Securely storing encrypted data for NFT owners with exclusive decryption access?

NFT
1

Protecting Private Info in NFTs

I’m working on an NFT project and need some help with data privacy. Here’s my situation:

We want to attach secret info to each NFT. Think of it like a hidden treasure map that only the NFT owner can see. How can we do this safely?

My thoughts so far:

  • Store encrypted data on-chain for each NFT
  • Only the owner should be able to decrypt their NFT’s secret
  • Need a function that checks ownership before revealing anything

Has anyone done something like this before? What’s the best way to handle the encryption and decryption? Any tips on keeping the secret data truly private?

Thanks for any advice!

2

I’ve implemented something similar in a past project. Here’s what worked well for us:

Store the encrypted data off-chain, like on IPFS. Keep only a hash on-chain linking to the IPFS content. This saves gas costs.

For encryption, we used the owner’s public key. The NFT contract included a function to update this key if needed.

Decryption happened client-side. Our dapp would fetch the encrypted data, verify ownership on-chain, then allow decryption if ownership was confirmed.

One challenge was key management - make sure to educate users on keeping their keys safe.

Also, consider rate limiting decryption attempts to prevent brute force attacks.

Hope this helps provide some practical insights. Let me know if you have any other questions.

3

hey hugo, interesting angle! did u consider using zk-snarks for ownership proof? maybe use symmetric encryption with a key derived from wallet address for added security. might be a bit complex but worth a shot. good luck on your project!

4

hey there Hugo! this sounds like a super cool project :raised_hands:

im curious, have you thought about using off-chain storage for the encrypted data? might be more cost-effective than putting everything on-chain. you could store hashes on-chain that point to the actual encrypted content elsewhere.

for the encryption/decryption, maybe look into using the owner’s public key to encrypt? that way only they can decrypt with their private key.

what kind of secret info are you hiding in the NFTs? without giving away too much obv :wink: just wondering how sensitive it is and if there are any special security considerations.

have you considered a time-lock on the decryption? could be an interesting twist if the secrets are only revealed after a certain date or event.

keep us posted on how it goes! nft projects with hidden content are always intriguing.