Implementation Architectures

A) Hybrid (off-chain secrets, on-chain commitments)

Current implementation on Stacks blockchain

Storage:

  • Private layer is encrypted and stored in protected server location (not leaked to IPFS/Arweave)

  • Client requests are signed + rate-limited; the gateway verifies on-chain ownership and then streams the bytes to the app. Server paths are never exposed.

Answer verification

  • Canonical answer is stored encrypted.

  • On submission, we encrypt the user’s answer with the same scheme and compare ciphertexts in the DB. Match ⇒ correct. No plaintext ever leaves the server.

Components:

On-chain:

  • NFT minting and ownership records

  • Transfer history and provenance

  • Token metadata (name, description, collection ID)

Off-chain:

  • Encrypted seed word fragments stored in secure database

  • Protected NFT image files in server directories

  • Answer verification logic (HMAC), signed-URL gateway

Pros:

  • Low gas costs (no large data on-chain)

  • Fast (no on-chain proof verification)

  • Chain-agnostic (works on any NFT-capable chain)

Trade-offs:

  • Trust in availability of the access server

  • Disclosure by choice is possible

  • Off-chain key management

B) Fully On-Chain (ciphertext + proofs on-chain)

Future upgrade path for maximum trustlessness

Storage:

  • Ciphertext stored directly in contract storage

  • Master encryption key encrypted under owner's pubkey

  • All data verifiable on-chain

Transfer flow:

  1. Seller re-encrypts master key under buyer's pubkey

  2. Seller generates ElGamal re-encryption consistency proof (ZK proof)

  3. Seller submits new ciphertext + proof on-chain

  4. Contract verifies proof: "new ciphertext contains same master key"

  5. If proof valid → transfer proceeds, payment released

  6. Buyer decrypts master key with private key → decrypts secret

Proof verification: verify_reencryption_proof( old_ciphertext, new_ciphertext, old_pubkey, new_pubkey, zk_proof ) -> bool Pros:

  • Trustless (cryptographic guarantees, no escrow needed)

  • Maximum auditability (everything on-chain)

  • Prevents seller cheating (can't provide fake secret)

Cons:

  • Higher gas (proof verification + storage)

  • Requires chains with EC operations + ZK precompiles (Sui)

  • More complex implementation

PreviousEncrypted NFTsNextKey Managment

Last updated