Forem: rayQu The latest articles on Forem by rayQu (@rollingindo). https://forem.com/rollingindo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2700932%2Ff08a1667-4508-436f-82f9-75f307242ab5.png Forem: rayQu https://forem.com/rollingindo en Building a Verifiable Multi-Chain AI Execution Layer with Oasis ROFL + Sapphire + TDX rayQu Thu, 21 May 2026 07:02:11 +0000 https://forem.com/rollingindo/building-a-verifiable-multi-chain-ai-execution-layer-with-oasis-rofl-sapphire-tdx-14na https://forem.com/rollingindo/building-a-verifiable-multi-chain-ai-execution-layer-with-oasis-rofl-sapphire-tdx-14na <p>Most AI on blockchain applications today still rely heavily on trust.</p> <ul> <li>The AI inference happens on centralized servers. </li> <li>The wallet keys live in backend infrastructure. </li> <li>Smart contracts trust APIs blindly. </li> <li>And users have no way to verify what actually happened off-chain.</li> </ul> <p>In this tutorial, we’ll build something far more advanced:</p> <p>A <strong>verifiable confidential AI execution layer</strong> using:</p> <ul> <li>Oasis Sapphire</li> <li>ROFL (Runtime Offchain Logic)</li> <li>Intel TDX Trusted Execution Environments</li> <li>Remote Attestation</li> <li>Enclave-managed wallet signing</li> <li>Cross-chain transaction execution</li> </ul> <p>This architecture enables:</p> <ul> <li>Private AI inference </li> <li>Verifiable off-chain execution </li> <li>Secure enclave wallet management </li> <li>Cross-chain automation </li> <li>Trust-minimized AI agents</li> </ul> <p>Without needing zkML or expensive zkVM proving systems.</p> <h1> What We’re Building </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>+---------------------------------------------------+ | User / dApp | +--------------------+------------------------------+ | v +---------------------------------------------------+ | Sapphire Smart Contract | |---------------------------------------------------| | - Stores trusted ROFL identities | | - Verifies enclave signatures | | - Accepts/verifies AI execution results | +--------------------+------------------------------+ ^ | Signed attested result | +---------------------------------------------------+ | ROFL App Inside Intel TDX | |---------------------------------------------------| | - Runs AI inference | | - Calls APIs | | - Generates wallet keys internally | | - Signs responses | | - Performs remote attestation | +--------------------+------------------------------+ | v External APIs / Other Chains / LLMs </code></pre> </div> <h1> Why This Matters </h1> <p>Most AI agents today suffer from major trust issues.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code>| Problem | Why It Matters | | ------------------------------------------------------------------| | Centralized inference | Outputs can be manipulated | | Backend wallet custody | Keys can be stolen | | Hidden execution logic | Impossible to audit | | Fake oracle data | Contracts trust unverifiable APIs | | Cross-chain trust assumptions | Bridges increase attack surface | </code></pre> </div> <p>ROFL changes this entirely.</p> <p>Instead of trusting a backend server:</p> <ul> <li>computation runs inside a Trusted Execution Environment</li> <li>outputs are cryptographically signed</li> <li>enclave identities are attested</li> <li>smart contracts verify execution authenticity</li> </ul> <p>This creates <strong>trustless off-chain compute</strong>.</p> <h1> Core Technologies </h1> <h2> Sapphire </h2> <p>Sapphire is Oasis Network’s confidential EVM runtime.</p> <p>Features:</p> <ul> <li>encrypted calldata</li> <li>encrypted state</li> <li>confidential smart contract execution</li> <li>Solidity/EVM compatibility</li> </ul> <p>Unlike traditional EVM chains, node operators cannot inspect execution data.</p> <h2> ROFL (Runtime Offchain Logic) </h2> <p>ROFL allows developers to run arbitrary off-chain logic inside TEEs.</p> <p>This means your application can:</p> <ul> <li>call APIs</li> <li>run AI models</li> <li>sign transactions</li> <li>manage secrets</li> <li>execute autonomous workflows</li> </ul> <p>while remaining cryptographically verifiable.</p> <h2> Intel TDX </h2> <p>Intel TDX provides confidential virtual machines with:</p> <ul> <li>encrypted memory</li> <li>hardware isolation</li> <li>attestation support</li> <li>strong execution guarantees</li> </ul> <p>ROFL supports TDX-backed confidential compute environments.</p> <h1> Architecture Deep Dive </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> User Prompt | v +-----------------------------------+ | Sapphire Smart Contract | +-----------------------------------+ | v +-----------------------------------+ | ROFL TDX Enclave | |-----------------------------------| | 1. Receives encrypted request | | 2. Runs AI inference | | 3. Generates signed result | | 4. Signs with enclave wallet | +-----------------------------------+ | v Cross-chain execution | v Ethereum / Base / Arbitrum </code></pre> </div> <h1> Step 1: Install Oasis CLI </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-sSL</span> https://get.oasis.io | bash </code></pre> </div> <p>Verify installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oasis <span class="nt">--version</span> </code></pre> </div> <h1> Step 2: Create a ROFL Application </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>ai-executor <span class="nb">cd </span>ai-executor oasis rofl init </code></pre> </div> <p>This generates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rofl.yaml </code></pre> </div> <p>The manifest defines:</p> <ul> <li>enclave configuration</li> <li>TEE type</li> <li>networking</li> <li>policies</li> <li>deployment settings</li> </ul> <h1> Step 3: Configure ROFL Manifest </h1> <p>Example advanced configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">ai-executor</span> <span class="na">version</span><span class="pi">:</span> <span class="s">0.1.0</span> <span class="na">tee</span><span class="pi">:</span> <span class="s">tdx</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">containers</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="m">8192</span> <span class="na">cpus</span><span class="pi">:</span> <span class="m">4</span> <span class="na">network</span><span class="pi">:</span> <span class="na">paratime</span><span class="pi">:</span> <span class="s">sapphire</span> <span class="na">policy</span><span class="pi">:</span> <span class="na">quotes</span><span class="pi">:</span> <span class="na">pcs</span><span class="pi">:</span> <span class="na">tdx</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">container</span><span class="pi">:</span> <span class="na">runtime</span><span class="pi">:</span> <span class="s">docker</span> </code></pre> </div> <h1> Important Manifest Settings </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>| Field | Purpose | | ------------|--------------------------------| | tee | TEE backend (SGX/TDX) | | kind | Raw or containerized workloads | | resources | Enclave memory + CPU | | network | Connected ParaTime | | policy | Attestation requirements | </code></pre> </div> <h1> Step 4: Build the Enclave </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oasis rofl build </code></pre> </div> <p>This generates an ORC bundle:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-app.orc </code></pre> </div> <p>The bundle includes:</p> <ul> <li>enclave measurements</li> <li>metadata</li> <li>binaries</li> <li>identity hashes</li> </ul> <h1> Step 5: Generate Wallet Keys Inside the Enclave </h1> <p>This is one of the most powerful features.</p> <p>Traditional AI agents store keys:</p> <ul> <li>in <code>.env</code> files</li> <li>in cloud KMS systems</li> <li>in backend infrastructure</li> </ul> <p>Instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Wallet Key Generated INSIDE TEE ↓ Key Never Leaves Enclave ↓ Transactions Signed Securely </code></pre> </div> <p>No backend custody required.</p> <h1> Example Rust Wallet Generation </h1> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">use</span> <span class="nn">k256</span><span class="p">::</span><span class="nn">ecdsa</span><span class="p">::</span><span class="n">SigningKey</span><span class="p">;</span> <span class="k">use</span> <span class="nn">rand_core</span><span class="p">::</span><span class="n">OsRng</span><span class="p">;</span> <span class="k">fn</span> <span class="nf">generate_wallet</span><span class="p">()</span> <span class="k">-&gt;</span> <span class="n">SigningKey</span> <span class="p">{</span> <span class="nn">SigningKey</span><span class="p">::</span><span class="nf">random</span><span class="p">(</span><span class="o">&amp;</span><span class="k">mut</span> <span class="n">OsRng</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The private key only exists inside enclave memory.</p> <h1> Step 6: Run AI Inference Securely </h1> <p>Example inference service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">transformers</span> <span class="kn">import</span> <span class="n">pipeline</span> <span class="n">classifier</span> <span class="o">=</span> <span class="nf">pipeline</span><span class="p">(</span> <span class="sh">"</span><span class="s">text-classification</span><span class="sh">"</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">distilbert-base-uncased</span><span class="sh">"</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">classifier</span><span class="p">(</span><span class="sh">"</span><span class="s">Execute strategy?</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">)</span> </code></pre> </div> <p>Inside ROFL:</p> <ul> <li>prompts remain confidential</li> <li>inference is hidden from operators</li> <li>outputs are signed by the enclave</li> </ul> <h1> Secure AI Execution Flow </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User Prompt ↓ ROFL Enclave ↓ Private AI Inference ↓ Signed Output ↓ Sapphire Verification </code></pre> </div> <h1> Step 7: Remote Attestation </h1> <p>Attestation proves:</p> <blockquote> <p>“This exact code executed inside genuine TDX hardware.”</p> </blockquote> <p>Without attestation:</p> <ul> <li>TEEs are just claims</li> </ul> <p>With attestation:</p> <ul> <li>contracts can verify enclave authenticity</li> </ul> <h1> Attestation Flow </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ROFL App Starts ↓ TEE Generates Measurement ↓ Attestation Quote Produced ↓ Quote Registered On-Chain ↓ Sapphire Verifies Identity </code></pre> </div> <h1> Step 8: Register the ROFL App </h1> <p>Create the application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oasis rofl create <span class="se">\</span> <span class="nt">--network</span> testnet <span class="se">\</span> <span class="nt">--paratime</span> sapphire </code></pre> </div> <p>Deploy updates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oasis rofl update </code></pre> </div> <p>This stores:</p> <ul> <li>enclave identities</li> <li>measurements</li> <li>execution policy</li> <li>attestation configuration</li> </ul> <p>on-chain.</p> <h1> Step 9: Smart Contract Verification </h1> <p>Now we create a Sapphire contract that verifies:</p> <ul> <li>enclave identity</li> <li>signatures</li> <li>trusted execution</li> </ul> <h1> Solidity Verification Contract </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>pragma solidity ^0.8.20; contract VerifiedAIExecutor { mapping(bytes32 =&gt; bool) public trustedEnclaves; function registerEnclave(bytes32 enclaveId) external { trustedEnclaves[enclaveId] = true; } function verifyExecution( bytes32 enclaveId, bytes calldata signature, bytes calldata result ) external view returns (bool) { require(trustedEnclaves[enclaveId], "Untrusted enclave"); // Signature verification logic return true; } } </code></pre> </div> <h1> Step 10: Cross-Chain Transaction Execution </h1> <p>This is where things become extremely powerful.</p> <p>The enclave can:</p> <ul> <li>manage Ethereum wallets</li> <li>sign Base transactions</li> <li>execute Arbitrum transactions</li> <li>interact with multiple chains</li> </ul> <p>without bridges.</p> <h1> Cross-Chain Execution Flow </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AI Strategy Generated ↓ TEE Decides Action ↓ TEE Signs Transaction ↓ Broadcast To Ethereum RPC ↓ Result Returned To Sapphire </code></pre> </div> <p>This enables:</p> <ul> <li>autonomous trading systems</li> <li>AI treasury management</li> <li>confidential DAO executors</li> <li>secure cross-chain agents</li> </ul> <h1> Step 11: Deterministic Execution Logging </h1> <p>AI outputs are often nondeterministic.</p> <p>To improve auditability:</p> <ul> <li>hash prompts</li> <li>hash outputs</li> <li>hash model versions</li> </ul> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">let</span> <span class="n">hash</span> <span class="o">=</span> <span class="nf">sha256</span><span class="p">(</span><span class="n">prompt</span> <span class="o">+</span> <span class="n">model_version</span> <span class="o">+</span> <span class="n">output</span><span class="p">);</span> </code></pre> </div> <p>Then store:</p> <ul> <li>output hash</li> <li>enclave ID</li> <li>timestamp</li> </ul> <p>on-chain.</p> <h1> Security Considerations </h1> <p>TEEs are powerful but not perfect.</p> <p>Potential risks:</p> <ul> <li>side-channel attacks</li> <li>hardware trust assumptions</li> <li>speculative execution vulnerabilities</li> </ul> <p>Still, TEEs provide dramatically stronger guarantees than centralized servers.</p> <h1> Why This Architecture Is Important </h1> <p>Traditional AI systems rely on:</p> <ul> <li>trusted cloud providers</li> <li>centralized APIs</li> <li>backend custody</li> </ul> <p>ROFL + Sapphire introduces:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Traditional Backend</th> <th>ROFL + Sapphire</th> </tr> </thead> <tbody> <tr> <td>Centralized inference</td> <td>TEE-attested inference</td> </tr> <tr> <td>Backend wallet storage</td> <td>Enclave-managed keys</td> </tr> <tr> <td>Hidden execution</td> <td>Verifiable execution</td> </tr> <tr> <td>API trust assumptions</td> <td>Hardware-backed trust</td> </tr> <tr> <td>Centralized orchestration</td> <td>Permissionless infrastructure</td> </tr> </tbody> </table></div> <h1> Real-World Use Cases </h1> <h2> Verifiable AI Trading Agents </h2> <p>The enclave:</p> <ul> <li>runs private strategies</li> <li>signs trades</li> <li>proves execution authenticity</li> </ul> <h2> Confidential Healthcare AI </h2> <ul> <li>patient data remains private</li> <li>inference occurs inside TEEs</li> <li>outputs become auditable</li> </ul> <h2> Autonomous DAO Executors </h2> <p>AI agents:</p> <ul> <li>propose governance actions</li> <li>execute treasury operations</li> <li>prove execution legitimacy</li> </ul> <h2> Multi-Chain AI Wallet Infrastructure </h2> <p>One enclave can securely control:</p> <ul> <li>Ethereum</li> <li>Base</li> <li>Arbitrum</li> <li>future ecosystems</li> </ul> <p>without custodial bridges.</p> <h1> The Bigger Picture </h1> <p>ROFL introduces something Web3 desperately needs:</p> <h1> Trustless Off-Chain Compute </h1> <p>Not:</p> <ul> <li>“another oracle”</li> <li>“another AI chain”</li> </ul> <p>But:</p> <ul> <li>verifiable computation</li> <li>confidential execution</li> <li>autonomous infrastructure</li> </ul> <p>This creates a new primitive between:</p> <ul> <li>smart contracts</li> <li>AI infrastructure</li> <li>confidential computing</li> <li>cross-chain orchestration</li> </ul> <h1> Final Thoughts </h1> <p>Most AI + blockchain systems today still require enormous trust assumptions.</p> <p>With:</p> <ul> <li>Sapphire</li> <li>ROFL</li> <li>TDX</li> <li>attestation</li> <li>enclave-managed wallets</li> </ul> <p>developers can finally build systems where:</p> <ul> <li>computation is private</li> <li>outputs are verifiable</li> <li>execution is cryptographically authenticated</li> </ul> <p>This unlocks:</p> <ul> <li>autonomous AI agents</li> <li>confidential DeFi automation</li> <li>verifiable off-chain compute</li> <li>secure cross-chain execution</li> <li>trusted AI infrastructure</li> </ul> <p>And this is likely only the beginning of what confidential compute on Oasis can enable.</p> <h1> Resources </h1> <ul> <li><a href="https://docs.oasis.io/" rel="noopener noreferrer">https://docs.oasis.io/</a></li> <li><a href="https://docs.oasis.io/build/rofl/" rel="noopener noreferrer">https://docs.oasis.io/build/rofl/</a></li> <li><a href="https://docs.oasis.io/build/rofl/workflow/" rel="noopener noreferrer">https://docs.oasis.io/build/rofl/workflow/</a></li> <li><a href="https://docs.oasis.io/build/tools/cli/rofl/" rel="noopener noreferrer">https://docs.oasis.io/build/tools/cli/rofl/</a></li> <li><a href="https://oasis.net/sapphire" rel="noopener noreferrer">https://oasis.net/sapphire</a></li> </ul> ai web3 privacy development Building a Confidential AI RAG Agent on Oasis Sapphire + ROFL rayQu Tue, 12 May 2026 08:42:31 +0000 https://forem.com/rollingindo/building-a-confidential-ai-rag-agent-on-oasis-sapphire-rofl-4e5e https://forem.com/rollingindo/building-a-confidential-ai-rag-agent-on-oasis-sapphire-rofl-4e5e <p><em>An advanced Oasis Network tutorial for developers who want to combine AI, confidential smart contracts, encrypted vector storage, and verifiable off-chain execution.</em></p> <h1> Introduction </h1> <p>Most AI applications today leak sensitive data somewhere in the pipeline.</p> <p>Even if the frontend is secure, prompts, embeddings, retrieval context, API calls, or inference metadata are usually visible to:</p> <ul> <li>Cloud providers</li> <li>Backend operators</li> <li>Database administrators</li> <li>Analytics tools</li> <li>Infrastructure vendors</li> </ul> <p>This becomes a serious issue for:</p> <ul> <li>Financial AI assistants</li> <li>Healthcare copilots</li> <li>Private enterprise knowledge bases</li> <li>Identity systems</li> <li>Reputation engines</li> <li>On-chain AI agents</li> </ul> <p>In this tutorial, we will build a <strong>Confidential Retrieval-Augmented Generation (RAG) Agent</strong> using:</p> <ul> <li>Oasis Sapphire</li> <li>ROFL (Runtime Off-chain Logic)</li> <li>Encrypted storage</li> <li>Smart contracts</li> <li>Off-chain AI inference</li> <li>Verifiable confidential execution</li> </ul> <p>Instead of storing prompts or embeddings publicly, we will:</p> <ol> <li>Encrypt user knowledge before storage</li> <li>Perform confidential retrieval</li> <li>Execute AI inference off-chain through ROFL</li> <li>Return only approved outputs on-chain</li> <li>Keep sensitive data hidden from everyone except the user</li> </ol> <h1> What We Are Building </h1> <p>We are building a confidential AI assistant where:</p> <ul> <li>Users upload private documents</li> <li>Documents are encrypted before storage</li> <li>Embeddings are generated off-chain</li> <li>Retrieval happens confidentially</li> <li>AI inference runs through ROFL</li> <li>Smart contracts manage permissions and integrity</li> </ul> <p>The architecture combines:</p> <ul> <li>Confidential EVM execution</li> <li>Off-chain compute</li> <li>AI pipelines</li> <li>Privacy-preserving storage</li> <li>Ethereum compatibility</li> </ul> <h1> Final Architecture </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flowchart TD A[User Uploads Document] --&gt; B[Frontend Encrypts Data] B --&gt; C[IPFS / Arweave Storage] B --&gt; D[Oasis Sapphire Contract] D --&gt; E[ROFL Worker] E --&gt; F[Embedding Model] F --&gt; G[Encrypted Vector Store] H[User Query] --&gt; I[Confidential Retrieval] I --&gt; G G --&gt; J[Relevant Context] J --&gt; K[LLM Inference] K --&gt; L[Signed Response] L --&gt; D D --&gt; M[Verified Output Returned] </code></pre> </div> <h1> Why Sapphire Matters </h1> <p>Traditional EVM chains expose:</p> <ul> <li>Contract state</li> <li>Function arguments</li> <li>Internal logic</li> <li>Metadata</li> <li>User activity</li> </ul> <p>Sapphire changes this model by introducing confidential smart contracts.</p> <p>This allows developers to:</p> <ul> <li>Encrypt application state</li> <li>Generate secrets securely</li> <li>Store confidential metadata</li> <li>Protect AI prompts</li> <li>Hide retrieval logic</li> <li>Secure wallet-based identity systems</li> </ul> <p>Unlike “privacy through frontend encryption,” Sapphire provides confidentiality at the runtime layer.</p> <h1> Why ROFL Matters </h1> <p>Large AI models cannot realistically run fully on-chain.</p> <p>Inference requires:</p> <ul> <li>GPUs</li> <li>External APIs</li> <li>Heavy compute</li> <li>Vector databases</li> <li>Long-running processes</li> </ul> <p>ROFL enables:</p> <ul> <li>Off-chain execution</li> <li>Trusted compute</li> <li>Verifiable outputs</li> <li>Secure communication with Sapphire</li> </ul> <p>Think of ROFL as a confidential execution bridge between:</p> <ul> <li>Smart contracts</li> <li>AI systems</li> <li>External infrastructure</li> </ul> <h1> Tech Stack </h1> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Layer</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Smart Contracts</td> <td>Solidity + Sapphire</td> </tr> <tr> <td>Off-chain Compute</td> <td>ROFL</td> </tr> <tr> <td>Storage</td> <td>IPFS / Arweave</td> </tr> <tr> <td>AI Embeddings</td> <td>Sentence Transformers</td> </tr> <tr> <td>Vector Search</td> <td>ChromaDB / Qdrant</td> </tr> <tr> <td>Frontend</td> <td>Next.js</td> </tr> <tr> <td>Wallet</td> <td>RainbowKit + Wagmi</td> </tr> <tr> <td>Encryption</td> <td>AES-GCM</td> </tr> <tr> <td>AI Inference</td> <td>OpenAI / Local LLM</td> </tr> </tbody> </table></div> <h1> Step 1: Setting Up Sapphire </h1> <p>Create a new project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>confidential-rag-agent <span class="nb">cd </span>confidential-rag-agent npm init <span class="nt">-y</span> </code></pre> </div> <p>Install dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>hardhat ethers dotenv </code></pre> </div> <p>Initialize Hardhat:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx hardhat </code></pre> </div> <p>Add Sapphire configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@oasisprotocol/sapphire-hardhat</span><span class="dl">'</span><span class="p">);</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="na">solidity</span><span class="p">:</span> <span class="dl">'</span><span class="s1">0.8.20</span><span class="dl">'</span><span class="p">,</span> <span class="na">networks</span><span class="p">:</span> <span class="p">{</span> <span class="na">sapphire</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://testnet.sapphire.oasis.io</span><span class="dl">'</span><span class="p">,</span> <span class="na">chainId</span><span class="p">:</span> <span class="mi">23295</span><span class="p">,</span> <span class="na">accounts</span><span class="p">:</span> <span class="p">[</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PRIVATE_KEY</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h1> Step 2: Creating the Confidential Contract </h1> <p>Our contract will:</p> <ul> <li>Store encrypted metadata</li> <li>Register AI responses</li> <li>Verify ROFL signatures</li> <li>Manage access permissions </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// SPDX-License-Identifier: MIT pragma solidity ^0.8.20; contract ConfidentialRAG { struct Document { string cid; bytes encryptedKey; address owner; } mapping(uint256 =&gt; Document) public documents; uint256 public docCounter; event DocumentStored(uint256 indexed id, address owner); function storeDocument( string memory cid, bytes memory encryptedKey ) external { documents[docCounter] = Document({ cid: cid, encryptedKey: encryptedKey, owner: msg.sender }); emit DocumentStored(docCounter, msg.sender); docCounter++; } } </code></pre> </div> <h1> Step 3: Encrypting User Data </h1> <p>Never upload raw user data directly.</p> <p>Instead:</p> <ol> <li>Generate a local encryption key</li> <li>Encrypt the document client-side</li> <li>Upload encrypted data to IPFS</li> <li>Store only references on Sapphire</li> </ol> <p>Architecture:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sequenceDiagram participant U as User participant F as Frontend participant I as IPFS participant S as Sapphire U-&gt;&gt;F: Upload document F-&gt;&gt;F: Generate AES key F-&gt;&gt;F: Encrypt document F-&gt;&gt;I: Upload encrypted file I--&gt;&gt;F: CID F-&gt;&gt;S: Store CID + encrypted key </code></pre> </div> <p>Example encryption:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">encrypted</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">encryptFile</span><span class="p">(</span><span class="nx">file</span><span class="p">,</span> <span class="nx">secretKey</span><span class="p">)</span> </code></pre> </div> <h1> Step 4: Generating Embeddings Through ROFL </h1> <p>We now process the encrypted content off-chain.</p> <p>ROFL workers can:</p> <ul> <li>Fetch encrypted files</li> <li>Decrypt securely</li> <li>Generate embeddings</li> <li>Store vectors</li> <li>Return signed proofs</li> </ul> <p>ROFL Flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flowchart LR A[Sapphire Event] --&gt; B[ROFL Worker] B --&gt; C[Decrypt File] C --&gt; D[Generate Embeddings] D --&gt; E[Vector Database] E --&gt; F[Signed Result] F --&gt; G[Sapphire Contract] </code></pre> </div> <p>Example Python embedding pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sentence_transformers</span> <span class="kn">import</span> <span class="n">SentenceTransformer</span> <span class="n">model</span> <span class="o">=</span> <span class="nc">SentenceTransformer</span><span class="p">(</span><span class="sh">'</span><span class="s">all-MiniLM-L6-v2</span><span class="sh">'</span><span class="p">)</span> <span class="n">embedding</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">document_text</span><span class="p">)</span> </code></pre> </div> <h1> Step 5: Confidential Retrieval </h1> <p>When a user asks a question:</p> <ol> <li>Query embedding is generated</li> <li>Similar vectors are retrieved</li> <li>Relevant context is assembled</li> <li>Context stays encrypted/private</li> <li>LLM receives only authorized information</li> </ol> <p>This prevents:</p> <ul> <li>Prompt leakage</li> <li>Public retrieval inspection</li> <li>Competitor scraping</li> <li>Metadata deanonymization</li> </ul> <h1> Step 6: AI Inference Layer </h1> <p>The inference engine can use:</p> <ul> <li>OpenAI APIs</li> <li>Local Llama models</li> <li>Mistral</li> <li>DeepSeek</li> <li>Confidential GPU infrastructure</li> </ul> <p>Prompt assembly example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">prompt</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"""</span><span class="s"> Context: </span><span class="si">{</span><span class="n">retrieved_context</span><span class="si">}</span><span class="s"> Question: </span><span class="si">{</span><span class="n">user_question</span><span class="si">}</span><span class="s"> </span><span class="sh">"""</span> </code></pre> </div> <h1> Step 7: Returning Verifiable Results </h1> <p>ROFL signs outputs before returning them.</p> <p>The contract verifies:</p> <ul> <li>Authorized worker</li> <li>Valid signature</li> <li>Fresh timestamp</li> <li>Integrity proof</li> </ul> <p>This creates a verifiable AI pipeline.</p> <h1> Security Design </h1> <p>Our architecture protects against:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Threat</th> <th>Mitigation</th> </tr> </thead> <tbody> <tr> <td>Public prompt leakage</td> <td>Sapphire confidentiality</td> </tr> <tr> <td>Storage snooping</td> <td>Client-side encryption</td> </tr> <tr> <td>Vector DB exposure</td> <td>Encrypted embeddings</td> </tr> <tr> <td>Fake AI outputs</td> <td>ROFL signatures</td> </tr> <tr> <td>Metadata correlation</td> <td>Confidential execution</td> </tr> <tr> <td>Frontend compromise</td> <td>Wallet authorization</td> </tr> </tbody> </table></div> <h1> Is this Architecture good? </h1> <p>Most Web3 AI projects today are not truly private.</p> <p>They usually:</p> <ul> <li>Store prompts publicly</li> <li>Leak retrieval context</li> <li>Expose embeddings</li> <li>Depend entirely on centralized APIs</li> </ul> <p>Oasis enables something different:</p> <p><strong>Confidential AI infrastructure.</strong></p> <p>That is a much bigger opportunity than simple “AI on blockchain” narratives. So yes, this is huge.</p> <h1> Improvements (!) </h1> <p>You can extend this architecture with:</p> <h2> Multi-Agent Systems </h2> <p>Use multiple ROFL workers for:</p> <ul> <li>Retrieval</li> <li>Ranking</li> <li>Moderation</li> <li>Inference</li> <li>Verification</li> </ul> <h2> zkML Integration </h2> <p>Combine:</p> <ul> <li>ROFL confidentiality</li> <li>ZK proofs</li> <li>Verifiable inference</li> </ul> <h2> Token-Gated Knowledge Access </h2> <p>Require NFT or token ownership before retrieval.</p> <h2> Cross-Chain Identity </h2> <p>Use confidential reputation scores across:</p> <ul> <li>Ethereum</li> <li>Base</li> <li>Arbitrum</li> <li>Solana</li> </ul> <h1> Potential Real-World Use Cases </h1> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Industry</th> <th>Use Case</th> </tr> </thead> <tbody> <tr> <td>Healthcare</td> <td>Private medical copilots</td> </tr> <tr> <td>Finance</td> <td>Confidential portfolio AI</td> </tr> <tr> <td>Gaming</td> <td>Hidden strategy agents</td> </tr> <tr> <td>Enterprise</td> <td>Secure internal knowledge AI</td> </tr> <tr> <td>DAOs</td> <td>Private governance research</td> </tr> <tr> <td>Identity</td> <td>Confidential trust scoring</td> </tr> </tbody> </table></div> <h1> Performance Considerations </h1> <p>AI systems are expensive.</p> <p>Optimize:</p> <ul> <li>Embedding caching</li> <li>Batched retrieval</li> <li>Async inference</li> <li>Vector compression</li> <li>Partial encryption</li> <li>Event indexing</li> </ul> <p>Avoid pushing unnecessary data on-chain.</p> <p>The blockchain should coordinate trust, not store entire AI workloads.</p> <h1> Common Mistakes Developers Make </h1> <h2> Storing Raw AI Data On-Chain </h2> <p>Never store:</p> <ul> <li>Prompts</li> <li>Embeddings</li> <li>Conversations</li> <li>User documents</li> </ul> <p>Directly on public chains.</p> <h2> Treating Frontend Encryption as Enough </h2> <p>Frontend-only privacy still exposes backend operators.</p> <h2> Ignoring Metadata Privacy </h2> <p>Even transaction patterns can reveal sensitive information.</p> <h1> Production Architecture </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flowchart TB subgraph User Layer A[Wallet User] B[Next.js Frontend] end subgraph Confidential Layer C[Sapphire Smart Contract] D[ROFL Workers] end subgraph AI Layer E[Embedding Models] F[LLM Inference] G[Vector Database] end subgraph Storage Layer H[IPFS] I[Arweave] end A --&gt; B B --&gt; C B --&gt; H C --&gt; D D --&gt; E D --&gt; F D --&gt; G H --&gt; D I --&gt; D </code></pre> </div> <h1> Closingg Thoughts </h1> <p>The next generation of AI applications will not be won by the teams with the biggest models.</p> <p>They will be won by the teams that solve:</p> <ul> <li>Privacy</li> <li>Data ownership</li> <li>Confidential computation</li> <li>Verifiable inference</li> <li>User-controlled AI</li> </ul> <p>Oasis Sapphire and ROFL provide a powerful foundation for building that future.</p> <p>Instead of thinking about blockchain as "where data lives". think about it as a trust coordination layer for confidential AI systems.</p> <p>That shift changes everything.</p> <h1> Useful Resources </h1> <h3> Oasis Network </h3> <ul> <li><a href="https://oasisprotocol.org" rel="noopener noreferrer">Oasis Network Official Website</a></li> <li><a href="https://docs.oasis.io" rel="noopener noreferrer">Oasis Documentation</a></li> <li><a href="https://docs.oasis.io/build/sapphire/" rel="noopener noreferrer">Sapphire Documentation</a></li> <li><a href="https://docs.oasis.io/build/rofl/" rel="noopener noreferrer">ROFL Documentation</a></li> <li><a href="https://github.com/oasisprotocol" rel="noopener noreferrer">Oasis GitHub Organization</a></li> <li><a href="https://github.com/oasisprotocol/sapphire-paratime" rel="noopener noreferrer">Oasis Sapphire Examples</a></li> <li><a href="https://docs.oasis.io/build/tutorials/" rel="noopener noreferrer">Oasis Developer Tutorials</a></li> </ul> <h3> Ethereum / Smart Contract Development </h3> <ul> <li><a href="https://book.getfoundry.sh" rel="noopener noreferrer">Foundry Book</a></li> <li><a href="https://hardhat.org/docs" rel="noopener noreferrer">Hardhat Documentation</a></li> <li><a href="https://docs.openzeppelin.com/contracts" rel="noopener noreferrer">OpenZeppelin Contracts</a></li> <li><a href="https://docs.ethers.org" rel="noopener noreferrer">Ethers.js Documentation</a></li> </ul> <h3> Decentralized Storage </h3> <ul> <li><a href="https://docs.ipfs.tech" rel="noopener noreferrer">IPFS Documentation</a></li> <li><a href="https://www.pinata.cloud" rel="noopener noreferrer">Pinata IPFS Platform</a></li> <li><a href="https://docs.arweave.org" rel="noopener noreferrer">Arweave Documentation</a></li> <li><a href="https://web3.storage" rel="noopener noreferrer">Web3.Storage</a></li> </ul> <h3> AI / Vector Databases </h3> <ul> <li><a href="https://www.sbert.net" rel="noopener noreferrer">Sentence Transformers</a></li> <li><a href="https://docs.trychroma.com" rel="noopener noreferrer">ChromaDB Documentation</a></li> <li><a href="https://qdrant.tech/documentation/" rel="noopener noreferrer">Qdrant Documentation</a></li> <li><a href="https://python.langchain.com/docs/introduction/" rel="noopener noreferrer">LangChain Documentation</a></li> <li><a href="https://docs.llamaindex.ai" rel="noopener noreferrer">LlamaIndex Documentation</a></li> </ul> <h3> Frontend / Wallet Integration </h3> <ul> <li><a href="https://nextjs.org/docs" rel="noopener noreferrer">Next.js Documentation</a></li> <li><a href="https://wagmi.sh" rel="noopener noreferrer">Wagmi Documentation</a></li> <li><a href="https://www.rainbowkit.com/docs/introduction" rel="noopener noreferrer">RainbowKit Documentation</a></li> </ul> <h3> Security / Cryptography </h3> <ul> <li><a href="https://owasp.org/www-project-smart-contract-top-10/" rel="noopener noreferrer">OWASP Smart Contract Top 10</a></li> <li><a href="https://blog.trailofbits.com" rel="noopener noreferrer">Trail of Bits Blog</a></li> <li><a href="https://consensysdiligence.github.io/smart-contract-best-practices/" rel="noopener noreferrer">Consensys Smart Contract Best Practices</a></li> </ul> rag web3 ai development Building a Transparent Crypto Donation Ledger with Oasis Network (Beginner Tutorial) rayQu Mon, 20 Apr 2026 07:52:23 +0000 https://forem.com/rollingindo/building-a-transparent-crypto-donation-ledger-with-oasis-network-beginner-tutorial-5g9h https://forem.com/rollingindo/building-a-transparent-crypto-donation-ledger-with-oasis-network-beginner-tutorial-5g9h <p>Crypto donations are great for transparency… until your donors open a block explorer and see a wall of hashes.</p> <p>In this tutorial, we’ll build a <strong>simple, verifiable donation ledger</strong> using Oasis Network, a blockchain that lets you combine <strong>privacy + transparency</strong> using confidential smart contracts.</p> <h2> What we’re building </h2> <p>A minimal system where:</p> <ul> <li>Donations are recorded on-chain</li> <li>Expenses are recorded and linked to donations</li> <li>Anyone can see <strong>totals and categories (public)</strong> </li> <li>Sensitive details stay <strong>private but provable</strong> </li> </ul> <h2> Why Oasis? </h2> <p>With Oasis Sapphire (its confidential EVM):</p> <ul> <li>You write <strong>Solidity like Ethereum</strong> </li> <li>But contract state can be <strong>encrypted</strong> </li> <li>You can expose only what matters (e.g. totals)</li> </ul> <p>Docs: <a href="https://docs.oasis.io" rel="noopener noreferrer">https://docs.oasis.io</a><br> Sapphire: <a href="https://oasis.net/sapphire" rel="noopener noreferrer">https://oasis.net/sapphire</a></p> <h2> Step 1: Setup your environment </h2> <p>You can use Hardhat like a normal EVM chain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>oasis-ledger <span class="o">&amp;&amp;</span> <span class="nb">cd </span>oasis-ledger npm init <span class="nt">-y</span> npm <span class="nb">install</span> <span class="nt">--save-dev</span> hardhat npx hardhat </code></pre> </div> <p>Add Oasis Sapphire testnet config:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="na">networks</span><span class="p">:</span> <span class="p">{</span> <span class="na">sapphire</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://testnet.sapphire.oasis.io</span><span class="dl">"</span><span class="p">,</span> <span class="na">accounts</span><span class="p">:</span> <span class="p">[</span><span class="nx">PRIVATE_KEY</span><span class="p">]</span> <span class="p">}</span> <span class="p">},</span> <span class="na">solidity</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0.8.20</span><span class="dl">"</span> <span class="p">};</span> </code></pre> </div> <h2> Step 2: Write the smart contract </h2> <p>Create <code>DonationLedger.sol</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// SPDX-License-Identifier: MIT pragma solidity ^0.8.20; contract DonationLedger { struct Donation { address donor; uint amount; } struct Expense { uint amount; string category; } Donation[] public donations; Expense[] public expenses; uint public totalDonations; uint public totalSpent; function donate() external payable { donations.push(Donation(msg.sender, msg.value)); totalDonations += msg.value; } function addExpense(uint _amount, string memory _category) external { expenses.push(Expense(_amount, _category)); totalSpent += _amount; } function getBalance() public view returns (uint) { return totalDonations - totalSpent; } } </code></pre> </div> <p>This is intentionally simple:</p> <ul> <li>Fully transparent totals</li> <li>Expand later with private metadata (Oasis advantage)</li> </ul> <h2> Step 3: Deploy to Oasis Sapphire </h2> <p>Create a deploy script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">Ledger</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ethers</span><span class="p">.</span><span class="nf">getContractFactory</span><span class="p">(</span><span class="dl">"</span><span class="s2">DonationLedger</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">ledger</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Ledger</span><span class="p">.</span><span class="nf">deploy</span><span class="p">();</span> <span class="k">await</span> <span class="nx">ledger</span><span class="p">.</span><span class="nf">waitForDeployment</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Deployed to:</span><span class="dl">"</span><span class="p">,</span> <span class="k">await</span> <span class="nx">ledger</span><span class="p">.</span><span class="nf">getAddress</span><span class="p">());</span> <span class="p">}</span> <span class="nf">main</span><span class="p">();</span> </code></pre> </div> <p>Run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx hardhat run scripts/deploy.js <span class="nt">--network</span> sapphire </code></pre> </div> <h2> Step 4: Interact with the contract </h2> <p>Example (Hardhat console):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx hardhat console <span class="nt">--network</span> sapphire </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">ledger</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ethers</span><span class="p">.</span><span class="nf">getContractAt</span><span class="p">(</span><span class="dl">"</span><span class="s2">DonationLedger</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">DEPLOYED_ADDRESS</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// donate</span> <span class="k">await</span> <span class="nx">ledger</span><span class="p">.</span><span class="nf">donate</span><span class="p">({</span> <span class="na">value</span><span class="p">:</span> <span class="nx">ethers</span><span class="p">.</span><span class="nf">parseEther</span><span class="p">(</span><span class="dl">"</span><span class="s2">0.1</span><span class="dl">"</span><span class="p">)</span> <span class="p">});</span> <span class="c1">// add expense</span> <span class="k">await</span> <span class="nx">ledger</span><span class="p">.</span><span class="nf">addExpense</span><span class="p">(</span><span class="nx">ethers</span><span class="p">.</span><span class="nf">parseEther</span><span class="p">(</span><span class="dl">"</span><span class="s2">0.05</span><span class="dl">"</span><span class="p">),</span> <span class="dl">"</span><span class="s2">food</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// check totals</span> <span class="k">await</span> <span class="nx">ledger</span><span class="p">.</span><span class="nf">totalDonations</span><span class="p">();</span> <span class="k">await</span> <span class="nx">ledger</span><span class="p">.</span><span class="nf">totalSpent</span><span class="p">();</span> </code></pre> </div> <h2> Step 5: Build a simple frontend (optional) </h2> <p>Even a basic UI can transform usability:</p> <ul> <li> <p>Show:</p> <ul> <li>Total donations</li> <li>Total spent</li> <li>Remaining balance</li> </ul> </li> <li> <p>Add buttons:</p> <ul> <li>“Donate”</li> <li>“Add Expense” (admin)</li> </ul> </li> </ul> <p>You can use:</p> <ul> <li>Next.js</li> <li>ethers.js</li> <li>wagmi</li> </ul> <h2> Step 6: Where Oasis shines (upgrade idea) </h2> <p>Right now everything is public.</p> <p>With Oasis, you can:</p> <ul> <li>Store <strong>private expense metadata</strong> (e.g. invoice hashes)</li> <li>Keep donor notes confidential</li> <li> <p>Reveal only:</p> <ul> <li>totals</li> <li>categories</li> <li>proofs</li> </ul> </li> </ul> <p>This is done using <strong>confidential state inside Sapphire contracts</strong>.</p> <h2> Final result </h2> <p>Instead of showing donors this:</p> <blockquote> <p>“Here’s our wallet, go check Etherscan”</p> </blockquote> <p>You show them:</p> <ul> <li>€100k raised</li> <li>€40k spent on food</li> <li>€20k spent on shelter</li> </ul> <p>And every number is still <strong>verifiable on-chain</strong></p> <h2> Takeaway </h2> <p>Using Oasis, you can build:</p> <ul> <li>Transparent donation systems</li> <li>Clean public dashboards</li> <li>Private but provable accounting</li> </ul> <p>All without leaving the EVM ecosystem.</p> <h2> Resources </h2> <ul> <li><a href="https://oasis.net" rel="noopener noreferrer">https://oasis.net</a></li> <li><a href="https://docs.oasis.io" rel="noopener noreferrer">https://docs.oasis.io</a></li> <li><a href="https://oasis.net/sapphire" rel="noopener noreferrer">https://oasis.net/sapphire</a></li> </ul> Privacy-Preserving Federated Learning on Oasis Network (Sapphire ParaTime) rayQu Thu, 16 Apr 2026 09:21:10 +0000 https://forem.com/rollingindo/privacy-preserving-federated-learning-on-oasis-network-sapphire-paratime-5490 https://forem.com/rollingindo/privacy-preserving-federated-learning-on-oasis-network-sapphire-paratime-5490 <h2> Overview </h2> <p>In this tutorial, we’ll build an <strong>advanced machine learning system</strong> on the Oasis Network using <strong>confidential smart contracts (Sapphire ParaTime)</strong>.</p> <p>Instead of common examples (NFT auctions, oracles, etc.), we’ll implement:</p> <blockquote> <p>Confidential Federated Learning with On-Chain Aggregation</p> </blockquote> <h3> The key points on why this tutorial is really on point </h3> <ul> <li>Data <strong>never leaves clients in plaintext</strong> </li> <li>Model updates are <strong>encrypted</strong> </li> <li>Aggregation happens <strong>inside TEEs</strong> </li> <li>Fully <strong>privacy-preserving collaborative AI</strong> </li> </ul> <h2> 🧠 Architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Clients (Hospitals / Devices) | | Encrypted Gradients v +-----------------------------+ | Oasis Sapphire ParaTime | | | | - Decrypt gradients (TEE) | | - Aggregate updates | | - Update global model | +-----------------------------+ | v Clients download updated model </code></pre> </div> <h2> Tech Stack </h2> <ul> <li>Oasis Sapphire (Confidential EVM)</li> <li>Solidity</li> <li>Python (PyTorch)</li> <li>Web3.py / ethers.js</li> </ul> <h2> Step 1: Smart Contract (Confidential Aggregator) </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// SPDX-License-Identifier: MIT pragma solidity ^0.8.20; contract ConfidentialFederatedLearning { struct Update { bytes encryptedGradient; } mapping(address =&gt; Update) public updates; address[] public participants; bytes public globalModel; function submitUpdate(bytes calldata encryptedGradient) external { if (updates[msg.sender].encryptedGradient.length == 0) { participants.push(msg.sender); } updates[msg.sender] = Update(encryptedGradient); } function aggregate() external { bytes[] memory gradients = new bytes[](participants.length); for (uint i = 0; i &lt; participants.length; i++) { gradients[i] = updates[participants[i]].encryptedGradient; } // Executed confidentially in Oasis Sapphire globalModel = confidentialAggregate(gradients); delete participants; } function confidentialAggregate(bytes[] memory gradients) internal returns (bytes memory) { // Placeholder logic (runs inside TEE) return abi.encodePacked("aggregated_model"); } function getModel() external view returns (bytes memory) { return globalModel; } } </code></pre> </div> <h2> Step 2: Local Training (PyTorch) </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">torch</span> <span class="kn">import</span> <span class="n">torch.nn</span> <span class="k">as</span> <span class="n">nn</span> <span class="kn">import</span> <span class="n">torch.optim</span> <span class="k">as</span> <span class="n">optim</span> <span class="k">class</span> <span class="nc">SimpleModel</span><span class="p">(</span><span class="n">nn</span><span class="p">.</span><span class="n">Module</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">fc</span> <span class="o">=</span> <span class="n">nn</span><span class="p">.</span><span class="nc">Linear</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">def</span> <span class="nf">forward</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">x</span><span class="p">):</span> <span class="k">return</span> <span class="n">self</span><span class="p">.</span><span class="nf">fc</span><span class="p">(</span><span class="n">x</span><span class="p">)</span> <span class="k">def</span> <span class="nf">train_local</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">labels</span><span class="p">):</span> <span class="n">model</span> <span class="o">=</span> <span class="nc">SimpleModel</span><span class="p">()</span> <span class="n">optimizer</span> <span class="o">=</span> <span class="n">optim</span><span class="p">.</span><span class="nc">SGD</span><span class="p">(</span><span class="n">model</span><span class="p">.</span><span class="nf">parameters</span><span class="p">(),</span> <span class="n">lr</span><span class="o">=</span><span class="mf">0.01</span><span class="p">)</span> <span class="n">loss_fn</span> <span class="o">=</span> <span class="n">nn</span><span class="p">.</span><span class="nc">MSELoss</span><span class="p">()</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">5</span><span class="p">):</span> <span class="n">optimizer</span><span class="p">.</span><span class="nf">zero_grad</span><span class="p">()</span> <span class="n">output</span> <span class="o">=</span> <span class="nf">model</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">loss</span> <span class="o">=</span> <span class="nf">loss_fn</span><span class="p">(</span><span class="n">output</span><span class="p">,</span> <span class="n">labels</span><span class="p">)</span> <span class="n">loss</span><span class="p">.</span><span class="nf">backward</span><span class="p">()</span> <span class="n">optimizer</span><span class="p">.</span><span class="nf">step</span><span class="p">()</span> <span class="k">return</span> <span class="n">model</span><span class="p">.</span><span class="nf">state_dict</span><span class="p">()</span> </code></pre> </div> <h2> Step 3: Serialize + Encrypt Updates </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">base64</span> <span class="k">def</span> <span class="nf">serialize_weights</span><span class="p">(</span><span class="n">weights</span><span class="p">):</span> <span class="k">return</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="n">k</span><span class="p">:</span> <span class="n">v</span><span class="p">.</span><span class="nf">tolist</span><span class="p">()</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">weights</span><span class="p">.</span><span class="nf">items</span><span class="p">()</span> <span class="p">}).</span><span class="nf">encode</span><span class="p">())</span> </code></pre> </div> <h2> Step 4: Send Updates to Oasis </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">web3</span> <span class="kn">import</span> <span class="n">Web3</span> <span class="n">w3</span> <span class="o">=</span> <span class="nc">Web3</span><span class="p">(</span><span class="n">Web3</span><span class="p">.</span><span class="nc">HTTPProvider</span><span class="p">(</span><span class="sh">"</span><span class="s">https://testnet.sapphire.oasis.dev</span><span class="sh">"</span><span class="p">))</span> <span class="n">contract_address</span> <span class="o">=</span> <span class="sh">"</span><span class="s">YOUR_CONTRACT_ADDRESS</span><span class="sh">"</span> <span class="n">abi</span> <span class="o">=</span> <span class="p">[...]</span> <span class="c1"># compiled ABI </span> <span class="n">contract</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">contract</span><span class="p">(</span><span class="n">address</span><span class="o">=</span><span class="n">contract_address</span><span class="p">,</span> <span class="n">abi</span><span class="o">=</span><span class="n">abi</span><span class="p">)</span> <span class="k">def</span> <span class="nf">send_update</span><span class="p">(</span><span class="n">encrypted_gradient</span><span class="p">,</span> <span class="n">private_key</span><span class="p">):</span> <span class="n">account</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="n">account</span><span class="p">.</span><span class="nf">from_key</span><span class="p">(</span><span class="n">private_key</span><span class="p">)</span> <span class="n">tx</span> <span class="o">=</span> <span class="n">contract</span><span class="p">.</span><span class="n">functions</span><span class="p">.</span><span class="nf">submitUpdate</span><span class="p">(</span> <span class="n">encrypted_gradient</span> <span class="p">).</span><span class="nf">build_transaction</span><span class="p">({</span> <span class="sh">'</span><span class="s">from</span><span class="sh">'</span><span class="p">:</span> <span class="n">account</span><span class="p">.</span><span class="n">address</span><span class="p">,</span> <span class="sh">'</span><span class="s">nonce</span><span class="sh">'</span><span class="p">:</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">get_transaction_count</span><span class="p">(</span><span class="n">account</span><span class="p">.</span><span class="n">address</span><span class="p">),</span> <span class="sh">'</span><span class="s">gas</span><span class="sh">'</span><span class="p">:</span> <span class="mi">2000000</span> <span class="p">})</span> <span class="n">signed</span> <span class="o">=</span> <span class="n">account</span><span class="p">.</span><span class="nf">sign_transaction</span><span class="p">(</span><span class="n">tx</span><span class="p">)</span> <span class="n">tx_hash</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">send_raw_transaction</span><span class="p">(</span><span class="n">signed</span><span class="p">.</span><span class="n">rawTransaction</span><span class="p">)</span> <span class="k">return</span> <span class="n">tx_hash</span> </code></pre> </div> <h2> Step 5: Trigger Aggregation </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">trigger_aggregation</span><span class="p">(</span><span class="n">private_key</span><span class="p">):</span> <span class="n">account</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="n">account</span><span class="p">.</span><span class="nf">from_key</span><span class="p">(</span><span class="n">private_key</span><span class="p">)</span> <span class="n">tx</span> <span class="o">=</span> <span class="n">contract</span><span class="p">.</span><span class="n">functions</span><span class="p">.</span><span class="nf">aggregate</span><span class="p">().</span><span class="nf">build_transaction</span><span class="p">({</span> <span class="sh">'</span><span class="s">from</span><span class="sh">'</span><span class="p">:</span> <span class="n">account</span><span class="p">.</span><span class="n">address</span><span class="p">,</span> <span class="sh">'</span><span class="s">nonce</span><span class="sh">'</span><span class="p">:</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">get_transaction_count</span><span class="p">(</span><span class="n">account</span><span class="p">.</span><span class="n">address</span><span class="p">),</span> <span class="sh">'</span><span class="s">gas</span><span class="sh">'</span><span class="p">:</span> <span class="mi">3000000</span> <span class="p">})</span> <span class="n">signed</span> <span class="o">=</span> <span class="n">account</span><span class="p">.</span><span class="nf">sign_transaction</span><span class="p">(</span><span class="n">tx</span><span class="p">)</span> <span class="n">tx_hash</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">send_raw_transaction</span><span class="p">(</span><span class="n">signed</span><span class="p">.</span><span class="n">rawTransaction</span><span class="p">)</span> <span class="k">return</span> <span class="n">tx_hash</span> </code></pre> </div> <h2> Step 6: Fetch Global Model </h2> <p>Once the Oasis network has aggregated all encrypted updates inside the confidential execution environment, clients can retrieve the updated global model.</p> <p>This step completes the federated learning cycle.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_global_model</span><span class="p">():</span> <span class="n">model_bytes</span> <span class="o">=</span> <span class="n">contract</span><span class="p">.</span><span class="n">functions</span><span class="p">.</span><span class="nf">getModel</span><span class="p">().</span><span class="nf">call</span><span class="p">()</span> <span class="k">return</span> <span class="n">model_bytes</span> </code></pre> </div> <p>At this stage, the returned model_bytes represent the latest version of the collaboratively trained model.</p> <p>In a real production system, this data would typically be:</p> <ul> <li>A serialized PyTorch/TensorFlow model</li> <li>Or compressed weight tensors</li> <li>Or even encrypted checkpoints for secure distribution</li> </ul> <p>The key idea is that the model itself becomes a shared decentralized artifact, continuously evolving without exposing any participant’s raw data.</p> <h2> Real Use Case #1: Healthcare AI Across Hospitals </h2> <p>One of the most impactful applications of this architecture is in healthcare machine learning.</p> <p><strong>Problem</strong></p> <p>Hospitals often cannot share patient data due to strict regulations such as:</p> <ul> <li>GDPR (Europe)</li> <li>HIPAA (United States)</li> </ul> <p>This creates a major bottleneck:</p> <blockquote> <p>Each hospital has only a partial view of reality.</p> </blockquote> <p>As a result:</p> <ul> <li>Disease prediction models are weaker</li> <li>Rare conditions are underrepresented</li> <li>AI generalization suffers significantly</li> </ul> <h2> Solution Using Oasis Confidential ML </h2> <p>With Oasis Sapphire, each hospital:</p> <ol> <li>Trains a local model on private patient data</li> <li>Extracts gradients or weight updates</li> <li>Encrypts them automatically via confidential execution</li> <li>Sends updates to the shared aggregation contract</li> </ol> <p>The Oasis network then:</p> <ul> <li>Aggregates updates inside a Trusted Execution Environment (TEE)</li> <li>Prevents any party from seeing individual contributions</li> <li>Produces a globally improved model</li> </ul> <h2> Why This Works So Well </h2> <p>Instead of centralizing sensitive data, we are centralizing intelligence, not information.</p> <p>This shift has massive implications:</p> <ul> <li>Patient data never leaves hospitals</li> <li>Research collaboration becomes frictionless</li> <li>Models benefit from global diversity of data</li> <li>Compliance is preserved by design, not enforcement</li> </ul> <p>In practice, this enables systems like:</p> <ul> <li>Early disease detection models trained across continents</li> <li>Rare condition classifiers with global coverage</li> <li>Personalized treatment recommendation systems</li> </ul> <h2> Real Use Case #2: Cross-Bank Fraud Detection Network </h2> <p>Another powerful application is in financial systems.</p> <p><strong>Problem</strong></p> <p>Banks face a paradox:</p> <ul> <li>Fraud detection improves with shared data</li> <li>But banks cannot share customer transaction data</li> </ul> <p>This leads to:</p> <ul> <li>Fragmented fraud intelligence</li> <li>Delayed detection of new fraud patterns</li> <li>High false-negative rates</li> </ul> <h2> Solution: Confidential Federated Fraud Learning </h2> <p>Using this architecture:</p> <p>Each bank:</p> <ul> <li>Trains a fraud detection model locally</li> <li>Learns patterns specific to its users</li> <li>Computes gradient updates privately</li> <li>Submits encrypted updates to Oasis</li> </ul> <p>Oasis:</p> <ul> <li>Aggregates all updates confidentially</li> <li>Produces a global fraud detection model</li> <li>Sends improved model back to all participants</li> </ul> <h2> Why This Is Powerful </h2> <p>The system effectively creates a collective fraud intelligence network without violating privacy.</p> <p>This leads to:</p> <ul> <li>Faster detection of new fraud patterns</li> <li>Cross-bank intelligence without data exposure</li> <li>Stronger anomaly detection models</li> <li>Reduced financial losses across the ecosystem</li> </ul> <h2> Full Training Loop Visualization </h2> <p>Let’s now put everything together into a full lifecycle loop:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ROUND t (Federated Learning Cycle) Client A (Hospital / Bank / Device) └── Train local model └── Compute gradients └── Encrypt updates └── Submit to Oasis Client B └── Train └── Encrypt └── Submit Client C └── Train └── Encrypt └── Submit ↓ 🔐 Oasis Sapphire TEE Layer ┌──────────────────────────────┐ │ 1. Decrypt securely │ │ 2. Aggregate updates │ │ 3. Apply weighting (optional)│ │ 4. Update global model │ └──────────────────────────────┘ ↓ 📦 Global Model Updated On-Chain ↓ Clients Pull Latest Model → Next Training Round </code></pre> </div> <h2> Advanced Enhancements (Production-Level Thinking) </h2> <p>At this stage, the system is already functional, but real-world deployments require additional sophistication.</p> <h2> 1. Differential Privacy Layer </h2> <p>To further strengthen privacy guarantees, we can inject controlled noise into model updates before submission.</p> <p>This ensures that even in edge cases, individual contributions cannot be reverse-engineered.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">add_noise</span><span class="p">(</span><span class="n">weights</span><span class="p">,</span> <span class="n">epsilon</span><span class="o">=</span><span class="mf">0.1</span><span class="p">):</span> <span class="n">noisy_weights</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">k</span> <span class="ow">in</span> <span class="n">weights</span><span class="p">:</span> <span class="n">noise</span> <span class="o">=</span> <span class="n">torch</span><span class="p">.</span><span class="nf">randn_like</span><span class="p">(</span><span class="n">weights</span><span class="p">[</span><span class="n">k</span><span class="p">])</span> <span class="o">*</span> <span class="n">epsilon</span> <span class="n">noisy_weights</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">weights</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">+</span> <span class="n">noise</span> <span class="k">return</span> <span class="n">noisy_weights</span> </code></pre> </div> <p>This technique is widely used in privacy-preserving ML systems and complements Oasis’s confidential execution layer.</p> <h2> 2. Weighted Aggregation Strategy </h2> <p>Not all participants contribute equally.</p> <p>For example:</p> <ul> <li>A hospital with 1M patients should have more influence than one with 1K</li> <li>A bank with higher transaction volume should contribute more signal</li> </ul> <p>So instead of simple averaging, we apply weighted aggregation.</p> <p>This can be implemented inside the confidential contract layer to ensure fairness while preserving privacy.</p> <h2> 3. Incentive Mechanism for Participants </h2> <p>A real decentralized ML system must also include economic incentives.</p> <p>You can design:</p> <ul> <li>Token rewards per valid update</li> <li>Slashing for malicious or low-quality gradients</li> <li>Reputation scoring for long-term contributors</li> </ul> <p>This transforms the system into a self-sustaining AI network economy.</p> <h2> 4. Hybrid ZK + Confidential ML Systems </h2> <p>An even more advanced extension is combining:</p> <ul> <li>Zero-Knowledge Proofs (ZKPs)</li> <li>Oasis confidential compute</li> </ul> <p>This allows participants to prove properties like:</p> <ul> <li>'My model was trained correctly'</li> <li>'My data distribution satisfies constraints'</li> <li>'No poisoning attacks were introduced'</li> </ul> <p>without revealing any underlying data.</p> <h2> So Why Does This Architecture Matter </h2> <p>What we built here is not just a federated learning system.</p> <p>It represents a shift in how machine learning systems are designed:</p> <blockquote> <p>From centralized data collection → to decentralized intelligence collaboration</p> </blockquote> <p>Oasis enables something very rare in blockchain systems:</p> <ul> <li>Computation on private data</li> <li>Without exposing the data itself</li> <li>While still preserving verifiability</li> </ul> <p>This unlocks entirely new categories of AI systems:</p> <ul> <li>Privacy-first foundation models</li> <li>Cross-organization collaborative AI</li> <li>Decentralized intelligence networks</li> </ul> <h2> Where You Can Take This Next </h2> <p>If you want to push this further (and it gets very interesting), you can extend this system into:</p> <ul> <li>Confidential LLM fine-tuning networks</li> <li>Multi-agent decentralized reinforcement learning</li> <li>Privacy-preserving recommendation systems</li> <li>Genomics ML across research institutions</li> <li>Token-incentivized AI training marketplaces</li> </ul> <h2> Closing Thought </h2> <p>The combination of federated learning + confidential execution fundamentally changes what is possible in machine learning systems.</p> <p>Instead of asking:</p> <blockquote> <p>"Where do we store the data?"</p> </blockquote> <p>We now ask:</p> <blockquote> <p>"How do we learn from data without ever seeing it?"</p> </blockquote> <p>And that is exactly the space where Oasis Network becomes powerful.</p> web3 privacy machinelearning ai Building a Confidential Sealed-Bid NFT Auction on Oasis Sapphire rayQu Fri, 20 Mar 2026 10:36:48 +0000 https://forem.com/rollingindo/building-a-confidential-sealed-bid-nft-auction-on-oasis-sapphire-j1m https://forem.com/rollingindo/building-a-confidential-sealed-bid-nft-auction-on-oasis-sapphire-j1m <p>Ever wanted to run a blockchain auction without revealing bids until the end?</p> <p>In this tutorial, we’ll build a sealed-bid NFT auction on Oasis Sapphire, where bids are fully encrypted, events are private, and the winner is publicly verifiable, perfect for NFT drops, private DeFi auctions, or confidential governance.</p> <p>We’ll cover:</p> <ul> <li>Why Sapphire for privacy-first auctions</li> <li>Smart contract design for sealed-bid auctions</li> <li>Off-chain bid commitment and encryption</li> <li>Encrypted events on Sapphire</li> <li>React + ethers.js frontend integration</li> <li>Testing, deployment, and advanced tips</li> </ul> <p>By the end, you’ll have a production-ready privacy-preserving auction.</p> <h2> Part 1: Why Privacy Matters on Blockchain Auctions </h2> <p>Traditional Ethereum-style auctions expose bids as soon as they hit the blockchain. This causes issues like:</p> <ul> <li>Front-running attacks: Bots see your bid and immediately outbid you</li> <li>Loss of privacy: High-value bids are visible to competitors</li> <li>Manipulation risk: Public bids allow strategic manipulation</li> </ul> <p>Oasis Sapphire solves this by offering:</p> <ul> <li>Confidential calldata: Input values are encrypted</li> <li>Encrypted events: Logs can be private but verifiable</li> <li>EVM compatibility: Solidity contracts work with minimal changes</li> </ul> <p>So the result: You can build auctions where nobody knows your bid until reveal, yet the outcome is fully trustless.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ submitBid(commitment) ┌───────────────┐ │ Bidder A │ ────────────────────────────────&gt; │ SealedAuction│ └─────────────┘ │ (encrypted) │ ┌─────────────┐ submitBid(commitment) │ │ │ Bidder B │ ────────────────────────────────&gt; │ │ └─────────────┘ └─────┬─────────┘ │ ▼ ┌───────────────────────┐ │ Reveal Phase │ │ - submit value+salt │ │ - verify commitment │ │ - determine winner │ └─────────┬─────────────┘ │ ▼ ┌─────────────────────────┐ │ Winner + Final Price │ │ (publicly verifiable) │ └─────────────────────────┘ </code></pre> </div> <h2> Part 2: Project Setup </h2> <ol> <li>Create Hardhat Project </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>sapphire-nft-auction <span class="nb">cd </span>sapphire-nft-auction npm init <span class="nt">-y</span> npm <span class="nb">install</span> <span class="nt">--save-dev</span> hardhat @nomiclabs/hardhat-ethers ethereum-waffle chai npm <span class="nb">install</span> @oasisprotocol/sapphire-paratime </code></pre> </div> <ol> <li>Configure Hardhat for Sapphire Testnet </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@nomiclabs/hardhat-ethers</span><span class="dl">"</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">@oasisprotocol/sapphire-paratime</span><span class="dl">"</span><span class="p">);</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="na">solidity</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0.8.20</span><span class="dl">"</span><span class="p">,</span> <span class="na">networks</span><span class="p">:</span> <span class="p">{</span> <span class="na">sapphire_testnet</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://testnet.sapphire.oasis.io</span><span class="dl">"</span><span class="p">,</span> <span class="na">chainId</span><span class="p">:</span> <span class="mi">23295</span><span class="p">,</span> <span class="na">accounts</span><span class="p">:</span> <span class="p">[</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PRIVATE_KEY</span><span class="p">],</span> <span class="c1">// your testnet wallet</span> <span class="p">},</span> <span class="p">},</span> <span class="p">};</span> </code></pre> </div> <p>Make sure you fund your testnet wallet with some ROSE test tokens (<a href="https://faucet.testnet.oasis.dev/" rel="noopener noreferrer">Testnet Faucet</a>)</p> <h2> Part 3: Smart Contract Architecture </h2> <p>We’ll implement a sealed-bid auction:</p> <ul> <li> <strong>submitBid</strong>: Accepts encrypted bid commitments</li> <li> <strong>reveal</strong>: Checks commitments, reveals bids, determines winner</li> <li> <strong>events</strong>: Logs encrypted bid submissions</li> </ul> <p>Create <strong>contracts/SealedAuction.sol</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="o">//</span> <span class="n">SPDX</span><span class="o">-</span><span class="n">License</span><span class="o">-</span><span class="n">Identifier</span><span class="p">:</span> <span class="n">MIT</span> <span class="n">pragma</span> <span class="n">solidity</span> <span class="o">^</span><span class="mi">0</span><span class="p">.</span><span class="mi">8</span><span class="p">.</span><span class="mi">20</span><span class="p">;</span> <span class="n">contract</span> <span class="n">SealedAuction</span> <span class="p">{</span> <span class="n">struct</span> <span class="n">Bid</span> <span class="p">{</span> <span class="n">bytes32</span> <span class="n">commitment</span><span class="p">;</span> <span class="nb">bool</span> <span class="n">revealed</span><span class="p">;</span> <span class="p">}</span> <span class="n">address</span> <span class="k">public</span> <span class="k">owner</span><span class="p">;</span> <span class="n">address</span> <span class="k">public</span> <span class="n">winner</span><span class="p">;</span> <span class="n">uint256</span> <span class="k">public</span> <span class="n">finalPrice</span><span class="p">;</span> <span class="n">mapping</span><span class="p">(</span><span class="n">address</span> <span class="o">=&gt;</span> <span class="n">Bid</span><span class="p">)</span> <span class="k">public</span> <span class="n">bids</span><span class="p">;</span> <span class="n">uint256</span> <span class="k">public</span> <span class="n">biddingEnd</span><span class="p">;</span> <span class="n">uint256</span> <span class="k">public</span> <span class="n">revealEnd</span><span class="p">;</span> <span class="n">event</span> <span class="n">BidEncrypted</span><span class="p">(</span><span class="n">address</span> <span class="n">indexed</span> <span class="n">bidder</span><span class="p">,</span> <span class="n">bytes32</span> <span class="k">encrypted</span><span class="p">);</span> <span class="n">event</span> <span class="n">Revealed</span><span class="p">(</span><span class="n">address</span> <span class="n">indexed</span> <span class="n">bidder</span><span class="p">,</span> <span class="n">uint256</span> <span class="n">value</span><span class="p">);</span> <span class="k">constructor</span><span class="p">(</span><span class="n">uint256</span> <span class="n">_biddingTime</span><span class="p">,</span> <span class="n">uint256</span> <span class="n">_revealTime</span><span class="p">)</span> <span class="p">{</span> <span class="k">owner</span> <span class="o">=</span> <span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">;</span> <span class="n">biddingEnd</span> <span class="o">=</span> <span class="n">block</span><span class="p">.</span><span class="nb">timestamp</span> <span class="o">+</span> <span class="n">_biddingTime</span><span class="p">;</span> <span class="n">revealEnd</span> <span class="o">=</span> <span class="n">biddingEnd</span> <span class="o">+</span> <span class="n">_revealTime</span><span class="p">;</span> <span class="p">}</span> <span class="k">function</span> <span class="n">submitBid</span><span class="p">(</span><span class="n">bytes32</span> <span class="n">commitment</span><span class="p">)</span> <span class="k">external</span> <span class="p">{</span> <span class="n">require</span><span class="p">(</span><span class="n">block</span><span class="p">.</span><span class="nb">timestamp</span> <span class="o">&lt;</span> <span class="n">biddingEnd</span><span class="p">,</span> <span class="nv">"Bidding closed"</span><span class="p">);</span> <span class="n">bids</span><span class="p">[</span><span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">]</span> <span class="o">=</span> <span class="n">Bid</span><span class="p">({</span><span class="n">commitment</span><span class="p">:</span> <span class="n">commitment</span><span class="p">,</span> <span class="n">revealed</span><span class="p">:</span> <span class="k">false</span><span class="p">});</span> <span class="n">emit</span> <span class="n">BidEncrypted</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">,</span> <span class="n">commitment</span><span class="p">);</span> <span class="p">}</span> <span class="k">function</span> <span class="n">reveal</span><span class="p">(</span><span class="n">uint256</span> <span class="n">value</span><span class="p">,</span> <span class="n">bytes32</span> <span class="n">salt</span><span class="p">)</span> <span class="k">external</span> <span class="p">{</span> <span class="n">require</span><span class="p">(</span><span class="n">block</span><span class="p">.</span><span class="nb">timestamp</span> <span class="o">&gt;=</span> <span class="n">biddingEnd</span><span class="p">,</span> <span class="nv">"Reveal not started"</span><span class="p">);</span> <span class="n">require</span><span class="p">(</span><span class="n">block</span><span class="p">.</span><span class="nb">timestamp</span> <span class="o">&lt;</span> <span class="n">revealEnd</span><span class="p">,</span> <span class="nv">"Reveal ended"</span><span class="p">);</span> <span class="n">Bid</span> <span class="k">storage</span> <span class="n">b</span> <span class="o">=</span> <span class="n">bids</span><span class="p">[</span><span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">];</span> <span class="n">require</span><span class="p">(</span><span class="n">b</span><span class="p">.</span><span class="n">commitment</span> <span class="o">==</span> <span class="n">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="n">salt</span><span class="p">)),</span> <span class="nv">"Bad reveal"</span><span class="p">);</span> <span class="n">require</span><span class="p">(</span><span class="o">!</span><span class="n">b</span><span class="p">.</span><span class="n">revealed</span><span class="p">,</span> <span class="nv">"Already revealed"</span><span class="p">);</span> <span class="n">b</span><span class="p">.</span><span class="n">revealed</span> <span class="o">=</span> <span class="k">true</span><span class="p">;</span> <span class="n">emit</span> <span class="n">Revealed</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">,</span> <span class="n">value</span><span class="p">);</span> <span class="n">if</span> <span class="p">(</span><span class="n">value</span> <span class="o">&gt;</span> <span class="n">finalPrice</span><span class="p">)</span> <span class="p">{</span> <span class="n">finalPrice</span> <span class="o">=</span> <span class="n">value</span><span class="p">;</span> <span class="n">winner</span> <span class="o">=</span> <span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Key points to keep in mind:</p> <ul> <li>Only the hash of the bid is stored on-chain, not the bid itself.</li> <li>Bids remain private until reveal().</li> <li>Events can optionally be encrypted for extra confidentiality.</li> </ul> <h2> Part 4: Off-Chain Bid Commitment </h2> <p>Before submitting a bid, you generate a commitment hash off-chain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">ethers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">ethers</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">createCommitment</span><span class="p">(</span><span class="nx">bidValue</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">salt</span> <span class="o">=</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">hexlify</span><span class="p">(</span><span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">randomBytes</span><span class="p">(</span><span class="mi">32</span><span class="p">));</span> <span class="kd">const</span> <span class="nx">commitment</span> <span class="o">=</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">keccak256</span><span class="p">(</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nx">defaultAbiCoder</span><span class="p">.</span><span class="nf">encode</span><span class="p">([</span><span class="dl">"</span><span class="s2">uint256</span><span class="dl">"</span><span class="p">,</span><span class="dl">"</span><span class="s2">bytes32</span><span class="dl">"</span><span class="p">],</span> <span class="p">[</span><span class="nx">bidValue</span><span class="p">,</span> <span class="nx">salt</span><span class="p">])</span> <span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">commitment</span><span class="p">,</span> <span class="nx">salt</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Example</span> <span class="kd">const</span> <span class="nx">bid</span> <span class="o">=</span> <span class="nf">createCommitment</span><span class="p">(</span><span class="mi">500</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Commitment:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">bid</span><span class="p">.</span><span class="nx">commitment</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Salt:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">bid</span><span class="p">.</span><span class="nx">salt</span><span class="p">);</span> </code></pre> </div> <ul> <li>Salt prevents brute-force attacks on commitments</li> <li>The commitment hash is sent on-chain using submitBid() </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Bidder Client +-----------------+ | bidValue + salt | +--------+--------+ | | keccak256 -&gt; commitment v +-----------------+ encrypted calldata +------------------------+ | submitBid() | ------------------------&gt; | SealedAuction Contract | | (commitment) | | stores only commitment | +-----------------+ | | +-----------+------------+ | encrypted event emitted | v Off-chain listener/frontend (decrypts if authorized) </code></pre> </div> <h2> Part 5: Submitting &amp; Revealing Bids </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">await</span> <span class="nx">auctionContract</span><span class="p">.</span><span class="nf">submitBid</span><span class="p">(</span><span class="nx">commitment</span><span class="p">);</span> <span class="c1">// Wait until bidding period ends</span> <span class="k">await</span> <span class="nx">auctionContract</span><span class="p">.</span><span class="nf">reveal</span><span class="p">(</span><span class="nx">bidValue</span><span class="p">,</span> <span class="nx">salt</span><span class="p">);</span> </code></pre> </div> <p>On Sapphire, you can use encrypted calldata so even miners/validators don’t see the bid during submission.</p> <h2> Part 6: Adding NFT Rewards </h2> <p>Let’s take it a step further: the winner receives an NFT. Add this to your contract:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">interface</span> <span class="n">IERC721</span> <span class="p">{</span> <span class="k">function</span> <span class="n">safeMint</span><span class="p">(</span><span class="n">address</span> <span class="k">to</span><span class="p">)</span> <span class="k">external</span><span class="p">;</span> <span class="p">}</span> <span class="n">IERC721</span> <span class="k">public</span> <span class="n">rewardNFT</span><span class="p">;</span> <span class="k">constructor</span><span class="p">(</span><span class="n">address</span> <span class="n">_nft</span><span class="p">)</span> <span class="p">{</span> <span class="k">owner</span> <span class="o">=</span> <span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">;</span> <span class="n">rewardNFT</span> <span class="o">=</span> <span class="n">IERC721</span><span class="p">(</span><span class="n">_nft</span><span class="p">);</span> <span class="p">}</span> <span class="o">//</span> <span class="k">After</span> <span class="n">reveal</span> <span class="n">ends</span> <span class="k">function</span> <span class="n">distributeNFT</span><span class="p">()</span> <span class="k">external</span> <span class="p">{</span> <span class="n">require</span><span class="p">(</span><span class="n">block</span><span class="p">.</span><span class="nb">timestamp</span> <span class="o">&gt;=</span> <span class="n">revealEnd</span><span class="p">,</span> <span class="nv">"Reveal not ended"</span><span class="p">);</span> <span class="n">require</span><span class="p">(</span><span class="n">winner</span> <span class="o">!=</span> <span class="n">address</span><span class="p">(</span><span class="mi">0</span><span class="p">),</span> <span class="nv">"No winner yet"</span><span class="p">);</span> <span class="n">rewardNFT</span><span class="p">.</span><span class="n">safeMint</span><span class="p">(</span><span class="n">winner</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> Part 7: Encrypted Events on Sapphire (Advanced) </h2> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">event</span> <span class="n">EncryptedBid</span><span class="p">(</span><span class="n">address</span> <span class="n">indexed</span> <span class="n">bidder</span><span class="p">,</span> <span class="n">bytes32</span> <span class="n">encryptedData</span><span class="p">);</span> <span class="n">bytes</span> <span class="n">memory</span> <span class="n">ciphertext</span> <span class="o">=</span> <span class="n">Sapphire</span><span class="p">.</span><span class="n">encrypt</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">bidValue</span><span class="p">,</span> <span class="n">salt</span><span class="p">));</span> <span class="n">emit</span> <span class="n">EncryptedBid</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">,</span> <span class="n">ciphertext</span><span class="p">);</span> </code></pre> </div> <ul> <li>Only the bidder can decrypt the event off-chain</li> <li>Useful for building off-chain bid monitoring tools without revealing bids publicly</li> </ul> <h2> Part 8: Frontend Integration (React + ethers.js) </h2> <ul> <li>Generate bid commitment in React form</li> <li>Call submitBid(commitment) on click</li> <li>Reveal after auction ends</li> <li>Optional: use encrypted events to show notifications without revealing bid amounts </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">bid</span> <span class="o">=</span> <span class="nf">createCommitment</span><span class="p">(</span><span class="nx">inputValue</span><span class="p">);</span> <span class="k">await</span> <span class="nx">auctionContract</span><span class="p">.</span><span class="nf">submitBid</span><span class="p">(</span><span class="nx">bid</span><span class="p">.</span><span class="nx">commitment</span><span class="p">);</span> </code></pre> </div> <ul> <li>Add a timer for bidding and reveal periods</li> <li>Use ethers.js and MetaMask for transactions</li> </ul> <h2> Part 9: Hardhat Testing </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">expect</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">chai</span><span class="dl">"</span><span class="p">);</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">"</span><span class="s2">SealedAuction</span><span class="dl">"</span><span class="p">,</span> <span class="nf">function </span><span class="p">()</span> <span class="p">{</span> <span class="nf">it</span><span class="p">(</span><span class="dl">"</span><span class="s2">accepts bids and picks winner correctly</span><span class="dl">"</span><span class="p">,</span> <span class="k">async</span> <span class="nf">function </span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">a</span><span class="p">,</span> <span class="nx">b</span><span class="p">]</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ethers</span><span class="p">.</span><span class="nf">getSigners</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">Auction</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ethers</span><span class="p">.</span><span class="nf">getContractFactory</span><span class="p">(</span><span class="dl">"</span><span class="s2">SealedAuction</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">auction</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Auction</span><span class="p">.</span><span class="nf">deploy</span><span class="p">(</span><span class="mi">60</span><span class="p">,</span> <span class="mi">120</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">bidA</span> <span class="o">=</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">id</span><span class="p">(</span><span class="dl">"</span><span class="s2">1001salt</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">bidB</span> <span class="o">=</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">id</span><span class="p">(</span><span class="dl">"</span><span class="s2">2002salt2</span><span class="dl">"</span><span class="p">);</span> <span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">submitBid</span><span class="p">(</span><span class="nx">bidA</span><span class="p">);</span> <span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">submitBid</span><span class="p">(</span><span class="nx">bidB</span><span class="p">);</span> <span class="k">await</span> <span class="nx">network</span><span class="p">.</span><span class="nx">provider</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">"</span><span class="s2">evm_increaseTime</span><span class="dl">"</span><span class="p">,</span> <span class="p">[</span><span class="mi">70</span><span class="p">]);</span> <span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">reveal</span><span class="p">(</span><span class="mi">1001</span><span class="p">,</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">formatBytes32String</span><span class="p">(</span><span class="dl">"</span><span class="s2">salt</span><span class="dl">"</span><span class="p">));</span> <span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">reveal</span><span class="p">(</span><span class="mi">2002</span><span class="p">,</span> <span class="nx">ethers</span><span class="p">.</span><span class="nx">utils</span><span class="p">.</span><span class="nf">formatBytes32String</span><span class="p">(</span><span class="dl">"</span><span class="s2">salt2</span><span class="dl">"</span><span class="p">));</span> <span class="nf">expect</span><span class="p">(</span><span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">winner</span><span class="p">()).</span><span class="nx">to</span><span class="p">.</span><span class="nf">equal</span><span class="p">(</span><span class="nx">b</span><span class="p">.</span><span class="nx">address</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">finalPrice</span><span class="p">()).</span><span class="nx">to</span><span class="p">.</span><span class="nf">equal</span><span class="p">(</span><span class="mi">2002</span><span class="p">);</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> Part 10: Deploying to Sapphire Testnet </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx hardhat run scripts/deploy.js <span class="nt">--network</span> sapphire_testnet </code></pre> </div> <p>Deploy script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">Auction</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ethers</span><span class="p">.</span><span class="nf">getContractFactory</span><span class="p">(</span><span class="dl">"</span><span class="s2">SealedAuction</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">auction</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Auction</span><span class="p">.</span><span class="nf">deploy</span><span class="p">(</span><span class="mi">300</span><span class="p">,</span> <span class="mi">300</span><span class="p">);</span> <span class="k">await</span> <span class="nx">auction</span><span class="p">.</span><span class="nf">deployed</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Auction deployed at</span><span class="dl">"</span><span class="p">,</span> <span class="nx">auction</span><span class="p">.</span><span class="nx">address</span><span class="p">);</span> <span class="p">}</span> <span class="nf">main</span><span class="p">();</span> </code></pre> </div> <h2> Part 11: Next-Level Ideas you could implement </h2> <ul> <li>Build a full frontend auction dApp</li> <li>Integrate off-chain listeners for encrypted events</li> <li>Add ZK proofs for bid fairness without revealing bids</li> <li>Support multi-item auctions or batch NFT rewards</li> </ul> <p>You now have a fully functional, privacy-preserving NFT auction on Oasis Sapphire. Bids are private, events can be private, and the winner is verifiable. Perfect for real-world confidential DeFi and NFT applications!</p> nft privacy tutorial web3 Building a Privacy-Preserving AI Oracle on Oasis Sapphire rayQu Fri, 13 Mar 2026 08:41:00 +0000 https://forem.com/rollingindo/building-a-privacy-preserving-ai-oracle-on-oasis-sapphire-1ibd https://forem.com/rollingindo/building-a-privacy-preserving-ai-oracle-on-oasis-sapphire-1ibd <p>Recently, I built a <a href="https://dev.to/rollingindo/building-a-cross-chain-confidential-trust-score-oracle-with-oasis-sapphire-opl-rofl-39n8">cross-chain confidential Trust Score Oracle using Sapphire ParaTime</a>, Oasis Privacy Layer, and ROFL on the Oasis Network. That project focused on computing a reputation score across multiple blockchains while keeping the scoring logic private.</p> <p>In this tutorial, we’ll explore a different but related use case: building a privacy-preserving AI inference oracle.</p> <p>Instead of calculating a trust score from on-chain activity, we will:</p> <ul> <li>run an AI model privately</li> <li>process sensitive user data</li> <li>return verifiable results on-chain</li> </ul> <p>This pattern is extremely useful for applications like:</p> <ul> <li>private credit scoring</li> <li>confidential trading signals</li> <li>healthcare ML analytics</li> <li>AI-powered DeFi risk models</li> </ul> <h2> Why Privacy Matters for AI on Blockchain </h2> <p>Most blockchains are fully transparent. Every transaction and input is publicly visible.</p> <p>That creates a major problem for AI applications.</p> <p>Example: a credit scoring system.</p> <p>Inputs might include:</p> <ul> <li>income</li> <li>transaction history</li> <li>loan repayment data</li> <li>identity attributes</li> </ul> <p>None of this can safely be published on a public blockchain.</p> <p>This is where the confidential compute model of Oasis Network becomes powerful.</p> <p>It allows smart contracts to execute encrypted computations inside secure enclaves.</p> <h2> Oasis Network Architecture </h2> <p>The Oasis architecture separates consensus from computation, which allows specialized runtimes for different workloads.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>+------------------------------------------------+ | Applications | +------------------------------------------------+ | ParaTime Layer | |------------------------------------------------| | Sapphire (Confidential EVM) | | Emerald (EVM Compatible) | | Custom Runtimes | +------------------------------------------------+ | Consensus Layer | | Proof-of-Stake Validators | +------------------------------------------------+ </code></pre> </div> <p>In this tutorial we use Sapphire ParaTime, which provides:</p> <ul> <li>EVM compatibility</li> <li>encrypted state</li> <li>confidential smart contracts</li> </ul> <h2> What We Will Build </h2> <p>We will build a Confidential AI Oracle.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Confidential AI Oracle System +-------------------+ | User Wallet | | (encrypted data) | +---------+---------+ | v +---------------------+ | Sapphire Smart | | Contract | | (confidential EVM) | +---------+-----------+ | v +---------------------+ | ROFL Oracle Worker | |---------------------| | Secure Enclave | | AI Model Inference | +---------+-----------+ | v +---------------------+ | Signed Result | | returned on-chain | +---------------------+ </code></pre> </div> <p>The system will:</p> <ol> <li>Receive encrypted user data</li> <li>Run an AI model inside a secure environment</li> <li>Produce a prediction</li> <li>Store only the result on-chain</li> </ol> <h2> High-Level Architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User Wallet | v Encrypted Data | v Sapphire Smart Contract | v ROFL Worker | v AI Model Inference | v Signed Result | v Smart Contract Storage </code></pre> </div> <h2> Real Use Case: Private Credit Scoring </h2> <p>Imagine a DeFi lending protocol.</p> <p>It wants to compute a credit score before issuing a loan.</p> <p>But the borrower’s financial data must remain private.</p> <p>Traditional blockchain flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User -&gt; Smart Contract -&gt; Public Data </code></pre> </div> <p>Everyone can see the input.</p> <p>With confidential computation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User Data (encrypted) | v Confidential Runtime | v AI Model | v Credit Score Result </code></pre> </div> <p>Only the result is visible.</p> <h2> Project Repository Structure </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>oasis-private-ai-oracle/ contracts/ CreditOracle.sol oracle/ worker.py model.py enclave_runner.py scripts/ deploy.js frontend/ submit-data.ts README.md </code></pre> </div> <h2> Smart Contract (Sapphire) </h2> <p>Example confidential oracle contract.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// SPDX-License-Identifier: MIT</span> <span class="nx">pragma</span> <span class="nx">solidity</span> <span class="o">^</span><span class="mf">0.8</span><span class="p">.</span><span class="mi">19</span><span class="p">;</span> <span class="nx">contract</span> <span class="nx">CreditOracle</span> <span class="p">{</span> <span class="nx">address</span> <span class="kr">public</span> <span class="nx">oracle</span><span class="p">;</span> <span class="nx">struct</span> <span class="nx">ScoreRecord</span> <span class="p">{</span> <span class="nx">uint256</span> <span class="nx">score</span><span class="p">;</span> <span class="nx">uint256</span> <span class="nx">timestamp</span><span class="p">;</span> <span class="p">}</span> <span class="nf">mapping</span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">ScoreRecord</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">scores</span><span class="p">;</span> <span class="nx">event</span> <span class="nc">ScoreUpdated</span><span class="p">(</span><span class="nx">address</span> <span class="nx">indexed</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">uint256</span> <span class="nx">score</span><span class="p">);</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">address</span> <span class="nx">_oracle</span><span class="p">)</span> <span class="p">{</span> <span class="nx">oracle</span> <span class="o">=</span> <span class="nx">_oracle</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">submitScore</span><span class="p">(</span> <span class="nx">address</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">uint256</span> <span class="nx">score</span><span class="p">,</span> <span class="nx">bytes</span> <span class="nx">calldata</span> <span class="nx">signature</span> <span class="p">)</span> <span class="nx">external</span> <span class="p">{</span> <span class="nf">require</span><span class="p">(</span><span class="nf">verify</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">score</span><span class="p">,</span> <span class="nx">signature</span><span class="p">),</span> <span class="dl">"</span><span class="s2">invalid signature</span><span class="dl">"</span><span class="p">);</span> <span class="nx">scores</span><span class="p">[</span><span class="nx">user</span><span class="p">]</span> <span class="o">=</span> <span class="nc">ScoreRecord</span><span class="p">({</span> <span class="na">score</span><span class="p">:</span> <span class="nx">score</span><span class="p">,</span> <span class="na">timestamp</span><span class="p">:</span> <span class="nx">block</span><span class="p">.</span><span class="nx">timestamp</span> <span class="p">});</span> <span class="nx">emit</span> <span class="nc">ScoreUpdated</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">score</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">verify</span><span class="p">(</span> <span class="nx">address</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">uint256</span> <span class="nx">score</span><span class="p">,</span> <span class="nx">bytes</span> <span class="nx">memory</span> <span class="nx">signature</span> <span class="p">)</span> <span class="nx">internal</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">bool</span><span class="p">)</span> <span class="p">{</span> <span class="nx">bytes32</span> <span class="nx">message</span> <span class="o">=</span> <span class="nf">keccak256</span><span class="p">(</span> <span class="nx">abi</span><span class="p">.</span><span class="nf">encodePacked</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">score</span><span class="p">)</span> <span class="p">);</span> <span class="nx">bytes32</span> <span class="nx">ethSigned</span> <span class="o">=</span> <span class="nf">keccak256</span><span class="p">(</span> <span class="nx">abi</span><span class="p">.</span><span class="nf">encodePacked</span><span class="p">(</span> <span class="dl">"</span><span class="se">\</span><span class="s2">x19Ethereum Signed Message:</span><span class="se">\n</span><span class="s2">32</span><span class="dl">"</span><span class="p">,</span> <span class="nx">message</span> <span class="p">)</span> <span class="p">);</span> <span class="p">(</span><span class="nx">bytes32</span> <span class="nx">r</span><span class="p">,</span> <span class="nx">bytes32</span> <span class="nx">s</span><span class="p">,</span> <span class="nx">uint8</span> <span class="nx">v</span><span class="p">)</span> <span class="o">=</span> <span class="nf">splitSignature</span><span class="p">(</span><span class="nx">signature</span><span class="p">);</span> <span class="nx">address</span> <span class="nx">recovered</span> <span class="o">=</span> <span class="nf">ecrecover</span><span class="p">(</span><span class="nx">ethSigned</span><span class="p">,</span> <span class="nx">v</span><span class="p">,</span> <span class="nx">r</span><span class="p">,</span> <span class="nx">s</span><span class="p">);</span> <span class="k">return</span> <span class="nx">recovered</span> <span class="o">==</span> <span class="nx">oracle</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">splitSignature</span><span class="p">(</span><span class="nx">bytes</span> <span class="nx">memory</span> <span class="nx">sig</span><span class="p">)</span> <span class="nx">internal</span> <span class="nx">pure</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">bytes32</span> <span class="nx">r</span><span class="p">,</span> <span class="nx">bytes32</span> <span class="nx">s</span><span class="p">,</span> <span class="nx">uint8</span> <span class="nx">v</span><span class="p">)</span> <span class="p">{</span> <span class="nf">require</span><span class="p">(</span><span class="nx">sig</span><span class="p">.</span><span class="nx">length</span> <span class="o">==</span> <span class="mi">65</span><span class="p">,</span> <span class="dl">"</span><span class="s2">invalid signature length</span><span class="dl">"</span><span class="p">);</span> <span class="nx">assembly</span> <span class="p">{</span> <span class="nl">r</span> <span class="p">:</span><span class="o">=</span> <span class="nf">mload</span><span class="p">(</span><span class="nf">add</span><span class="p">(</span><span class="nx">sig</span><span class="p">,</span> <span class="mi">32</span><span class="p">))</span> <span class="nx">s</span> <span class="p">:</span><span class="o">=</span> <span class="nf">mload</span><span class="p">(</span><span class="nf">add</span><span class="p">(</span><span class="nx">sig</span><span class="p">,</span> <span class="mi">64</span><span class="p">))</span> <span class="nx">v</span> <span class="p">:</span><span class="o">=</span> <span class="nf">byte</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nf">mload</span><span class="p">(</span><span class="nf">add</span><span class="p">(</span><span class="nx">sig</span><span class="p">,</span> <span class="mi">96</span><span class="p">)))</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The contract:</p> <ul> <li>verifies oracle signatures</li> <li>prevents tampering</li> <li>stores final scores</li> <li>event logging</li> <li>timestamped scores</li> <li>full signature verification</li> </ul> <h2> Oracle Worker </h2> <p>The oracle runs the AI model and signs the result.</p> <p>Example Python worker:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">web3</span> <span class="kn">import</span> <span class="n">Web3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">model</span> <span class="kn">import</span> <span class="n">predict_score</span> <span class="kn">from</span> <span class="n">eth_account</span> <span class="kn">import</span> <span class="n">Account</span> <span class="n">RPC_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://sapphire.oasis.io</span><span class="sh">"</span> <span class="n">PRIVATE_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">YOUR_ORACLE_PRIVATE_KEY</span><span class="sh">"</span> <span class="n">contract_address</span> <span class="o">=</span> <span class="sh">"</span><span class="s">DEPLOYED_CONTRACT_ADDRESS</span><span class="sh">"</span> <span class="n">contract_abi</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">CreditOracleABI.json</span><span class="sh">"</span><span class="p">))</span> <span class="n">w3</span> <span class="o">=</span> <span class="nc">Web3</span><span class="p">(</span><span class="n">Web3</span><span class="p">.</span><span class="nc">HTTPProvider</span><span class="p">(</span><span class="n">RPC_URL</span><span class="p">))</span> <span class="n">account</span> <span class="o">=</span> <span class="n">Account</span><span class="p">.</span><span class="nf">from_key</span><span class="p">(</span><span class="n">PRIVATE_KEY</span><span class="p">)</span> <span class="n">contract</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">contract</span><span class="p">(</span> <span class="n">address</span><span class="o">=</span><span class="n">contract_address</span><span class="p">,</span> <span class="n">abi</span><span class="o">=</span><span class="n">contract_abi</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">run_oracle</span><span class="p">(</span><span class="n">user_address</span><span class="p">,</span> <span class="n">user_data</span><span class="p">):</span> <span class="n">score</span> <span class="o">=</span> <span class="nf">predict_score</span><span class="p">(</span><span class="n">user_data</span><span class="p">)</span> <span class="n">message</span> <span class="o">=</span> <span class="n">Web3</span><span class="p">.</span><span class="nf">solidity_keccak</span><span class="p">(</span> <span class="p">[</span><span class="sh">"</span><span class="s">address</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">uint256</span><span class="sh">"</span><span class="p">],</span> <span class="p">[</span><span class="n">user_address</span><span class="p">,</span> <span class="n">score</span><span class="p">]</span> <span class="p">)</span> <span class="n">signed</span> <span class="o">=</span> <span class="n">account</span><span class="p">.</span><span class="nf">sign_message</span><span class="p">(</span> <span class="n">Web3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="n">account</span><span class="p">.</span><span class="nf">_hash_message</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="p">)</span> <span class="n">tx</span> <span class="o">=</span> <span class="n">contract</span><span class="p">.</span><span class="n">functions</span><span class="p">.</span><span class="nf">submitScore</span><span class="p">(</span> <span class="n">user_address</span><span class="p">,</span> <span class="n">score</span><span class="p">,</span> <span class="n">signed</span><span class="p">.</span><span class="n">signature</span> <span class="p">).</span><span class="nf">build_transaction</span><span class="p">({</span> <span class="sh">"</span><span class="s">from</span><span class="sh">"</span><span class="p">:</span> <span class="n">account</span><span class="p">.</span><span class="n">address</span><span class="p">,</span> <span class="sh">"</span><span class="s">nonce</span><span class="sh">"</span><span class="p">:</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">get_transaction_count</span><span class="p">(</span><span class="n">account</span><span class="p">.</span><span class="n">address</span><span class="p">)</span> <span class="p">})</span> <span class="n">signed_tx</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="n">account</span><span class="p">.</span><span class="nf">sign_transaction</span><span class="p">(</span><span class="n">tx</span><span class="p">,</span> <span class="n">PRIVATE_KEY</span><span class="p">)</span> <span class="n">tx_hash</span> <span class="o">=</span> <span class="n">w3</span><span class="p">.</span><span class="n">eth</span><span class="p">.</span><span class="nf">send_raw_transaction</span><span class="p">(</span><span class="n">signed_tx</span><span class="p">.</span><span class="n">rawTransaction</span><span class="p">)</span> <span class="k">return</span> <span class="n">tx_hash</span><span class="p">.</span><span class="nf">hex</span><span class="p">()</span> </code></pre> </div> <p>In a real deployment this worker would run inside:</p> <ul> <li>a secure enclave</li> <li>confidential compute environment</li> </ul> <p>It:</p> <ul> <li>computes the AI score</li> <li>signs it</li> <li>sends a transaction on-chain</li> </ul> <h2> Example AI Model </h2> <p>A simplified scoring function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span> <span class="k">def</span> <span class="nf">normalize</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="n">max_value</span><span class="p">):</span> <span class="k">return</span> <span class="nf">min</span><span class="p">(</span><span class="n">value</span> <span class="o">/</span> <span class="n">max_value</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">def</span> <span class="nf">predict_score</span><span class="p">(</span><span class="n">data</span><span class="p">):</span> <span class="n">income</span> <span class="o">=</span> <span class="nf">normalize</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">income</span><span class="sh">"</span><span class="p">],</span> <span class="mi">100000</span><span class="p">)</span> <span class="n">debt</span> <span class="o">=</span> <span class="nf">normalize</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">debt</span><span class="sh">"</span><span class="p">],</span> <span class="mi">50000</span><span class="p">)</span> <span class="n">history</span> <span class="o">=</span> <span class="nf">normalize</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">history</span><span class="sh">"</span><span class="p">],</span> <span class="mi">10</span><span class="p">)</span> <span class="n">score</span> <span class="o">=</span> <span class="p">(</span> <span class="n">income</span> <span class="o">*</span> <span class="mf">0.5</span> <span class="o">-</span> <span class="n">debt</span> <span class="o">*</span> <span class="mf">0.3</span> <span class="o">+</span> <span class="n">history</span> <span class="o">*</span> <span class="mf">0.2</span> <span class="p">)</span> <span class="n">score</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span><span class="n">score</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="k">return</span> <span class="nf">int</span><span class="p">(</span><span class="n">score</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> </code></pre> </div> <p>It does some real feature normalization and gives realistic scoring output</p> <p>In production you could replace this with:</p> <ul> <li>XGBoost</li> <li>LightGBM</li> <li>neural networks</li> </ul> <h2> Deployment </h2> <p>Install development tools<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> hardhat </code></pre> </div> <p>Configure Sapphire network<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">networks</span><span class="p">:</span> <span class="p">{</span> <span class="nl">sapphire</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://sapphire.oasis.io</span><span class="dl">"</span><span class="p">,</span> <span class="na">chainId</span><span class="p">:</span> <span class="mi">23294</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Deploy contract<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx hardhat run scripts/deploy.js <span class="nt">--network</span> sapphire </code></pre> </div> <h2> End-to-End Flow </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User submits encrypted data | v Oracle decrypts inside secure compute | v AI model runs prediction | v Oracle signs result | v Smart contract stores score </code></pre> </div> <h2> Why This Architecture Is Powerful </h2> <p>Without privacy infrastructure, AI + blockchain rarely works because:</p> <ul> <li>training data is private</li> <li>models are proprietary</li> <li>inputs contain sensitive information</li> </ul> <p>Using confidential runtimes on Oasis Network enables a new class of applications:</p> <ul> <li>private DeFi analytics</li> <li>confidential AI marketplaces</li> <li>encrypted healthcare ML</li> <li>secure financial scoring</li> </ul> <h2> Possible next additions </h2> <p>Possible extensions to this project:</p> <ul> <li>add zero-knowledge proofs for inference</li> <li>build a data marketplace</li> <li>enable federated learning</li> <li>create private trading signals</li> </ul> <h2> Conclusion </h2> <p>The combination of blockchain verification and confidential computation unlocks entirely new types of applications.</p> <p>With runtimes like Sapphire ParaTime on the Oasis Network, developers can build systems where:</p> <ul> <li>data remains private</li> <li>computation is verifiable</li> <li>results are trustless</li> </ul> <p>This opens the door to privacy-first AI in Web3.</p> ai blockchain privacy tutorial Building a Cross-Chain Confidential "Trust Score Oracle" with Oasis Sapphire + OPL + ROFL rayQu Sun, 22 Feb 2026 08:15:46 +0000 https://forem.com/rollingindo/building-a-cross-chain-confidential-trust-score-oracle-with-oasis-sapphire-opl-rofl-39n8 https://forem.com/rollingindo/building-a-cross-chain-confidential-trust-score-oracle-with-oasis-sapphire-opl-rofl-39n8 <p>This tutorial shows how to add privacy + verifiable off-chain compute to any EVM dApp by combining:</p> <ul> <li>Sapphire: Oasis’ confidential EVM (encrypted calldata + confidential contract state).</li> <li>OPL (Oasis Privacy Layer): message bridge pattern to “bolt privacy onto” existing EVM apps by offloading sensitive logic to Sapphire.</li> <li>ROFL (Runtime Off-Chain Logic): a TEE-managed app runtime (containers or single binaries) with secrets stored via built-in KMS and on-chain management through Sapphire.</li> </ul> <h2> Real use case </h2> <p>You run a lending/access-control dApp on a Home chain (Ethereum/L2). You want a wallet "Trust Score" derived from sensitive signals:</p> <ul> <li>private allowlists (KYC provider, internal risk flags),</li> <li>off-chain identity reputation (GitHub activity, paid subscription, enterprise customer),</li> <li>model inference results (fraud classifier).</li> </ul> <p>You don’t want to leak:</p> <ul> <li>raw signals,</li> <li>model features,</li> <li>user identity mappings,</li> <li>or scoring logic.</li> </ul> <p>Design goal:<br> Home chain contract gets a public, verifiable decision (e.g., score bucket/allow/deny/rate tier) while sensitive scoring happens privately and verifiably.</p> <h2> Architecture </h2> <p><strong>High-level diagram</strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzrg6fopnb48s2t90ccej.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzrg6fopnb48s2t90ccej.png" alt=" " width="800" height="250"></a></p> <p><strong>What each piece does:</strong></p> <ul> <li> <strong>Home chain contract</strong>: minimal "public" state, accepts final decision and enforces it.</li> <li> <strong>Sapphire contract</strong> (the enclave): holds private state (scores, salts, user-to-signal mappings), verifies authorized sources, emits public commitments only.</li> <li> <strong>ROFL app</strong>: runs your scoring code in a TEE; keeps API keys/model weights/feature rules in ROFL secrets; posts updates on-chain.</li> </ul> <p>ROFL apps are explicitly designed to run in TEEs and be managed via Sapphire, with built-in secrets support.</p> <h2> Repo blueprint </h2> <p>Monorepo layout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>oasis-trustscore-oracle/ README.md .env.example contracts/ hardhat.config.ts package.json contracts/ HomeHost.sol SapphireEnclave.sol scripts/ deploy-home.ts deploy-sapphire.ts link-endpoints.ts tasks/ send-opl-message.ts rofl/ compose.yaml rofl.yaml app/ Dockerfile requirements.txt main.py scorer.py signals.py diagrams/ architecture.mmd sequence.mmd </code></pre> </div> <h2> Networks &amp; prerequisites </h2> <p><strong>Sapphire Testnet settings (for dev)</strong></p> <p>From Oasis docs, Sapphire Testnet:</p> <ul> <li>RPC: <a href="https://testnet.sapphire.oasis.io" rel="noopener noreferrer">https://testnet.sapphire.oasis.io</a> </li> <li>Chain ID (decimal): 23295</li> <li>WSS: wss://testnet.sapphire.oasis.io/ws</li> </ul> <p>You’ll also want the Sapphire wrapper for encrypted transactions (TS wrapper / ethers v6 wrapper).</p> <p><strong>ROFL prerequisites</strong></p> <p>ROFL quickstart expects:</p> <ul> <li>a containerized app (OCI image),</li> <li>Oasis CLI (latest),</li> <li>testnet tokens from the faucet</li> </ul> <h2> Step 1 - Smart contracts: Home chain + Sapphire enclave </h2> <p><strong>1A) SapphireEnclave.sol (runs confidentially)</strong></p> <p>This contract runs on Sapphire and receives cross-chain requests via OPL. It:</p> <ul> <li>stores scores privately,</li> <li>accepts updates from ROFL,</li> <li>sends a public decision back to Home chain.</li> </ul> <p>Minimal skeleton based on the official OPL SDK pattern (Enclave + endpoints)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// contracts/contracts/SapphireEnclave.sol // SPDX-License-Identifier: MIT pragma solidity ^0.8.24; import {Enclave, Result, autoswitch} from "@oasisprotocol/sapphire-contracts/contracts/OPL.sol"; contract SapphireEnclave is Enclave { // Private by design on Sapphire: state + calldata are confidential. mapping(address =&gt; uint256) private score; // example: 0..100 // Optional: authorize a ROFL app address (or a set of them). address public roflUpdater; constructor(address homeContract, string memory homeChain) Enclave(homeContract, autoswitch(homeChain)) { registerEndpoint("requestScore", onRequestScore); } function setRoflUpdater(address _rofl) external { // replace with proper access control for real deployments roflUpdater = _rofl; } // ROFL posts score updates (confidential write). function updateScore(address user, uint256 newScore) external returns (bool) { require(msg.sender == roflUpdater, "not authorized"); score[user] = newScore; return true; } // OPL endpoint: called when Home chain requests a score decision. function onRequestScore(bytes calldata args) internal returns (Result) { address user = abi.decode(args, (address)); uint256 s = score[user]; // Only return a coarse bucket publicly (avoid leaking exact score). uint8 bucket = s &gt;= 80 ? 3 : s &gt;= 50 ? 2 : s &gt;= 20 ? 1 : 0; // Send decision back to Home chain (publicly observable). postMessage("scoreDecision", abi.encode(user, bucket)); return Result.Success; } } </code></pre> </div> <p>Why this works:</p> <ul> <li>Sapphire is an EVM ParaTime built for confidential computation.</li> <li>OPL uses message bridges so your Home chain can trigger private computation on Sapphire.</li> </ul> <p><strong>1B) HomeHost.sol (your existing dApp stays here)</strong><br> Based on official OPL Host pattern.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// contracts/contracts/HomeHost.sol // SPDX-License-Identifier: MIT pragma solidity ^0.8.24; import {Host, Result} from "@oasisprotocol/sapphire-contracts/contracts/OPL.sol"; contract HomeHost is Host { mapping(address =&gt; uint8) public lastBucket; constructor(address sapphireContract) Host(sapphireContract) { registerEndpoint("scoreDecision", onScoreDecision); } // User or app requests a score check. function requestScore(address user) external payable { postMessage("requestScore", abi.encode(user)); } // Called by OPL bridge after Sapphire computed the decision. function onScoreDecision(bytes calldata args) internal returns (Result) { (address user, uint8 bucket) = abi.decode(args, (address, uint8)); lastBucket[user] = bucket; return Result.Success; } function canBorrow(address user) external view returns (bool) { return lastBucket[user] &gt;= 2; } } </code></pre> </div> <h2> Step 2 - Hardhat setup (with Sapphire encryption) </h2> <p>Install the OPL/Sapphire contracts library and Sapphire tooling:</p> <ul> <li>OPL SDK lives in @oasisprotocol/sapphire-contracts.</li> <li>Sapphire wrapper guidance (TypeScript wrapper / ethers wrapper).</li> </ul> <p>Your <strong>hardhat.config.ts</strong> should include:</p> <ul> <li>Home chain network (your choice),</li> <li>Sapphire testnet using the official RPC and chain id</li> </ul> <p>Example network params:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// contracts/hardhat.config.ts (snippet) networks: { sapphire_testnet: { url: "https://testnet.sapphire.oasis.io", chainId: 23295, accounts: [process.env.PRIVATE_KEY!], }, // home: { ... } // e.g. sepolia/arbitrum etc. } </code></pre> </div> <h2> Step 3 - Link OPL endpoints (the "wiring") </h2> <p>OPL requires that each side knows the other side and which endpoints exist (1–1 paired contracts).</p> <p>In your scripts:</p> <ul> <li>deploy SapphireEnclave on Sapphire</li> <li>deploy HomeHost on Home chain</li> <li>set each other’s address + register endpoints appropriately</li> </ul> <p>(Exactly how you do step (3) depends on your preferred OPL bridge route; the docs list multiple integration methods, including OPL SDK wrapper around Celer IM.)</p> <h2> Step 4 - ROFL app: compute score inside a TEE and push to Sapphire </h2> <p>ROFL gives you:</p> <ul> <li>TEE execution (SGX/TDX)</li> <li>app lifecycle managed via Oasis</li> <li>built-in secrets stored on-chain and injected securely</li> <li>ability to sign and submit special transactions back to Sapphire</li> </ul> <p>ROFL gives you:</p> <ul> <li>TEE execution (SGX/TDX)</li> <li>app lifecycle managed via Oasis</li> <li>built-in secrets stored on-chain and injected securely</li> <li>ability to sign and submit special transactions back to Sapphire</li> </ul> <p><strong>4A) ROFL app code (Python example)</strong><br> rofl/app/main.py:</p> <ul> <li>loads secrets (API keys)</li> <li>fetches signals</li> <li>runs scoring</li> <li>calls updateScore(user, score) on Sapphire </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># rofl/app/main.py import os import time from web3 import Web3 SAPPHIRE_RPC = os.environ["SAPPHIRE_RPC"] ENCLAVE_ADDR = Web3.to_checksum_address(os.environ["ENCLAVE_ADDR"]) ROFL_SIGNER_KEY = os.environ["ROFL_SIGNER_KEY"] # stored as ROFL secret ABI = [...] # contract ABI for updateScore w3 = Web3(Web3.HTTPProvider(SAPPHIRE_RPC)) acct = w3.eth.account.from_key(ROFL_SIGNER_KEY) enclave = w3.eth.contract(address=ENCLAVE_ADDR, abi=ABI) def compute_score(user: str) -&gt; int: # pull private signals using secrets (tokens), then score # keep it deterministic if you want auditability return 82 def submit_score(user: str, s: int): tx = enclave.functions.updateScore(Web3.to_checksum_address(user), s).build_transaction({ "from": acct.address, "nonce": w3.eth.get_transaction_count(acct.address), "gas": 500_000, }) signed = acct.sign_transaction(tx) return w3.eth.send_raw_transaction(signed.rawTransaction) def main(): users = os.environ["USERS"].split(",") while True: for u in users: s = compute_score(u) txh = submit_score(u, s) print("updated", u, s, txh.hex()) time.sleep(60) if __name__ == "__main__": main() </code></pre> </div> <p><strong>4B) Containerize + ROFLize</strong></p> <p>ROFL quickstart is literally the flow:</p> <ol> <li>oasis rofl init</li> <li>oasis rofl create --network testnet</li> <li>oasis rofl build </li> <li>oasis rofl secret set ...</li> <li>oasis rofl update</li> <li>oasis rofl deploy</li> </ol> <p>Example secrets:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># inside rofl/ echo -n "0xYOUR_SIGNER_KEY" | oasis rofl secret set ROFL_SIGNER_KEY - echo -n "https://testnet.sapphire.oasis.io" | oasis rofl secret set SAPPHIRE_RPC - echo -n "0xYourEnclaveAddress" | oasis rofl secret set ENCLAVE_ADDR - </code></pre> </div> <p>ROFL secrets are explicitly supported and meant for sensitive env vars like API keys.</p> <h2> Sequence diagram (end-to-end) </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frv67pfn3fo40rlsbioam.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frv67pfn3fo40rlsbioam.png" alt=" " width="800" height="326"></a></p> <p>This is the core pattern: public app stays on its chain, sensitive logic runs confidentially, and you only export a minimal decision.</p> <h2> Threat model notes </h2> <ul> <li>Don’t export raw scores: export buckets, booleans, or commitments.</li> <li>Secrets: keep API keys/model access tokens in ROFL secrets (not in Docker image).</li> <li>RPC trust: Oasis docs explicitly warn RPC endpoints are a trust point (rate limits, censorship, MITM); run your own if your security bar is high.</li> <li>Testnet disclaimer: Sapphire testnet confidentiality is not guaranteed and state may be wiped; treat it as public.</li> </ul> <h2> Sources </h2> <ul> <li><a href="https://docs.oasis.io/build/sapphire/" rel="noopener noreferrer">Sapphire overview + dev entrypoint</a></li> <li><a href="https://docs.oasis.io/build/sapphire/network/" rel="noopener noreferrer">Sapphire network info (RPC + chain IDs)</a></li> <li><a href="https://docs.oasis.io/build/opl/" rel="noopener noreferrer">OPL overview + message bridge options</a></li> <li><a href="https://docs.oasis.io/build/opl/opl-sdk/" rel="noopener noreferrer">OPL SDK contract examples (Enclave/Host, endpoints, postMessage)</a></li> <li><a href="https://docs.oasis.io/build/rofl/" rel="noopener noreferrer">ROFL overview + quickstart steps + workflow</a></li> </ul> blockchain confidentiality privacy web3 Building a Confidential Web3 Application with Oasis rayQu Thu, 19 Feb 2026 09:17:40 +0000 https://forem.com/rollingindo/building-a-confidential-web3-application-with-oasis-5c27 https://forem.com/rollingindo/building-a-confidential-web3-application-with-oasis-5c27 <h2> The Problem </h2> <p>Web3 applications increasingly need reputation, risk scoring, and trust signals.</p> <p>However, current solutions have a major issue:</p> <p>• Reputation systems expose user data publicly<br> • Credit/risk models require sending sensitive data to centralized servers<br> • Wallet analytics often reveal full transaction history<br> • AI scoring pipelines break user privacy</p> <p>This creates a trade-off between <strong>useful intelligence</strong> and <strong>data confidentiality</strong>.</p> <p>The goal of this project was to remove that trade-off.</p> <h2> PrivateAI Oracle </h2> <p>A privacy-preserving trust scoring system that:</p> <ol> <li>Collects wallet or activity signals</li> <li>Runs an AI-based trust evaluation off-chain</li> <li>Produces a verifiable score</li> <li>Stores proof/commitment on Oasis confidential smart contracts</li> </ol> <p>The system allows applications to query a user's trust score <strong>without revealing the underlying private data used to compute it</strong>.</p> <h2> Why Oasis Network </h2> <p>This architecture relies on Oasis confidential computing features.</p> <p>Using <strong>Sapphire (confidential EVM runtime)</strong>:</p> <ul> <li>Sensitive inputs remain encrypted</li> <li>Smart contract state is confidential when required</li> <li>Only final outputs are selectively revealed</li> </ul> <p>This makes Oasis ideal for AI + blockchain workflows involving private datasets.</p> <p>Traditional public chains would expose:</p> <ul> <li>model inputs</li> <li>intermediate scoring logic</li> <li>sensitive user metadata</li> </ul> <p>Oasis prevents this.</p> <h2> Architecture </h2> <p>The system consists of three main components:</p> <h3> Data Collection Layer </h3> <p>Collects public or permissioned signals such as:</p> <ul> <li>wallet activity patterns</li> <li>GitHub contribution signals</li> <li>behavioral indicators</li> </ul> <p>Only necessary features are extracted.</p> <h3> Off-Chain AI Inference Engine </h3> <p>A machine learning model computes:</p> <ul> <li>a normalized trust score</li> <li>optional confidence level</li> </ul> <p>The raw feature data never needs to be publicly stored on-chain.</p> <h3> Oasis Confidential Smart Contract </h3> <p>The contract:</p> <ul> <li>receives a signed result</li> <li>records a commitment hash</li> <li>allows verification of authenticity</li> <li>exposes only the final trust score</li> </ul> <p>This preserves verifiability while protecting user privacy.</p> <h2> What This Enables </h2> <p>PrivateAI Oracle can be used for:</p> <ul> <li>DeFi borrower trust scoring without exposing full history</li> <li>DAO contributor reputation without revealing private activity</li> <li>sybil-resistant onboarding systems</li> <li>Privacy-preserving AI reputation layers</li> <li>Secure Web3 identity primitives</li> </ul> <h2> Technical Takeaways </h2> <p>During development, several important lessons emerged:</p> <ul> <li>Confidential smart contracts change how data pipelines must be designed</li> <li>AI outputs should be treated as attestations, not raw datasets</li> <li>Privacy must be built into architecture, not added later</li> <li>Hybrid off-chain compute + on-chain proof is extremely powerful</li> </ul> <h2> Results </h2> <p>The final prototype demonstrates:</p> <ul> <li>End-to-end confidential trust scoring</li> <li>AI inference integrated with Oasis smart contracts</li> <li>Selective transparency (score visible, data hidden)</li> <li>Practical architecture for privacy-preserving Web3 intelligence</li> </ul> <h2> Future Implementations that could help </h2> <ul> <li>Zero-knowledge proof integration for stronger verification</li> <li>Multi-model scoring pipelines</li> <li>public demo UI</li> <li>Integration with lending or DAO onboarding flows</li> </ul> <p>Web3 does not just need decentralization.</p> <p>It needs <strong>private, verifiable intelligence</strong>.</p> <p>PrivateAI Oracle explores how Oasis confidential computing can enable exactly that.</p> ethics networksec news tools Confidential Smart Contracts with Oasis Sapphire rayQu Mon, 16 Feb 2026 08:01:37 +0000 https://forem.com/rollingindo/confidential-smart-contracts-with-oasis-sapphire-4nk2 https://forem.com/rollingindo/confidential-smart-contracts-with-oasis-sapphire-4nk2 <p>Many Web3 apps still face the same structural problem. Public blockchains are transparent by default, which is great for verification but terrible for anything that requires secrecy, protected data, or private logic. Auctions leak bids, games leak strategy, AI agents leak prompts, and business workflows leak sensitive inputs.</p> <p>Oasis Network addresses this by adding a confidential execution layer to the familiar EVM model.</p> <h2> What Oasis does differently </h2> <p>Oasis separates consensus from execution and allows specialized runtimes called ParaTimes. One of these runtimes, Sapphire, is a confidential EVM designed for privacy preserving smart contracts.</p> <p>Developers still write Solidity. They still use <strong>Hardhat **or **Foundry</strong>. Deployment feels like any other EVM chain.</p> <p>The key difference is that contract state, calldata, and execution are encrypted and processed inside trusted execution environments. Validators cannot read plaintext inputs or storage.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg5sppwizoy4avqpp3z09.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg5sppwizoy4avqpp3z09.png" alt=" " width="800" height="450"></a></p> <p>This turns privacy from an application level workaround into a native runtime feature.</p> <h2> Why this matters in practice </h2> <p>Confidential execution unlocks use cases that are fragile or impossible on fully public chains:</p> <ul> <li>Sealed bid auctions where bids stay hidden until reveal</li> <li>Onchain games with hidden state</li> <li>Private DAO voting with verifiable results</li> <li>AI agents whose strategies and prompts must remain secret</li> <li>Enterprise workflows that need verifiable execution without exposing documents</li> </ul> <p>Instead of trying to hide data offchain and only posting final results, the sensitive logic itself can run onchain while remaining confidential.</p> <h2> Dev experience </h2> <p>One of the strongest points is that Sapphire does not require learning a new programming language or cryptographic framework.</p> <p>A normal Solidity contract like a counter or registry becomes confidential automatically when deployed to Sapphire. Private variables are not just compiler hints. Storage and transaction inputs are encrypted at runtime.</p> <p>A typical workflow looks like:</p> <ul> <li>Configure Sapphire RPC in MetaMask</li> <li>Fund wallet via the testnet faucet</li> <li>Create a standard Hardhat project</li> <li>Install the Sapphire helper plugin</li> <li>Deploy Solidity contracts normally</li> </ul> <p>From there, transaction calldata is encrypted locally and only decrypted inside the runtime.</p> <h2> Positioning in the ecosystem </h2> <p><a href="https://oasisprotocol.org/blog" rel="noopener noreferrer">Oasis</a> works well as a confidential coprocessor rather than a replacement chain.</p> <p>Public settlement, liquidity, and composability can remain on Ethereum or L2s. Sensitive computation, private registries, hidden metadata, or sealed commitments can run on Sapphire. Results can then be bridged or proven back to public chains.</p> <p>This hybrid model lets builders keep transparency where they want it and add privacy where they need it.</p> <h2> Current direction </h2> <p>The Oasis ecosystem is increasingly focused on privacy for AI, data marketplaces, and confidential DeFi. Sapphire is already live and usable today, which makes it one of the few production confidential EVM environments rather than a research concept.</p> <p>For developers who already know Solidity, the barrier to testing confidential smart contracts is extremely low.</p> <p>Curious to hear from builders here. have you actually ran into situations where onchain transparency broke your design? And what would you build first if private execution was available by default?</p> confidentiality privacy Attestation Is Not Enough: Why TEEs Need On-Chain Trust rayQu Sun, 18 Jan 2026 12:07:45 +0000 https://forem.com/rollingindo/attestation-is-not-enough-why-tees-need-on-chain-trust-2k48 https://forem.com/rollingindo/attestation-is-not-enough-why-tees-need-on-chain-trust-2k48 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv14bop2zxn2hdu6l14h4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv14bop2zxn2hdu6l14h4.png" alt=" " width="800" height="450"></a></p> <p>Trusted Execution Environments (TEEs) are getting a lot of hype in Web3, and for good reason. They enable <strong>confidential smart contracts</strong>, <strong>private off-chain agents</strong>, and a new class of trust-minimized applications. But as Oasis Network’s recent blog explains, <strong>remote attestation alone doesn’t give you real trust</strong>. </p> <h2> What Remote Attestation <em>Actually</em> Proves </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0vu9y98x6dy1k77fz1ii.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0vu9y98x6dy1k77fz1ii.png" alt=" " width="800" height="376"></a></p> <p>Remote attestation gives you a signed quote from hardware that:</p> <ul> <li>A specific binary ran</li> <li>On specific hardware</li> <li>At a specific point in time</li> </ul> <p>Sounds solid … until you realize it <em>only proves a snapshot</em>. It doesn’t tell you anything about:</p> <ul> <li>Whether the quote is <strong>fresh</strong> </li> <li>Whether the enclave used the <strong>latest state</strong> </li> <li>Who is <em>actually</em> running it </li> <li>Whether the code you audited is the exact code that was deployed </li> </ul> <p>And that’s why raw attestations on their own become <strong>verification theater</strong>, offloading complex crypto-hardware responsibilities onto users who aren’t security researchers.</p> <h2> The Critical Gaps </h2> <p>Even a "valid" attestation doesn’t automatically guarantee:</p> <ul> <li> <strong>Freshness &amp; Liveness</strong> - A stale but valid attestation can be reused</li> <li> <strong>State Continuity &amp; Anti-Rollback</strong> - Old state can be replayed</li> <li> <strong>Operator Accountability</strong> - Attestations don’t tell you <em>who</em> controls the enclave</li> <li> <strong>TCB Governance</strong> - Hardware vendors define threat models; users might demand stricter policies</li> <li> <strong>Code Provenance</strong> - You still need reproducible builds and verifiable binaries</li> </ul> <p>Simply put: <strong>attestation ≠ trust</strong> if you leave these holes unaddressed. </p> <h2> Turning TEEs into Trust Systems </h2> <p>So how do you fix this?</p> <p>Instead of expecting every user to parse raw hardware quotes, Oasis proposes treating <strong>consensus as the verifier</strong>. A fault-tolerant network of stake-bearing validators:</p> <ol> <li>Collects attestations + verification evidence</li> <li>Verifies TCB, freshness, policies, upgrade history</li> <li>Agrees on validity via BFT consensus</li> <li>Publishes a simple <strong>on-chain verification state</strong> </li> </ol> <p>Now users don’t need to parse multi-kilobyte attestation blobs or know Intel/AMD internals, they simply verify a consensus signed proof.</p> <h2> Why This Matters?? </h2> <p>This architecture transforms TEEs from:</p> <p>🔹 isolated hardware boxes<br><br> into<br><br> 🔹 integrated, verifiable components<br><br> within a larger trust system</p> <p>full thread can be read through Oasis official blog, <a href="https://oasis.net/blog/tee-attestation-is-not-enough" rel="noopener noreferrer">here</a>!</p> cryptocurrency web3 privacy blockchain Oasis in 2025: A Shift Toward Verifiable Off-Chain Compute rayQu Tue, 13 Jan 2026 10:36:30 +0000 https://forem.com/rollingindo/oasis-in-2025-a-shift-toward-verifiable-off-chain-compute-159k https://forem.com/rollingindo/oasis-in-2025-a-shift-toward-verifiable-off-chain-compute-159k <p>2025 didn’t bring a single “killer app” moment for crypto, but it did bring something more important: infrastructure getting real.</p> <p>One of the most underappreciated shifts this year was how Oasis positioned itself as a practical bridge between on-chain systems and real-world compute.</p> <p>This post is a short recap of why <a href="https://oasis.net/" rel="noopener noreferrer">Oasis</a> mattered in 2025, especially for devs building beyond toy smart contracts.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fufuxx9d64lorgsmfr70x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fufuxx9d64lorgsmfr70x.png" alt=" " width="800" height="384"></a></p> <h2> The Problem We Finally Stopped Ignoring </h2> <p>Smart contracts are:</p> <ul> <li>Transparent</li> <li>Deterministic</li> <li>Verifiable</li> </ul> <p>But also:</p> <ul> <li>Slow</li> <li>Expensive</li> <li>Terrible at handling private data or complex logic</li> </ul> <p>Most serious protocols already rely on off-chain systems (AWS, GCP, custom infra), but those systems are:</p> <ul> <li>Opaque</li> <li>Centralized</li> <li>Impossible to verify on-chain</li> </ul> <p>2025 was the year projects stopped pretending this tradeoff didn’t exist.</p> <h2> Oasis’ Core Bet: Trusted Execution Environments (TEEs) </h2> <p>Oasis doubled down on TEE-based compute, enabling:</p> <ul> <li>Off-chain execution</li> <li>With hardware-level confidentiality</li> <li>And cryptographic attestations</li> <li>Verifiable by on-chain logic</li> </ul> <p>This isn’t theoretical privacy, it’s auditable execution.</p> <p>You don’t “<em>trust the operator</em>”.<br> You verify what code ran, where it ran, and what it produced.</p> <h2> ROFL: A Decentralized TEE Cloud (Not Just a Whitepaper) </h2> <p>ROFL (Runtime Off-chain Logic Framework) became one of the most important and misunderstood pieces of Oasis' stack.</p> <p>What it actually enables:</p> <ul> <li>Deterministic off-chain execution</li> <li>Across a decentralized set of TEE nodes</li> <li>With outputs posted on-chain</li> <li>And reproducible verification guarantees</li> </ul> <p>In practice, this means you can:</p> <ul> <li>Run risk engines</li> <li>Pricing models</li> <li>ML inference</li> <li>Fraud detection</li> <li>Private analytics</li> </ul> <p>…without exposing data or logic, and without blindly trusting AWS.</p> <h2> Why Real Projects Started Paying Attention </h2> <p>The big signal in 2025 wasn’t marketing, it was adoption by protocols with real risk.</p> <p>Using Oasis + ROFL allowed teams to:</p> <ul> <li>Keep existing infra</li> <li>Add verifiability instead of rewriting everything</li> <li>Gradually decentralize trust, not functionality</li> </ul> <p>This hybrid model (centralized performance + decentralized verification) is likely how most production crypto systems will evolve.</p> <h2> What This Means for Devs </h2> <p>If you’re building in 2026+, Oasis makes sense when you need:</p> <ul> <li>Private state</li> <li>Complex logic</li> <li>Off-chain performance</li> <li>On-chain trust guarantees</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnwukxfvu73f3vx384lmf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnwukxfvu73f3vx384lmf.png" alt=" " width="800" height="296"></a></p> <p>You don’t replace your backend. You prove it.</p> <p>That’s the mental shift Oasis helped normalize in 2025.</p> <p>Oasis didn’t try to “replace Ethereum”.<br> It didn’t chase memes.<br> It didn’t promise magic scalability.</p> <p>Instead, it focused on something harder: <br> <strong>Making off-chain compute verifiable.</strong></p> <p>And that’s exactly the kind of boring, foundational work that ends up shaping the next wave of adoption.</p> privacy web3 blockchain cryptocurrency Oasis for Developers: an underrated EVM for privacy-first dApps rayQu Sun, 11 Jan 2026 10:21:51 +0000 https://forem.com/rollingindo/oasis-for-developers-an-underrated-evm-for-privacy-first-dapps-9if https://forem.com/rollingindo/oasis-for-developers-an-underrated-evm-for-privacy-first-dapps-9if <p>If you’re building in Web3 and everything starts to feel like:</p> <ul> <li>MEV everywhere</li> <li>Front-running by default</li> <li>Sensitive logic exposed in calldata</li> </ul> <p>…it might be time to look at <a href="https://oasis.net/sapphire" rel="noopener noreferrer">Oasis Sapphire</a>.</p> <p><a href="https://www.youtube.com/watch?v=LDLz06X_KNY" rel="noopener noreferrer">https://www.youtube.com/watch?v=LDLz06X_KNY</a></p> <h2> What Oasis actually is </h2> <ul> <li>Oasis is a Layer 1 with a modular architecture</li> <li>Sapphire is an EVM-compatible ParaTime (smart contract runtime)</li> <li>You deploy Solidity contracts almost exactly like Ethereum</li> </ul> <h2> What makes it different </h2> <ul> <li>Confidential EVM execution</li> <li>Contract state, inputs, and internal logic can be encrypted</li> <li>Data is only visible inside the secure runtime (TEE-backed)</li> </ul> <p>This isn’t “privacy by obfuscation”. It’s enforced at execution level.</p> <h2> Why this matters for devs </h2> <ul> <li>Protect MEV strategies (arbs, liquidations, auctions)</li> <li>Build sealed-bid auctions without commit–reveal hacks</li> <li>Hide sensitive parameters (fees, thresholds, allowlists)</li> <li>Reduce attack surface from calldata-based exploits</li> </ul> <h2> Dev experience </h2> <ul> <li>Solidity + standard tooling (Foundry, Hardhat)</li> <li>Minimal changes to existing contracts</li> <li>No custom rollup infra, no sequencers to manage</li> <li>Deploy like an app, not like an infrastructure company</li> </ul> <h2> When Oasis makes sense </h2> <ul> <li>DeFi protocols with strategy logic</li> <li>Account abstraction / paymaster logic</li> <li>Games with hidden state</li> <li>Governance or voting systems</li> <li>Any app where “everything public” is a liability</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fedeet6so8ye5idq7hmer.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fedeet6so8ye5idq7hmer.png" alt=" " width="800" height="315"></a></p> <h2> Trade-offs (being honest) </h2> <ul> <li>Smaller ecosystem than Ethereum L2s</li> <li>You need to design with confidentiality in mind</li> <li>Not every app needs privacy, obviously.. but when you do, it’s hard to fake</li> </ul> <p>If Ethereum L2s optimize for throughput, Oasis optimizes for who gets to see what. And that’s a powerful primitive most stacks still don’t have.</p> solidity cryptocurrency blockchain privacy