Paper 2023/635

Cassiopeia: Practical On-Chain Witness Encryption

Schwinn Saereesitthipitak, Stanford University
Dionysis Zindros, Stanford University

Witness Encryption is a holy grail of cryptography that remains elusive. It asks that a secret is only revealed when a particular computational problem is solved. Modern smart contracts and blockchains make assumptions of “honest majority”, which allow for a social implementation of Witness Encryption. The core idea is to make use of a partially trusted committee to carry out the responsibilities mandated by these functionalities – such as keeping the secret private, and then releasing it publicly after a solution to the computational puzzle is presented. We implement Witness Encryption (with public witness security) in the form of an open source smart contract that can be utilized as an oracle by others within the broader DeFi ecosystem. We devise a cryptoeconomic scheme to incentivize honest participation, and analyze its security under the honest majority and rational majority settings. We conclude by measuring and optimizing gas costs and illustrating the practicality of our scheme.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. Financial Cryptography and Data Security Workshop on Trusted Smart Contracts 2023
Witness EncryptionPublicly Verifiable Secret SharingSmart Contracts
Contact author(s)
schwinn @ cs stanford edu
dionyziz @ gmail com
2023-08-05: revised
2023-05-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Schwinn Saereesitthipitak and Dionysis Zindros},
      title = {Cassiopeia: Practical On-Chain Witness Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2023/635},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.