Proxy re-encryption for distributed systems

[Short general description]: NuCypher KMS is a decentralized key management system (KMS), encryption, and access control service. It enables private data sharing between arbitrary numbers of participants in public consensus networks, using proxy re-encryption to delegate decryption rights in a way that cannot be achieved by traditional symmetric or public-key encryption schemes. Native tokens will be used to incentivize network participants to perform key management and access delegation/revocation operations.


[Main problems tackled]: Proxy re-encryption allows NuCypher KMS to split the trust between access management and decryption rights, without introducing an always-online always-trusted entity (such as a traditional key management system). Miners never see plaintext data, or anything which allows them to decrypt the data. They are solely responsible for storing re-encryption keys and applying re-encryption functions. 


Nucypher has encountered three risks:


1) collusion between a miner and a reader of the data - solution: pseudo-anonymity of re-encryption keys, splitkey proxy re-encryption, and a challenge protocol.

2) nodes malfunctioning - solution: challenge protocol.

3) nodes colluding with each other to perform 50% attacks - solution: the attacker only gains the ability to wrongfully apply re-encryption policies, not to decrypt data nor to grant access to a user who hasn’t been granted access to the data.


Other problems tacked: 


1) pseudo-Anonymity - of re-encryption keys also enables nucypher to run a challenge protocol.

2) split-key re-encryption - Instead of one re-encryption key, m-of-m re-encryption keys can be used to produce “re-encryption shares.” These shares can be combined client-side.

3) challenge protocol - designing a challenge protocol is a complex problem related to “fair exchange” protocols. It requires careful design and testing, and Ethereum’s Proof-of-Stake (Casper) protocol is facing this complexity now. It may be possible to just check correctness on the level of the encryption algorithm. 

4) hardware-enforced security -  if miners misbehave, they risk losing their collateral deposit.


[Main contribution proposal]: Is based on functionality, NuCypher KMS can be interfaced from a traditional, centralized application.  Thus NuCypher will see functionality functions such as: 


1) sharing short secrets

2) sharing files and hierarchical data

3) encrypting bulk data

4) sharing encrypted streams,

5) time-based and condition-based policies

6) key rotation. 


It is worth mentioning that in order to provide re-encryption services, a node needs to send its deposit to a smart contract (while specifying the lock time). After the time expires, the node can withdraw the stake from it. The objective is to have rewards minted to staking nodes if they correctly provide re-encryption services. For initial release NuCypher will ensure that the nodes are staying online and correctly re-encrypting the data without requiring anonymization. 



[Innovation]: Use cases. NuCypher KMS provides the infrastructure for a variety of applications that require sharing of sensitive data as a basic functionality. The ability to condition decryption operations on public actions on the consensus network, such as the publication of certain messages, payments made between specific parties, and other events, enables a range of applications including:


1) sharing encrypted files (“Decentralized Dropbox”)

2) end-to-end encrypted group chat (“Encrypted Slack”)

3) patient-controlled electronic health records (EHR)

4) decentralized digital rights management (DDRM)

5) blind identity management

6) secret credentials management for scripts and backend applications

7) shared credentials and enterprise password management

8) mandatory access logging

9) mobile device management (MDM) and revocation

10) private use of NuCypher KMS

ICO Rating Analysis
Team Evaluation
4.00 / 5.00
Token Economics
4.00 / 5.00
Hype and media presence
4.00 / 5.00


Team - Founders:
Are the founders known? Do they have relevant experience and connections?
  • 1. Unknown people. No serious background information available.
  • 2. Partial information available, no relevant experience.
  • 3. Background information available, no relevant experience.
  • 4. Solid, relevant background and connections available.
  • 5. Solid, well known, experienced and well connected founders.
Team - Advisors:
What level of commitment, experience and connections do the advisers bring?
  • 1. No reputable advisors with relevant experience.
  • 2. Few advisors with little to no relevant experience.
  • 3. Advisers with relevant experience.
  • 4. Reputable advisors with relevant experience and connections.
  • 5. High profile highly experienced, well connected and committed advisors.
Product - Technology Layer:
Is the product innovative? Does it contribute to the blockchain ecosystem?
  • 1. No, the product is just a clone with no contribution.
  • 2. The product is a dapp with minimal interest and little contribution to the ecosystem.
  • 3. The product is a dapp, exchange or protocol addressing a real problem or need.
  • 4. Innovative product offering a solution to a high interest problem.
  • 5. Innovative protocol tackling critical problems of highest interest.
Product - Proof of concept:
Is the proof of concept comprehensive? Does it address a real problem or need?
  • 1. No, incoherent concept or no need for it.
  • 2. Difficult concept to understand, hardly any need or problem to solve.
  • 3. Clear concept which addresses a real problem.
  • 4. Clear, well thought concept which addresses a real problem of high interest.
  • 5. Exceptional proof of concept addressing a critical problem.
Product - MVP:
Has the concept been tested? Is there an MVP? How far is the launch?
  • 1. Untested concept.
  • 2. Initial tests, no MVP.
  • 3. MVP ready, Alpha launch.
  • 4. MVP ready, Beta launch.
  • 5. Fully working initial product.
Token Economics - Token utility:
Does the token have any utility? Is it a core function to the network?
  • 1. No, the token has no utility.
  • 2. Token has a limited, unclear utility.
  • 3. The token has some added, but not inherent value.
  • 4. The token is embedded in the network and has inherent value.
  • 5. The token has both inherent and added value and is embedded at the core of the network.
Token Economics - Network effect:
Are strong network effects built into the system? Are incentives aligned to encourage the growth of the network?
  • 1. No network effects built in.
  • 2. Minimal network effects, unclear incentives.
  • 3. Network effects and incentives present.
  • 4. Solid network effects with clear incentives due to inherent utility.
  • 5. Strong network effects, aligned incentives and high utility value.
Business Evaluation - Valuation:
Is the valuation reasonable ? Sufficient but not too high for the scope of the project?
  • 1. No, the valuation is ludicrous, the project could do with 1/10 of the sum.
  • 2. Valuation is higher than the project would need. Likely a money grab.
  • 3. Valuation is reasonable for the scope of the project.
  • 4. Valuation is modest for the caliber of the project.
  • 5. Valuation is impressively modest relative to the high caliber of the project.
Business Evaluation - Market potential:
What is the market potential? Does the project look like it could penetrate the market and conquer the world?
  • 1. No clear market potential.
  • 2. Limited market potential.
  • 3. Reasonable market and growth potential.
  • 4. Solid market and growth potential.
  • 5. Exceptional market and growth potential.
Business Evaluation - Competition:
Does the project have competition? How strong does it look relative to its competition?
  • 1. Awful position competing with many strong players.
  • 2. Weak position facing strong competition.
  • 3. Reasonable position facing strong competition.
  • 4. Solid position facing weak competition.
  • 5. Exceptional position, facing almost no competition.
Business Evaluation - Supply sold:
Does the team distribute a reasonable amount of the tokens so as to encourage create strong incentives and network effects?
  • 1. Negligible supply, greedy team.
  • 2. Small supply, poor incentives.
  • 3. Modest supply, weak incentives.
  • 4. Reasonable supply, responsible team.
  • 5. Large supply, solid inventive, committed team.
Business Evaluation - Vesting:
Does the team have a sufficient stake to have aligned incentives? Do they have a vesting schedule implemented?
  • 1. Large stake, no vesting.
  • 2. Small stakes, no vesting.
  • 3. Modest stakes, no vesting.
  • 4. Reasonable stakes, modest vesting.
  • 5. Solid stake, healthy vesting.
Hype and media presence:
Is the project present on social media and chats? Is there interest for it?
  • 1. No presence, negative image.
  • 2. Modest exposure and no interest.
  • 3. Reasonable exposure and modest interest.
  • 4. Solid exposure and high interest.
  • 5. Exceptional exposure, high interest and considerable hype.
Final Score


MacLane Wilkison
Co-Founder & CEO
Michael Egorov
Co-Founder & CTO
David Núñez
John Pacific
Sergey Zotov
Kieran Prasch
Ryan Caruso
Justin Myles Holmes
Arjun Hassard
Product & Partnerships
Bogdan Opanchuk, PhD
Derek Pierre
Business Development


Prof. Dave Evans
Professor of Computer Science at the University of Virginia
Prof. Giuseppe Ateniese
Department Chair in Computer Science at Stevens Institute of Technology
John Bantleman
CEO at RainStor
Tony Bishop
Vice President, Global Vertical Strategy & Marketing at Equinix


Published at
End-to-End Encrypted Kafka with Proxy Re-Encryption
2 years ago
NuCypher KMS: Decentralized key management system
2 years ago
Proxy Re-Encryption Playground in Python
2 years ago
NuCypher brings privacy and security to the public blockchain
2 years ago
NuCypher KMS development roadmap
1 year ago
MediBloc Leverages NuCypher for its Blockchain-based Healthcare Information Ecosystem
1 year ago
Welcoming Professor Giuseppe Ateniese
1 year ago
SF Cryptocurrency Devs: A Deep Dive into Blockchain Proxy Re-Encryption
1 year ago
NuCypher KMS 白皮书 中文
1 year ago
NuCypher Interview Series: Builders of the decentralized web — Episode #1
1 year ago
NuCypher Gathers in Seattle — Winter 2018 Homecoming
1 year ago
Builders of the Decentralized Web: Episode #2 | Ethics, Education & Evolving Topologies
1 year ago
Unveiling Umbral
1 year ago
Sharing data in the sharing economy
1 year ago
Welcoming David Núñez, PhD
1 year ago
NuCypher Joins The Enterprise Ethereum Alliance
1 year ago
Mobility Open BIockchain Initiative
1 year ago
Welcoming Arjun Hassard
1 year ago
Community Update #1
1 year ago
Community Update #2
1 year ago
Community Update #3
1 year ago
Community Update #4
1 year ago
Community Update #5
1 year ago
Community Update #6
1 year ago
Welcoming Bogdan Opanchuk, PhD
1 year ago
Builders of the Decentralized Web: Episode #3 | Applied Cryptography, Adversarial Thinking & Arbitrary Computation on Encrypted Data
1 year ago
Welcoming Derek Pierre
1 year ago
Community Update #7
1 year ago