When a contract is initialized from a validator node – inside the node’s TEE, a contract key is derived using HMAC-SHA256 from the signer id as well as the authentication key. An authentication key is derived using HKDF from an HKDF salt in addition to an IKM that consists of the concatenation of the consensus state IKM and the signer id. Any time a contract execution is called, the contract key of the Secret Contract is sent to every validator node of the network. Upon receiving the contract key, an assertion/check is made to make sure the received contract key matches the expected value.