4.6.3 Foreign Parachain Private Transactions Sidechain

The previous demos used a single L1 blockchain, the Integritee Network. But what if you'd like to deploy a sidechain on the Polkadot AssetHub and provide private transactions of DOT and all other assets? We have demonstrated such a system in this video with high level explanations and a UI mock. This tutorial lets you reproduce that demo.

We will

  1. launch a rococo-local relaychain with two parachains using zombienet: 2. parachain 1 is Integritee Network with TEER as its native token where our SCV registers their enclaves and finalize sidechain blocks 3. parachain 2 is any substrate based chain using frame with the balances pallet. Let this be the AssetHub with DOT as its native token.
  2. launch a sidechain with a single validateer (SCV)
  3. shield DOT from AssetHub to Sidechain
  4. transfer DOT privately on sidechain
  5. unshield DOT back to AssetHub

Setup

We will launch the chains on a linux host and run the sidechain in a docker environment emulating Intel SGX so that you don't need any specific hardware to follow this tutorial.

Please follow our explanations to

  1. Set up dev environment
  2. Install Zombienet on host
  3. build polkadot and parachains binaries. check our zombienet spec to see where each binary is expected to be located

Launch Relay- and Parachains

On the host, run 

zombienet-linux-x64 spawn --provider native zombienet/rococo-local-with-privacy-sidechain-demo-setup.toml

You can now use js/apps or other frontends to watch chain activity for

  • Integritee Network at port 9944
  • AssetHub at port 9954

Launch sidechain

Inside docker, open two consoles with tmux -u and launch one sidechain validateer:

./integritee-service -c -u ws://172.17.0.1 --target-a-parentchain-rpc-url ws://172.17.0.1 --target-a-parentchain-rpc-port 9954 run --skip-ra --dev

wait until you see a ProxyAdded event on Integritee Network

should you wish to add a second validateer to make it more realistic, add another console and run

./integritee-service -u ws://172.17.0.1 --target-a-parentchain-rpc-url ws://172.17.0.1 --target-a-parentchain-rpc-port 9954 -r 3444 -P 2100 -h 2110 -w 2101 -i 8788 -c -d /tmp/worker2 run --skip-ra --dev

Perform Private Transactions on the Sidechain

in the second terminal we will perform wallet actions:

for readability, let's define a few aliases and prepare accounts

alias integritee="../target/release/integritee-cli -u ws://172.17.0.1"
alias assethub="../target/release/integritee-cli -u ws://172.17.0.1 -p 9954"
read MRENCLAVE <<< $(integritee list-workers | awk '/  MRENCLAVE: / { print $2; exit }')
alias incognitee="../target/release/integritee-cli -u ws://172.17.0.1 trusted --mrenclave $MRENCLAVE"
assethub transfer //Alice //Laura 100000000000000
incognitee get-shard-vault
read VAULT <<< $(incognitee get-shard-vault)

then you can reproduce our entire demo with the following commands:

assethub balance //Laura
incognitee balance //Laura
incognitee get-shard-vault
assethub transfer //Laura $VAULT 50000000000000
assethub balance //Laura
incognitee balance //Laura 

incognitee balance //Julian
incognitee --direct transfer //Laura //Julian 10000000000000
incognitee balance //Laura
incognitee balance //Julian

assethub balance //Edward
incognitee --direct unshield-funds //Julian //Edward 9000000000000
assethub balance //Edward
incognitee balance //Julian

More Logs Please

You can play with log levels to get more insight into what's happening. For worker and cli, use 

RUST_LOG=info,substrate_api_client=warn,ws=warn,mio=warn,ac_node_api=warn,sp_io=warn,tungstenite=warn

of course, you can go down to debug or even trace as default log level. For production deployments, logs from the enclave will be disabled to avoid data leaks.