Enigma + Cryptex: An experiment in wallet-to-wallet communication
Overview
Enigma, still under heavy development, is a decentralized, non-custodial secret sharing solution. By that, I mean that it lets you and your peers participate in a distributed key generation (DKG) protocol together, where each of you are responsible for the keys that are generated. See our previous post for more info on how a DKG and secret sharing works. And what that means is that you can share secret data with others without relying on a third party (e.g. google drive) to hold it for you. Alongside Cryptex, a substrate-based blockchain that orchestrates the DKG and provides privacy preserving tools, they enable a decentralized ‘multi party communication’ scheme, where you and your peers can collectively own and control how data is distributed and accessed.
At its core, Enigma allows users to securely share sensitive information without relying on a central authority. It achieves this by enabling a distributed key generation protocol and verifiable secret sharing mechanism as orchestrated by Cryptex. As a result, even if individual participants are compromised, the data remains protected.
Enigma is decentralized. Traditional data storage and ownership systems often have single points of failure, making them vulnerable to a huge number of issues, from censorship to outages, misconfigurations, and outright abuse. Centralized storage and ownership platforms, sometimes by design, also offer limited access control, a lack of transparency in terms of operations and security, and reliance on a third party to store and handle your data. As has been recently seen, many corporations may have issues related to compliance and meeting regulation, for example, Facebook’s recent lawsuit.
Decentralized data storage and ownership, on the other hand, not only enhances data security but also increases resilience and eliminates the need for a central server. Enigma (the app), in conjunction with Cryptex (the blockchain) and IPFS for storage, we are able to offer a completely decentralized system that provides:
- Granular Access Control: Users have fine-grained control over who can access their data, enabling selective sharing based on predetermined threshold requirements.
- Decentralized Secret Sharing: Enigma enables secure sharing of sensitive information without relying on a central authority, using distributed key generation and threshold encryption.
- Continued Innovation: Enigma is the proof-of-concept of our next use case; a custodial solution for secret sharing, where validators hold the secret key shares. This future use case will exist in the proof-of-stake Cryptex blockchain and enables cross-chain non-interactive rule-based secret sharing. Our work is open source and freely available.
Enigma has a wide range of applications, both for individuals and organizations. It can be used for secure communication channels, decentralized file sharing, private data marketplaces, collaborative research environments, and much more. By providing a foundation for building decentralized data applications, Enigma aims to prioritize privacy and security, allowing users to regain control over their data.
How it works
Enigma leverages a distributed key generation mechanism and verifiable secret sharing to enable secure communication and collaboration within ‘societies’. A society is formed when a group of addresses participates in the distributed key generation process. Each society has a specified threshold, representing the minimum number of members required for signing or decrypting messages. In scenarios where a society consists of a single member, it facilitates direct wallet-to-wallet communication. On the other hand, when the threshold matches the total number of members, it functions as a multisig wallet, providing enhanced security and control.
Since Cryptex is a substrate based blockchain, users in Enigma are identified by a substrate address. Enigma looks for addresses injected through the polkadotjs extension. For storage and ciphertext transmission, Enigma relies on IPFS. Encryption and decryption happen in your browser and the resulting ciphertext is added to IPFS, never on-chain. Currently, as Enigma is in it’s PoC state, it only allows for a maximum of 32-bit messages to be encrytped and shared. Cryptographic functions are executed in your browser and results are encoded on chain, with your plaintext never leaving the browser.
Enigma Usage Guide
In Enigma, a society is any group who has successfully participated in the distributed key generation protocol together. Each society has a founder. In the PoC, the founder is responsible for creating the society and manually approving and updating the phases of the society.
When the founder creates the society, each invited member can choose to join the society by participating in the DKG protocol. Society formation (which is a very interactive DKG) follows three phases:
- The commit phase:
During this phase, invited members generate secret polynomials in the browser and issue a commitment to their secret.
Once at least a threshold of invited members have issued a commitment, the founder can update the society to the next phase and those who didn’t participate are rejected from further participation. This can be done from both the ‘founders’ tab.
2. The join phase:
Members who were invited and issued commitments in the previous phase can now join the society by deriving a public key and issuing it onchain.
When at least a threshold of committed members have issued the public key, the founder can ‘activate’ the society.
3. The active phase:
When active, the society’s membership is finalized and a shared public key can be derived and used to secure data. Additionally, the society can share data access to other addresses in the network by issuing at least a threshold of shares to the address. Members of the society are presented with the option to encrypt messsages and publish them to the society.
Enigma also lets you search data published to society, and if you are a member, to share your share of the secret with any other address in the network.
When you’ve gathered a threshold of shares, you can decrypt the secret and read the original message!
Use Cases
One compelling use case of Enigma and Cryptex is facilitating secure data sharing between multiple parties while maintaining privacy and accountability. Let’s consider a scenario in the education sector:
Imagine a teacher who wants to share the results of a student’s test with both the student and their parent. To ensure the confidentiality and integrity of the data, the teacher leverages Enigma and Cryptex to create a secure environment for data sharing.
Here’s how the process unfolds:
- Society Creation: The teacher creates a “society” using Enigma, which includes the teacher, student, and parent. This society acts as a trusted group that collectively holds the necessary keys to access and decrypt the encrypted data.
- Data Encryption: The teacher encrypts the test results using the public key associated with the society. This ensures that only members of the society can decrypt and access the sensitive information.
- Signature Requirement: To enforce accountability and ensure that both the parent and student acknowledge and accept the test results, the teacher requires that each party submits their digital signature. This ensures that all involved parties actively participate and provide their consent.
- Threshold-based Access: The encrypted test results can only be decrypted when a threshold of society members (e.g., both the student and parent) participate and provide their signatures. This ensures that sensitive information remains confidential and is only accessible when the required parties are involved.
By leveraging Enigma and Cryptex, this use case enables secure data sharing within an encrypted environment. It empowers the teacher to control access, maintain privacy, and ensure accountability, creating a trusted and efficient communication channel between teachers, students, and parents.
Future Work
Enigma is not yet complete, and significant work before it’ll be production ready, however, we have an open testnet of cryptex and alpha version of enigma ready for hacking! You can get started at https://enigma.idealabs.network and check out the github for more information: https://github.com/ideal-lab5.
Enigma and Cryptex enable wallet-to-wallet transmission of decryption rights to data, (with data transmission handled with IPFS) however, there are still many limitations to the system. Firstly, the protocol is interactive, requiring several rounds of communication in order to complete the distributed key generation process. Secret sharing is also a manual process, with no simple way to share secrets based on cryptographically provable statements. The system is okay if you want to share your data infrequently and with a small number of others, but it would be incredibly inefficient if you want to try to handle sharing a secret with a large number of addresses in a short period of time (there would be a very low upper limit to this). Enigma is also not privacy preserving in any aspect in its current state. Society membership is public knowledge.
To address these vulnerabilities, we are working on a custodial solution within Cryptex, where network validators participate in a distributed key generator and create a keypair that you own. Additionally, we build a Wasm smart contract based rules system that enables the owner some secret data to define cryptographically provable (onchain) conditions to gate access to data. Since we are a substrate-based blockchain, we immediately benefit from having cross-chain capabilities and the ability to define rules for conditions in other chains (connected through a relay chain).
Join us!
Are you interested in joining us or investing in the future of decentralized data capabilities? Join our community by saying “hi” on our discord or get a hold of me at driemworks@idealabs.network.
