Asymmetric encryption scheme



A channel refers to the part of the PAD service that handles a single secret. Each PAD instance consists of one channel per secret stored with the instance. One can think of a PAD channel as a channel between secret owner and secret recipient - the channel opens when the decryptor chooses to access the secret and posts a request to the instance ledger.

Data/Decryption request


Anyone who has been chosen by an encryptor to have the right to make a decryption request.

Digital signature


Any user who secures a secret with the PAD system.

Instance (or PAD instance)

Abstractly, the PAD protocol uses a public append-only ledger to store decryption requests - this is what makes decryption accountable. In practice, it is unnecessary and unwieldy to have a single monolithic ledger for all users of PAD across all use-cases. Therefore, PAD offers a new ledger to whoever wants one: each of these ledgers is a PAD instance. For example, a developer may wish to build an application that uses PAD. They will open a new instance that serves all decryption requests made through their application.


An operator is an owner of a PAD instance. To become an operator, you make a request to the PAD team. Operators have the right to set properties of a PAD instance: they choose trustees and set the decryption threshold.


Any piece of information that is secured by the PAD system for potential sharing with a designated decryptor.

Secret sharing scheme

A cryptographic protocol that splits a secret into a number of pieces, called secret shares. Any one of these shares - or indeed any small group of shares - reveals no information about the original secret. However when a threshold number of shares are combined, it is possible to easily reconstruct the secret.

Service (or PAD service)

We use this to denote the entire PAD protocol and API. The PAD service works behind the scenes of every PAD instance.

Symmetric encryption scheme


Trustee attestation

Refers to attestation


To ensure that a decryption request is only successful if it appears on the PAD ledger, each PAD instance makes use of a number of trustees. Trustees may either be dedicated to a single instance or may offer their services to multiple instances. We use threshold cryptography (a secret sharing scheme) to distribute the means of decryption across multiple trustees, ensuring that no single trustee (or small group of them) needs to be trusted. Trustees observe the ledger for access requests and share information on the ledger in response to requests that allow only the decryptor to retrieve a secret. The job of a trustee is to respond to requests - they do not judge whether a data request is made at an appropriate time.


Validators are similar to trustees, except that they have additional responsibilities that help detect misbehaving or faulty trustees.

Last updated