Inco provides two types of decryption mechanisms:
  • Re-encryption for decryption and viewing privately
  • Onchain Decryption for decrypting a ciphertext and revealing to the entire network

Re-encryption (View)

Used when a user wants to view their confidential data:
  1. User signs an EIP-712 message proving ownership of their wallet
  2. Client generates an ephemeral keypair
  3. User sends decryption request with signed message and ephemeral public key
  4. The decryption node verifies the signature and checks access control
  5. The decryption node re-encrypts the data with the user’s ephemeral public key so that there’s no information leakage in transit
  6. User decrypts the result with ephemeral private key

Onchain Decryption (Public Reveal)

Used when the result needs to be made available on-chain:
  1. Smart contract calls e.asyncDecrypt(encryptedValue)
  2. The decryption network monitors for decryption events
  3. The decryption network query the ACL to verify permissions
  4. Each decryption network node decrypts the value and sign the result
  5. Relayer collects signatures and submits a callback to the contract
  6. Smart contract verifies the signatures and uses the decrypted value