2.2 Get started with Incognitee Test Net
Incognite User Testing Campaign
The incognitee user testing campaing just launched and is available for the next 2 weeks until 21st of May. Participate, complete the whole flow and get eligble for one of the prizes. Follow the link : https://try.incognitee.io
Incognitee CLI tutorial
Transfer PAS privately
Our Incognitee testnet allows you to transfer PAS privately (Paseo relay chain native token). We will guide you through the process of creating a wallet, obtaining PAS and transferring with privacy. The very same process will be possible with DOT/KSM and even other fungible assets on the Asset Hubs once we release the productive sidechains.
At this early stage we only provide command line tools and we assume you know your way around docker or linux. Stay tuned for a web UI for a clickable version of this tutorial.
This tutorial will take you through all steps sketched in the following diagram:
Setup
Using docker
(subsequent steps may fail on OSx. please stay tuned for updates) Using ubuntu 22.04 natively
Download the CLI client from IPFS (needs Linux, i.e. ubuntu 22.04).
Setup environment to use Paseo and Incognitee testnet
Create a wallet
Now, go to the paseo faucet and claim 100PAS for your new account. Select the following settings:
Network: Paseo Relay Chain
Chain: Paseo
Check your balance (allow for 30s):
Also, create a new incognito account.
Transfer PAS privately
Your PAS now reside on Paseo relay chain. Let's shield 2 PAS to incognitee:
Your balance on Paseo should be ~2 PAS less and your balance on the same account on Incognitee should be 2 PAS.
So far, there’s nothing private. But from now on, only you can query your balance on incognitee. If you try to query a balance from someone else, that will fail because you’re not authorized:
Now, let’s transfer 1.1 PAS to our incognito account. notice how fast this confirms.
Now we have 1.1 PAS on our incognito account. If we send funds to someone, they don’t learn our public key and they can’t check our balance. We can just prove that we sent them the tokens.
If at one point we’d like to go back to Paseo we can unshield funds again. If there is enough shielding and unshielding traffic with equal amounts, the unshielding will be unlinkable to the previous shielding if you chose a different address (k-anonymity).
Let’s create a fresh account on Paseo and unshield 1PAS to that account.
There you go. 1 PAS back on L1 on an account with no previous history.
Thank you for trying this out. Please reach out if you have questions.
Under the hood
Check sidechain activity
Visit the Integritee Network on Paseo explorer where you can see events whenever sidechain blocks get finalized:
As privacy is our main feature, you can’t see much more here. The BlockHeaderHash
helps you proving that you sent funds to someone. By default, recipients just observe a change in their balance but they have no clue where the funds come from unless you tell them and provide a merkle proof for the sidechain block inclusion of your transfer.
However, as shielding and unshielding events are publily happening on Paseo, you can observe shielding/unshielding activity on the vault account on subscan.
The balance of the vault account will always exactly match the total supply on the respective sidechain shard.
What are shards and mrenclaves?
Each instance of an Incognitee sidechain is identified by a shard identifier and we’ll need to tell the validators which shard we’d like to talk to. Think of it like the genesis hash of a L1 blockchain.
The MRENCLAVE
identifies the validator code which is executed in Intel SGX enclave (it’s basically the hash of the enclave binary). Your call will only execute if the validator runs the code you expect it to run.
Why should I trust validators?
Because they can’t cheat and they can’t see your data. That’s what TEEs guarantee. But how should you know that the validators actually run the correct code in a TEE? You can authenticate validators thanks to Integritee’s remote attestation registry at enclaves.integritee.network.
There you can find the validator for this tutorial if you serch for the url you’re using wss://integritee-1.cluster.securitee.tech:2000
and it will tell you the verified MRENCLAVE which has been remotely attested using our decentralized DCAP process.
Last updated