A decentralized cryptological network offering accessible, intuitive, and extensible runtimes and interfaces for secrets management and dynamic access control.
The NuCypher network provides accessible, intuitive, and extensible runtimes and interfaces for secrets management and dynamic access control. * Accessible - The network is permissionless and censorship-resistant. There are no gate-keepers and anyone can use it. * Intuitive - The network leverages the classic cryptological narrative of Alice and Bob (with additional characters where appropriate). This character-based narrative permeates the code-base and helps developers write safe, misuse-resistant code. * Extensible - The network currently supports proxy re-encryption but can be extended to provide support other cryptographic primitives.
Access permissions are baked into the underlying encryption, and access can only be explicitly granted by the data owner via sharing policies. Consequently, the data owner has ultimate control over access to their data. At no point is the data decrypted nor can the underlying private keys be determined by the NuCypher network.
Under the hood, the NuCypher network uses the Umbral threshold proxy re-encryption scheme to provide cryptographic access control.
How does NuCypher work?¶
1. Alice, the data owner, grants access to her encrypted data to anyone she wants by creating a policy and uploading it to the NuCypher network.
2. Using her policy’s public key, any entity can encrypt data on Alice’s behalf. This entity could be an IoT device in her car, a collaborator assigned the task of writing data to her policy, or even a third-party creating data that belongs to her – for example, a lab analyzing medical tests. The resulting encrypted data can be uploaded to IPFS, Swarm, S3, or any other storage layer.
3. A group of Ursulas, which are nodes of the NuCypher network, receive the access policy and stand ready to re-encrypt data in exchange for payment in fees and token rewards. Thanks to the use of proxy re-encryption, Ursulas and the storage layer never have access to Alice’s plaintext data.
4. Bob, a data recipient, sends an access request to the NuCypher network. If the policy is satisfied, the data is re-encrypted to his public key and he can decrypt it with his private key.
More detailed information:
“NuCypher - A proxy re-encryption network to empower privacy in decentralized systems” by Michael Egorov, David Nuñez, and MacLane Wilkison - NuCypher
“NuCypher - Mining & Staking Economics” by Michael Egorov, MacLane Wilkison - NuCypher
“Umbral A Threshold Proxy Re-Encryption Scheme” by David Nuñez - NuCypher
NuCypher is currently in the Alpha development stage and is not intended for use in production.