Giter VIP home page Giter VIP logo

nube's Introduction

Cryptographic primitives, hosted on the decentralized nodes of the Threshold network, offering accessible, intuitive, and extensible runtimes and interfaces for secrets management and dynamic access control.

pypi pyversions codecov discord license

Threshold Access Control (TACo)

TACo is end-to-end encrypted data sharing and communication, without the requirement of trusting a centralized authority, who might unilaterally deny service or even decrypt private user data. It is the only access control layer available to Web3 developers that can offer a decentralized service, through a live, well-collateralized and battle-tested network. See more here: https://docs.threshold.network/applications/threshold-access-control

Getting Involved

NuCypher is a community-driven project and we're very open to outside contributions.

All our development discussions happen in our Discord server, where we're happy to answer technical questions, discuss feature requests, and accept bug reports.

If you're interested in contributing code, please check out our Contribution Guide and browse our Open Issues for potential areas to contribute.

Security

If you identify vulnerabilities with any nucypher code, please email [email protected] with relevant information to your findings. We will work with researchers to coordinate vulnerability disclosure between our stakers, partners, and users to ensure successful mitigation of vulnerabilities.

Throughout the reporting process, we expect researchers to honor an embargo period that may vary depending on the severity of the disclosure. This ensures that we have the opportunity to fix any issues, identify further issues (if any), and inform our users.

Sometimes vulnerabilities are of a more sensitive nature and require extra precautions. We are happy to work together to use a more secure medium, such as Signal. Email [email protected] and we will coordinate a communication channel that we're both comfortable with.

A great place to begin your research is by working on our testnet. Please see our documentation to get started. We ask that you please respect testnet machines and their owners. If you find a vulnerability that you suspect has given you access to a machine against the owner's permission, stop what you're doing and immediately email [email protected].

nube's People

Contributors

cygnusv avatar fjarri avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

fjarri

nube's Issues

[Protocol] Initiating/coordinating the Summoning phase

A) Seed Distribution

  1. Who/what distributes the seed to the participating nodes?
  2. Does the seed need to be verifiably random?
  • No. It's better if it's not reused/repeated, but it can be sequential (and therefore predictable).
  • May be a problem if an attacker compromises a node (e.g. the distributor?)
  1. Does the seed value need to be validated by consensus?
  • Yes, so the clique is coordinated around the same value.

B) Shared inputs (share indices)

  1. Do they have to be secret, like they are in Umbral?
  • No, nodes look them up via label.
  • They do need to be agreed upon by all members of the clique

C) Aggregating the KFragSlivers

  1. Can this happen later, at the point that they are actually used (i.e. the Grant phase)?
  • This ensures that all the participating nodes' signatures are preserved, such that they can be verified via consensus or by some other agent.
  1. Maybe Enrico can check that all the KFragSlivers were used?
  • No, because Enrico is disconnected from grant. Grant can occur before Enrico is involved, or way after.
  1. Aggregator Attack: whoever is tasked with aggregating the KFragSlivers can generate KFrags that appear to be pursuant to the policy/SC, but since they are locally encrypted before being sent to Ursulas, it's not easy to verify this. Hence a malicious actor can produce KFrags allowing them to unilaterally control AbioticAlice. Note that nube not being thresholdable is orthogonal to this attack.
  • We need a check that the entire clique's KFragSlivers were involved in the aggregation. One component of this: listing the participating nodes in a SC, and verifiable consensus on the membership of each clique. Listed nodes are expected(?) to report for duty.
  • May need to ask Bob to check if his retrieval corresponded to the expected set of signatures from the correct clique that produced the KFragSlivers – i.e. some kind of (aggregatable) signature on the CFrag.
  • This protocol will have to be different from Umbral anyway because the curve is different (k256 vs bls). Note only the former is verifiable via Ethereum.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.