Dfinity Community Conversations Summary: Verifiably encrypted threshold key derivation (vetKD) techniques enable privacy protecting on-chain dapps

•

Buckle up for some mind blowing cryptography updates by @dfinity! 🧵💥 Have you heard of Verifiably encrypted threshold key derivation (vetKD)? If you missed the Community conversations with @gregoryneven and @aislingconn87 on the #IC. youtube.com/watch?v=baM6jHnmMq8

Problems: Managing user side encryption keys is hard, and easily/safely manage user side encryption keys limits cross-device syncing.

Solution: Verifiably encrypted threshold key derivation (vetKD) API Function: derive_encrypted_key (master_key_id, transport_public_key, derviation_id) -> Encrypted Key

Verifiably encrypted threshold key derivation interface, allows any canister to call "derive _encrypted_key". Transforming any string into an encrypted key through an API.

But How Is this Possible? DKG to generate master key and shares. Derived Keys are BLS signatures. Generate your BLS Signature on a subnet. Threshold signed. Identity based decryption scheme for asymetric use cases.

Threshold BLS is a BLS digital signature aka Boneh–Lynn–Shacham (BLS) which allows a user to verify that a signer is authentic. The scheme uses a bilinear pairing for verification, and signatures are elements of an elliptic curve.

Steps Front end generates a transport key pair Canister calls derivation interface Derives key in Encrypted form Only thing canister, nodes see is encrypted key Basically combining transport public key+derivation key into single key. Then use derived key to encrypt/decrypt

Identity Based Encryption:

Canisters can store end-to-end encrypted user data (e.g., storage, messaging, social networks) without having to rely on browser storage for user-side secrets.

Applications this enables: Canisters or individual users can encrypt messages under the public key of the subnet, so that they can be decrypted by calling the threshold key derivation interface which is secret-shared among the replicas. internetcomputer.org/live-sessions#Community-Conversation-Threshold-Key-Derivation-How-a-Blockchain-Can-Keep-Many-Secrets

Encrypted file storage Drop encrypted files onto a storage canister. User generates a transport key pair, sends ingress message to storage canister, returns key derivation. User can encrypt file, and store encrypted document in ENCRYPTED storage canister.

End to End Encrypted Messaging Send encrypted message without first communicating with canister to derive key. Subnet derives encryption key, using asymmetrical decryption.

End to end Encrypted Social Networks. Wow this one is pretty cool: All posts are encrypted in order to enforce access policy defined by user who posts content. All content posted is fully encrypted and only visible to specified users.

Trading applications: Preventing front running on exchanges. Miner Extracted Value (MEV) is a term you've probably heard recently. It's resulted in over $683m in lost funds since 2020 on Ethereum Dex's. With on-chain encrypted DEX's, you can encrypt transactions.

cont'd MEV: Decrypt sequenced transaction, and execute only when order is filled. This also enables secret bid auctions, Time lock encryption, and Dead man switches.

Other use cases: - BLS Signatures - Untraceable transactions. No big deal.

Is this technology scaleable? Threshold BLS is simpler then ECDSA, and can perform 1000's on encryptions per second depending on subnet size.

Encrypted Group chats are also possible depending on how derivation identities are chosen. Encrypted email isn't really used frequently currently, but with this setup, it becomes much more feasible.

What are some limits to Threshold BLS? BLS signatures are not quantum secure. Over the longer term—say, 2025–2030—STARK aggregation is expected to be a drop-in replacement for BLS aggregation.

What about Homomorphic encryption? The encryption techniques above are not fully homomorphic, but are big step. Trusted hardware solutions are a good option, but are vulnerable to sidechannel attacks on SEV.