Sealing aka re-encryption
Suppose you're Alice, and you have secret data onchain, and you want to share it with Bob. Or it could be that you want to compute a function on your sensitive data, and share the result with Bob without revealing the data, or the result to anyone else.
Arcium enables you to re-encrypt any data to a given public key. This is known as "sealing" in cryptography, effectively having the ability to restrict data access and information flow.
This is useful for a variety of reasons, such as compliance, end-to-end privacy, and more.
In this example, we have a confidential function share_result
that takes in an encrypted UserData
struct which is encrypted using a shared secret between the user Alice and the MXE, another encrypted u128
which is encrypted using the MXE's key, as well a Shared
type parameter which defines the user Bob (it holds his public key and a nonce) to whom we want to encrypt the data to. It converts the data to secret shares for the nodes in the given cluster, computes some function on the secret shares, and then encrypts the result using the derived shared secret between the MXE and Bob (using the public key available within the Shared
type parameter). The unencrypted data is never exposed to the nodes in the given cluster. Likewise, Bob can perform the key exchange on his side and decrypt the result.
Last updated