Unveiling Umbral

Threshold proxy re-encryption for scalable end-to-end encrypted data sharing

We’re excited to announce the fulfillment of one of our major milestones: the definition and implementation of Umbral, a threshold proxy re-encryption scheme that powers the NuCypher KMS network.

Umbral allows secure delegation of decryption rights, enabling private data sharing between arbitrary numbers of participants in public consensus networks. This is achieved without revealing data encryption keys to intermediary entities. Umbral’s defining feature is arguably its split-key mechanism, whereby the re-encryption process (i.e. the cryptographic process through which data is securely shared) is distributed through a set of nodes rather than just one node, as it would be in a traditional proxy re-encryption scheme. To proceed, Umbral requires a quorum — a minimum number of nodes to complete the re-encryption, In this way, the trust is split between them in a manner similar to Shamir’s Secret Sharing — except with re-encryption key shares, rather than private key shares. The name “Umbral” comes from the Spanish word for “threshold”, emphasizing the split-key characteristic of the scheme, given its core role in the decentralized architecture of NuCypher KMS.

Our cryptosystem comes also with its first reference implementation in Python, pyUmbral. 

Built with Cryptography.io and OpenSSL, pyUmbral is a ready-to-use, open-source proxy re-encryption toolkit.