Enshroud Home

Blockchains Are Public

We Need Encryption

Payments on blockchains with transparent details are no longer acceptable.

The Premise

Encrypted Payments

What if the contents of a payment could be encrypted so only the recipient could read it, similar to encrypted email?

Introducing Enshroud

The Method

Stored value is represented in NFTs with encrypted metadata, with only their hash-blinded details recorded in the smart contract.

The Problem

Everyone seems to understand intuitively that transparent blockchain payments (with publicly visible details) are no longer acceptable. Stablecoins are the next big thing, yet how is that supposed to work without privacy?
Implementing transaction privacy at the native protocol level is extremely difficult, and will take years -- if it happens at all.
Blockchains with native privacy exist, but will all this growing commerce move onto those chains just for that reason? Most unlikely.
Introducing Enshroud, a privacy service providing encrypted transactions on ordinary public blockchains.

The Premise

On blockchains, a payment is just a message, but its contents are public.
What if that message could be encrypted so that only the recipient can read it?
This is what Enshroud does. Crypto payments are encrypted for the recipient, similar to encrypted email.
To everyone else the value is opaque.

The Basic Methodology

Stored token value is represented by NFTs with encrypted metadata describing the actual asset and amount, stored in the blockchain's event log. Known as eNFTs, they conform to ERC-1155 .
The smart contract only records the hash of the secret data when minting eNFTs.
Enshroud's Layer 2 oracle servers validate transactions and encrypt the metadata.
Output eNFTs are always newly minted, and all input eNFTs are always burned. No eNFT is ever transferred between accounts.

Three Fundamental Operations:

1) Deposit/Mint

The Enshroud smart contract accepts deposits of supported fungible tokens. From backing deposits one or more eNFTs are then minted, like receipt tokens.

2) Spend

One or more existing eNFTs become inputs to a spend, resulting in new eNFTs being minted to one or more recipients, including any change back to the payer. Spends can circulate among users indefinitely.

3) Burn/Withdraw

One or more existing eNFTs are redeemed (burned) to fund a withdrawal of the original asset from the smart contract by the final owner.

Managing Transaction History

So if an account receives a minted eNFT, how does the owner know who sent it?
Two ways:

A "memo" message is passed through from the payer in the metadata. This could be any identifying name, number, or hash value.
Encrypted receipt objects are also generated, accessible only to payers and payees. Receipts show both payer and payee addresses.

Since receipts are stored off-chain, they can always be deleted permanently at the discretion of the parties to the transaction.

The Enshroud "Layer 2" Servers

Enshroud's off-chain Metadata Validator Oracles (MVOs) use proof-of-stake N-of-M consensus to validate transaction inputs and outputs, generate data hashes, encrypt and sign eNFT metadata for the owners, and return multi-signed blinded calldata to the dApp for submission to the smart contract by the user.
The smart contract verifies the MVO signatures and handles minting and burning of the eNFTs on-chain.
A committee of MVOs (N of them) sees the details of the user's transaction, but the M-N other MVOs do not. The MVOs keep the users honest, never handle user funds, are selected randomly, and can be sliced for any misfeasance.
Layer 2 Auditor nodes monitor both the actions of MVOs and the blockchain event log, and will reject (greylist) any improperly generated eNFTs. They never interact with users, but prevent dishonest collusion among MVOs. Neither MVOs nor AUDs log any transaction history. (All code is open-source.)
Enshroud's Layer 2 runs over a VPN but does not implement a blockchain. It acts like a plugin mechanism which can interface with any EVM-compatible blockchain which has the Enshroud protocol smart contracts deployed on it.

The Revenue Model

Enshroud charges a fee on backing asset deposits and withdrawals, but not on spends. These fees are a small percentage (e.g. 0.3%) of transaction volume deposited or withdrawn.
By staking $ENSHROUD in the DAOPool contract for Yield, token holders earn a share of 95% of the weekly fee income (5% goes to Treasury). These earnings are paid in the same asset types as the fees.
MVO operators must also stake significant quantities of $ENSHROUD as surety, and earn additional $ENSHROUD for processing user transactions.

Tokenomics: Fixed Allocations

Founders/Team tokens all exist at launch, but unlock linearly over 1 year with a 90 day cliff.
Matching User tokens will be airdropped to qualifying users during year 2 following launch.
MVO Incentive tokens are earned by MVO stakers to secure the network, paid over 5 years (5M+4M+3M+2M+1M).
There are no investor or "VC" tokens, because Enshroud was developed privately without any external venture capital funding.
User Airdrop and MVO Incentive tokens are unlocked upon issuance.
All $ENSHROUD are governance tokens which can vote in the EnshroudDAO (locked or not).
Both locked and unlocked tokens can be staked on MVOs, but only unlocked tokens can be staked for a share of fee income (Yield).
There is also a Crowdsale contract deployed at Launch, which allows anyone to purchase $ENSHROUD using ETH at escalating Tier prices.

See the Tokenomics page for more detailed information, along with a discussion of the economics of Enshroud.

Enshroud reclaims crypto's promise of decentralization and private, unsurveillable, programmable money.