Q&A with Michael Egorov, CTO and co-founder of NuCypher
CTO and co-founder of NuCypher, Michael Egorov previously worked on infrastructure tools at LinkedIn. He has a PhD in experimental physics and has an extensive experience in the area of ultracold atoms and Bose-Einstein condensates at Swinburne and Monash universities.
In advance of his talk “NuCypher KMS: Uncensorable decentralized encryption service” at Rethink Trust conference in Amsterdam on June 29th, we spoke to Michael about NuCypher and how it started, the aspect of trust in the decentralized world and the use cases of Kafka.
How did you arrive at the key idea of NuCypher?
Arriving at the key idea took many small steps. We started our company in 2016, being ZeroDB: an end-to-end encrypted database. The motivation was decentralized applications! But we didn’t use blockchain in our product at the time. As we started speaking to prospective customers, mainly in the financial sector, we realized that they wouldn’t need a slowish e2e encrypted database much, but rather an ability to share data while encrypted (with proxy re-encryption). As a result, we applied it to Big Data world (Hadoop, Kafka). Interestingly, for Hadoop we wrapped it as a distributed key management system, using Hadoop’s encryption API. We then saw a substantial demand in the decentralized world and thought: “hey, why not apply the same idea of a KMS using proxy re-encryption at the world’s scale, for decentralized applications?” And that’s the current idea.
What are the typical use cases for the proxy re-encryption?
Every time one needs to share data with other parties, with the ability to revoke the access, proxy re-encryption is useful. Technically, sharing data while encrypted, with more than two parties involved, and no trust to any third party: that’s the sweet spot.
The use cases include:
– Healthcare. Patients owning their data, sharing with healthcare providers.
– Data marketplaces. Customers owning their private data, selling to advertisers (and sharing with friends).
– Decentralized DRM. Autonomous selling of content online.
– Multi-user end-to-end encrypted group chats.
How does the blockchain part of it works?
Blockchain is needed to decentralize the network. In our network, there are nodes that do the re-encryptions. Imagine: if we allowed unrestricted participation (w/o any coins), an attacker would be able to perform a Sybil attack, spinning up millions of nodes, taking over the most of the network. He’d accept most of the re-encryption policies (access grants), and after collecting enough data, he’d shut down the whole network.
We distribute the trust proportionally to the amount of our token staked. So, to take over the network, one would need to obtain > 50% of coins. Importantly, if an attack on the network happens, the value of the coin is expected to crash, so anyone would be disincentivized to do such an attack.
How do you share the keys and manage delegation?
The core concept is proxy re-encryption. Apart from encryption and decryption operation, it allows re-encryption (transforming data from encrypted for A to encrypted for B while keeping everything always encrypted). This essentially allows outsourcing permission management to a third party, without trusting this third party with your data. And nodes in our network are this third party. The participant A generates a set of re-encryption keys (transforming from A to B) and gives them to nodes in our network. Then, these nodes transform the data at the request of B, until A revokes the access.
What are the Kafka use cases? Why is it important for you to highlight it? (We love Kafka in our data engineering part of the world:)
So far, Kafka use cases have been driven by compliance. For example, imagine financial data passing through Kafka without ever being decrypted on the broker side. Another example would be synchronizing multiple servers that hold sensitive data, without those servers sharing an encryption key with each other.
What are you most interested in at Rethink Trust?
Rethink Trust seems to be a good opportunity to talk to the European part of the world. That’s especially important given the recent GDPR laws passed.