Encryption and Access Control for Web3 using Lighthouse

Nandit Mehra
3 min readJul 28, 2022

--

Lighthouse is a permanent file storage protocol that allows the ability of perpetual storage for your files. Using Lighthouse you can store your files forever on a distributed web. Lighthouse aims to be the best entry point to your files on Filecoin network, abstracting away all complexities and with added functionality of permanent and long term storage.

Private Data

Till now, most of the data stored on Filecoin and IPFS network is public that can be accessed by anyone. Hence, you can’t store files directly on a public network that are sensitive like personal photos, patient data, enterprise data, etc. This leads to developers and users hanging on to build their own encryption layer to store data on storage networks and can often lead to bad practices and over burden of access and key management. This also further leads to centralised key management for files or bad user experience to manage your own keys for files. Not to say, the trouble caused by sharing the files to authorised parties is even more problematic.

That’s why we at Lighthouse choose to build an encryption layer and access control for users to store private and sensitive data on filecoin. Using this functionality, developers need not worry about creating their own encryption layer for users and managing keys via unhealthy practices.

How it works

Lighthouse Encryption and Access Control uses BLS threshold cryptography to ensure that any file’s decrypt key and data stays consistent and is resistant to faults and attacks. Threshold cryptography ensures that even when some parties or nodes in a system are compromised the system architecture is robust enough to keep serving users and also ensuring the data secrecy.

Furthermore, Lighthouse at no point in time receives or collects decrypt keys of any file or documents. All decrypt keys are randomly generated and fragmented from the user’s end. After which, the shards are encrypted and stored on nodes alongside user defined access conditions.

Retrieving keys has never been easier, our architecture only required the user to sign a randomly generated message, specify the CID of the file or document to be retrieved. After which each node validates the request and access condition independently and sends a copy of the key shards they have in their possession if the access condition(s) are valid which is then aggregated on the user’s end to decrypt the file or document

Use Cases

This new functionality will enable variety of use cases for applications to store their private and encrypted data on Lighthouse, some of which are listed below -

  • Encrypted backup of files on Filecoin
  • Storing personal photos on dweb
  • Token gated applications
  • DAOs can store data generated by members
  • DataDAOs building collectives of data
  • Restrict access to files by owners of a NFT collection
  • Sensitive data like patient data can be stored
  • Enterprises can store their data on a distributed web for lower cost
  • Recordings for web3 meetings
  • Private code repositories storage

Get Started

Checkout these Code Examples

Fill in this Form to get free early access and get in touch with our team to receive custom support.

Stay in Touch

To learn more about Lighthouse, visit the official website, read through the documentation or jump in on Github. You can also join the community on Discord, Twitter, Telegram, or LinkedIn.

Drop me an email at nandit@lighthouse.storage with your feedback and to contact me !

--

--