back
Introducing Confidential Data Rails: A New Way to Share Encrypted Data at Scale
Story
20 November 2025
When handling sensitive data, whether it is production files, proprietary datasets, or even the API keys that run your business, there eventually comes a moment when it has to be shared. But safe data sharing has always required trust: trust in the platform, trust in the recipient, and trust that the file won’t leak, be copied, or fall out of your control.
Traditional decentralized storage networks offer reliability and permanence, but not confidentiality, access control, or automation. Web2 storage tools are easy to use, but they force creators and teams to place their trust in private intermediaries.
Today, we released the Confidential Data Rails (CDR) technical paper, describing how the new core component of Story’s blockchain addresses this long-standing challenge.
CRD is the cryptographic and architectural framework that that enables IP vaults, and the secure movement of data on Story more broadly. During development of the original IP Vault feature, we realized that securely moving encrypted data onchain required a far more robust foundation. From that learning, CDR emerged.
From IP Vaults to General-Purpose Confidential Data
IP Vaults are now just one of many features enabled by CDR; a way to attach encrypted files to IP assets and deliver them to license holders. But CDR’s capabilities extend far beyond IP. Any data, such as AI training sets, biomedical data, API keys and more, can be put into a vault to be transferred securely using Confidential Data Rails, with automated, enforceable rules at the protocol level.
What this means is that CDR turns private data into an onchain asset you can safely move, automate, and build new primitives around, with programmable access control built in.
What Can You Do with Story’s Confidential Data Rails?
At the simplest level, CDR is a secure pipeline:
You encrypt your data → attach it to an asset → and only licensed recipients can automatically decrypt it.
But the CDR’s impact isn’t just in moving data securely. The real power lies in what becomes possible once private data becomes programmable. Every encrypted file can carry logic, conditions, and workflows that execute automatically.
Here are a few of the early use cases it unlocks:
1. Confidential Delivery of High-Value IP Data
Data owners can attach sensitive files directly to their onchain IP: production assets, digital records, reference datasets, and more. When someone acquires a valid license on Story, they automatically gain access to the encrypted files in a CDR vault. This eliminates the need for tedious back and forth of email attachments and manual file transfers. The owner never has to be involved in each individual handoff, and the data stays fully encrypted until it reaches the correct license holder.
2. A Marketplace for Private AI Datasets
AI developers can license training datasets as programmable IP assets. Data providers attach encrypted datasets to their IP, define the conditions for use, and let Story handle delivery. Only licensed builders can access the data, and only under the rules set by the owner, thus enabling an open, trustless marketplace for high-value private data.
CDRs can also be used to verify and enforce delivery of confidential data into a trusted execution environment (TEE) for fully verifiable models, ensuring end to end chain of custody guarantees.
3. Safe Distribution of API Keys and Integration Secrets
Companies can treat API keys, integration credentials, and other sensitive configuration files as part of an onchain asset. Instead of sharing secrets over chat or email, they can be delivered through Confidential Data Rails only to specific partners or applications with valid licenses. Access can be time-limited, revoked, or updated at the protocol level, so distribution of critical infrastructure secrets becomes safer and easier to audit.
4. Encrypted Collateral in DeFi and Beyond
Because CDR is programmable, data owners can set access control conditions that let DeFi protocols treat any confidential data as collateral (whether IP data, a Bitcoin MPC private key, or any other form of valuable data). For example, a protocol might allow borrowing against an IP asset, with access to the underlying data gated by specific onchain conditions. The data itself stays encrypted and controlled, while its value can be reflected in financial primitives built on top of Story.
These are just some of the initial use cases we’re excited about. What matters most is not the ability to share confidential data, but everything that becomes possible because privacy is integrated at the protocol level on Story. CDR introduces a new type of programmable resource, opening a wide design space for builders to create entirely new primitives, workflows, and applications across the Story ecosystem.
How Confidential Data Rails Work
Despite the powerful capabilities it unlocks, CDR is designed to feel simple for users.
End-to-End Conditional Decryption
When an IP owner uploads a file to CDR, the file is encrypted client-side with a dedicated data key. That key is then encrypted again using CDR’s decentralized threshold encryption system. The encrypted file can live on any storage layer, while the key stays protected inside Story’s CDR.
Because decryption is tied directly to onchain logic, the file can only be unlocked when all required conditions are met. This conditional decryption can require recipients to hold a valid Story license, or satisfy any additional rules the data owner has set. Only then can the recipient decrypt the key, and therefore the file.
Programmable Access
Because CDR is native to Story’s programmable IP layer, data owners can attach custom logic to the data itself. These can be a wide range of conditions, such as:
- Time-limited access (e.g., “This dataset is accessible for 7 days”)
- Compute-restricted access (e.g., “This file may only be opened inside a Trusted Execution Environment running a specific binary”)
- Delayed releases (e.g., embargoed content)
- Multi-party workflows (e.g., collaborative training, shared ownership, automated attribution)
This effectively transforms private data from something static into something you can program: an onchain resources with powerful automation built in.
A New Building Block for Programmable Privacy
The Confidential Data Rails technical paper is live today. It explains how CDR will bring confidentiality, automation, and programmability together at the protocol level on Story to give data holders, companies, and developers a native way to encrypt and deliver sensitive data. More importantly, it transforms that data into an active, customizable component of the Story ecosystem.
Once private files can carry logic, enforce conditions, and react to onchain state, entirely new primitives become possible. We are looking forward to seeing the new products, business models, and forms of collaboration that can emerge thanks to Story’s Confidential Data Rails.
