NuCypher KMS is a decentralized Key Management System (KMS) that addresses the limitations of using consensus networks to securely store and manipulate private, encrypted data. It provides encryption and cryptographic access control, performed by a decentralized network, leveraging proxy re-encryption. Unlike centralized KMS as a service solutions, it doesn’t require trusting a service provider. NuCypher KMS enables sharing of sensitive data for both decentralized and centralized applications, providing security infrastructure for applications from healthcare to identity management to decentralized content marketplaces. NuCypher KMS will be an essential part of decentralized applications, just as SSL/TLS is an essential part of every secure web application.
A key management system (KMS) is an integrated approach for generating, distributing, and managing cryptographic keys for devices and applications (Fig. 1). A KMS includes the backend functionality for key generation, distribution, and rotation as well as the client functionality for injecting, storing, and managing keys on devices. As the root of trust, it’s critical that a KMS is appropriately configured, managed, and protected. Historically, this has meant deploying a KMS on-premises in hardware security modules (HSM) or using tools like HashiCorp’s Vault. However, this requires a high degree of technical sophistication as well as upfront capital investment. To ease the technical burden and provide more competitive pricing, vendors like Amazon CloudHSM, Google Cloud KMS, Azure Key Vault and TrueVault have begun offering KMS as a service. However, KMS as a service offerings necessitate placing an undue level of trust in the service provider, which may be inappropriate for security-critical applications.
Public consensus networks, such as Bitcoin and Ethereum, are a promising solution to this centralization problem. But the limitations of public consensus networks in performing cryptographic operations that involve the manipulation of secret data are well-established . Consensus networks employ a volunteer network of nodes, which is subject to constant churn and not as reliable as central infrastructure when it comes to availability and enforcing access management rules. NuCypher KMS uses a decentralized network to remove the reliance on central service providers, proxy re- encryption for cryptographic access control, and a token incentive mechanism to ensure reliability, availability, and correctness. Because of the use of proxy re-encryption, an unencrypted symmetric key (which gives the ability to decrypt private data) is never exposed server-side (Fig. 1), and there is no single point of security failure. Even if compromised, hackers would only get re-encryption keys but access to the file is still protected.
Protocol economies consist of a network of miners that contributes work to provide a scarce resource and that is rewarded when said resource is consumed. In NuCypher KMS, miners are re-encryption nodes. Anyone can become a miner and their rewards are differentiated based on the amount of re-encryption operations provided. Access to the scarce re-encryption services must be controlled and allocated to the highest value uses. The mechanism by which we achieve this is NuCypher KMS Token (NKMS). NKMS is both the reward miners get for contributing work and the price consumers (owners of the data) pay for access to re encryption services. Vitally, the token also incentivizes correctness of computation and security of the system.