Turbo
This guide explains how to integrate TACo with Turbo – a bundler SDK which facilitates uploading, retrieving, indexing, and paying for data hosted on Arweave. Developers who combine TACo and Turbo can offer their end-users permanent data storage that is private by default, wherein all sensitive payloads are encrypted, with fine-grained access conditions, prior to being uploaded. Given that Arweave offers access to data in perpetuity, it is even more critical that non-public data will only be decryptable by legitimate and qualifying consumers.
Turbo overview
Turbo is an OSS kit for the permaweb – helping developers upload and pay for Arweave data storage. It supports ETH payments and Ethereum-based identities, a level of interoperability that makes integration with TACo straightforward. Turbo offers optimistic data caching and indexing, and performant transaction throughput (860/sec).
Use case ideas
Evidence. Empower researchers and journalists to store critical evidence and analysis on the permaweb, without making all the findings public prematurely. This removes the burden of trusting centralized hosting, which could surveil or deny service to users, and means sensitive evidence can be selectively shared with reviewers and publishers.
Health records. Don't rely on HIPAA or the moral compass of medical data custodians. Build health applications that encrypt highly sensitive patient data, such that the patient has full sovereignty over who has access to said data, and under what conditions. This encrypted data can be stored via Turbo, so patients have access to their valuable records forever.
Private NFTs. The status quo of artistic NFT asset 'ownership' is little more than holding a symbolic receipt, with the actual asset hosted by centralized gate-keepers. Combine TACo, Turbo and Arweave to offer end-users the ability to purchase the decryption rights to a movie, track, in-game asset, or piece of art – without trusting either the access control or storage layers in order to play, watch or view their assets.
Integration steps
1. Install TACo & Turbo
2. Define access conditions & encrypt the data
Next, initialize the taco-web
library. This provides, among other functionality, the facility to create access conditions and embed them in the encrypted data payload. The conditions and ciphertext are inextricable, which ensures that only a threshold of TACo nodes can collectively enforce access.
In this example, the data producer is composing a time-based condition for access. This requires reading the block height of the Arweave chain, and means data consumers may only access the data once a certain block height has been reached. For more on condition types, check out the Access Control section.
We encrypt the message using the blockHeight
condition, specifying the devnet domain
and ritualID
, and a standard web3 provider/signer.
This guide utilizes the parameters ritualId = 27
& domains.DEVNET
. These refer to an open DKG public key and hacker-facing bleeding-edge testnet respectively, which are not decentralized and unsuitable for real-world sensitive data. For more information, see the Trust Assumptions section.
3. Connect to Turbo & store the data
Next, connect to a Turbo signer.
In this example, the data payload size is lower than 100kb, so it is currently free to upload to Arweave via the Turbo SDK.
4. Retrieve & decrypt the data
Next, use the encryptedMessageId
to find and retrieve the encrypted payload. This can be done via any Arweave gateway.
TACo's decryption logic involves (1) a decryption request sent to the TACo nodes enforcing access control, (2) for decryption fragments to be retrieved and assembled locally, and (3) finally for the payload to be decrypted into plaintext. These steps are all contained in the decrypt()
function below.
Using Turbo & TACo in production
As noted, the parameters specified in this guide are for testing and hacking only.
For TACo, a funded Mainnet ritualID
is required – this connects the encrypt/decrypt API to a cohort of independently operated nodes and corresponds to a DKG public key generated by independent parties. A dedicated ritualID
for Turbo + TACo projects will be sponsored soon. Watch for updates here or in the Discord #taco channel.
Last updated