Recap introduction to Proxy Re-Encryption
As we wrap up September, we take a look inside dev progress as we near the release of 0Box and 0Wallet repos. In addition, we make note of our progress on our brand and website redesigns. Community Ambassador Sculptex dives into Proxy Re-Encryption which powers Züs unique private sharing features. Are you a content creator that wants your work to be featured in our community? Read on to learn how!
GitHub incident
Over the weekend our GitHub was hacked due to a security fault with an associated Yahoo email address. At that time, a hacker took control of a yahoo account and was subsequently able to take control of a GitHub account that had access to Züs repos. At that time, steps were taken to resume control of both the email address and GitHub account. During the time of access, the hacker had access to repos which are already intended to be made public within a few weeks, so there was no damage apart from the inconvenience caused. Despite this, our developers continued to perform code testing and push updates to the code base. The team is currently making appropriate measures to enhance security to help prevent further incidents. At the end of this week’s update, you can find more info from Züs CEO Saswata Basu.
Sculptex’s Use Case of The Week: Proxy Re-Encryption (PRE)
“Amongst distributed storage platforms, the ability to encrypt files is not unique to Züs storage. However, Züs offers an incredibly flexible solution giving users the choice to encrypt each file on an individual level.
Where Züs really shines, though, is in our ability to have private sharing of these encrypted files that make use of proxy re-encryption.
The technology that achieves this is called Proxy Re-Encryption and the key points are as follows:
- The wallet owner uploads the file and chooses the encrypted option. The encryption is done using the owner’s keys
- The owner can download and access the file as any other file since they have keys to decrypt directly.
- The owner creates a share of this file, (similarly to how they would for a public share) but specifies the user (wallet id) of the person they wish to share with.
- As with unencrypted files, a share link (aka authticket) is generated but will specify the user they have shared with.
- The recipient (wallet) will have provided the blobbers with their Re-Encryption Key.
- The recipient is able to decode the file using a combination of the authticket plus their re-encryption key.
- The owner’s private key is never revealed.
Anyone else accessing that authticket will not be able to decrypt the file because the authticket was generated specifically for the recipient.
I believe this is one of the most important features of our platform and facilitates many use cases and other features.”
Non-Dev Updates
General Overview
Over the past week, we have continued to make progress on our brand redesign involving new educational, interactive content as well as website overhaul. In addition, we continue to collaborate with our partners to build out use cases. We also tease some exciting updates coming soon!
Community — Calling for Content Creators!
Are you an artist, content creator, or musician? We are searching for content creators within our community to give them a chance to display their work! In the coming weeks and months, community ambassador Sculptex will create POCs and tutorials to showcase multiple features including video streaming, NFTs, and more. Make sure to join our Telegram or share your work with us on Twitter. As mentioned later in the article, the community can look forward to a few exciting updates over the next couple of weeks as we continue to make progress with existing partners and new ones.
Content (Website, Branding)
The interactive content has progressed into the creation phase. The interactive content will be a blend of virtual reality and reality and will break down our protocols (and their use cases) in the most simplistic manner. The logo and brand has been finalized. Both the website and rebrand will be revealed around the time of mainnet launch.
The creation phase of the interactive content is important because this gets us closer to a full refresh of our website. This refresh (with interactive content embedded) won’t only be a new look. It will also make the site a very useful resource to educate both retail and enterprise on our protocols, such as proxy re-encryption, enabling the masses to understand what differentiates us from any other solution out there. The finalization of the logo is important because it now allows us to focus on incorporating a branding strategy into other objectives such as the website, the documentation, and various marketing campaigns.
Growth (Partnerships, Exchanges, Liquidity/DeFi)
While we understand this has been one of our quieter sections over the past few weeks, the Züs Partnership team wants to ensure the community that our interactions with current partners and potential new partners are ongoing. We also anticipate sharing an exciting update with you next week. Stay tuned for more!
Development Team Updates
General Overview
This week we greatly expanded the coverage of the automated UAT testing project. We started integrating it into dev processes to flag new bugs as they are written. The number of and severity of bugs being found is diminishing as our test suite matures and newly written code runs against it.
In parallel with the system testing effort, performance/load testing has been taking place which has resulted in multiple performance bottlenecks being resolved in the core blockchain layer.
The output of this important testing is that multiple QOL improvements have been made across many features and applications. This is significant as it will enable some private projects to move to general release on GitHub for the community to explore.
Tl;dr We’re finding fewer bugs as we continue testing and also have a safety net against regressions being introduced. Core blockchain bottlenecks being removed makes for a more stable chain and feeds directly into the onboarding performance issue. As some repos/projects are closing in on release, this frees up devs to help in other areas.
0Box
This week, the 0Box team has progressed 0Box iOS streaming into beta testing. Currently, the team is undergoing code cleanup on the iOS side while also updating the zboxmobile repo with relevant video streaming methods in all client platforms. This means that 0Box code will soon be ready for open-source release to the community following a two-week code sprint to perform finalized testing and updates.
0Wallet
The 0Wallet team has finalized the 0Wallet Android code at this point, making it ready for release. The team remains working on the 0Wallet iOS code base, noting the completion of over 50% of the final tasks. This is accomplished with an emphasis on a final few issue tickets to review. Similarly to 0Box, the code for 0Wallet will soon be available as open-source to the community.
Blockchain
The blockchain team has recently expanded system feature testing. This enables them to continue to progress on blockchain features to improve performance. They have recently conducted testing that helped identify and fix factors that impact transaction time. This week, they improved TPS by optimizing the performance of BLS aggregate signatures. While this is progress in the right direction, the team continues to maximize TPS by focusing on potential areas of improvement. Meanwhile, the team has implemented numerous updates to potential sharder issues that could cause stalling. This progress has now turned to scale to a larger cluster to run further testing.
Magma
The Magma team continues to perform code optimization and testing at this time. Despite no major updates with our Magma progress this week, we will soon share more insight into the role that Züs will play in this collaborative project. Stay tuned for an article coming soon!
GitHub Update — Saswata Basu, Züs CEO
“Based on REACT team in San Jose who are an awesome crypto task force, Yahoo Plus Secure is a hackable entity because they have a phone support to allow hackers to recover password to hack into an email after they sign up. That’s how the hacker was able to connect to my account without any permission, because Yahoo gave them. So do NOT use Yahoo. I thought I moved all accounts over to Gmail but apparently one slipped by.
Anyway the hacker used a fake debit card for subscription, and then probably asked the support to give access to my primary Yahoo account, then change my phone and email, and add their own phone and email, and then proceed to hack into accounts including GitHub — all this happened while I was driving within a span of 5minutes. I pulled over and regained control of my Yahoo account in 5 additional minutes, but before I could do anything on GitHub he had deleted my primary email.
GitHub is rather unavailable for quick contact, due to lack of customer service lines. We lucked out because eventually through our contacts, my wife is a friend of VP of Security at Microsoft, who happen to own GitHub. So they were able to react quickly this morning and prioritize our situation. Thanks to all who helped — some went out of their way to help! Thank you.”
