Skip to main content

NuCypher's Umbral Proxy Re-Encryption Implementation

Project description

PyPI Package latest release CircleCI build status Commits since latest release Documentation Status Discord

pyUmbral is the reference implementation of the Umbral threshold proxy re-encryption scheme. It is open-source, built with Python, and uses OpenSSL and Cryptography.io.

Using Umbral, Alice (the data owner) can delegate decryption rights to Bob for any ciphertext intended to her, through a re-encryption process performed by a set of semi-trusted proxies or Ursulas. When a threshold of these proxies participate by performing re-encryption, Bob is able to combine these independent re-encryptions and decrypt the original message using his private key.

docs/source/.static/umbral.svg

pyUmbral is the cryptographic engine behind nucypher, a proxy re-encryption network to empower privacy in decentralized systems.

Usage

Key Generation

As in any public-key cryptosystem, users need a pair of public and private keys. Additionally, users that delegate access to their data (like Alice, in this example) need a signing keypair.

from umbral import SecretKey, Signer

# Generate Umbral keys for Alice.
alices_secret_key = SecretKey.random()
alices_public_key = alices_secret_key.public_key()

alices_signing_key = SecretKey.random()
alices_signer = Signer(alices_signing_key)
alices_verifying_key = alices_signing_key.public_key()

# Generate Umbral keys for Bob.
bobs_secret_key = SecretKey.random()
bobs_public_key = bobs_secret_key.public_key()

Encryption

Now let’s encrypt data with Alice’s public key. Invocation of pre.encrypt returns both the ciphertext and a capsule. Note that anyone with Alice’s public key can perform this operation.

Since data was encrypted with Alice’s public key, Alice can open the capsule and decrypt the ciphertext with her private key.

from umbral import encrypt, decrypt_original

# Encrypt data with Alice's public key.
plaintext = b'Proxy Re-Encryption is cool!'
capsule, ciphertext = encrypt(alices_public_key, plaintext)

# Decrypt data with Alice's private key.
cleartext = decrypt_original(alices_secret_key, capsule, ciphertext)

Re-Encryption Key Fragments

When Alice wants to grant Bob access to open her encrypted messages, she creates re-encryption key fragments, or “kfrags”, which are next sent to N proxies or Ursulas.

from umbral import generate_kfrags

# Alice generates "M of N" re-encryption key fragments (or "KFrags") for Bob.
# In this example, 10 out of 20.
kfrags = generate_kfrags(delegating_sk=alices_secret_key,
                         receiving_pk=bobs_public_key,
                         signer=alices_signer,
                         threshold=10,
                         num_kfrags=20)

Re-Encryption

Bob asks several Ursulas to re-encrypt the capsule so he can open it. Each Ursula performs re-encryption on the capsule using the kfrag provided by Alice, obtaining this way a “capsule fragment”, or cfrag.

Bob collects the resulting cfrags from several Ursulas. Bob must gather at least threshold cfrags in order to activate the capsule.

from umbral import reencrypt

# Several Ursulas perform re-encryption, and Bob collects the resulting `cfrags`.
cfrags = list()           # Bob's cfrag collection
for kfrag in kfrags[:10]:
    cfrag = pre.reencrypt(capsule=capsule, kfrag=kfrag)
    cfrags.append(cfrag)    # Bob collects a cfrag

Decryption by Bob

Finally, Bob activates the capsule by attaching at least threshold cfrags, and then decrypts the re-encrypted ciphertext.

from umbral import decrypt_reencrypted

bob_cleartext = pre.decrypt_reencrypted(receiving_sk=bobs_secret_key,
                                        delegating_pk=alices_public_key,
                                        capsule=capsule,
                                        cfrags=cfrags,
                                        ciphertext=ciphertext)
assert bob_cleartext == plaintext

See more detailed usage examples in the docs directory.

Quick Installation

To install pyUmbral, simply use pip:

$ pip3 install umbral

Alternatively, you can checkout the repo and install it from there. The NuCypher team uses pipenv for managing pyUmbral’s dependencies. The recommended installation procedure is as follows:

$ sudo pip3 install pipenv
$ pipenv install

Post-installation, you can activate the project virtual environment in your current terminal session by running pipenv shell.

For more information on pipenv, find the official documentation here: https://docs.pipenv.org/.

Academic Whitepaper

The Umbral scheme academic whitepaper and cryptographic specifications are available on GitHub.

“Umbral: A Threshold Proxy Re-Encryption Scheme” by David Nuñez. https://github.com/nucypher/umbral-doc/blob/master/umbral-doc.pdf

Support & Contribute

Security

If you identify vulnerabilities with _any_ nucypher code, please email security@nucypher.com with relevant information to your findings. We will work with researchers to coordinate vulnerability disclosure between our partners and users to ensure successful mitigation of vulnerabilities.

Throughout the reporting process, we expect researchers to honor an embargo period that may vary depending on the severity of the disclosure. This ensures that we have the opportunity to fix any issues, identify further issues (if any), and inform our users.

Sometimes vulnerabilities are of a more sensitive nature and require extra precautions. We are happy to work together to use a more secure medium, such as Signal. Email security@nucypher.com and we will coordinate a communication channel that we’re both comfortable with.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

umbral-0.2.0.tar.gz (34.9 kB view details)

Uploaded Source

Built Distribution

umbral-0.2.0-py3-none-any.whl (38.6 kB view details)

Uploaded Python 3

File details

Details for the file umbral-0.2.0.tar.gz.

File metadata

  • Download URL: umbral-0.2.0.tar.gz
  • Upload date:
  • Size: 34.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.1 CPython/3.6.13

File hashes

Hashes for umbral-0.2.0.tar.gz
Algorithm Hash digest
SHA256 d5cc8b6bc4e0a4575bca5c81b3c108de1596d3a617ca76be4c885e2caa854390
MD5 472e2ff8afdb83bfbe39c9fcd3699fde
BLAKE2b-256 1c978be099b88e06211477f3408b065209277ae33c254e815d343085c9d1d8f5

See more details on using hashes here.

File details

Details for the file umbral-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: umbral-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 38.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.1 CPython/3.6.13

File hashes

Hashes for umbral-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c9122a09a4ef6150f816d9308ddf2772c8f2834c7fbe83f3a06e72bef8303b65
MD5 4c6aaaf85e25766f1165a80d1ed6cd96
BLAKE2b-256 160dd9160ff40dd95ba65849ec5c44bb228a17810830a52b643ee15810cf5c5b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page