NuCypher: A proxy re-encryption network to empower privacy in decentralized systems
How does NuCypher work?
1. Alice, the data owner, grants access to her encrypted data to anyone she wants by creating a policy and uploading it to the NuCypher network.
2. Using her policy’s public key, any entity can encrypt data on Alice’s behalf. This entity could be an IoT device in her car, a collaborator assigned the task of writing data to her policy, or even a third-party creating data that belongs to her — for example, a lab analyzing medical tests. The resulting encrypted data can be uploaded to IPFS, Swarm, S3, or any other storage layer.
3. A group of Ursulas, which are nodes of the NuCypher network, receive the access policy and stand ready to re-encrypt data in exchange for payment in fees and token rewards. Thanks to the use of proxy re-encryption, Ursulas, and the storage layer never have access to Alice’s plaintext data.
4. Bob, a data recipient, sends an access request to the NuCypher network. If Bob was granted an access policy by Alice, the data is re-encrypted for his public key, and he can subsequently decrypt it with his private key.
Github: https://github.com/nucypher/nucypher
Clone the nucypher repository:
git clone https://github.com/nucypher/nucypher.gitChange to the nucypher directory:
cd nucypherInstall all the dependencies:
pip3 install .Run ursula:
nucypher ursula run --dev --federated-only
Note: Alice the Authority can set the parameters of policy and go offline temporarily or permanently, knowing that Ursula will continue to respect the policy by performing re-encryptions.
Alice run:
Run command in a new tab:
nucypher alice run --dev --federated-only --teacher 127.0.0.1:10151
Note: Alice is running on 8151 port
Create a label (derive_policy_encrypting_key):
This endpoint controls the Alice.get_policy_pubkey_from_label method.
- URL: /derive_policy_encrypting_key/<\label\>
- HTTP Method: POST
- Returns: a hex-encoded policy_encrypting_key
Note: Alice running on 8151 port
Run the bob:
Run command in new tab
nucypher bob run --dev --federated-only --teacher 127.0.0.1:10151 --controller-port 4000
Note: Bob is running on 4000 port.
This endpoint controls the Alice.grant method.
- URL: /grant
- HTTP Method: PUT
Required arguments:
- bob_encrypting_key — encoded as hex
- label — a unicode string
- m — an integer
- n — an integer
- expiration — an ISO-8601 formatted datetime string
Returns:
- treasure_map — encoded as base64
- policy_encrypting_pubkey — encoded as hex
- alice_signing_pubkey — encoded as hex
Note: Alice running on 8151 port
Start Enrico:
Enrico the Encryptor can be a very small device, encrypting each message only once, while Ursula re-encrypts for a large number of recipients.
Run the command on a new terminal.
nucypher enrico run --policy-encrypting-key <key> --http-port 5000Example:
nucypher enrico run — policy-encrypting-key 03e87e0d49cf157a777d02ba809c42616c1c03e9161fae8a5dc6d5c9e2bfeb35ff — http-port 5000
Encrypt the message:
This endpoint controls the Enrico.encrypt_message method.
- URL: /encrypt_message
- HTTP Method: POST
Required arguments:
- message — encoded as base64
Returns:
- message_kit and signature encoded as base64
Note: 5000 is Enrico port
Message Retrieve:
This endpoint controls the Bob.retrieve method.
- URL: /retrieve
- HTTP Method: POST
Required arguments:
- policy_encrypting_pubkey — encoded as hex
- alice_signing_pubkey — encoded as hex
- datasource_signing_pubkey — encoded as hex
- label — a Unicode string
- message_kit — encoded as base64
Returns:
- A JSON-array of base64-encoded decrypted plaintexts as plaintext
Some common returned status codes you may encounter are:
200 OK– The request has succeeded.400 BAD REQUEST– The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).500 INTERNAL SERVER ERROR– The server encountered an unexpected condition that prevented it from fulfilling the request.
If you enjoy this article, you can give it a ❤ or share it out. Thanks! :)
