diff --git a/approaches/approach-private-payments.md b/approaches/approach-private-payments.md index 2d23629..ae981af 100644 --- a/approaches/approach-private-payments.md +++ b/approaches/approach-private-payments.md @@ -239,7 +239,7 @@ maturity: documented context: i2i crops: { cr: medium, o: no, p: full, s: low } uses_patterns: [pattern-tee-based-privacy] -example_vendors: [] +example_vendors: [inco] ``` **Summary:** Trusted execution enclave processes transfers privately; on-chain artefact is an attestation of correct enclave execution. diff --git a/domains/custody.md b/domains/custody.md index 29a65d2..a89a38c 100644 --- a/domains/custody.md +++ b/domains/custody.md @@ -19,4 +19,5 @@ description: "Protect keys, controls, and recovery while preserving scoped overs - [Kaleido Paladin](../vendors/paladin.md) - [Fireblocks](../vendors/fireblocks.md) - [iExec](../vendors/iexec.md) -- [Soda Labs](../vendors/soda-labs.md) \ No newline at end of file +- [Soda Labs](../vendors/soda-labs.md) +- [Inco](../vendors/inco.md) \ No newline at end of file diff --git a/domains/funds-assets.md b/domains/funds-assets.md index e1ac27c..fde67d2 100644 --- a/domains/funds-assets.md +++ b/domains/funds-assets.md @@ -32,3 +32,4 @@ description: "Hold and transfer claims with hidden positions and verifiable audi - [Fhenix](../vendors/fhenix.md) - [Zama](../vendors/zama.md) - [TACEO Merces](../vendors/taceo-merces.md) +- [Inco](../vendors/inco.md) diff --git a/domains/payments.md b/domains/payments.md index 66efef6..1dfac3f 100644 --- a/domains/payments.md +++ b/domains/payments.md @@ -31,4 +31,5 @@ description: "Move value with stakeholder-scoped visibility, from institutional - [Fhenix](../vendors/fhenix.md) - [Zama](../vendors/zama.md) - [Privacy Pools](../vendors/privacypools.md) -- [Fairblock](../vendors/fairblock.md) \ No newline at end of file +- [Fairblock](../vendors/fairblock.md) +- [Inco](../vendors/inco.md) \ No newline at end of file diff --git a/patterns/pattern-private-shared-state-tee.md b/patterns/pattern-private-shared-state-tee.md index 987450d..4324eee 100644 --- a/patterns/pattern-private-shared-state-tee.md +++ b/patterns/pattern-private-shared-state-tee.md @@ -108,7 +108,7 @@ Threat model: - Three banks share a tokenised-bond collateral pool on an Ethereum settlement L2. Each bank's deposit is encrypted to the enclave cluster's public key. A margin call triggers enclave computation: the enclave decrypts inputs, evaluates aggregate collateral coverage at native speed, and emits the updated encrypted state with an attestation report. The regulator uses enclave-mediated disclosure to audit one bank's position without learning the others. ## See also - - [Oasis Sapphire ParaTime](https://oasisprotocol.org/sapphire) - [Intel SGX documentation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html) - [AWS Nitro Enclaves documentation](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) +- [Inco Lightning](https://docs.inco.org/home) diff --git a/patterns/pattern-private-stablecoin-shielded-payments.md b/patterns/pattern-private-stablecoin-shielded-payments.md index 6622c82..84ef127 100644 --- a/patterns/pattern-private-stablecoin-shielded-payments.md +++ b/patterns/pattern-private-stablecoin-shielded-payments.md @@ -115,6 +115,7 @@ Threat model: - [Aztec](../vendors/aztec.md) - [Zama](../vendors/zama.md) - [Fhenix](../vendors/fhenix.md) +- [Inco](../vendors/inco.md) - [Canton Network press release on weekend USDC cash leg](https://www.canton.network/canton-network-press-releases/digital-asset-complete-on-chain-us-treasury-financing) - [Aztec programmable-privacy documentation](https://docs.aztec.network/) - [Zama confidential ERC-20 overview](https://www.zama.ai/post/confidential-erc-20-tokens-using-homomorphic-encryption) diff --git a/patterns/pattern-private-vaults.md b/patterns/pattern-private-vaults.md index 501c144..66bb0b6 100644 --- a/patterns/pattern-private-vaults.md +++ b/patterns/pattern-private-vaults.md @@ -109,3 +109,4 @@ Threat model: - [Fhenix](../vendors/fhenix.md) - [Orion Finance](../vendors/orion-finance.md) - [Aztec](../vendors/aztec.md) +- [Inco](../vendors/inco.md) diff --git a/patterns/pattern-tee-based-privacy.md b/patterns/pattern-tee-based-privacy.md index 96aafe4..c1767e6 100644 --- a/patterns/pattern-tee-based-privacy.md +++ b/patterns/pattern-tee-based-privacy.md @@ -132,7 +132,7 @@ Failure modes and mitigations: A bank deploys a confidential matching engine for block trades inside a hardware-isolated enclave. Traders verify the attestation before submitting encrypted orders; matching runs inside the enclave and only fills are published. Attestation logs record that the approved matching code was executed for each batch, while auditors can verify the code measurement without seeing order flow. Threshold key shares and a zero-knowledge proof of execution are added in a later phase to reduce the blast radius of any single compromise. ## See also - +- [Inco](../vendors/inco.md) - [Confidential Computing Consortium](https://confidentialcomputing.io/) - [awesome-tee-blockchain](https://github.com/dineshpinto/awesome-tee-blockchain) - [Fhenix](../vendors/fhenix.md) diff --git a/patterns/pattern-tee-key-manager.md b/patterns/pattern-tee-key-manager.md index c504ec4..f89b3d3 100644 --- a/patterns/pattern-tee-key-manager.md +++ b/patterns/pattern-tee-key-manager.md @@ -116,3 +116,4 @@ An institution runs a TEE-backed key manager for its treasury and tokenised-asse - [AMD SEV-SNP attestation](https://www.amd.com/content/dam/amd/en/documents/developer/lss-snp-attestation.pdf) - [Ethereum Attestation Service](https://docs.attest.org/) - [Fireblocks](../vendors/fireblocks.md) +- [Inco](../vendors/inco.md) diff --git a/vendors/inco.md b/vendors/inco.md new file mode 100644 index 0000000..8212757 --- /dev/null +++ b/vendors/inco.md @@ -0,0 +1,79 @@ +--- +title: "Vendor: Inco" +status: ready +maturity: production +--- + +# Inco - TEE co-processor enabling confidential smart contract library for EVM chains + +## What it is + +Inco Lightning is a Solidity library and Trusted Execution Environment coprocessor that adds encrypted data types (`euint256`, `ebool`, `eaddress`) and confidential operations to standard smart contracts on existing EVM chains. Developers import a single library and write confidential logic in Solidity; encrypted values are stored as on-chain handles while confidential computation runs inside an attested enclave network at near-native chain latency. Lightning is post-quantum secure on the privacy side, and is live on Base mainnet. + +## Fits with patterns + +- [TEE-Based Privacy](../patterns/pattern-tee-based-privacy.md) - confidential compute inside attested enclaves with hardware trust anchors +- [Private Shared State (TEE)](../patterns/pattern-private-shared-state-tee.md) - encrypted contract state shared across mutually distrusting parties +- [TEE Key Manager](../patterns/pattern-tee-key-manager.md) - decryption keys never leave attested enclaves +- [Shielding](../patterns/pattern-shielding.md) - confidential ERC-20 balances, transfers, and allowances +- [Private Stablecoin Shielded Payments](../patterns/pattern-private-stablecoin-shielded-payments.md) - confidential token transfers for stablecoins +- [Confidential ERC3643](../patterns/pattern-erc3643-rwa.md) - confidential ERC3643 for RWAs +- [User-controlled viewing keys](../patterns/pattern-user-controlled-viewing-keys.md) - programmable per-handle access control decides who may decrypt each value +- [Private Intent-Based Vaults](../patterns/pattern-private-vaults.md) - private strategy execution for DeFi + +## Not a substitute for + +- Anonymity: wallet addresses and transaction graph remain public. Lightning hides specific onchain states, not counterparties +- Trust-minimised confidentiality from zero-knowledge proofs. Hardware trust and cloud provider anchors remain in the model. + +## Architecture + +The technical architecture is a based private rollup with a consensus light client (Helios) inside the Trusted Execution Environment, enabling end-to-end verifiable and trustless compute: +- **Execution model**: contracts hold handles to encrypted values in canonical on-chain state. Confidential operations (`add`, `mul`, comparisons, `select`, encrypted randomness) are executed by a Trusted Execution Environment coprocessor network triggered by on-chain events. +- **Key management**: encryption keys never leave attested enclaves. A quorum-based network of decryption nodes handles decryption and re-encryption requests, signs results, and relays them on-chain through verified callbacks. +- **Access control**: control access on each encrypted handle are enforced at the contract level, enabling role-based access and selective disclosure to approved parties (users, auditors, contracts). +- **Verifiability**: every state transition is verifiable compute, so operators cannot forge results. The design goal is that operators can at worst halt, not steal. +- **Client side**: a JavaScript SDK encrypts inputs, manages signatures, and re-encrypts outputs for local decryption by authorised users. +- **Cryptography**: the protocol utilizes NIST-approved, post-quantum-secure schemes. + +## Privacy domains + +- Confidential token balances, transfer amounts, and allowances +- Encrypted application state: private identity, sealed bids, hidden game state, private votes, confidential order parameters +- Onchain secure private randomness generated inside the enclave without an external oracle +- Selective disclosure via programmable decryption permissions per encrypted value + +## Enterprise demand and use cases + +- Confidential token standard work with Circle Research, OpenZeppelin, and Zama (Confidential Token Association) +- Confidential ERC-3643 for RWA issuance with private, enforceable compliance logic +- Private payroll, vesting, and treasury flows where amounts must be hidden but counterparties are known and screenable +- Private DeFi primitives: blind auctions, confidential money markets, DvP escrow, private governance +- Prediction markets requiring hidden state and provable fairness + +## Technical details + +- Standard Solidity, Foundry/Hardhat tooling, npm-distributed library (`@inco/lightning`). No new VM or language. +- Runs at the speed of the host chain with near-zero added latency. No bridging to a separate privacy chain. +- Composable: confidential contracts interoperate with each other and with public DeFi on the same chain. +- Local development environment via Docker for testing without live enclaves. + +## Strengths + +- Lowest integration cost in the confidential-compute category: one import into existing Solidity contracts +- Performance suitable for latency-sensitive applications (real-time games, high-frequency flows) where zero-knowledge or Fully Homomorphic Encryption approaches are currently impractical +- Post-quantum-secure symmetric encryption of state +- Users keep existing wallets and the host chain's settlement guarantees +- Verifiable compute end to end + +## Risks and open questions + +- Hardware trust anchors: enclave vendor compromise or microarchitectural side channels are outside the cryptographic model +- Liveness depends on the coprocessor. +- The confidentiality model (values hidden, addresses public) leaks the transaction graph. + +## Links +- [Website](https://www.inco.org/) +- [Documentation](https://docs.inco.org) +- [GitHub](https://github.com/Inco-fhevm) +- [Circle Research x Inco: Confidential ERC20 Framework](https://github.com/Inco-fhevm/confidential-erc20-framework/blob/main/whitepaper.pdf)