Integration Guide

The TACo Access Control SDK allows you to use threshold encryption & decryption in your application.

Threshold Access Control is not currently supported by an stable cohort of node operators running TACo clients, nor the surrounding infrastructure to make mainnet access straightforward (e.g. Porter). The network will be relaunched by WEDF in Q3 2026..

Until then, this page serves solely as a open source reference and blueprint for the community.

In just a few minutes you will able to:

Define decryption conditions – these are predefined rules or criteria that must be fulfilled before the encrypted data can be decrypted.
Encrypt data & assign decryption conditions – when you encrypt data, you not only secure it but also tie the decryption process to the conditions you defined.
Threshold-decrypt data – once the decryption conditions are met and validated by a threshold of TACo nodes, decryption can occur.

1. Installation

Install taco , taco-auth, and ethers with your favorite package manager:

$ npm install @nucypher/taco @nucypher/taco-auth ethers@5.7.2

TACo currently requires ethers v5. The API is not compatible with ethers v6 (ethers.BrowserProvider, ethers.JsonRpcProvider without the providers namespace, etc.).

2. Configuration

To run the code examples below, you will need the ritualId encryption parameter. In production, your wallet address (encryptor) will also have to be allow-listed for this specific ritual. Please reach out to us here to receive a ritualId and allow-list access. Additionally, we have publicly available testnet rituals for use when developing your apps.

3. Define decryption condition and encrypt data

With ritualId and a web3 provider from ethers, we can taco.encrypt our data.

In this example, we will use our lynx testnet, where you can freely use ritualId = 27.

The polygonProvider below connects to Polygon Amoy — this is where TACo's DKG coordination contracts live. It is not your application's chain provider. Your conditions can still target any supported EVM chain (Ethereum, Sepolia, etc.) regardless of this provider.

The signerProvider is required to authenticate the Encryptor.

import { initialize, encrypt, conditions, domains } from '@nucypher/taco';
import { ethers } from "ethers";

// We have to initialize the TACo library first
await initialize();

// Define decryption condition
const ownsNFT = new conditions.predefined.erc721.ERC721Ownership({
  contractAddress: '0x1e988ba4692e52Bc50b375bcC8585b95c48AaD77',
  parameters: [3591],
  chain: 11155111,  // sepolia
});

const signerProvider = new ethers.providers.Web3Provider(window.ethereum);
const polygonProvider = new ethers.providers.JsonRpcProvider("https://polygon-amoy.drpc.org");

const message = "my secret message";
const ritualId = 27

// encrypt data
const messageKit = await encrypt(
  polygonProvider,
  domains.DEVNET,
  message,
  ownsNFT,
  ritualId,
  signerProvider.getSigner() 
);

4. Decrypt the data

Now we just have to pass the messageKit to the intended data consumer:

import { conditions, decrypt, domains, initialize } from '@nucypher/taco';
import { EIP4361AuthProvider, USER_ADDRESS_PARAM_DEFAULT } from '@nucypher/taco-auth';
import { ethers } from "ethers";

// We have to initialize the TACo library first
await initialize();

const web3Provider = new ethers.providers.Web3Provider(window.ethereum); 

const conditionContext =
  conditions.context.ConditionContext.fromMessageKit(messageKit);
  
// auth provider when condition contains ":userAddress" context variable
// the decryptor user must provide a signature to prove ownership of their wallet address
const authProvider = new EIP4361AuthProvider(
  web3Provider,
  web3Provider.getSigner(),
);
conditionContext.addAuthProvider(USER_ADDRESS_PARAM_DEFAULT, authProvider);

const decryptedMessage = await decrypt(
  web3Provider,
  domains.DEVNET,
  messageKit,
  conditionContext,
);

Since ownsNFT condition refers to an NFT owned by the data consumer, decrypt call will prompt the recipient to sign a message and prove the ownership of the caller's wallet.

Next steps

Learn more about using TACo in a sandboxed environment in the Testnet section.

Example applications

The following samples showcase integrations with React-based web apps, and serve as an 'end-to-end' reference for creating conditions-based encryption & decryption:

PreviousCondition Context NextTestnet

Last updated 16 days ago