SecretFoundation
diff --git a/‎.gitbook/assets/sealed bid auctions.png
108 KB b/‎.gitbook/assets/sealed bid auctions.png
108 KB
diff --git a/‎confidential-computing-layer/ibc/usecases/confidential-voting.md
+145-24 b/‎confidential-computing-layer/ibc/usecases/confidential-voting.md
+145-24
@@ -8,7 +8,17 @@ description: >-
 
 ## Overview <a href="#overview" id="overview"></a>
 
-This tutorial explains how to upload a confidential voting contract on Secret Network, which you can execute and query for private voting on any IBC-connected chain. 🚀 In this example,  **you will learn how to deploy a confidential voting contract on Secret Network which you will execute from Osmosis mainnet**.&#x20;
+This tutorial explains how to upload a confidential voting contract on Secret Network, which you can execute and query for private voting on any IBC-connected chain. 🚀&#x20;
+
+{% hint style="info" %}
+In this example,  **you will learn how to deploy a confidential voting contract on Secret Network which you will execute from Osmosis mainnet**.&#x20;
+{% endhint %}
+
+**The SDK abstracts IBC interactions with the Secret Network for applications that use Cosmos wallets**. It introduces a secure method for generating confidential messages and reliably authenticating users at the same time using the `chacha20poly1305` algorithm.
+
+{% hint style="info" %}
+View the typescript SDK [here](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/tree/main/next-frontend/src/ccl-sdk), which we will learn how to implement shortly :tada:
+{% endhint %}
 
 In this tutorial you will learn:&#x20;
 
@@ -158,7 +168,7 @@ The `Extension` variant in`ExecuteMsg` leverages the functionality of `handle_en
 
 Now that you understand how the encryption SDK functions, let's look how it's connected to the frontend. The Next.js encryption logic can be found in [Gateway.ts](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/main/next-frontend/src/functions/Gateway.ts):
 
-[Create Proposal](confidential-voting.md#overview):&#x20;
+[**Create Proposal**](confidential-voting.md#overview)**:**&#x20;
 
 ```rust
   const create_proposal = async (name: string, description: string, end_time: string = "60") => {
@@ -168,7 +178,7 @@ Now that you understand how the encryption SDK functions, let's look how it's co
   }
 ```
 
-[Vote on Proposal](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/next-frontend/src/functions/Gateway.ts#L71):&#x20;
+[**Vote on Proposal**](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/next-frontend/src/functions/Gateway.ts#L71)**:**&#x20;
 
 ```rust
  const vote_proposal = async (proposal_id: string, vote: string) => {
@@ -178,7 +188,7 @@ Now that you understand how the encryption SDK functions, let's look how it's co
   }
 ```
 
-Both of these functions access a confidential voting `contract` we have previously deployed on Secret Network contract.&#x20;
+Both of these functions access a confidential voting `contract` already deployed on Secret Network (at the end of this tutorial, you will learn how to deploy your own).&#x20;
 
 Then, we call the `execute_gateway_contract` function, which is where all of the cross-chain SDK logic is implemented using IBC hooks:&#x20;
 
@@ -209,7 +219,27 @@ You can further examine `sendIBCToken` and `gatewayChachaHookMemo` in the CCL-SD
 
 ### **Query Messages**
 
-To query encrypted votes using the CCL SDK, use the `enum` called [`InnerQueries`](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/deploy-scripts/contracts/secret-voting/src/msg.rs#L35), which wraps the possible queries in the voting smart contract, namely, `MyVote`, with the CCL SDK encryption logic:
+There are two types of queries using the CCL SDK:&#x20;
+
+1. **Unauthenticated queries** ie `Extension`, which are queries that don’t require sensitive or protected data. Example: Retrieving a list of proposals or votes, which is public.
+2. **Authenticated queries** ie `Inner Queries` (`WithPermit`, `WithAuthData`), which are queries that require `auth_data` from the caller for permission validation. Example: `MyVote { proposal_id }` retrieves a user-specific vote.
+
+|   | **Extended Queries** | **Inner Queries** |
+| - | -------------------- | ----------------- |
+
+| **Data Access Level** | Public or general data | Private or user-specific data |
+| --------------------- | ---------------------- | ----------------------------- |
+
+| **Authorization** | No extra authentication required | Requires `auth_data` or `permit` |
+| ----------------- | -------------------------------- | -------------------------------- |
+
+| **Processing Function** | `query::query_extended` | `query::query_with_auth_data` |
+| ----------------------- | ----------------------- | ----------------------------- |
+
+| **Use Cases** | Public info like proposals, votes | Personal data like a user’s vote |
+| ------------- | --------------------------------- | -------------------------------- |
+
+To query encrypted votes using the CCL SDK, use the `enum` [`InnerQueries`](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/deploy-scripts/contracts/secret-voting/src/msg.rs#L35), which wraps the possible queries in the voting smart contract, namely, `MyVote`, with the CCL SDK encryption logic:
 
 ```rust
 #[cw_serde]
@@ -227,30 +257,112 @@ pub enum InnerQueries {
 pub type QueryMsg   =   GatewayQueryMsg<InnerQueries, sdk::CosmosAuthData, ExtendedQueries>;
 ```
 
-`InnerMethods` leverage the SDK by using the [`GatewayQueryMsg`](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/deploy-scripts/packages/sdk/src/gateway.rs#L33) types to structure to query encrypted query cross-chain votes:
+`InnerMethods` leverages the SDK by using the [`GatewayQueryMsg`](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/deploy-scripts/packages/sdk/src/gateway.rs#L33) types to query encrypted cross-chain votes. You have the choice of using two different types of encrypted queries: `query_with_auth_data` and `query_with_permit.` In this tutorial,  you we will learn how to implement `query_with_permit`.&#x20;
+
+1. [WithAuthData](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1429ba2e713f8156f4a82a782827dd1830628865/deploy-scripts/contracts/secret-voting/src/query.rs#L31):
 
 ```rust
-#[cw_serde]
-pub enum QueryMsg {
-    EncryptionKey  {},
+pub fn query_with_auth_data(
+    deps        :   Deps, 
+    env         :   Env, 
+    auth_data   :   CosmosAuthData,
+    query       :   InnerQueries
+) -> StdResult<Binary> {
+    auth_data.verify(deps.api)?;
+    auth_data.check_data(deps.storage, &env)?;
+    let address = auth_data.primary_address()?;
+    query_inner(deps, env,address, query)
+}
+```
 
-    WithAuthData {
-        auth_data    :   sdk::CosmosAuthData,
-        query        :   { MyVote { proposal_id: u64 } }
-    },
+2. [WithPermit](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1429ba2e713f8156f4a82a782827dd1830628865/deploy-scripts/contracts/secret-voting/src/query.rs#L12):
 
-    WithPermit {
-        permit       :   secret_toolkit::permit::Permit,
-        hrp          :   Option<String>,
-        query        :   { MyVote { proposal_id: u64 } }
-    },
+```rust
+pub fn query_with_permit(
+    deps        :   Deps, 
+    env         :   Env, 
+    permit      :   Permit,
+    hrp         :   Option<String>,
+    query       :   InnerQueries
+) -> StdResult<Binary> {
+    let address = secret_toolkit::permit::validate(
+        deps, 
+        PERMIT_PREFIX, 
+        &permit, 
+        env.contract.address.to_string(), 
+        hrp.as_deref()
+    )?;
+    query_inner(deps, env, address, query)
+}
+```
 
-    Extension {
-        query        :  { Proposals {}  /  Proposal { proposal_id: u64 }  /  AllVotes { proposal_id: u64 }  }
+Now let's take a look at the frontend code to see how query\_with\_permit is implemente&#x64;**.** :smile:
+
+### **Frontend Query Logic**&#x20;
+
+The Next.js query decryption logic can be found in [Gateway.ts](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/main/next-frontend/src/functions/Gateway.ts):
+
+[Query proposals](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/next-frontend/src/functions/Gateway.ts#L163):&#x20;
+
+```rust
+const query_proposals = (): Promise<[number, Proposal][]> => {
+    return query_contract_public(contractConfig.votes, { extension: { query: { proposals: { } } } });
+  }
+```
+
+[Query votes](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/next-frontend/src/functions/Gateway.ts#L151C3-L153C4):
+
+```rust
+const query_my_vote = (proposal_id: number, message?: string) => {
+    return query_contract_auth(contractConfig.votes, { my_vote: { proposal_id } }, message);
+  }
+```
+
+Because votes are encrypted, we must decrypt them in order to query a wallet's votes. The frontend function [`query_contract_auth`](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1aa91625546547960fd9556e17f14f31d99d726f/next-frontend/src/functions/Gateway.ts#L116) securely queries the Secret smart contract using **query permits**, ensuring that only authorized users can access sensitive data. Query permits are cryptographic credentials that:
+
+* Prove the user’s ownership of a wallet.
+* Allow contracts to verify the user’s identity.
+* Avoid exposing the private key.
+
+```rust
+const query_contract_auth = async (
+    contract: Contract,
+    query: object,
+    data: string = "Query Permit"
+  ): Promise<any> => {
+
+    const storageKey = `${keplrAddress}:${contract.address}:queryPermit}`;
+    const queryPermitStored = localStorage.getItem(storageKey);
+
+    let credential: CosmosCredential;
+
+    if (queryPermitStored) {
+      credential = JSON.parse(queryPermitStored) as CosmosCredential;
+    } else {
+      const toSign: DataToSign = {
+        chain_id: "secret-4",
+        contract_address: contract.address,
+        nonce: toBase64(Random.getBytes(32)),
+        data: btoa(data)
+      }
+      const message = toUtf8(JSON.stringify(toSign));
+      const signRes = await (window as any).keplr.signArbitrary(chainId, keplrAddress!, JSON.stringify(toSign))
+      credential = {
+        message: toBase64(message),
+        signature: signRes.signature,
+        pubkey: signRes.pub_key.value,
+        hrp: keplrAddress!.split("1")[0]
+      }
+      localStorage.setItem(storageKey, JSON.stringify(credential));
     }
-}
+    const res = await queryGatewayAuth(contract, query, [credential]);
+    console.log("query:", query, " res:", res);
+    return res;
+  }
 ```
 
+You now should have all the tools you need to use the IBC CCL toolkit! Lastly, let's learn how to deploy your own voting contract on Secret Network :clap:
+
 ## How to upload a voting contract to Secret Network
 
 `cd` into `deploy-scripts` and install the dependencies:&#x20;
@@ -291,8 +403,17 @@ In your terminal, a `codeID`, `codeHash`, and `contractAddress` will be returned
 "address": "secret1q0mycclu927u5m0tn50zgl5af4utrlkzz706lm"
 ```
 
+Finally, update [config.ts](https://github.com/writersblockchain/cosmos-ccl-encrypted-payloads-demo/blob/1429ba2e713f8156f4a82a782827dd1830628865/next-frontend/src/ccl-sdk/config.ts#L68) with your contract's code\_hash and address:
+
+```typescript
+const contractMultiConfig: ContractMultiConfig = {
+    votes: {
+        address: "secret1jtc7f8cj5hhc2mg9v5uknd84knvythvsjhd66a",
+        hash: "ff8443878e8a339637c45c13abc4385c4f0c5668b992afc912e5f59e5d098654"
+    },
+};
+```
+
 ## Conclusion
 
-{% hint style="danger" %}
-_**In progress 12.6.24**_
-{% endhint %}
+Congratulations on completing this on using Secret Network's IBC SDK to encrypt votes cross-chain using Secret smart contracts! 🎉 You've explored the intricacies of encrypted messaging, cross-chain IBC interactions, and secure smart contract execution using the Secret Network CCL SDK. By building and running the fullstack application, you’ve gained hands-on experience in contract deployment, frontend integration, and secure querying with query permits. 🚀