A proxy re-encryption network to empower privacy in decentralized systems
The NuCypher network uses the Umbral threshold proxy re-encryption scheme to provide cryptographic access control for distributed apps and protocols. Applications can use the NuCypher network to facilitate end-to-end encrypted data sharing via sharing policies. Access permissions are baked into the underlying encryption, and access can only be explicitly granted by the data owner. Consequently, the data owner has ultimate control over access to their data. At no point is the data decrypted nor can the underlying private keys be determined by the NuCypher network.
Alice, the data owner, grants access to her encrypted data to anyone she wants by creating a policy and uploading it to the NuCypher network.
Using her policy's public key, any entity can encrypt data on Alice's behalf. This entity could be an IoT device in her car, a collaborator assigned the task of writing data to her policy, or even a third-party creating data that belongs to her – for example, a lab analyzing medical tests. The resulting encrypted data can be uploaded to IPFS, Swarm, S3, or any other storage layer.
A group of Ursulas, which are nodes of the NuCypher network, receive the access policy and stand ready to re-encrypt data in exchange for payment in fees and token rewards. Thanks to the use of proxy re-encryption, Ursulas and the storage layer never have access to Alice's plaintext data.
Bob, a data recipient, sends an access request to the NuCypher network. If Bob was granted an access policy by Alice, the data is re-encrypted for his public key, and he can subsequently decrypt it with his private key.
More detailed information:
by Michael Egorov, David Nuñez, and MacLane Wilkison - NuCypher
by Michael Egorov, MacLane Wilkison - NuCypher
by David Nuñez
NuCypher is a community-driven project and we're very open to outside contributions.
All our development discussions happen in our Discord server, where we're happy to answer technical questions, discuss feature requests, and accept bug reports.
If you identify vulnerabilities with any nucypher code, please email firstname.lastname@example.org with relevant information to your findings. We will work with researchers to coordinate vulnerability disclosure between our stakers, partners, and users to ensure successful mitigation of vulnerabilities.
Throughout the reporting process, we expect researchers to honor an embargo period that may vary depending on the severity of the disclosure. This ensures that we have the opportunity to fix any issues, identify further issues (if any), and inform our users.
Sometimes vulnerabilities are of a more sensitive nature and require extra precautions. We are happy to work together to use a more secure medium, such as Signal. Email email@example.com and we will coordinate a communication channel that we're both comfortable with.
A great place to begin your research is by working on our testnet. Please see our documentation to get started. We ask that you please respect testnet machines and their owners. If you find a vulnerability that you suspect has given you access to a machine against the owner's permission, stop what you're doing and immediately email firstname.lastname@example.org.