About Agoric
Smart contracts are hard, but they don’t have to be.
Smart contracts (transfers of rights enforced in code) are significantly difficult to program securely. The participants may not entirely trust each other, and the amount of value at stake makes smart contracts an attractive target for hackers. With hundreds of millions of dollars disappearing overnight with no recourse, lax security can no longer be tolerated.
A better security architecture: object-capabilities
While most smart contract platforms currently use a identity-based security architecture where access is granted based on the sender of a transaction, it has been shown that identity-based security architectures have specific, significant flaws.
In contrast, Agoric uses an object-capability (ocap) security architecture, in which access to a programming object itself is the authority to use the object. This approach has been used successfully to create secure operating systems, and to control untrusted scripts in Google’s Caja project and Salesforce’s Locker Service.
Working towards a world of smart contracts
The Agoric team has been deeply involved in the development of smart contracts, from initial discussions in the early 90s to Brian Warner’s involvement in the prescient Least Authority security audit of Ethereum. Realizing that a world of smart contracts would not be possible without better software, the Agoric team has been actively creating the right environment for crypto-commerce.
JavaScript, used by millions, shaped for smart contracts
In 2007, Mark Miller joined TC39, the JavaScript standards committee. In TC39, Mark Miller (and later, Dean Tribble) championed the features needed to secure JavaScript. Besides the sheer number of developers familiar with it, JavaScript as a language has a number of features that are preferable for smart contracts, including a clear separation between the purely computational language and host-provided access to the outside world.
To further secure the language, Agoric has created two subsets of JavaScript. SES (Secure EcmaScript) is the maximal secure subset of JavaScript that allows for object-capabilities, and is focused on backwards compatibility with current JavaScript applications. By contrast, Jessie is a much narrower subset designed for writing highly reliable code, including smart contracts.
The platform
Building on 30 years of experience, Agoric is developing a secure distributed ocap platform for smart contracts and market-oriented programming. Our platform supports the development of smart contracts and market institutions across many different scales, from large public blockchains to small two-party contracts.
Our ocap platform consists of:
- A robust architecture for building secure smart contracts.
- A foundation in JavaScript for maximum reach.
- A cryptographic routing fabric for inter-chain interoperability.
- A library of market abstractions and a framework for securely composing them.
- A framework for secure user interaction.
Our Chief Scientist, Mark Miller, explains the Agoric platform in the video below. This talk was given October 10th to the SF Crypto Devs meetup group during SF Blockchain Week:
Read the Agoric Canon
Over the years, the Agoric team has published a number of papers about smart contracts, markets in computation, secure programming, object capabilities, and other related topics.