1/21 Buckle up for some mind blowing cryptography updates by @dfinity! 🧵💥

Have you heard of Verifiably encrypted threshold key derivation (vetKD)?

If you missed the Community conversations with @gregoryneven and @aislingconn87 on the #IC.

2/21 Problems:

Managing user side encryption keys is hard, and easily/safely manage user side encryption keys limits cross-device syncing.

3/21 Solution:

Verifiably encrypted threshold key derivation (vetKD)

API Function:

derive_encrypted_key (master_key_id, transport_public_key, derviation_id) -> Encrypted Key

4/21 Verifiably encrypted threshold key derivation interface, allows any canister to call "derive _encrypted_key".

Transforming any string into an encrypted key through an API.

5/21 But How Is this Possible?

DKG to generate master key and shares.
Derived Keys are BLS signatures.
Generate your BLS Signature on a subnet.
Threshold signed.
Identity based decryption scheme for asymetric use cases.

6/21 Threshold BLS is a BLS digital signature aka Boneh–Lynn–Shacham (BLS) which allows a user to verify that a signer is authentic.

The scheme uses a bilinear pairing for verification, and signatures are elements of an elliptic curve.

8/21 Identity Based Encryption:

9/21

Canisters can store end-to-end encrypted user data (e.g., storage, messaging, social networks) without having to rely on browser storage for user-side secrets.

10/21 Applications this enables:

Canisters or individual users can encrypt messages under the public key of the subnet, so that they can be decrypted by calling the threshold key derivation interface which is secret-shared among the replicas.

internetcomputer.org/live-sessions#…

11/21 Encrypted file storage

Drop encrypted files onto a storage canister.

User generates a transport key pair, sends ingress message to storage canister, returns key derivation.

User can encrypt file, and store encrypted document in ENCRYPTED storage canister.

12/21 End to End Encrypted Messaging

Send encrypted message without first communicating with canister to derive key. Subnet derives encryption key, using asymmetrical decryption.

13/21 End to end Encrypted Social Networks.

Wow this one is pretty cool:

All posts are encrypted in order to enforce access policy defined by user who posts content. All content posted is fully encrypted and only visible to specified users.

14/21 Trading applications: Preventing front running on exchanges.

Miner Extracted Value (MEV) is a term you've probably heard recently.

It's resulted in over $683m in lost funds since 2020 on Ethereum Dex's.

With on-chain encrypted DEX's, you can encrypt transactions.

15/21 cont'd MEV:

Decrypt sequenced transaction, and execute only when order is filled. This also enables secret bid auctions, Time lock encryption, and Dead man switches.

17/21 Is this technology scaleable?

Threshold BLS is simpler then ECDSA, and can perform 1000's on encryptions per second depending on subnet size.