We had a chat with the nucypher team yesterday, this post will sum up what was discussed.
Here are the notes taken https://hackmd.io/dgpR6EgPThmcTNlEV-DyLQ
Nucypher provides a decentralized proxy-re-encryption scheme.
How it works (simplified):
Alice uploads a piece of encrypteddata to a supported storage layer backend (s3, ipfs, swarm are mentioned). This data is encrypted with her public key.
Alice can create a re-encryption key for Bob using his public key and uploads the re-encryption key to the nucypher miner’s network
Once the request has been accepted by the network, the data is re-encrypted using Bob’s re-encryption key and a reward (from Alice) is given to the miner in nu-cypher tokens
Bob can now request access to the data and is able to access it
Nucypher is fully decentralized and backed up by a network of miners which are reward by the owner of the data to be rencrypted, this network is expected to be in the order of 1000s.
To request a re-encryption from nodes it would take around 1s.
Running a node
Running a node has modest cpu requirements as proxy-re-encryption is fast (20 ms for an operation)
bandwidth consumption is also modest (2 MB initial sync), but light client options can be explored.
During our call we were mainly focused on group-chats and multi-device support, as these were mentioned as a few use-cases nucypher could be useful with.
A way we could integrate nucypher would be (simplified):
- Alice encrypts a message once, uploads it to some form of storage
- Alice creates a re-encryption key for each device/user pair and sends this to the network
- Each device/user is now able to access the data
In contrast the current implementation would be:
- Alice encrypts a message for each device/user pair
- Alice sends a separate message for each device/user pair
Pros & Cons
This part is going to be highly subjective:
- Compared to pairwise encryption CPU/Bandwidth consumption is better (encrypt once, send once)
- Scales better than pairwise encryption
- Re-Encryption key can be retroactively given to other members, easily allowing new members to access previous data
- Potentially we can get rid of whisper, although some form of communication layer is still necessary (push notifications would do for example) to notify a user that a message has been sent
- Mailservers are not needed anymore, but the problem is just shifted to a different storage layer , IPFS (pinning), S3 (not centralized), Swarm (not ready?)
- Forces users to pay to send messages
- Price scales with the number of participants in the chat (you pay per re-encryption)
- Needs a form of storage to work (ipfs/swarm/s3)
- Relies on a third party (although fully decentralized) for a core functionality
- Darkness is not a concern of the protocol and likely little guarantees can be made
Please feel free to discuss and let me know if I missed something, I will post my thoughts in a separate post to provide a resemblance of objectivity.