Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion approaches/approach-private-payments.md
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ maturity: documented
context: i2i
crops: { cr: medium, o: no, p: full, s: low }
uses_patterns: [pattern-tee-based-privacy]
example_vendors: []
example_vendors: [inco]
```

**Summary:** Trusted execution enclave processes transfers privately; on-chain artefact is an attestation of correct enclave execution.
Expand Down
3 changes: 2 additions & 1 deletion domains/custody.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,5 @@ description: "Protect keys, controls, and recovery while preserving scoped overs
- [Kaleido Paladin](../vendors/paladin.md)
- [Fireblocks](../vendors/fireblocks.md)
- [iExec](../vendors/iexec.md)
- [Soda Labs](../vendors/soda-labs.md)
- [Soda Labs](../vendors/soda-labs.md)
- [Inco](../vendors/inco.md)
1 change: 1 addition & 0 deletions domains/funds-assets.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,4 @@ description: "Hold and transfer claims with hidden positions and verifiable audi
- [Fhenix](../vendors/fhenix.md)
- [Zama](../vendors/zama.md)
- [TACEO Merces](../vendors/taceo-merces.md)
- [Inco](../vendors/inco.md)
3 changes: 2 additions & 1 deletion domains/payments.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,5 @@ description: "Move value with stakeholder-scoped visibility, from institutional
- [Fhenix](../vendors/fhenix.md)
- [Zama](../vendors/zama.md)
- [Privacy Pools](../vendors/privacypools.md)
- [Fairblock](../vendors/fairblock.md)
- [Fairblock](../vendors/fairblock.md)
- [Inco](../vendors/inco.md)
2 changes: 1 addition & 1 deletion patterns/pattern-private-shared-state-tee.md
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ Threat model:
- Three banks share a tokenised-bond collateral pool on an Ethereum settlement L2. Each bank's deposit is encrypted to the enclave cluster's public key. A margin call triggers enclave computation: the enclave decrypts inputs, evaluates aggregate collateral coverage at native speed, and emits the updated encrypted state with an attestation report. The regulator uses enclave-mediated disclosure to audit one bank's position without learning the others.

## See also

- [Oasis Sapphire ParaTime](https://oasisprotocol.org/sapphire)
- [Intel SGX documentation](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html)
- [AWS Nitro Enclaves documentation](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html)
- [Inco Lightning](https://docs.inco.org/home)
1 change: 1 addition & 0 deletions patterns/pattern-private-stablecoin-shielded-payments.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ Threat model:
- [Aztec](../vendors/aztec.md)
- [Zama](../vendors/zama.md)
- [Fhenix](../vendors/fhenix.md)
- [Inco](../vendors/inco.md)
- [Canton Network press release on weekend USDC cash leg](https://www.canton.network/canton-network-press-releases/digital-asset-complete-on-chain-us-treasury-financing)
- [Aztec programmable-privacy documentation](https://docs.aztec.network/)
- [Zama confidential ERC-20 overview](https://www.zama.ai/post/confidential-erc-20-tokens-using-homomorphic-encryption)
Expand Down
1 change: 1 addition & 0 deletions patterns/pattern-private-vaults.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,3 +109,4 @@ Threat model:
- [Fhenix](../vendors/fhenix.md)
- [Orion Finance](../vendors/orion-finance.md)
- [Aztec](../vendors/aztec.md)
- [Inco](../vendors/inco.md)
2 changes: 1 addition & 1 deletion patterns/pattern-tee-based-privacy.md
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ Failure modes and mitigations:
A bank deploys a confidential matching engine for block trades inside a hardware-isolated enclave. Traders verify the attestation before submitting encrypted orders; matching runs inside the enclave and only fills are published. Attestation logs record that the approved matching code was executed for each batch, while auditors can verify the code measurement without seeing order flow. Threshold key shares and a zero-knowledge proof of execution are added in a later phase to reduce the blast radius of any single compromise.

## See also

- [Inco](../vendors/inco.md)
- [Confidential Computing Consortium](https://confidentialcomputing.io/)
- [awesome-tee-blockchain](https://github.com/dineshpinto/awesome-tee-blockchain)
- [Fhenix](../vendors/fhenix.md)
Expand Down
1 change: 1 addition & 0 deletions patterns/pattern-tee-key-manager.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,3 +116,4 @@ An institution runs a TEE-backed key manager for its treasury and tokenised-asse
- [AMD SEV-SNP attestation](https://www.amd.com/content/dam/amd/en/documents/developer/lss-snp-attestation.pdf)
- [Ethereum Attestation Service](https://docs.attest.org/)
- [Fireblocks](../vendors/fireblocks.md)
- [Inco](../vendors/inco.md)
79 changes: 79 additions & 0 deletions vendors/inco.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
---
title: "Vendor: Inco"
status: ready
maturity: production
---

# Inco - TEE co-processor enabling confidential smart contract library for EVM chains

## What it is

Inco Lightning is a Solidity library and Trusted Execution Environment coprocessor that adds encrypted data types (`euint256`, `ebool`, `eaddress`) and confidential operations to standard smart contracts on existing EVM chains. Developers import a single library and write confidential logic in Solidity; encrypted values are stored as on-chain handles while confidential computation runs inside an attested enclave network at near-native chain latency. Lightning is post-quantum secure on the privacy side, and is live on Base mainnet.

## Fits with patterns

- [TEE-Based Privacy](../patterns/pattern-tee-based-privacy.md) - confidential compute inside attested enclaves with hardware trust anchors
- [Private Shared State (TEE)](../patterns/pattern-private-shared-state-tee.md) - encrypted contract state shared across mutually distrusting parties
- [TEE Key Manager](../patterns/pattern-tee-key-manager.md) - decryption keys never leave attested enclaves
- [Shielding](../patterns/pattern-shielding.md) - confidential ERC-20 balances, transfers, and allowances
- [Private Stablecoin Shielded Payments](../patterns/pattern-private-stablecoin-shielded-payments.md) - confidential token transfers for stablecoins
- [Confidential ERC3643](../patterns/pattern-erc3643-rwa.md) - confidential ERC3643 for RWAs
- [User-controlled viewing keys](../patterns/pattern-user-controlled-viewing-keys.md) - programmable per-handle access control decides who may decrypt each value
- [Private Intent-Based Vaults](../patterns/pattern-private-vaults.md) - private strategy execution for DeFi

## Not a substitute for

- Anonymity: wallet addresses and transaction graph remain public. Lightning hides specific onchain states, not counterparties
- Trust-minimised confidentiality from zero-knowledge proofs. Hardware trust and cloud provider anchors remain in the model.

## Architecture

The technical architecture is a based private rollup with a consensus light client (Helios) inside the Trusted Execution Environment, enabling end-to-end verifiable and trustless compute:
- **Execution model**: contracts hold handles to encrypted values in canonical on-chain state. Confidential operations (`add`, `mul`, comparisons, `select`, encrypted randomness) are executed by a Trusted Execution Environment coprocessor network triggered by on-chain events.
- **Key management**: encryption keys never leave attested enclaves. A quorum-based network of decryption nodes handles decryption and re-encryption requests, signs results, and relays them on-chain through verified callbacks.
- **Access control**: control access on each encrypted handle are enforced at the contract level, enabling role-based access and selective disclosure to approved parties (users, auditors, contracts).
- **Verifiability**: every state transition is verifiable compute, so operators cannot forge results. The design goal is that operators can at worst halt, not steal.
- **Client side**: a JavaScript SDK encrypts inputs, manages signatures, and re-encrypts outputs for local decryption by authorised users.
- **Cryptography**: the protocol utilizes NIST-approved, post-quantum-secure schemes.

## Privacy domains

- Confidential token balances, transfer amounts, and allowances
- Encrypted application state: private identity, sealed bids, hidden game state, private votes, confidential order parameters
- Onchain secure private randomness generated inside the enclave without an external oracle
- Selective disclosure via programmable decryption permissions per encrypted value

## Enterprise demand and use cases

- Confidential token standard work with Circle Research, OpenZeppelin, and Zama (Confidential Token Association)
- Confidential ERC-3643 for RWA issuance with private, enforceable compliance logic
- Private payroll, vesting, and treasury flows where amounts must be hidden but counterparties are known and screenable
- Private DeFi primitives: blind auctions, confidential money markets, DvP escrow, private governance
- Prediction markets requiring hidden state and provable fairness

## Technical details

- Standard Solidity, Foundry/Hardhat tooling, npm-distributed library (`@inco/lightning`). No new VM or language.
- Runs at the speed of the host chain with near-zero added latency. No bridging to a separate privacy chain.
- Composable: confidential contracts interoperate with each other and with public DeFi on the same chain.
- Local development environment via Docker for testing without live enclaves.

## Strengths

- Lowest integration cost in the confidential-compute category: one import into existing Solidity contracts
- Performance suitable for latency-sensitive applications (real-time games, high-frequency flows) where zero-knowledge or Fully Homomorphic Encryption approaches are currently impractical
- Post-quantum-secure symmetric encryption of state
- Users keep existing wallets and the host chain's settlement guarantees
- Verifiable compute end to end

## Risks and open questions

- Hardware trust anchors: enclave vendor compromise or microarchitectural side channels are outside the cryptographic model
- Liveness depends on the coprocessor.
- The confidentiality model (values hidden, addresses public) leaks the transaction graph.

## Links
- [Website](https://www.inco.org/)
- [Documentation](https://docs.inco.org)
- [GitHub](https://github.com/Inco-fhevm)
- [Circle Research x Inco: Confidential ERC20 Framework](https://github.com/Inco-fhevm/confidential-erc20-framework/blob/main/whitepaper.pdf)