Kimono empowers people to make unbreakable promises about the future.
With secrets that are automatically revealed to the public, a specific person, or a group of people after a specified time, Kimono unlocks many possibilities for decentralization.
Kimono is a trustless, on-chain secret sharing scheme with time locks for Ethereum. And it's all already deployed to Rinkeby!
How it works
A secret is split up into
n fragments such that only
k fragments are required to reconstruct the secret. These fragments are distributed to peers in the Kimono network (we call them "revealers") who compete to post their fragment of the secret when the time-lock is complete. The first revealers who share a valid fragment get rewarded and those who reveal their fragment too early or too late get punished.
- Revealers register by calling the
registerRevealerfunction, at which point the Kimono contract extracts a stake.
- The "creator" (secret sharer) encrypts some data (a message, an image, or something else) and submits it to IPFS.
- The creator looks at the list of eligible revealers and selects
nof them (based on how much they staked and what their minimum reward is). Other parameters are specified, such as the threshold number of fragments required to reconstruct the secret (k), the desired reveal time, a grace period, etc.
- The creator uses Shamir's Secret Sharing to split their secret (that unlocks the original data) into
nparts and encrypts each part with the public key of each revealer they selected. They then post those encrypted secrets to IPFS and send an order to the Kimono contract.
- All parties wait for the specified reveal block to pass.
- Revealers decrypt their fragments and submit their secrets to the Kimono contract with
- A reconstructor combines the k fragments and publishes it on chain.
- A revealer who leaks their decrypted fragment early can be "tattled" on. When someone tattles, the revealer loses their stake to the creator.
- A revealer who doesn't reveal their fragment gets punished by losing their stake to the creator. The grace period is set by the creator in step 4.
- Generally, secrets should be worth less than the sum of funds staked by the revealers. If the secret is worth more, revealers will have an economic incentive to collude and reconstruct the secret for themselves.
How We Built It
We made extensive use of openzeppelin-solidity contracts to serve as the base. We used many crypto libraries to handle signing, encryption, and decryption. We use infura to communicate with IPFS.
Kimono can be used by a DAO in order to provably release private documents after an event, such as an election. The organization doesn’t need to be trusted to keep their promise since Kimono takes care of it.
Kimono can be used by whistleblowers to release sensitive information at a specific time.
While it’s possible to have time-locked secrets by wrapping a series of POW puzzles, this approach is very wasteful of energy and difficult to maintain (since a node has to be “mining” at all times).
Kimono achieves a similar result by using economic incentives.
Secret sharing is hard. Crypto(graphic) schemes like Shamir's Secret Sharing make it possible to split a secret into many pieces so that a portion of those fragments can reconstruct the secret. But secret sharing is often done off-chain and among a few trusted peers, since anything you post on-chain is public.
The groundwork laid with Kimono can be repurposed to enable many extensions:
- Trustless callbacks
- Revealing a secret as soon as a condition has been posted to the blockchain