How to Build with Multi-Proof
Last updated
Last updated
COPYRIGHT © 2024 PHALA.LTD ALL RIGHTS RESERVED. May Phala be with you!
We have JS Runtime custom-built based on QuickJS. JavaScript code can be deployed to Phala TEE workers. We have engineered a WASM virtual machine called Wapo based on wasmtime, to facilitate its execution in SGX with the Gramine SDK.
Before we dive into the steps, here is a brief explanation of why you can simply write JavaScript code to generate TEE proof and run it inside a TEE environment:
We provide WASM virtual machine as underlying infrastructure to run WASM smart contract in TEE environment, we integrated QuickJS, which is a small and embeddable JavaScript engine. The QuickJS engine was compiled to a WASM binary and run in WASM virtual machine, when you submit your Javascript code, it will actually run in QuickJS engine, and essentially run it in a TEE environment. We exported bunch of useful data from Rust SDK that you can use in JS SDK by inject those data into customer's Javascript code when it being execute, one of them is the private key derived from Rust smart contract engine which you can use sign data.
Now, let's break down step by step to see how you can generate a TEE-proof with JavaScript:
To make the whole progress as easy as possible, we have built a CLI called jtee to help user create and run JavaScript project on Phala TEE workers.
We haven published jtee
to npm public registry so now you can use it with npx
, for more details you can head to the source code repo on Github. You can simply create a project by issuing the following command in terminal:
As the diagram show above, each Javascript code is running in a seperate WASM virtual machine instance and Javascript engine deployed by developer. For the next step is to deploy the engine for your project, the purpose to do so is to have a dedicated private key that only be used for this project.
Before run deploy command, you need to prepare a Phala blockchain account with enough balance and the node endpoint in the .env file like below in your project root directory. You can check your account balance at Phala blockchain explorer.
Then, execute the following command to deploy the engine, the corresponding account will be the deployer of the engine contract:
You finally will get the contract ID if everything went well, contract ID would be used when execute Javascript code in the engine:
If you really want to dig into the details of how the engine manage the key derivation and script running, check the code here.
The last and final step is to run your Javascript code in the engine. Simple type jtee run
at the root director of your project.
This will 1) First compile your project to a single Javascript file from entry file located at app/index.js to dist/index.js , 2) Then upload the code and execute the it in the Javascript engine you deployed on last step. Note that only the engine deployer have the permission to execute Javascript code using this engine, which can protect your from other malicious code upload by attacker.
Now, let’s take a look of the code in app/index.js
to see what you can do with the key
The code is super simple, the only new thing for you probably is the object jtee
if you have build with ethers
package before. jtee
object was injected by the engine which exported several objects that you can use in your script. jtee.account
is the corresponding account of the jtee.key
. Which you can use to submit transaction to blockchain (Before that, don't forget top-up native asset to this account). jtee.key
is the private key derived from engine, the security of the key is guranteed by TEE but you should take care of it and never print it to logs. The rest commented code is the example to call smart contract located in contract/Flipper.sol
using ethers.js. In real use case, your probably need to construct transaction data from your own smart contract, and the TEE-proof
which we mentioned few times is also not a concrete form, because your code already run in a trusted environment, and jtee.key
can be used to create the certification to prove the code has run as expected and returned a legitimate result. In the context of verify them on Ethereum, an ECDSA signature is enough.