NuCypher — Proxy re-encryption
Imagine a scenario, where you have a file say for example of 120KB, and you want to securely store in the cloud (say Dropbox). What you will do is, you will encrypt the file using your public key and upload in the cloud so that later if you need that file, you can download it and decrypt it using your secret key (private key) right?
Now say, you want to give access to the file to your friend. In that case, you have to download the file — decrypt it using your secret key and then again encrypt using your friend’s public key and upload it back to the cloud. Now your friend can download and decrypt it using his secret key. This is nothing but the concept of public key cryptography. Fair enough!
What is the problem here?
Let me extend that story a bit more. What if the file size is of say, 10GB? And you have to share that file with 10 of your friends. Then the above simple story will start looking pretty hectic and slow, right? As you have to download 10GB of file — decrypt it — encrypt it 10 times with 10 different friend’s public keys — upload it 10 times in 10 different locations — and then all your 10 friends will download and decrypt the file. Moreover, imagine this with 1000 of your friends.
So what’s the solution?
NuCypher is a third party which does re-encryption for you without ever actually seeing the actual message or knowing your secret key.
Allow me to explain this. If you have to give access to your encrypted file that was previously stored in the Dropbox, then Dropbox has to decrypt the file using secret key (which is a symmetric key i.e session key, that you have shared in SSL/TLS connections with server) and encrypt it multiple times with your friends public keys. Which means a third party is taking care of all cryptographic operations and you are trusting this third party not to tamper or steal your message.
Now let's understand the how proxy re-encryption works.
How does re-encryption work
- Suppose that a Alice encrypts a message m, with Alice’s public key pkA, resulting in ciphertext cA
- Alice decides to delegate access to message m to Bob, who has the key pair (pkB, skB).
- Alice creates a re-encryption key using her secret key and Bob’s public key
`rk(A->B) = rekey(skA, pkB)`
- Proxy will re-encrypt cA and which gets transformed into cB
`cB = reencrypt(rk(A→B), cA)`
- Bob can then decrypt cB using his secret key skB
Inshort Proxy re-encryption is set of encryption algorithms where you can allows 3rd party service to transform data which were encrypted for you into been encrypted for someone else. That means, if Dropbox supports proxy re-encryption then you would tell Dropbox that ‘Hey here is the re-encryption key which will allow you to transform encrypted data to be re-encrypted for someone else so that it can be decrypted from my secret key as well as someone else’s!’
How NuCyper is related to Blockchain?
Talking about Public chains, where are all your data are public and which is why use cases like voting, health care is very difficult to implement on public chains. For example, to put patient data on public chain, the data must be encrypted and stored and only that patient or any other person, to whom a patient has delegated the access (like his personal doctor or insurer) should only be able to see the data temporarily.
Also in the case of group chats broadcasting, where you want all of the group members to securely see the message. So instead of encrypting the message with everyone’s public key, you would rather prefer to use re-encryption technique to accomplish the task.
I think these are the cases where we can make use of NuCypher.
References
Originally published at blog.imaginea.com.
