NuCypher
ABOUT
NuCypher is a security and encryption platform that provides a decentralized key management system (KMS) and cryptographic access control layer to distributed systems. Dubbed “Body Armor for Big Data”, Proxy Re-Encryption (PRE) is the core of the NuCypher platform and allows users to share encrypted data without sharing private keys, or decrypting data in transit. Made possible by Re-encryption Keys and Proof-of-Stake (PoS), NuCypher is intended to modernize data security infrastructure for enterprises, while emphasizing compliance with internal security policies and regulatory requirements.
Technical glossary located at the end of report.
KEY METRICS
Background
NuCypher is intended to be a security layer that sits across multiple organizations and their corresponding data platforms. A tremendous amount of data has been generated in the past couple of years and continues to compound at exponential speeds today. This explosion in sheer volume of highly sensitive data has led companies to migrate their data infrastructure to the public cloud. This centralization of compute and data resources has made it difficult to implement effective, high-performance security measures. This in turn increases the chances of successful cyberattacks, seen recently in the likes of Equifax, Yahoo, Uber, and even the U.S. government. Existing traditional encryption approaches lack the performance and functionality required to protect consumer data, ultimately hindering businesses.
Technology
NuCypher’s PRE uses an asymmetric non-interactive re-encryption key method that allows an untrusted proxy entity (through decentralization) to transform cipher-texts from one public key to another without learning anything about the underlying message. By using a private and public key to get a re-encryption key, access to encrypted information can be securely delegated to a public key via the construction of cryptographically-enforced controls. Analogously, NuCypher serves the “body armor” function to decentralized applications as HTTPS does to the Internet. In this way, the technology is meant to be applicable and easily integrated into any enterprise’s big data cloud infrastructure.
“NuCypher isn’t just about protecting businesses, it is about managing and safeguarding its customers’ data.” — MacLane Wilkison, CEO & Co-Founder
NuCypher implements a threshold split-key re-encryption scheme to decentralize its network. Essentially, it requires the collaboration of multiple proxies (nodes/miners) to make data decryptable. When a user broadcasts data (with a smart contract policy) and a re-encryption key to the network, the key is split between different nodes. Splitting the key splits trust. The service is provided by a Proof-of Stake scheme, in which miners can perform the requested PRE. The amount of trust allotted to each proxy is proportional to the amount of KMS token that they stake as collateral.
Ultimately, a decentralized network means nobody is completely responsible for the data, and the whole network cannot be shut down regardless of external factors (e.g. ban from a foreign government). Malicious actors would have to compromise a large number of nodes to completely obtain the data. Companies can also deploy this network in a federated manner, or with a central server that does the re-encryption (an arrangement that NuCypher already has with “a large financial company in NYC”).
TOKEN
Proof-of-Stake decentralization is achieved using the KMS token ($NKMS). The KMS token is an ERC20 token on the Ethereum blockchain. By staking the KMS coin, proxies put down a security deposit and split trust between re-encryption nodes. More tokens staked means more trust, and therefore more available work for the miner. If a proxy starts acting maliciously, the network attacks the staked coins and part of the deposit gets seized. Therefore, proxies are incentivized to operate fairly because they are ultimately rewarded for good work. Additionally, KMS tokens function as an in-network means of payment for deploying policies. For example, a users contract allows you access to data for one year. You pay for this policy using the KMS coins.
If a node misbehaves or goes offline, it can be challenged to forfeit its stake. Miners can temporarily go off-line because of how the split-key scheme is designed, meaning that the rest of the network will not fail in providing the PRE service. However, if a miner goes offline permanently, then the private re-encryption key can be transferred.
BUSINESS LANDSCAPE
During Tech Crunch Disrupt, NuCypher mentioned they are currently in their pilot stage, but have are several firms on board to use the product (the bulk being in financial services) including: multiple tier-1 investment banks, global tech companies, and telecommunication firms.
The roadmap (as of September) can be found here.
Unlike a classic SaaS business, NuCypher does not host any data itself because the platform exists as a Software Development Kit (SDK) and an encryption library. The business model is centered on licensing the software: term-based subscriptions and consumption-based models for cloud deployments. “Customers can install the software on premise, such as within an existing Hadoop deployment, or directly in the cloud on the infrastructure they are managing”. In terms of coming to the market, NuCypher has been conducting a combination of direct sales and sales through channel partners, big data vendors, and cloud service providers (like Amazon and Microsoft).
NuCypher’s competition inherently involves native, built-in data protection platforms (Hadoop, for example). However, NuCypher’s management asserts that these are generally not robust enough for the size of enterprise companies NuCypher is working with. Other traditional competitors include data masking and tokenization platforms (HP Voltage, Protegrity). Additionally, the company reaffirms that NuCypher is more infrastructure-based as opposed to companies like Ciphercloud (cloud security) or Ionic (open-source SDK for hybrid mobile app development). NuCypher is a unique, specialized player acting as a pioneer in the market.
MANAGEMENT
The complexity of NuCypher’s product offering makes effectively communicating value to consumers a difficult task. The ability of NuCypher to take over market share is highly dependent on the communication skills of the firms two founders: MacLane Wilkison and Michael Egorov.
NuCypher’s CEO, MacLane Wilkison, was a past investment banker at Morgan Stanley, specializing in Technology, Media and Telecommunications. His ability to understand complex problems, digest them, and present them to clients will end up being a tremendous value add for NuCypher going forward. A large amount of the work being done by MacLane has been directed towards communicating value with banks, security providers, and big business.
NuCypher’s CTO, Michael Egorov, has been actively working in the data analysis and engineering space for over 10 years. With a proficiency in Python, Michael has worked across various software development companies and was most recently a senior software engineer for LinkedIn. During his time at LinkedIn he developed and deployed a configuration tool for hundreds of products across thousands of servers.
Technical Glossary
Thank you to our Villanova intern Justin Moon for assistance on this project.
