Linking cryptographic keys to identities has been a long-standing challenge since the advent of public key cryptography. The most important challenge is to provide and maintain a publicly available and consistent mapping between identities and public keys. This challenge is particularly relevant in the context of web3, where transparency and anonymity are paramount.
According to a16z crypto, there are three main approaches to solving this problem: public key directories, identity-based encryption (IBE), and more recently, registration-based encryption (RBE). Each method offers a distinct trade-off between anonymity, interactivity, and efficiency.
Three approaches
The existing approach involves a public key infrastructure (PKI) with a public key directory at its core. This method requires a trusted third party to maintain the directory, which is expensive and error-prone. In addition, the public key directory approach is not concise, somewhat interactive, and lacks sender anonymity.
Identity-based encryption (IBE), proposed by Adi Shamir in 1984, eliminates the need for public key directories by using identifiers such as phone numbers or email addresses as public keys. However, IBE introduces strong trust assumptions, as it requires that a trusted key generator issue the keys. This approach is more space-efficient and provides non-interactive encryption and decryption, but carries significant risks associated with the master secret key.
Proposed in 2018, Register-Based Encryption (RBE) replaces trusted key generators with transparent key curators. The blockchain setting, where smart contracts can act as key curators, makes RBE a natural fit. RBE offers the benefits of both PKI and IBE while mitigating their respective drawbacks. It uses less on-chain storage than public key directories and avoids the strong trust assumptions of IBE.
Trade-off evaluation
RBE requires compact parameters, which means that the size of the parameters stored on the chain is not linear with the number of users. This is less than the total storage space required for the public key directory, but is still larger than IBE. Encryption and decryption are somewhat interactive, requiring periodic updates to public parameters and auxiliary information. However, RBE provides sender anonymity and transparency, making it an attractive option for privacy-conscious users.
Performance comparison
In terms of cost, RBE has higher setup and registration costs than PKI and IBE. However, it offers stronger anonymity and reduced trust assumptions, making it a viable option for those who prioritize privacy and untrusted setups. Performance evaluations by a16z crypto show that RBE can be viably deployed on the Ethereum mainnet today, despite its higher costs.
Overall, RBE is more expensive, but it offers significant advantages in terms of privacy and reliability, making it an attractive option for blockchain key management.
Additional Considerations
Handling key updates and revocation is straightforward for public key directories, but more complex for IBE and RBE. While IBE requires periodic updates to keys, RBE can be extended to support these features through additional mechanisms. Moving data off-chain using a data availability solution can further increase efficiency by reducing on-chain storage for both public key directories and RBE.
The views expressed herein are those of the individual AH Capital Management, LLC (“a16z”) employees quoted and not those of a16z or its affiliates. Certain information contained herein has been obtained from third party sources, including portfolio companies of funds managed by a16z. While it is from sources believed to be reliable, a16z has not independently verified such information and makes no representations as to its ongoing accuracy or suitability for any given situation.
This content is provided for informational purposes only and should not be relied upon as legal, business, investment or tax advice. You should consult your own advisors regarding such matters. Any reference to securities, digital assets, tokens and/or cryptocurrencies is for illustrative purposes only and is not a recommendation to invest in such products and such references do not constitute an offer to provide investment advisory services. Furthermore, this content is not intended for or directed to any investor or prospective investor and is not intended for use by such investors and should not be relied upon in any way when making a decision to invest in any fund managed by a16z. (Any offer to invest in any a16z fund is made solely by the fund’s private equity, subscription agreement and other relevant documents which should be read in their entirety.) Any investment or portfolio company mentioned, referenced or described is not representative of all investment products managed by a16z and there is no guarantee that any investment will be profitable or that other investments made in the future will have similar characteristics or results. A list of investments made by funds managed by Andreessen Horowitz (excluding investments that the issuer has not authorized to be publicly disclosed on a16z and undisclosed investments in publicly traded digital assets) can be found at https://a16z.com/investments/.
The charts and graphs provided in this material are for informational purposes only and should not be relied upon when making investment decisions. Past performance is not indicative of future results. The content speaks only as of the date indicated. Any predictions, estimates, forecasts, targets, prospects and/or opinions expressed in this material are subject to change without notice and may differ or be contrary to opinions expressed by others. For additional important information, please see https://a16z.com/disclosures.
Image source: Shutterstock