This document discusses end-to-end encryption for decentralized applications (DApps) using NuCypher Key Management System (KMS). It proposes using proxy re-encryption and decentralization to provide encryption without a central server. Proxy re-encryption allows sharing of encrypted data between users through re-encrypting proxies. NuCypher KMS uses threshold split-key re-encryption to further decentralize the system across multiple proxies. The document outlines early use cases for NuCypher KMS in areas like marketplaces, databases, and medical data sharing.

1. End-to-end encryption for DApps with
NuCypher KMS
Sergey Zotov
Blockchain Fairytales, 16 Dec 2017
Sergey NuCypher KMS 16 Dec 2017 1 / 18

2. Why
Encrypted file sharing
Sender
Receiver
Receiver
Receiver
Storage
?
Sergey NuCypher KMS 16 Dec 2017 2 / 18

3. Why
Encrypted multi-user chats
Chat messages
Sender
Different receivers
Sergey NuCypher KMS 16 Dec 2017 3 / 18

4. Why
Decentralized Netflix
Content
producer
Receiver
Receiver
Receiver
CDN
if ( ):
if (
):
if (
):
Sergey NuCypher KMS 16 Dec 2017 4 / 18

5. Central server + TLS
Data vulnerable to hackers, state actors etc
Sender
Receiver
Receiver
Receiver
Sergey NuCypher KMS 16 Dec 2017 5 / 18

6. Solution
Proxy re-encryption + decentralization
Receiver
[ ]
[ ]
= decrypt( , )
{ }
= decrypt( , ){ }
Network of re-encrypting proxies
Sergey NuCypher KMS 16 Dec 2017 6 / 18

7. What is proxy re-encryption (PRE)
Alice Bob
Proxy
skA — Alice’s secret key;
pkA — Alice’s public key;
rkA→B — re-encryption key.
skB — Bob’s secret key;
pkB — Bob’s public key;
Sergey NuCypher KMS 16 Dec 2017 7 / 18

8. Centralized KMS using PRE
Encryption
EDEKSender
Receiver
Proxy
Storage
Sergey NuCypher KMS 16 Dec 2017 8 / 18

9. Centralized KMS using PRE
Access delegation
EDEK
Sender
Receiver
Proxy
Storage
Sergey NuCypher KMS 16 Dec 2017 9 / 18

10. Centralized KMS using PRE
Decryption
EDEK
Sender
Receiver
Proxy
Storage
EDEK
EDEK'
Sergey NuCypher KMS 16 Dec 2017 10 / 18

11. Decentralized key management
Using threshold split-key re-encryption (Umbral)
EDEK
Receiver
Proxy 2
Storage
EDEK
EDEK'1
Proxy 1
Proxy 3
EDEK
EDEK'2
EDEK
EDEK'3
https://github.com/nucypher/nucypher-kms/
https://github.com/nucypher/nucypher-pre-python/
Sergey NuCypher KMS 16 Dec 2017 11 / 18

12. KMS token
Purpose
Splitting trust between re-encryption nodes (more tokens =
more trust and more work);
In-network means of payment for deploying policies;
Proof of Stake for minting new coins according to the mining
schedule;
Security deposit to be at stake against malicious behavior of
nodes
Sergey NuCypher KMS 16 Dec 2017 12 / 18

13. KMS token
Mining
Mining reward:
reward =
locked_tokens × reward_rate
∑
all miners locked_tokens
+
∑
this miner
miner_fees
Sergey NuCypher KMS 16 Dec 2017 13 / 18

14. Early users
Decentralized marketplaces:
Datum;
Helios.
Decentralized databases:
Bluzelle;
Fluence;
Wolk.
Medical data sharing
Medibloc;
ZeroPass;
Wholesome.
IoT
Spherity (together with BigchainDB).
Sergey NuCypher KMS 16 Dec 2017 14 / 18

15. Investors
Sergey NuCypher KMS 16 Dec 2017 15 / 18

16. Team
Founders
CTO, Michael Egorov
(LinkedIn, MIPT)
CEO, MacLane Wilkison
(Morgan Stanley, CISSP)
Sergey NuCypher KMS 16 Dec 2017 16 / 18

17. Team
Advisors
Prof. Giuseppe Ateniese
(Stevens Institute of Technology)
Prof. Dave Evans
(University of Virginia)
John Bantleman
(Entrepreneur; Rainstor etc.)
Tony Bishop
(Equinix, Morgan Stanley)
Sergey NuCypher KMS 16 Dec 2017 17 / 18

18. How to contribute, learn
Website: https://nucypher.com/blockchain.html
Github: https://github.com/nucypher/
Slack: https://nucypher-kms-slack.herokuapp.com/
Whitepaper: https://arxiv.org/abs/1707.06140
E-mail: hello@nucypher.com
Sergey NuCypher KMS 16 Dec 2017 18 / 18