Secret Contract State Encryption
While executing a function call inside a TEE of a node as part of a transaction, the Secret Contract code can call the following functions: write_db(field_name, value), read_db(field_name), and remove_db(field_name). Collectively, Secret Contracts’ state is stored on-chain inside a key-value store. As such, the field name remains constant between calls. The encryption key for the functional calls uses HKDF-SHA256 from the consensus state IKM, field name, and the contract key. Additional data can also be employed to prevent leaking information about the same value written to the same key at different times. Contract keys are the combination of a signer id as well as an authenticated contract key.