Functionality Highlight: Why Decentralized Storage Encryption and Access matters
Access control
4 min readIn this post we want to highlight a crucial feature of the Nevermined platform, called DSE (Decentralized Storage Encryption). It’s part of our Decentralized Access Control component and it makes it possible to store assets (like tokenized data) on public decentralized storage networks, like IPFS, Filecoin and Arweave, while keeping the content encrypted.
FOREVER AND [n]EVER[mined]
DSE is good for use cases where files could be stored for ‘eternity’, but also where access to those assets should be managed by a form of Access Control.
Imagine, you’re the Moco Museum in Barcelona and you just bought your first Beeple work. Obviously, you want the digital source files, referenced by the NFT. Once you get them, you have the option to store the work on your servers (risky) or in the cloud (safer, but you’re in a contract). Currently, you can’t really store the piece natively with IPFS or Filecoin, because anyone who knows the public URL / CID would have access to the file.
Now let’s take the Web3 ethos a step further. Because storing an asset is OK, but a bit boring, no? Ideally, you want the asset to create new value.
So, imagine you want to rent out the artwork, say to a Metaverse museum.
Or you want to invite an image-generating AI to train on Beeple’s work.
Or you want to make the asset available for a remix competition.
Or…
These types of use cases are where the power of our Access Functionalities kick in. Not only can you safely (and eternally) store the encrypted asset on a decentralized storage solution, you can also control the conditions under which people get access to the asset.
IPFS is great at storing files for eternity. Cloud services are pretty good at managing access to files. DSE combines both.
SNARKY
So how did we crack that nut?
Using Nevermined to register an asset and mint a corresponding NFT allows you to then add access conditions. Think things like verified users, price, etc. In the background, this hashes all the specifics of the conditions and registers them into the Nevermined Smart Contracts. This then acts as an immutable gateway. If /conditions not met/, Then Absolutely /no access/.
The DSE feature is an extra condition in this module, where an asset owner gets the option to first encrypt the asset and publish it on IPFS. (It’s a Poseidon hash, in case you were wondering…).
The technical concept depends on zero-knowledge proof cryptography. More advanced technical readers should explore our documentation.
But the gist is that, if you were to try to access that asset, the Nevermined Node monitors whether your request ticks the right boxes. If you do fulfill the conditions, an agreement is created. There, the DSE module first computes a shared secret (using ECDH) from the owner/provider’s private key and consumer’s public key. Next, this secret is used to encrypt the key using MiMC. Finally, the encrypted key is then sent on-chain to the ‘buyer’ with the SNARK proof of correctness.
This means that, if you’re a ‘buyer’ of a digital asset, you don’t just get an NFT proving your ownership, you also receive the decryption key to the actual asset, which in true zero-knowledge fashion, is only known to the owner.
DECENTRALIZED STORAGE + ENCRYPTION = FUNDAMENTAL PROBLEM SOLVED
The above example of digital art is topical. But the combination of decentralized storage and encryption is a powerful concept.
Let’s take the angle of ‘keeping records for eternity’. Regulators like information to be available for a long time. We know that in some countries, notaries have to keep the data records of land and house sales for a certain period of time. Quite often that means paper.
Storing digital versions of these records in centralized servers comes with security risks. Storing them in Cloud services often comes with dependency, lock-ins and even political consequences.
With our DSE feature, we can start moving towards a future where these assets are stored as well as accessed in a decentralized manner. The ownership of your property is tokenized via an on-chain NFT, but the deeds (which should be private and only accessible to a few) could be kept on decentralized storage solutions.
It’s these kinds of fundamental use cases that make us giddy with excitement. We believe that making walled data assets more accessible will create new value, help develop AIs and inspire new use cases we can’t yet imagine. So we’re proud to be contributing to the Web3 infrastructure that will enable that.
WANT TO KNOW MORE
If you want to know more about Nevermined, go to our website or explore our Documentation.
And we’d love to hear from you. Got any questions, suggestions or want to chat about your project? Contact us via the website or join our Discord.
Kudos points: if you enjoyed this article, let us know by clapping or sharing it with someone who should read this too.
Originally posted on 2022-01-14 on Medium.