.

Figure 4: Simulated performance comparison of their optimized secure MPC variant compared to classical MPC.

Network reduction
To maximize the computational power of the network, they introduce a network reduction technique,where a random subset of the entire network is selected to perform a computation. The random process preferentially selects nodes based on load-balancing requirements and accumulated reputation, as is measured by their publicly validated actions. This ensures that the network is fully utilized at any given point.

Adaptable circuits
Code evaluated in their system is guaranteed not to leak any information unless a dishonest majority colludes (t≥n2). This is true for the inputs, as well as any interim variables computed while the code is evaluated. An observant reader would notice that as a function is evaluated from inputs to outputs, the interim results generally become less descriptive and more aggregative.

For simple functions or functions involving very few inputs, this may not hold true, but since these functions are fast to compute — no additional steps are needed.

However, for computationally expensive functions, involving many lines of code and a large number of inputs, they can dynamically reduce the number computing nodes as they progress, instead of having a fixed n for the entire function evaluation process. Specifically, they design a feed-forward network (Figure 5) that propagates results from inputs to outputs. The original code is reorganized so that they process addition gates on the inputs first, followed by processing multiplication gates. The interim results are then secret-shared with Nc nodes, and the process is repeated recursively.

As previously mentioned, end-to-end decentralized apps are developed using private contracts, which are further partitioned to on-chain and off-chain execution. Off-chain code returns results privately, while sending correctness proofs to the blockchain. For simplicity, the scripting language is similar in syntax to well-known programming languages. There are two major additions to the scripting language that require more detail.

Private data types
Developers should use the private keyword to specify private objects. This automatically ensures that any computation involving those objects remains secure and private. When working with private objects, the data themselves are not locally available, but rather a reference of them.

Data access
There are three distinct decentralized databases living in the system, each accessible through a global singleton dictionary. Specifically –
1. Public ledger. The blockchain’s public ledger can be accessed and manipulated using L. For example, L[k] ← 1 would update key k for all nodes. Since the ledger is completely public and append-only, the entire history is stored as well and (read-only) accessible using L.get(k, t).

2. DHT. Off-chain data are stored on the DHT and accessible in the same way the public ledger is. By default, data are encrypted locally before transmission and only the signing entity can request the data back. Otherwise, using DHT.set(k, v, p), where k is the key, v is the value and p is a predicate, namely — p : X → {0, 1}, sets v to be accessible through k if and only if p is satisfied. They supply several built-in predicates in the language such as limiting access to a list of public keys. If encryption is turned off, the default predicate is ∀x p(x) = 1, so the data are public but distributed off-chain.

3. MPC. Syntactically, using MPC is equivalent to DHT, but the underlying process differs. In particular, executing MP C.set(k, v, p) secret shares v. The shares are distributed to potential computing parties that store their shares in their local view. Now p can be used to specify who can reference the data for computation using vref ← MPC[k], without revealing v. By default, only the original dealer can ask for the raw data back by running v ← MPC.declassify(k), which similar to the sharing process, collects shares from the various parties and reconstructs the secret value locally. In addition, any other entities belonging to the same shared identity can reference the data for computation.

Note that for simplicity, they addressed all keys in L, DHT and MPC dictionaries as using a single namespace, whereas in practice finer granularity is available, so that they can be segmented to databases, tables, and finer hierarchies.

Blockchain interoperability
In this section it is shown how Enigma interoperates with a blockchain. Specifically, they detail how complex identities are formed using digital signatures, which are automatically compatible with blockchains. They then continue to describe in detail the core protocols linking Enigma’s off-chain storage and computation to a blockchain.

Identity management
A recent survey paper divided blockchain-inspired technologies into two: fully decentralized permission-less ledgers (e.g., Bitcoin, Ethereum) and semi-centralized permissioned ledgers (e.g., Ripple). In the paper, the author argues that there is an inherent trade-off between having a pseudo-anonymous system, where no one is trusted and all information must remain public, and having a somewhat centralized system with trusted nodes that can verify true underlying identities. With an off-chain technology linked to a blockchain, this trade-off can be avoided while the network remains fully decentralized.

For this to work, they define an extended version of identities, one that captures shared identities across multiple entities and their semantic meaning.

To complete their definition of shared identities, they incorporate the idea of meta-data. Meta-data encapsulates the underlying semantic meaning of an identity. Primarily, these include public access control rules defined by the same predicates mentioned earlier, which the network uses to moderate access-control, along with any other public or private data that is relevant.

It should now be clear how their system solves the need for trusted nodes. As always, public transactions are validated through the blockchain. With shared identities and predicates governing accesscontrol stored on the ledger, the blockchain can moderate access to any off-chain resources. For anything else involving private meta-data, the off-chain network can act as a trustless privacy-preserving verifier.

Link protocols
They now discuss the core protocols linking the blockchain to off-chain resources. Specifically, they elaborate on how identities are formed and stored on the ledger; and how off-chain storage (DHT) and computation (MPC) requests are routed through the blockchain, conditional on satisfying predicates.

Access control
Protocol 1 describes the process of creating a shared identity and Protocol 2 implements the publicly verifiable contract for satisfying predicates.

Store and Load
Storing and loading data for direct access via the DHT are shown in Protocol 3. For storing data, write permissions are examined with the given qstore predicate. The storing party can provide a custom predicate for verifying who can read the data. This is the underlying process that is abstracted away using the DHT singleton object in the scripting language.

Share and Compute

Share and compute, illustrated in Protocol 4, are the MPC equivalent of store and load protocols, since they enable processing. Internally, they store and load shares from the DHT and allow working with references to the data while keeping the data secure.

Protocols 1 to 4 are illustrated in whitepaper on pages 10 and 11. Source


Enigma’s team is replete with MIT-connected individuals (MIT Lab and MIT Sloan) and seasoned software engineers.

Enigma’s team. Source: Enigma.co

Guy Zyskind — CEO and Co-founder.

MIT Media Lab | 10+ years software development

Guy Zyskind, has more than a decade of software development experience with an M.S. from MIT, was a former MIT Media Lab research assistant, and taught the first ever class on blockchain at MIT.

Can Kisagun — Chief Product Officer & Co-founder.

MIT Sloan MBA | McKinsey

Can Kisagun graduated from MIT’s Sloan School of Management has experience with a handful of tech startups, and worked at McKinsey & Company as a business analyst after completing his MBA.

Victor Grau Serrat — Director of Engineering.

MIT D-Lab | 15+ years of software development

Tor Bair — Head of Growth and Marketing.

MIT Sloan MBA | Snapchat; options trader

Nir Zyskind — Director of Business Development (EMEA)

IVC Research | MBA, College of Management

Ainsley Sutherlan — Product and Partnership Strategy.

Consensys | Buzzfeed

Frédéric Fortier — Senior Software Engineer

Quant Trading | 10+ years of software development

Moria Abadi — Senior Software Engineer and Researcher

IBM Research | 15+ years of software development

Lena Kleyner — Senior Software Engineer

Qwilt | 10+ years of software development

Isan Rivkin — Software Engineer

Ethereum Israel | 5+ years of software development

Elichai Turkel — Software Engineer

Former Bitcoin Researcher

Aditya Palepu — Software Engineer

Former Algorithmic Trader / Researcher

Avishai Weingarten — Software Engineer

Intel | Bar-Ilan University

Embar Almog — Software Engineer

Ben-Gurion University

Aaron Mayer — Community Marketing Manager

Brown University

and others.


Enigma’s advisors. Source: Enigma.co

Enigma also has an impressive advisor team with individuals who have backgrounds from prominent hedge funds, budding startups, including Floodgate, Flybridge Capital Partners, the Digital Currency Group, and MIT.

  • Alex “Sandy” Pentland — Director of MIT Media Lab Entrepreneurship Program. In 2011, Forbes named Alex Pentland one of the world’s seven most powerful data scientists along with a founder of Google.
  • Paul Veridittakit — Partner at Pantera Capital.
  • Bill Barhydt — CEO of Abra.
  • Jacob Gibson — Cofounder and COO of Nerdwallet.
  • Jason Fang — Managing Partner at Sora Ventures.
  • Justin Lent — Former Director of Hedge Fund Development at Quantopian.
  • Josh Lim — Former VP of Treasury and Trading Operations at Circle.
  • Matthew Falk — Former Software Engineer at TwoSigma.

People from GitHub:

  • isan_rivkin (Isan-Rivkin) Repositories — 38. Stars — 23.
  • Victor (lacabra) Repositories — 21. Stars — 2.

Enigma has also Ambassadors program and over 40 Ambassadors in 15+ countries. Articles about some of them:

Meet the Enigma Ambassadors #1: Professor Kristi Yorks.

Meet the Enigma Ambassadors #2: Brendan Kittredge.

Meet the Enigma Ambassadors #3: Josh Lines.

Meet the Enigma Ambassadors #4: Leor Fishman.


On the 9th of January 2018 announced that Enigma and ETHLend, the first decentralized lending marketplace are working towards a partnership that will help bring data and computational privacy to decentralized lending. More information can be found here.

On the 30th of July 2018 announced that Enigma is partnering with Intel on research and development efforts to advance development of privacy preserving computation technologies. As a part of this effort, Enigma will utilize Intel SGX (Software Guard Extensions) in building their groundbreaking privacy technologies. With Enigma’s solutions, data is protected while still allowing for computation over the data as part of a scalable, secure solution. More information can be found here.

On the 30th of August, announced partnerships with eight of the forward-thinking projects to create an ecosystem of solutions for a decentralized future. These 8 projects include: Ocean Protocol, Datawallet, Colendi, 2key, Eximchain, Datacoup, Rebloc and Portal Network. More information on these partnerships can be found here.

Use case

Data Marketplace
Direct consumer to business marketplace for data. With guaranteed privacy, autonomous control and increased security, consumers will sell access to their data. For example, a pharmaceutical company looking for patients for clinical trials can scan genomic databases for candidates. The marketplace would eliminate tremendous amounts of friction, lower costs for customer acquisition and offer a new income stream for consumers.

Secure Backend
Many companies today store large amounts of customer data. They use the data to provide personalized services, match individual preferences, target ads and offers, etc. With Enigma, companies can use the data for the same purposes they do today, without actually storing or processing the data on their servers, removing security risks and assuring the privacy of their customers.

Internal Compartmentalization
Large organizations can use Enigma to protect their data and trade secrets from corporate espionage and rogue employees. Employees can still use and analyze data for the benefit of the organization, but won‘t be able to steal any data. Productivity inside organizations would be improved since more people can have access to more data, and costs on security would be lower.

N-Factor Authentication
Voice, face and fingerprint recognition stored and computed on Enigma. Only the user ever has access to these data. Policies for when and if additional keys are required can be set inside a private contract, unexposed to any potential attacker.

Authenticating and securely storing identities in a fully anonymous, yet provably correct, fashion is trivial on Enigma and requires as little as several lines of code. The process is simple — a user secretshares her personal information required for authentication. When the user logs in, an authenticating private contract is executed, validating the user and linking her real identity with a public pseudoidentity. The process is completely trust-less and privacy-preserving.

Store, manage and use (the highly sensitive) data collected by IoT devices in a decentralized, trustless cloud.

Distributed Personal Data Stores
Store and share data with third parties while maintaining control and ownership. Set specific policies for each service with private contracts. Identity is truly protected since the decision to share data is always reversible — services have no access to raw data, all they can do is run secure computations on it.

Crypto Bank
Run a full-service crypto bank without exposing private internal details. Users can take loans, deposit cryptocurrencies or buy investment products with the autonomous control of the blockchain, without publicly revealing their financial situation.

Blind E-Voting
Votes on anything, from political elections to company board meetings, without exposing anything besides the final outcome. Not only is the privacy of each voter is maintained, even the actual votecount can remain private. For example, if the elections require any kind of majority vote, but no details about the distribution, a unanimous decision would be indistinguishable from one decided by a single vote.

Bitcoin Wallet
1. Decentralized private key generation — Multiple Enigma nodes locally create a segment of the key, whereas the full key is only ever assembled by the user. No trail of evidence is left anywhere.
2. Decentralized transaction signing — Transactions signed without ever exposing the private key or leaving a trail.
3. Decentralized controls — Set spending limits, multi-sig, CHECKLOCKTIMEVERIFY like controls, and more with a private script. Lock time, limits or number of required signatures are completely invisible to a potential attacker.

Social metrics

Github metrics
Social Media Activity

Markets and volumes

Information from Coinmarketcap.com
Information from Coinlib.io


The structure of corrective wave 1–2 shows a textbook abc formation. Sub wave a-b of wave 1–2 also holds a classic (a)-(b)-© zigzag pattern and sub wave b-c of wave 1–2 has a 5 waves pattern to the south which looks complete. In general we can say that the corrective structure looks textbook complete.

Also macd is rising on a daily chart forming a huge divergence back from may

Oa weekly chart macd cross to the upside which can be an indication of an early bull trend. price is consolidating in a very narrow rage for a last couple of weeks which suggests ongoing accumulation.

Pattern on a daily chart looks similar to the one on USD. structure is a textbook example and looks complete. macd is looking north and formed a divergence.

On a weekly ENG/BTC chart macd did not crossed yet. more confirmation is required. All in all charts looks promising. We can recommend its as a buy on this levels for mid-long term investors.In case of a brake out our first target is 1.2$



Origo is a highly scalable off-chain blockchain solution offering data and transactions privacy. Origo uses sharding, stateless clients and improved hybrid consensus to achieve the desired improved performance levels.

Main features:

• Privacy Preserving Application Platform: By combining an innovative privacy protocol with an efficient zero knowledge proof(ZKP) framework, Origo’s Privacy Preserving Application Platform(PPAP) guards the input/output data privacy and transaction privacy for decentralized applications.

• Off-chain Computation: Origo supports off-chain execution of decentralized applications, which not only protects the privacy of application execution, but also significantly improves the on-chain performance.

• Scalable Architecture: Origo adopts a high scalable architecture, which is achieved by implementing numerous promising technologies focusing on improving performance: enhanced consensus protocol, state-of-the-art sharding, stateless client, improved application runtime environment (Virtual Machine), and more.

• Future research and development work: a few active research and developing work is ongoing: support of cross chain for privacy preserving applications, zero knowledge proof framework without trusted setup, formal verification tools for decentralized applications, and more.



A new privacy primitive for developing smart contracts on public blockchains, enabling secure storage and usage of secrets, as well as supporting infrastructure, including the keep market and token.

Though keeps maintain state off-chain, they are provisioned and messaged by contracts on-chain. They will describe the keep in terms of these on-chain operations.

A contract, requests a keep by publishing a request to the blockchain. Once a keep, has accepted a request and finished initializing off-chain, it will respond to the request with a set of public keys the calling contract can use to communicate privately with the keep.

Once the keep has been created, it can be populated in a number of ways. dApps can publish secret data to the blockchain, encrypted by the keep’s public keys, or send the data to the keep off-chain. Alternatively, a keep can self-populate with pseudorandom data.

The purpose of a keep is to compute a function over its secret and publish the results to the blockchain. Initially, keeps will support publishing their secrets on-chain, unmodified or encrypted with a public key provided by Contractowner. This enables functionality that’s difficult in today’s public smart contracts, like a secret exposing dead man switch, useful in a variety of decentralized market schemes. Keeps can be extended to use their secret in a variety of other ways, including as key material for symmetric encryption and signing.


DISCOVERY 2018 (Enigma Protocol MVP with Secret Contracts 1.0, dApp Data Privacy and Ethereum Integration):

Q2 2018: Testnet

Q3 2018: Mainnet

VOYAGER 2019 (Secret Contracts 2.0, dApp Independence and dApp Scalability):

Q1 2019: Testnet

Q2 2019: Mainnet

VALIANT 2019 (Global Scalability, Open Network):

Q4 2019: Testnet

Q1 2020: Mainnet

DEFIANT 2020 (Chain Independence, True Decentralization) in the Q3 2020

When is mainnet? The team is intended to have multiple “mainnet launches” as they integrate more features into protocol — in the original roadmap, this means their Valiant, Voyager, and Defiant releases. These future releases involve integrating MPC and having their own blockchain. The Discovery mainnet release will occur when they are confident that their partners will be ready and the network will be robust.

Token Mechanics

Enigma Stakeholders
In the Enigma network, there are four primary types of stakeholders:

Secret nodes: Secret nodes are network participants that run a node in the Enigma network and ensure secret contracts are executed in a privacy preserving manner. Nodes in Enigma network can be thought of as performing a function similar to miners in Bitcoin.

Consensus nodes: Consensus nodes operate the Enigma blockchain itself — they validate computations and set the final ordering of state changes. (In Discovery, these type of nodes are not yet available to run as they instead rely on Ethereum for verification. As a result, this post will primarily be focusing on secret nodes. More details on consensus nodes will be released in the future, so keep an eye on this blog!)

Developers: Developers build dApps that require secret contracts for sensitive data inputs. Recently they wrote about a number of early launch partners who are developing on Enigma. As an example: Ocean Protocol, which is building secret voting for their Token Curated Registry (TCR), would qualify as a developer.

dApp user: dApp users are users of dApps with secret contracts. For example, this would include anyone who participates in the Ocean Protocol TCR or votes for a DNS through Portal Network (another Enigma launch partner).

Role and Utility of ENG

The ENG token is critical to the function of the Enigma network, playing two primary roles: as payment for computation and as a requirement for staking. Critical networks like Enigma are made possible by the existence of utility tokens like ENG that serve as an alignment mechanism. Below they provide more detail on the ENG token and its utility within their network.

Primary role of ENG: paying for computations in the Enigma Protocol
The primary function of ENG in the Enigma protocol is to pay for computations, very similar to the function of Gas (ether) in the Ethereum network. When an application runs a secret contract on the Enigma network, end users who interact with the application (or the entity that deployed the application) has to spend ENG to get the computation done in a privacy-preserving way. Let’s go over a simple example to better illustrate the point:

Secondary role of ENG: staking for secret and consensus nodes
As mentioned previously, the Enigma network utilizes a multi-tiered ENG staking system (secret nodes and consensus nodes). In this system, the more tokens a secret node stakes, the more likely she is to be selected to work on the next secret contract. Nodes acquire and stake ENG to increase their chance of running secret contracts and thus earning a return on their stake.


Token Metrics

Token Distribution
They are creating a fixed supply of one hundred million (100M) tokens, to be allocated as follows:
50% to be made available in the initial token sale (to be used only for operations)
25% retained as incentives for the Catalyst community
25% distributed to the Enigma team and advisors (current and future) and retained by Enigma

Use of funds
Funds raised through the token sale will be used as follows:
60% for product and technology development
15% for blockchain research
10% for marketing purposes
10% for operations

5% for legal and administrative costs

Up to 1 year lock up period for big early investors, 2 year lock up period for team tokens*

* info taken from telegram chat, no official proof


Team: awesome team, very high spec

Idea: more and more relevant, both privacy and scalability

Development stage: testnet

Whitepaper: good, understandable, outlines main info about this project

Roadmap: new one, published in march is really good, includes development details until 2020

Enigma has potential in terms of the efficient and decentralized sharing of data and the strategic presentation of trading and financial analytics. Enigma protocol has its first Dapp Catalyst which is a platform aimed to provide trading tools for cryptocurrency markets. This marketplace allows users to trade trading algorithms which use real time data supplied via Enigma.

Almost all team members are MIT graduates and advisors are top tier, this allows this project to face up to the competition, but it has some flaw with development speed. Idea for this project was born in 2015, when they were one of the few who were tackling these problems, but now they have competition in both privacy and scalability features. Making a working product and achieving network effect is a must to win the competition.

All in all this project is very ambitious, both scalability and privacy are topics in demand. Blockchain for data security is considered to be on hype in the following years according to Gartner Hype Cycle. This project is developing quite nicely lately, they released testnet 1.0, have quite a number of new partners, hire new employees. This project was under radar for some time so now they try to work more with media, update their blog more frequently, communicate more with community.

Subscribe on detailed companies’ updates by Paradigm! Medium. Twitter.