Economics

Medusa API calls

There are basically two Medusa API the user can call:

Submission of a ciphertext
Reencryption request of a ciphertext

Let’s call the number of submission in a day $s$ and number of reencryption request $r$ .

Strawman approach

The basic approach would be to bill each call to these two entry points.

One “submission fee” $f_s$ upon submission of ciphertext.

One “reencryption fee” $f_r$ upon request of reencryption.

Weakness of the approach

This model assumes that clients will always pass via Medusa for reencryption.

That assumption may not always be true in practice however.

If Alice produces the encrypted content and Bob is ready to pay to read it. Once Bob has made the payement onchain, Alice can simply send the private key directly to Bob as long as Bob is sure he can always go through Medusa. In a sense, Medusa acts as a dispute resolution layer in this setting. Bob can wait to receive Alice’s encryption key, and if he doesn’t receive it, it asks Medusa.

→ In the optimistic case, Bob and Alice save cost by bypassing Medusa.

If we call $t$ the number of “intents to decrypt”, we assume $r << t$ and this strategy only captures

$s * f_s + r * f_r$

What we would like to capture as value is

$s * f_s + t * f_r$

NFT-based Approach

The goal here is extract value for Medusa being a dispute resolution layer, not only when it is being used.

The idea is to separate the reencryption request in two parts:

Reencryption intent: Someone wants to pay Medusa to have a right to decrypt a certain ciphertext. The input of this call is the cipherID and the output is an NFT tailored to the ciphertext.
Reencryption request: Someone with the right NFT pass this to Medusa (it gets burned ?) and Medusa network will operate the regular reencryption workflow.

This design changes the expectation of users and prevents the above bypassing scenario to happen:

Bob will request to have the NFT before paying Alice on the smart contract. Otherwise, he has no reason to believe Alice will send him the private key. The NFT gives him the assurance that he can always go to Medusa.
That means, the $f_r$ is now extracted upon “intent” of decryption instead of really the decryption. Thus it provides value to Medusa simply because it exists as a dispute resolution layer.

Moreover, having NFT based approach allows to create a market around “decryption rights” people can buy decryption rights when price and/or gas is low and sell it again when price becomes higher.

It also offers a nice integration with all the NFT tooling / application space that is deployed and enable Medusa to ride on the NFT momentum.

Price Example

Currently on testnet FVM, one reencryption costs around 2$, i.e. $C_r = 2$ $

Submission cost is not evaluated yet.

We set for example $f_r = C_r * 0.2$ to include rewarding Medusa operators and the development of the protocol.