Security and Trust of the VWBL Network
We place utmost importance on the security and trust of the VWBL Network. Essentially, the problem can be divided into two main parts:
- Q: Wouldn't VWBL Network leak the decryption key to someone who doesn't have access
- Q: Can decryption keys be managed and transferred in a trust free manner?
A: Wouldn't VWBL Network leak the decryption key to someone who doesn't have access rights to it?
First, VWBL Network uses Tendermint Consensus (via cosmos); the trust assumption of Tendermint Consensus is below:
- Safety: If there are less than 1/3 in Byzantine voting power, the Blockchain works properly without Byzantine fault.
- Liveness: If there are less than 1/3 in Byzantine voting power then the Blockchain does not deadlock.
In addition, the key threshold for the VWBL Network is 2/3. Therefore, unless 2/3 of the nodes collude, VWBL Network won't leak the decryption key. With a large node network, this collusion cost is very high (with essentially no economic value in that case).
Second, to verify whether decryption key requester has access right in a decentralized manner, all nodes refer to the blockchain and verify access rights. The state of "access right of digital content" is recorded on the blockchain, thus state cannot be rewritten illegally unless 51% attack.
A: Can decryption keys be managed and transferred in a trust free manner?
Each node has only key fragments during the process and only the NFT minter & owner have decryption keys.
Process for split key generation and distribution to nodes:
The NFT minter generates split keys locally, encrypts each key fragment with the public key of each node and then distributes the key fragments.
Return process of key fragments by each node to the decryption key requester:
Each node encrypts key fragment with the public key of the decryption key requester and returns the key fragments.