NuCypher's proxy re-encryption (PRE) service is leveling up.
Recently, the demand for access-conditioned content in Web3 has exploded: subscriptions, streaming, private NFTs, NFTs as access tokens, the list goes on.
Many of those are building on NuCypher (soon Threshold!) and proxy re-encryption. For example:
- Masterfile is building an enterprise NFT platform based around their OpenDRM standard, which will enable brands to retain control over their IP while still participating in open, public blockchains.
- Creaton is building a crypto-native Patreon (or OnlyFans 😉) to enable creators to more easily engage their fans and monetize their content).
- Several other projects in stealth that haven't announced their integrations yet.
There are a few common threads and feature requests across these projects:
- Non-interactive (from Alice's perspective) access delegation: it's not always known in advance who will be granted access to encrypted content. For example, it could be the winner of an auction or a new subscriber. It should be possible for future unknown recipients to receive access from the network autonomously without Alice having to come online and create a re-encryption key for them.
- Cheaper policies: many use cases demand a high frequency of access grants. Gas costs on Ethereum are the most significant cost associated with using NuCypher and this cost needs to be reduced dramatically.
(1) Browser support
The first request, browser support, is imminent.
Another major milestone is NuCypher Porter, the "Infura for NuCypher." Porter is a web-based service that performs nucypher-based protocol operations on behalf of applications. Its goal is to simplify and abstract the complexities surrounding the NuCypher protocol to negate the need for applications to interact with it via a Python client. Porter bring cross-platform functionality, including web and mobile applications, to NuCypher.
(2) Non-Interactive Access Delegation
Another major feature request is the ability to delegate access to new recipients, on the fly, without requiring Alice to issue a new re-encryption key. This was a difficult problem to solve: the simplest, naive solution would have been to use vanilla Shamir's Secret Sharing and shard a private key across multiple nodes, but we wanted something more robust, flexible, and extensible.
Enter Abiotic Alice + DKG.
AbioticAlice is a set of nodes with
DelegatingPower which exercise decentralized keystore diligence, in contrast to the centralized diligence of a regular Alice.
This means that, instead of a single Alice that must come online to create a new re-encryption key, an
AbioticAlice is a cohort of nodes that collaborate to exercise the
DelegatingPower which governs granting and revocation. This can be triggered conditionally as a contractual matter (#2758) or pursuant to qualified network activity (#2757).
To create an
AbioticAlice, a distributed key generation (DKG) ceremony takes place. When a quorum of nodes that constitute the
AbioticAlice agree, they can create a re-encryption key for a new participant and issue it to the network. This can be done in response to some pre-specified condition: for example, granting access to encrypted content to anyone who pays or granting access based on who controls an NFT (and revoking access if the NFT is transferred to someone else).
tldr; Abiotic Alice + DKG make autonomous, non-interactive access controls possible.
(3) Cheaper Policies
The final puzzle piece is dramatically reducing the cost of access delegation. The lion's share of the current cost associated with issuing policies on NuCypher is gas fees associated with Ethereum. We envision re-deploying the PolicyManager contract (which manages issuing new sharing policies to network nodes) to additional environments beyond Ethereum L1. This means Layer 2 scaling network on top of Ethereum (e.g. Arbitrum, Optimism, etc.) as well as potentially alternative smart contract platforms like Polygon, Polkadot, Cosmos, Avalanche, and Solana depending on where there is the most developer demand.
The third-party NuLink team is actively working on integrations with several L1s.
Does any of that sound interesting? Are you an application developer that wants to use PRE? Join the Threshold Network discord and we'll be happy to help.
We're also hiring!