Human Network
  • ☀️Welcome to Human Network
  • Overview
    • What is Human Network? What are Human Keys?
    • Methods and their use cases
      • Deriving keys from low-entropy data
      • Deriving keys from web accounts
      • Provably encrypting to Human Network, and setting custom decryption conditions.
    • FAQ
  • For Operators
    • Register and Run a Human Node
      • Use Keystore for private key encryption
      • Keyshare backup
    • Diagnostics using the Network UI
  • Decentralization
    • Architecture
      • Preventing Collusion
      • Scalability
      • Credit System
    • Mainnets and Testnets
  • Usage Instructions
    • Human Network Credits
    • Making Requests to Human Network
      • OPRF To Derive Keys From Low-Entropy Data
      • PRF to Derive Keys from JWTs
      • Decryption of Provably Encrypted Data
    • Sponsor Requests
Powered by GitBook
On this page
  • How ElGamal encryption works
  • Decentralizing Bob with Human Network
  • Limiting Decryption
  • Decryption Sequence Diagram
  1. Overview
  2. Methods and their use cases

Provably encrypting to Human Network, and setting custom decryption conditions.

For provable encryption, the user can interact with Human Network via the DecryptBabyJubJub method. This works via ElGamal decryption. ElGamal decryption only requires a scalar multiplication from the network, so it is compatible with the Human Network architecture.

How ElGamal encryption works

When Alice wants to encrypt message M represented as a point to Bob's public key B, she generates an ephemeral (private, public) keypair:

(a,A=a∗G)(a, A = a * G)(a,A=a∗G)

where G is the curve's generator.

The encrypted ciphertext is

(A,aB+M)(A, aB+M)(A,aB+M)

To decrypt, Bob can perform Diffie Hellman to find the shared secret aB

aB=bAaB = bAaB=bA

since Bob knows his own secret b and now knows A from the ciphertext

and decrypt the message from the ciphertext:

M=aB+M−bAM = aB + M - bAM=aB+M−bA

Decentralizing Bob with Human Network

Notice the only operation Bob had to do with his secret key was a scalar multiplication by Alice's ephemeral public key. Because it's scalar multiplication, it can be done in a decentralized way with Human network.

The final step of recovering M by subtracting bA does not have to be done by Human Network. In fact, there is more privacy if Mishti network never sees M.

As a result, ciphertext itself is never touched by Mishti Network. It can be stored on a blockchain or, for GDPR protection and security, by an Observer node. Mishti network simply computes bA and never decrypts the message -- the ciphertext is needed to decrypt the actual message. This makes Human Network simpler and more secure: even if the secret key of Human Network were to be compromised, nobody can learn the message without also learning the ciphertext.

Now, the only question is:

How does Human Network know when it should assist in decryption? It would not protect user privacy if it were to help decrypt all data anyone ever asks it to help decrypt.

Limiting Decryption

Human network limits decryption rights by adding programmable privacy: When Alice encrypts a message, she also uses her ephemeral private key a to sign the address of an Ethereum contract. This contract should have the following ABI:

function decryptionCredits(address decryptor) external view returns (uint)

decryptionCredits says how many times a particular decryptor is allowed to decrypt. You may expect this contract bool makes more sense, but returning a uint enables simple implementation of other potentially common cases. E.g. limiting an allowlisted decryptor to a certain number of decryptions per day.

Human Network will perform scalar multiplication (returning bA) if A has signed a smart contract where the decryptor is has made fewer requests than the minimum of

  • Decryption credits returned by the smart contract

  • Human credits purchased

So how do we actually use this? See

Decryption Sequence Diagram

PreviousDeriving keys from web accountsNextFAQ

Last updated 2 months ago

Decrypting Provably Encrypted Data Over BabyJubJub Curve
Human network with secret key s assisting in the decryption of ciphertext (C1, C2)