BNT-8: vetKeys - Enabling Privacy Preserving Applications on the IC

[ais-dfn]

Overview

Status: Open
Project Type: Cooperative/Contest - Multiple workers can submit work, and the bounty is shared
Time Commitment: Days
Experience Level: Intermediate/Advanced
Size: USD 24'000 in ICP (at time of distribution)
Deadline: September 10th EoD AoE

Description

The VetKeys bounties are an exciting opportunity for IC developers to participate in the ongoing development and assessment of the vetKeys feature. As part of this program, two demos of the vetKeys feature have been released, and developers are invited to explore the API capabilities, build applications, and provide valuable feedback.

The bounty program focuses on four key use cases: IBE (Identity-Based Encryption), Group Sharing, Timelock Encryption, and Open/Blue skies. Each use case has a prize pool of $6000, offering participants the chance to win rewards for their innovative contributions and valuable feedback on whether the proposed API addresses use case needs.

Links to the proposed API and demos:

• vetKD system API proposal
• E2EE Demo Rust
• Encrypted Notes Demo using vetKD (Motoko + Rust)
• ic-vetkd-utils (vetKD user library)

Use Cases

There are four key areas in which we'd love to see submissions:

• IBE ($6000 prize pool): Identity-Based Encryption (IBE) is a cryptographic scheme where the public key of an entity is derived from its unique identifier, such as an email address, username, or principal. IBE allows for secure communication between entities without the need for exchanging public keys beforehand. Some examples:

  • Encrypted file sharing: Encrypt files and documents based on the identities of authorized users.
  • E2EE messaging: Create or extend a messaging application where users could securely communicate without the need for exchanging public keys beforehand.
  • Secure email communication: Traditional email encryption often requires users to use a public key infrastructure (PKI). A secure email dapp could allow users could send encrypted emails based on recipient identifiers (such as email or wallet addresses), eliminating the need for pre-shared keys or complex setups.
  • Private transactions: By encrypting financial data based on user identifiers, you could ensure that only authorized parties can access and process sensitive financial information.

• Group Sharing ($6000 prize pool): By Group sharing we refer to the ability to securely share information and resources within a defined group of individuals. Developers can create applications that enable efficient and secure collaboration among group members. For instance:

  • File-sharing platform: Allow users within a specific group to access and collaborate on shared documents, ensuring only authorized members can view and modify the content.
  • Private social networking: A social networking platform that allows users to create private groups for sharing content, discussions, and media.
  • Gaming communities: Encrypted group sharing can be leveraged in gaming communities to provide a secure platform for players to communicate, share game-related content, and coordinate gameplay.

• Timelock Encryption ($6000 prize pool): Timelock Encryption involves the concept of encrypting data and setting a time-based restriction on when the encrypted data can be accessed. Participants could build applications that use vetKeys and the IC's notion of time to provide secure access to sensitive information for a specific period. For example

  • Secure file sharing with expiry: a secure document storage system could use timelock encryption to grant temporary access to confidential files for a limited time.
  • Private voting: Each vote in a voting system could be encrypted with a time-based restriction, ensuring that the vote remains confidential and can only be decrypted within a specific timeframe. This protects the privacy and integrity of the voting process while allowing authorized authorities to decrypt and count the votes during the designated period.
  • Time-limited private auction: Similar to the private voting scenario, bids could be encrypted with a time-based restriction, allowing them to be revealed and considered only within a specified timeframe.
  • MEV protection: Timelock Encryption could be a valuable tool for mitigating Miner/Maximal Extractable Value (MEV) exploits in blockchain-based DeFi systems. Sensitive transaction details could be encrypted with a time-based restriction, ensuring that the contents of the transactions remain confidential until a specified time.

• Open / Blue skies ($6000 prize pool): The Open/Blue skies category is an open-ended opportunity for developers to explore innovative and novel use cases that leverage the vetKeys feature. Participants are encouraged to think outside the box and come up with creative applications that can benefit from the proposed API. For instance, a developer might create a decentralized identity management system that uses vetKeys for secure user authentication and authorization.
  Further inspiration:

  • VRF (Verifiable Random Function): VRF is a primitive that generates random output while providing verifiable proof of its correctness. Developers can explore how VRF can be integrated into applications to generate random numbers or ensure randomness in various scenarios, such as gaming, voting systems, or random selection processes.
  • Witness encryption: Witness encryption is a scheme where the decryption of a ciphertext requires a specific condition or witness to be satisfied. Participants could explore the applications of witness encryption in scenarios like secure multi-party computation, anonymous credentials, or access control systems.

Many of these use cases or variations were described in some detail in the first community conversation.

These bounties are quite open in the sense that it would be great to see new applications being developed and potentially put forward for subsequent grant funding, but it is also ok if the submission is an extension to an existing app (eg the encrypted notes dapp)

Acceptance Criteria

• Uses the vetKey API
• Falls into one of the use case categories
• Provide feedback on the suggested system API (does it address your needs? A few sentences are enough)
• Demo application deployed to the IC
• Video Pitch/Demo (max. 4min)
• Proper Readme, see here
• Open Source license (MIT or Apache-2.0)

Evaluation Criteria

• Design/UX
• Functionality
• Code quality

Note

The proposed version of this system API is for demonstration purposes only and should not be used in production.

How to participate?

Post your submission in the following forum thread.
Please be aware that Terms and Conditions of the DFINITY Developer Grants Program apply.

References

• Forum
• vetKeys Developer Documentation
• Community Conversation 1
• Community Conversation 2
• vetKeys Primer to understand the crypto background
• vetKeys Paper
• RWC Talk

[kamalbuilds]

Hi @ais-dfn , any possibilities of extending the EOD ?

Me and my team are still exploring vetkeys and taking a grip of it🧙🏻‍♂️

[Rishabh0712]

Hi @ais-dfn , any possibilities of extending the EOD ?

Me and my team are still exploring vetkeys and taking a grip of it🧙🏻‍♂️

+1