Privacy Enhancements

In addition to standard privacy (SP), Masa provides three kinds of privacy enhancements:

  • Counter-party protection (PP)
  • Mandatory party protection (MPP)
  • Private state validation (PSV)

Counter-party protection

Counter-party protection prevents non-participants from interacting with a private contract without using access controls.

For example, a private contract is deployed between nodes 1 and 2. Without counter-party protection, if node 3 discovers the private contract address, it can send a transaction with privateFor set to node 2. The transaction isn’t applied to node 3’s private state because node 3 isn’t a participant in the private transaction, but the transaction is applied to node 2’s private state.

To enable counter-party protection, enable enhanced privacy and set privacyFlag to 1 when using send API methods.

Mandatory party protection

Mandatory party protection inherits all features of counter-party protection, and also allows you to define one or more recipients as mandatory for a private contract. The mandatory recipient is included in all subsequent transactions to the contract and has full private state, while normal recipients may only have partial state of the contract.

Use mandatory party protection if you need governing or central nodes to have full private state for any contracts deployed in the network.

To enable mandatory party protection, enable enhanced privacy and set privacyFlag to 2 and the mandatoryFor parameter to a list of mandatory recipients when using send API methods.

Private state validation

Private state validation prevents state divergence by ensuring that any private transaction for the contract is always sent to all participants.

For example, a private contract is deployed between nodes 1 and 2. Without private state validation, node 1 can send a transaction to the private contract with a privateFor of []. The transaction changes the private state of node 1 but not node 2, and the private states of 1 and 2 no longer match. With private state validation, a transaction from node 1 with a privateFor of [] is rejected, and the transaction is processed only when privateFor contains both 1 and 2.

Private state validation shares the full participant list among all participants and validates against all subsequent transactions. Transactions sent to a subset of participants fail.

In standard privacy or when only using counter-party protection, only the sender knows the full participant list.

To enable private state validation, enable enhanced privacy and set privacyFlag to 3 when using send API methods.

Using privacy enhancements

Limitations

Depending on the complexity of the contracts and the throughput of the network, the state at simulation time may differ from the chain state at the time the proposed transaction is published. If the state at publishing time is changed from simulation time, the corresponding PP, MPP, and PSV transactions fail on all participants. Furthermore, since state divergence is expected in PP and MPP contracts, it’s possible (depending on contract design) for PP and MPP transactions to fail on some participants.

Concurrency may also present a problem for PSV contracts. The execution hash calculation is based on the chain state at simulation time. Submitting multiple transactions to the same PSV contract from multiple nodes concurrently may result in most transactions failing.


Did this page help you?