Welcome to the Threshold Network!
The Threshold Network powers user sovereignty on the public blockchain. It provides a decentralized network of nodes that perform threshold cryptography operations as a service to ensure full control over your digital assets.
Proxy Re-Encryption (PRE) Application¶
The NuCypher Network proxy re-encryption (PRE) service is now the PRE Application on the Threshold Network.
The PRE Application is the first of many threshold cryptography-based applications to be hosted on the Threshold Network. PRE is an end-to-end encryption protocol that is a more scalable, more flexible form of public-key encryption and enables a group of proxy entities to transform encrypted data from one public key to another, without the power to decrypt the data or gain access to any private keys. PRE equips developers, applications and end-users with secrets management and dynamic access control capabilities. This service is provided by a decentralized array of nodes on the Threshold Network, each running the same PRE client software.
Private data, wherever stored, remains private, confidential and encrypted while maintaining the ability to share that data with trusted parties.
In order to run a PRE node on Threshold,
nucypher v6.0.0 or above will be required.
See releases for the latest version.
How does it Work?¶
1. Alice, the data owner, grants access to her encrypted data to anyone she wants by creating a policy and uploading it to the PRE Application on the Threshold Network.
2. Alice gets information about the group of
n PRE nodes (Ursulas) associated
with the policy, which are nodes on the Threshold network providing the PRE service. Each Ursula provides their encrypting key, and Alice creates
n re-encryption key shares (kFrag), each of which is encrypted with a different Ursula’s encrypting key.
The Ursulas in the group stand ready to re-encrypt data in exchange for payment in fees and token rewards.
The list of Ursulas and their associated encrypted re-encryption key shares are stored in a Treasure Map. Alice
subsequently encrypts the treasure map for Bob. The treasure map provides Bob the requisite information and cryptographic material to successfully request the Threshold network to re-encrypt the data shared by Alice – such that he can decrypt it with his private key.
3. Each policy created by Alice has an associated encryption key, which can be used by any entity (Enrico) to encrypt data on Alice’s behalf. This entity could be an IoT device in her car, a collaborator assigned the task of writing data to her policy, or even a third-party creating data that belongs to her – for example, a lab analyzing medical tests. The resulting encrypted data can be uploaded to IPFS, Swarm, S3, or any other storage layer.
4. Bob, a data recipient, uses the treasure map to determine the list of Ursulas to contact and the associated re-encryption key share to send to Ursula for the re-encryption operation. Bob obtains the encrypted data from the storage layer and sends a re-encryption request to the relevant Ursulas on the Threshold network. If the policy is satisfied, Ursula decrypts the provided re-encryption key share and re-encrypts the data to Bob’s public key. Bob can subsequently decrypt the data with his private key.
Ursulas earn fees and token rewards for being available to perform re-encryption operations.
More detailed information:
“NuCypher - A proxy re-encryption network to empower privacy in decentralized systems” by Michael Egorov, David Nuñez, and MacLane Wilkison - NuCypher
“Umbral A Threshold Proxy Re-Encryption Scheme” by David Nuñez - NuCypher