Developer Update - Abiotic Alice and DKG (October 2021)

Developer Update - Abiotic Alice and DKG (October 2021)
Abiotic Alice and DKG

NuCypher's proxy re-encryption (PRE) service is leveling up.

Recently, the demand for access-conditioned content in Web3 has exploded: subscriptions, streaming, private NFTs, NFTs as access tokens, the list goes on.

Many of those are building on NuCypher (soon Threshold!) and proxy re-encryption. For example:

  • Masterfile is building an enterprise NFT platform based around their OpenDRM standard, which will enable brands to retain control over their IP while still participating in open, public blockchains.
  • Creaton is building a crypto-native Patreon (or OnlyFans 😉) to enable creators to more easily engage their fans and monetize their content).
  • Several other projects in stealth that haven't announced their integrations yet.

There are a few common threads and feature requests across these projects:

  1. Browser support: For better or worse, web3 is now primarily consumed in the browser. There needs to be an easy way to use PRE to grant and receive access via JavaScript and without running a full NuCypher node.
  2. Non-interactive (from Alice's perspective) access delegation: it's not always known in advance who will be granted access to encrypted content. For example, it could be the winner of an auction or a new subscriber. It should be possible for future unknown recipients to receive access from the network autonomously without Alice having to come online and create a re-encryption key for them.
  3. Cheaper policies: many use cases demand a high frequency of access grants. Gas costs on Ethereum are the most significant cost associated with using NuCypher and this cost needs to be reduced dramatically.

(1) Browser support

The first request, browser support, is imminent.

Umbral, the underlying threshold PRE scheme used in NuCypher, has been re-written in Rust (rust-umbral), which can compile to JavaScript. Similary, nucypher itself is being re-written in TypeScript (nucypher-ts). Once complete, developers will be able to write browse apps with full PRE functionality (grant, receive, revoke, etc.).

Another major milestone is NuCypher Porter, the "Infura for NuCypher." Porter is a web-based service that performs nucypher-based protocol operations on behalf of applications. Its goal is to simplify and abstract the complexities surrounding the NuCypher protocol to negate the need for applications to interact with it via a Python client. Porter bring cross-platform functionality, including web and mobile applications, to NuCypher.

By leveraging rust-umbral and its associated javascript bindings for cryptography, and Porter for communication with the network, a lightweight, richer and full-featured web and mobile experience will soon be accessible to application developers.

(2) Non-Interactive Access Delegation

Another major feature request is the ability to delegate access to new recipients, on the fly, without requiring Alice to issue a new re-encryption key. This was a difficult problem to solve: the simplest, naive solution would have been to use vanilla Shamir's Secret Sharing and shard a private key across multiple nodes, but we wanted something more robust, flexible, and extensible.

Enter Abiotic Alice + DKG.

Abiotic Alice with a DKG

AbioticAlice is a set of nodes with DelegatingPower which exercise decentralized keystore diligence, in contrast to the centralized diligence of a regular Alice.

This means that, instead of a single Alice that must come online to create a new re-encryption key, an AbioticAlice is a cohort of nodes that collaborate to exercise the DelegatingPower which governs granting and revocation. This can be triggered conditionally as a contractual matter (#2758) or pursuant to qualified network activity (#2757).

To create an AbioticAlice, a distributed key generation (DKG) ceremony takes place. When a quorum of nodes that constitute the AbioticAlice agree, they can create a re-encryption key for a new participant and issue it to the network. This can be done in response to some pre-specified condition: for example, granting access to encrypted content to anyone who pays or granting access based on who controls an NFT (and revoking access if the NFT is transferred to someone else).

tldr; Abiotic Alice + DKG make autonomous, non-interactive access controls possible.

(3) Cheaper Policies

The final puzzle piece is dramatically reducing the cost of access delegation. The lion's share of the current cost associated with issuing policies on NuCypher is gas fees associated with Ethereum. We envision re-deploying the PolicyManager contract (which manages issuing new sharing policies to network nodes) to additional environments beyond Ethereum L1. This means Layer 2 scaling network on top of Ethereum (e.g. Arbitrum, Optimism, etc.) as well as potentially alternative smart contract platforms like Polygon, Polkadot, Cosmos, Avalanche, and Solana depending on where there is the most developer demand.

The third-party NuLink team is actively working on integrations with several L1s.

Get Started

Does any of that sound interesting? Are you an application developer that wants to use PRE? Join the Threshold Network discord and we'll be happy to help.

We're also hiring!