Upgrade your NFTs to cNFTs with PolyCrypt
In a previous post, we introduced the general concept of cNFTs. Since then, we have further refined and improved the idea of cNFTs. Since the initial conception, the idea has come a long way and matured into something even more exciting than what we presented initially. This article is part of a multi-part series which aims to re-introduce our product from both a technical and a user’s perspective.
Part 1: What are cNFTs?
PolyCrypt’s cNFTs are confidential NFTs — NFTs with private metadata attachments only accessible to the current token owner. The creator can set the private metadata and thus create special value for the owner apart from mere ownership of the publicly visible metadata. As blockchains are inherently public, the secret metadata cannot be stored on the blockchain. Instead, we built a service called cNFT Oracle. It employs TEE (trusted execution environment) technology (such as Intel’s SGX) to securely store and manage access to the confidential data in a provable and trustworthy manner. The cNFT Oracle tracks the on-chain ownership status of cNFTs and allows the current owner of the token to request its secret metadata if he proves that he has access to the wallet currently owning the token.
The ability to have both public and private metadata for a token allows them to be used in many more scenarios, which go beyond ownership of a publicly known good. This may range from special owner-only benefits, such as high-resolution or watermark-free versions of image-type NFTs, or software license keys attached to an NFT, to cryptographic access control for an organisation’s sensitive documents, and even for access rights to premium content of streaming platforms.
Case study: watermark-free full-resolution version of an image
Conventional NFT collections, which mostly represent ownership of an image or artwork, have the unfortunate restriction that the associated artwork is fully public, and the NFT really only serves as a collector’s trophy. Everyone can see and download and copy the image represented by the NFT, and even create a duplicate collection that also represents the same artwork.
With cNFTs, the creator can opt to only publish a watermarked or low-quality / thumbnail version of the artwork with his NFT, and make the original full-quality work confidential. He mints his NFT collection as usual, but instead of attaching the original work to the NFT, he only associates a preview version to the token on-chain. Next, he registers the cNFT with the cNFT Oracle service and securely uploads the original work to it. The cNFT Oracle only ever receives and stores an encrypted version of the artwork, so the service provider cannot leak it. The decryption key is secured via the hardware key burned into the TEE module of the cNFT Oracle’s CPU. This protects the data from being accessed in an unintended manner. Now, everyone can still see and enjoy the painting, but only an actual buyer will be able to access the full-quality version. The creator can now advertise his artwork without devaluing it or risking theft, and he can trust the cNFT Oracle on a technological level to keep his work secret.
The buyer can now buy or auction the NFT to get access to the real artwork, while also having assurance that he is buying a unique premium article. After buying, he can then make a request to the cNFT Oracle to grant access to the original artwork. The oracle confirms that according to the latest state of the blockchain, his account is the current owner of the NFT, and that he is the owner of that account by requiring him to provide a signature belonging to that account. If he proves his ownership and access to the account, the cNFT Oracle now sends him the decrypted artwork. Since the cNFT Oracle runs in a TEE, the servers hosting the oracle service do not see the unencrypted artwork.
The capabilities of trusted execution environments
This strong security guarantee is only possible since we leverage the trusted execution environment capabilities of modern server-grade CPUs. This technology allows the cNFT Oracle server to cryptographically prove that it is running an unmodified version of the database software, and it can also prove that it is running in a tamper-proof and hack-proof blackbox. Even if a malicious actor manages to get administrator-level access to the cNFT servers, he would be unable to breach the TEE hardware black box that controls access to the encrypted artwork. The data is hardware-encrypted in a way so that only the program that encrypted the data can also decrypt it again. Any attempts to modify the software will be detected by the hardware and make decryption attempts fail. As long as the TEE’s blackbox is not breached at the hardware level, the data stays secure.
Conclusion
cNFTs allow artists and creators to sell their works on the blockchain without having to publish the full work, and without having to interact with the buyer and manually making the content available to him. This simplifies the technical hurdle for the creator, and makes selling artwork on the blockchain attractive to a wider range of creators who wish to sell premium or exclusive content. The standardized way of access creates technological trust between the buyer and the artist, and makes artwork NFTs interesting for collectors who do not wish to merely have a trophy, but want to exclusively own the work they are buying, with an assurance that he is the work’s sole owner. These vital aspects are important for many kinds of digital tokenization of real or virtual goods, and cNFTs are therefore a vital and solid foundation for many digital tokenisation use cases that were previously infeasible or too complicated to achieve using blockchains alone.
In the next part of our series on cNFTs, we will highlight more technical details of our product, as well as new features we built that make them much more versatile than was initially planned.
We thank the Hessian Ministry for Digitalisation and Innovation for funding this project as part of the Distr@l programm.
