With the explosion of distributed systems including cloud, big data, blockchain, and IoT, proxy re-encryption’s value is becoming more apparent and the problems it solves more urgent – says MacLane Wilkinson, cofounder and CEO at NuCypher, in Bithub.pl’s #SundayInterview.
Your tool is a decentralized Key Management System. How does it work?
MacLane Wilkinson: We use proxy re-encryption to provide decentralized key management and cryptographic access controls. This means developers building decentralized applications can now store, share, and manage private data on public blockchains.
Proxy re-encryption is fundamentally a more scalable form of public-key encryption that is well-suited for many-to-many data sharing environments. Traditional public-key encryption is good for one-to-one communication. That is, if I want to share a secret message with you, I can encrypt with your public key and you can decrypt it with your private key. But for every additional recipient that I want to share that message with, I have to encrypt the message again with their public key. By contrast, with proxy re-encryption, I can encrypt data once and then delegate and revoke access to that data to as many recipients as I like.
What are the limitations of using consensus networks to store and use private, encrypted data?
MW: Blockchains are, by definition, public networks. Anyone in the world can download and examine the Bitcoin and Ethereum blockchains. And if you’re building a decentralized application on top of these technologies then all of the application’s data is public as well. For certain types of applications that just won’t work. Medical records, for example, need to be private and confidential.For centralized web applications, we can just use an access control server to decide who can and cannot access certain data sets. But blockchains and consensus networks don’t have a central server we can trust to enforce these access policies. So we created an alternative approach with NuCypher.
Are you using for your KMS any of the popular platforms like Ethereum or Hyperledger? Is your system tokenized in any way?
MW: The NuCypher token is an ERC-20 token on top of Ethereum. But our network can be used to build decentralized applications running on top of any blockchain and using any data storage layer, including IPFS, Swarm, Sia, or even centralized filesystems like AWS S3. Our token is used as collateral or a security deposit – anyone who wants to operate a re-encryption node for the NuCypher network needs to stake our token.
Your system responds to the needs of the current computing environment. What exactly has changed in recent years in this area that makes your solution so useful?
MW: When compared to public-key encryption, proxy re-encryption provides the most value in many-to-many data sharing patterns. This is actually how many distributed systems looks under the hood – splitting data across hundreds of nodes in a Hadoop cluster or streaming data through Kafka to multiple consumers. With the explosion of distributed systems including cloud, big data, blockchain, and IoT, proxy re-encryption’s value is becoming more apparent and the problems it solves more urgent.
How about competition in this market: are there startups offering similar solutions or companies that have worked out how to deal with decentralized KMS on their own?
MW: Data masking and tokenization companies like HP Voltage and Protegrity or centralized key management services like AWS CloudHSM or HashiCorp Vault.
Interview by Przemyslaw Cwik