Linking cryptographic keys to identities has been a long-standing challenge since the advent of public-key cryptography. The primary issue is providing and maintaining a publicly available and consistent mapping between identities and public keys. This challenge is particularly relevant in the context of web3, where transparency and anonymity are paramount.
According to a16z crypto, three main approaches exist for addressing this issue: public key directories, identity-based encryption (IBE), and the more recent registration-based encryption (RBE). Each method offers distinct trade-offs in terms of anonymity, interactivity, and efficiency.
The Three Approaches
The traditional approach involves a public key infrastructure (PKI) with a public key directory at its core. This method requires a trusted third party to maintain the directory, which can be costly and prone to errors. Additionally, the public key directory approach is not succinct, somewhat interactive, and lacks sender anonymity.
Identity-based encryption (IBE), proposed by Adi Shamir in 1984, eliminates the need for a public key directory by using identifiers like phone numbers or email addresses as public keys. However, IBE introduces a strong trust assumption, as it requires a trusted key generator to issue keys. This approach is more space-efficient and offers non-interactive encryption and decryption, but the risk associated with the master secret key is significant.
Registration-based encryption (RBE), proposed in 2018, replaces the trusted key generator with a transparent key curator. The blockchain setting, where a smart contract can serve as the key curator, makes RBE a natural fit. RBE offers the benefits of both PKI and IBE while mitigating their respective drawbacks. It uses less on-chain storage than a public key directory and avoids the strong trust assumption of IBE.
Evaluating the Trade-offs
RBE requires succinct parameters, meaning the size of parameters to be stored on-chain is sublinear in the number of users. This is smaller than the total storage required for a public key directory but still more than IBE. Encryption and decryption are somewhat interactive, requiring periodic updates to public parameters and auxiliary information. However, RBE provides sender anonymity and transparency, making it a compelling option for privacy-conscious users.
Performance Comparison
In terms of cost, RBE has a higher setup and registration cost compared to PKI and IBE. However, it offers stronger anonymity and reduced trust assumptions, making it a viable option for those who prioritize privacy and trustless setups. According to a performance evaluation by a16z crypto, RBE can be feasibly deployed on the Ethereum mainnet today, despite its higher costs.
Overall, while RBE is more expensive, it provides significant advantages in terms of privacy and trustlessness, making it an attractive option for blockchain key management.
Additional Considerations
Handling key updates and revocations is straightforward for a public key directory, but more complex for IBE and RBE. IBE requires periodic updates to keys, while RBE can be extended to support these functionalities through additional mechanisms. Moving data off-chain with data availability solutions can reduce on-chain storage for both public key directories and RBE, further enhancing their efficiency.
The views expressed here are those of the individual AH Capital Management, L.L.C. (“a16z”) personnel quoted and are not the views of a16z or its affiliates. Certain information contained in here has been obtained from third-party sources, including from portfolio companies of funds managed by a16z. While taken from sources believed to be reliable, a16z has not independently verified such information and makes no representations about the enduring accuracy of the information or its appropriateness for a given situation.
This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities, digital assets, tokens, and/or cryptocurrencies are for illustrative purposes only and do not constitute a recommendation to invest in any such instrument nor do such references constitute an offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making a decision to invest in any fund managed by a16z. (An offering to invest in an a16z fund will be made only by the private placement memorandum, subscription agreement, and other relevant documentation of any such fund and should be read in their entirety.) Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z, and there can be no assurance that the investments will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments for which the issuer has not provided permission for a16z to disclose publicly as well as unannounced investments in publicly traded digital assets) is available at https://a16z.com/investments/.
Charts and graphs provided within are for informational purposes solely and should not be relied upon when making any investment decision. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any projections, estimates, forecasts, targets, prospects, and/or opinions expressed in these materials are subject to change without notice and may differ or be contrary to opinions expressed by others. Please see https://a16z.com/disclosures for additional important information.
Image source: Shutterstock
Credit: Source link