NuCypher Key Management System is an interesting, high rated upcoming ICO. Let us discuss about the fundamental problem statement this project is trying to solve, its different use cases, team and my final verdict.
NuCypher KMS - How It Works?
Step 01 : Alice, the data owner, encrypts data with her public key and uploads it to IPFS, Swarm, Amazon S3, or any supported storage layer. IPFS and Swarm are Ethereum peer to peer distributed file system and data sharing network in which files are addressed by the hash of their content (Content-addressable). Both can perform decentralized file transfer systems and can be used to store the HTML, CSS and JavaScript that implement an application on top of the other decentralized systems. To delegate access to valid recipients, she creates and uploads re-encryption keys to the NuCypher KMS network.
Step 02: Ursula, a miner, receives the re-encryption keys and stands ready to re-key data. She provides this service in exchange for payment in fees and block rewards. The NuCypher KMS network and the storage layer never have access to Alice's plaintext data.
Step 03: Bob, a valid recipient, sends an access request to the NuCypher KMS network. If a valid re-encryption key exists and specified conditions are met, the data is re-keyed to his public key and he is able to decrypt with his private key.
NuCypher KMS Team - Video
5 Interesting Usecases Of NuCypher KMS (Selected From Whitepaper)
NuCypher KMS provides the infrastructure for a variety of applications that require sharing of sensitive data as a basic functionality. The ability to condition decryption operations on public actions on the consensus network, such as the publication of certain messages, payments made between specific parties, and other events, enables a range of applications including:
1. Sharing encrypted files (“Decentralized Dropbox”)
Files can be encrypted client-side and stored in decentralized filesystems like Swarm, IPFS, Sia or centralized ones like Amazon S3. The files can be easily shared with approved third-parties by providing a re-encryption token based on the third-party’s public key. The third-party’s access permission can be easily revoked
by removing the re-encryption token from the network.
2. Patient-controlled electronic health records (EHR)
A patient-controlled EHR can be created in which the patient owns their data and encryption keys, as opposed to centralized systems like Epic. Again, the data can be stored centrally or in a decentralized backend. When the patient wants to share their encrypted data with a hospital or insurance company, they issue a re-encryption token,
which grants temporary access to the third-party.
3. Decentralized digital rights management (DDRM)
Cryptographic access control can act as a decentralized DRM. Access controls can be embedded into the encryption itself so that they follow the data wherever it goes. Conditional re-encryption tokens can be controlled by a smart contract and released only upon payment. Services like a decentralized Netflix or an encrypted marketplace selling software, apps, photos, and other digital content can now be built using NuCypher KMS.
 |
| People Behind NuCypher |
4. Secret credentials management for scripts and backend applications
NuCypher KMS is ideal for the storage of any secrets, such as sensitive environment variables, database credentials, and API keys. For scripts, a re-encryption token can be generated for the duration of a script, then revoked. For example, developers can safely store encrypted database credentials on GitHub, giving temporary access to these
credentials once an instance is deployed. Even if the GitHub repository is public, the credentials cannot be used by an unauthorized person.
5. Mobile device management (MDM) and revocation
In an enterprise MDM setting, re-encryption tokens can be created for valid devices. When a device is lost or retired, or an employee leaves the organization, the re-encryption token can be deleted to revoke the device’s access. This avoids the problem of re-organizing hierarchical key trees.
Github Activities
The github of NuCypher KMS is moderately active. I am not fully satisfied but there is no need of a red flag at this point in time.
Conclusion
NuCypher KMS is a decentralized key management service and cryptographic access control layer for the blockchain and decentralized applications. Developers and enterprises alike can leverage it to create highly-secure applications in healthcare, financial services, and more. By bringing private data sharing and computation to the public blockchain, NuCypher KMS enables everything from encrypted content marketplaces to secret credentials management to patient controlled electronic health records.
This looks like a genuine solution for many usecase which are not clearly addressed so far in blockchain technology. Since we are going to live in an era where there is lot of focus on security and privacy, NuCypher KMS seems to be promising bet.
