NuLink provides privacy-preserving technology for decentralized applications via APIs. We enable and make it easy for developers, startups, small businesses and enterprises to build their own applications with all the best security and privacy practices
NuLink network is a decentralized solution for privacy-preserving applications developers to implement best practices and best of breed security and privacy. The NuLink platform provides endpoint encryption and cryptographic access control. Sensitive user data can be securely shared from any user platform to cloud or decentralized storage and access to that data is granted automatically by policy in Proxy Re-Encryption or Attribute-Based Encryption. For the data user on the other side, Zero-Knowledge Proof can help them verify the data source. In more advanced privacy-preserving use cases, NuLink uses Fully Homomorphic Encryption to customize enterprise-level data computation services.
In 2006, British mathematician and entrepreneur Clive Humby famously said “Data is the new oil”. He was, of course, referring to the immense opportunities for anyone who could tap data’s fundamental value. Today, businesses across the spectrum understand that data is the key to maximize business value. From autonomous driving (Tesla, Waymo) to content makers (Netflix, HBO), from e-commerce (Alibaba, Amazon) to financial markets (Robinhood, Coinbase) – almost all businesses are mining data to fuel innovation and growth.
At the same time, data can cause irreparable damage to businesses, reputations and people’s lives if sensitive information leaks in a data breach. For example, the number of data breaches in healthcare has been increasing year after year, affecting millions of people including children. These data breaches can have devastating consequences as seen in the data breach that took place at a Finnish mental health startup in 2020.
In many cases, even though the law requires companies to implement data protection (for example, Europe’s GDPR or General Data Protection Regulation that is known as the toughest privacy and security law in the world), businesses regardless of size – enterprise, small or medium businesses or startups – often find it difficult to protect their users’ data. The reasons for this are many and include the following:
Finding a solution to these data privacy problems is the motivation behind NuLink.
NuLink has the following core characteristics: it integrates a variety of crypto technologies, is decentralized, easy to implement and open source. We aim to offer an out-of-the-box solution that lowers the threshold of having a privacy protection scheme in application for all kinds of business. NuLink will offer everything needed including data encryption, key & storage management, inter-blockchain deployment and privacy computing.
By integrating best in class technologies we are building a strong technology foundation. The technical solutions provided by NuLink cover three main categories.
These three kinds of technical solutions can provide privacy-preserving applications in many fields, such as Decentralized Finance (DeFi), healthcare, social networks, Digital Rights Management, etc
The NuLink network integrates the Application Layer, the Cryptograph Layer, the Storage Layer, the Blockchain Layer and the Watcher Network.
NuLink users can simply integrate into one single API and get access to multiple storage and blockchain solutions. Miners can get NuLink’s token (NLK) in the Storage Layer by providing decentralized storage services and also in the Watcher Layer by relaying information from ETH.
The core product provided by NuLink is decentralized privacy-preserving technology, which is an organic combination of blockchain and cryptography technologies. The crypto primitives involved include Proxy Re-Encryption, Fully Homomorphic Encryption, Zero-Knowledge Proof and so on. This section will introduce these crypto primitives and the schemes used by NuLink, and explain how these work in NuLink systems.
Zero-Knowledge Proof or ZKP means that the prover makes the verifier believe that a certain conclusion is correct without providing any useful information to the verifier. Zero-Knowledge Proof was first proposed by S Goldwasser et al in 1989. It has the following three properties:
By whether the participants need to interact or not, Zero-Knowledge Proof can be divided into Interactive Zero-Knowledge Proof and Non-Interactive Zero-Knowledge Proof or NIZK. NIZK is suitable for decentralized scenarios. The commonly used NIZK schemes are zk-SNARK, zk-STARK, Bulletproofs, PLONK, Supersonic, Malin and so on. Each scheme has its own advantages and we can choose the appropriate one depending on the different scenarios involved.
Proxy re-encryption (PRE) is a type of public-key encryption (PKE) that allows a proxy entity to transform or re-encrypt data from one public key to another, without having access to the underlying plain text or private keys. The proxy re-encryption operation process is as follows:
Proxy re-encryption plays a role in private data sharing in NuLink. Specifically, NuLink uses NuCypher’s Umbral Proxy Re-Encryption Scheme. Umbral is a threshold Proxy Re-Encryption scheme following a Key Encapsulation Mechanism (KEM) approach. It is inspired by ECIES KEM, and the BBS98 proxy re-encryption scheme. With Umbral, Alice – the generic name for data owners in NuCypher KMS (Key Management System) – can delegate decryption rights to Bob for any ciphertext intended to her through a re-encryption process performed by a set of N semi-trusted proxies. When at least t of these proxies (out of N) participate by performing re-encryption, Bob is able to combine these independent re-encryptions and decrypt the original message using his private key.
Using Umbral, NuLink can not only easily realize single-user to single-user private data sharing – we emphasize again that Umbral is a threshold scheme – NuLink can also realize single-user to multi-user private data sharing.
Both identity-based encryption (IBE) and attribute-based encryption (ABE) are public key encryption schemes that control access rights. The former can specify the identity information of the recipient, while the latter can specify the attributes of the receiver. NuLink uses these two technologies to achieve more functional data sharing.
Using public key encryption to transmit data has certain shortcomings and risks. For example, the public key is generally a series of meaningless random numbers. If the public key is used incorrectly in the encryption process, the ciphertext cannot be decrypted by the correct receiver. At the same time, it is likely to disclose the information to the wrong user, or even to malicious users. In fact, in real life, there is such an attack method: malicious users deceive the sender and replace the receiver’s public key.
Identity-based encryption solves this problem by binding the user’s identity information directly to the public key. It is similar to an ideal email system: If you know someone’s identity, you can send them a letter that only they can read. You can authenticate their signature.
On this basis, attribute-based encryption has made a further functional expansion. If we define attributes as the characteristics of things or information, policy is the relationship between these features. Then IBE uses the simplest policy and attribute matching, that is, authenticating identity attributes. In ABE, there are more diverse choices of attributes and policies. ABE is generally divided into two categories. KP-ABE (key policy) embeds the policy into the key and the attribute into the ciphertext. CP-ABE (ciphertext policy) embeds the policy into the ciphertext and the attribute into the key. These two schemes have a dual relationship in structure, so analogy transfer is often carried out in the scheme design, but they are very different in their specific application scenarios.
NuLink chooses CP-ABE, because the policy is embedded in the ciphertext. This means that the data owner can decide which attributes can access the ciphertext by setting the policy, which is equivalent to making an encrypted access control for this data whose granularity can be refined to the attribute level.
Fully homomorphic encryption (FHE) refers to the ability to calculate ciphertext without the private key. That is to say, for any valid f and plaintext m, there is a special property f(Enc(m)) = Enc(f(m)).
Full homomorphic encryption is known as the holy grail of cryptography. This problem was proposed by Rivest in 1978. Thirty-odd years later, in 2009, Craig Gentry constructed the first fully homomorphic encryption scheme.
At present, secure and efficient fully homomorphic encryption schemes are based on the LWE problem and Ring-LWE problem on lattice. They are anti-quantum and can provide sufficient security even in the post-quantum era.
At present, fully homomorphic encryption is restricted by efficiency, which mainly depends on the operation mode of ciphertext. While FHEW and TFHE cryptosystems are more suitable for dealing with boolean logic operations, BGV, BFV and CKKS are more suitable for batching and calculating affine transformations. For nonlinear arbitrary functions, the latest PBS technology has a good efficiency performance. Therefore, NuLink will build different fully homomorphic encryption algorithms to improve efficiency.
Fully homomorphic encryption has a wide range of theoretical and practical applications, especially in decentralized privacy-preserving products.
Nodes in the system whose computing power is not strong enough can store their data in the Storage Layer in the form of ciphertext. When data computing is needed, the user initiates computing authorization to the computation nodes. The computation nodes carry on the corresponding ciphertext operation to get the encrypted result, the user downloads the result and decrypts it, and then the final plaintext result can be obtained. In the whole process of computing, only the owner of the data has the ability to decrypt, so users can be guaranteed data privacy.
We need to emphasize that this can be used as a component of multi-party secure computing, rather than just completing the proxy computation of two parties.
As a platform focused on data privacy, the first thing we need to solve is the problem of data availability. This problem is often divided into two parts: the first is how consumers can determine that the seller has the data they need before purchasing, and the second is how to verify that the data in the ciphertext state is true.
In the NuLink network, these two problems can be solved by Zero-Knowledge Proof technology: the data owner needs to provide Zero-Knowledge Proof before data authorization. In fact, the method of proof in the ciphertext data state is consistent with that in the plaintext state, which is independent of the encryption scheme used. This provides higher flexibility for NuLink networks.
The data sharing functionality of NuLink is realized by bridging the proxy re-encryption technology to the blockchain system. This is a feature that NuLink will deploy first, and IBE and ABE will be added to this solution later. This solution can be applied in many scenarios.
First, Alice calls the Application Layer through APP on the IOT device, selects the proxy re-encryption service and authorizes. On Alice’s NuLink side, after receiving the authorization, the Application Layer invokes the Blockchain Layer to initiate and verify the transaction, and transfers data to the Cryptograph Layer. The Cryptograph Layer interacts with the Storage Layer to perform encryption operations and upload the encrypted data. The encrypted data obtained at this step can only be decrypted by Alice. In order to convert it into ciphertext that can be decrypted by Bob, we implement proxy re-encryption through Ursula nodes deployed by NuCypher. After re-encryption, the encrypted data will be sent to the Cryptograph Layer in Bob’s NuLink side and can be decrypted directly.
The data computing functionality of NuLink will be realized by bridging the fully homomorphic encryption technology to the blockchain system in the future.
It takes advantage of the property that full homomorphic encryption can be used to calculate ciphertext, that is, the user selects the data computing service in the Application Layer. After receiving the authorization, the Cryptography Layer homomorphic encrypts and uploads the user’s data to the Storage Layer. The computing node of the Blockchain Layer will access the data and perform the specified calculation (such as machine learning model prediction, etc.). Finally, the ciphertext result is returned to the Storage Layer, and the Cryptography Layer accesses the ciphertext result, which is decrypted and returned to the user. We will add MPC (multi-party computation) to this solution later.
For example, user A has database D, and user B wants to use A’s database for machine learning computing. User A provides data, but does not want any participant (including B) to have access to their database, requiring that B can only access the calculation results.
There are multiple participants in the NuLink network. They can be classified into two major categories: Providers and Users. “Providers” are nodes that provide different services in the NuLink network. According to the type of service provided, Providers can be classified as Proxies, Computing Providers, Watchers, Storage Providers. “Users” are participants who use various resources in the NuLink network and can be classified as Data Providers and Data Consumers. Below, we elaborate on these terms.
NuLink’s token symbol is NLK. The total supply of NLK is 1 billion and it will be generated in two stages: pre-allocation and stake mining after the mainnet launch.
The pre-allocation of NLK can be classified into four categories: Foundation (15%), BD & Community Incentivization (20%), Core Team Incentivization (15%) and Pre-sale (20%). After the mainnet is launched, the remaining 30% of the total supply will be mined by Providers in the NuLink network within four years. After four years, the new mining rules will be determined by the on-chain governance mechanism (DAO) maintained by the community. The detailed information of the token distribution can be found in the following scenarios: For NLK tokens generated before the NuLink mainnet, smart contracts will be provided to allow NLK holders to transfer tokens to the mainnet at a one-to-one ratio after the mainnet goes live. In the mainnet stake mining mechanism, if a node is found to be malicious or providing unstable service quality, it will be penalized. Their NLK tokens will be slashed, with a portion directly destroyed and the rest sent to a treasury account maintained by DAO. Also, for any service-related transaction in the NuLink network, a portion of basic fees will be destroyed, and the remainder will be distributed to the Providers.
In the NuLink network, NLK tokens have the following main functions. They will be:
NLK is the utility token of the NuLink network. Its value is positively correlated to the scale of the NuLink network. The demand and value of NLKs may increase in the following scenarios:
A robust Electronic Health Records Sharing platform can be constructed upon the NuLink network. The patient who owns the health records and encryption keys is the data provider. Their health records will be encrypted and stored in a decentralized storage network. The patient will have control over who will access their data. They can grant secure access to others such as hospitals or insurance companies..
The Decentralized Digital Rights Management platform can be deployed on the NuLink network. The owner of a digital asset can register their ownership in blockchain. After registration, they can encrypt their digital asset and publish the encrypted version of their digital asset in the storage network. Those who want to buy this digital asset could pay the owner in trade for temporary access to the digital asset. In the whole process, only the owner and the buyer can access the digit asset.
In order to conduct secure NFT trading, the transaction is divided into two parts. The payment and the transfer of NFT ownership needs to be completed on-chain. The NFT transmission needs to be completed synchronously and securely under the chain. Alice first encrypts and uploads her NFT resources to the NuLink network through NuLink’s proxy re-encryption function so that the NFT can be safely transmitted to Bob. The encrypted NFT data of Alice and Bob are written into the blockchain by mint operation. This step completes the transfer of the NFT ownership on the chain.
A car owner or user needs to be able to share their car data with a third party — perhaps an insurance company so that they can get reduced insurance premiums or a MaaS (Mobility as a Service) company to resolve a dispute. Obviously the data owner will not want any other third party to access their data during the transfer process.
Right after the data has been read out from the OBD port, the data will be encrypted from the endpoint and sent over the air to the enterprise level server, through NuLink’s proxy re-encryption function. The encryption key will be granted to the insurer or MaaS company automatically before the car owner even starts the car.