[RFC17] add conversion ed25519 -> x25519

62a7e3a4 · Éloïs · 5376a54b · 62a7e3a4
Commit 62a7e3a4 authored May 11, 2021 by Éloïs
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 11 deletions

rfc/0017_transaction_comment_encryption.md rfc/0017_transaction_comment_encryption.md +30 -11

No files found.
--- a/rfc/0017_transaction_comment_encryption.md
+++ b/rfc/0017_transaction_comment_encryption.md
 # RFC 17: Transaction Comment Encryption

-Alice wants to send a transaction to bob with an encrypted comment.
+This RFC defines a format for encrypting transaction comments for the case of transactions involving a single issuer key and a single receiver key.

-Let `Sa` the private key of Alice and `Pa` its associated public key.
-Let `Sb` the private key of Bob and `Pb` its associated public key.
+Let `Si` the ed25519 secret key of the issuer and `Pi` its associated ed25519 public key.
+Let `Sr` the ed25519 secret key of the receiver and `Pr` its associated ed25519 public key.
+
+## Convert Ed25519 keys to x25519 keys
+
+The first step is to convert the Ed25519 keys into x25519 keys (also called curve25519 keys).
+
+### Convert Ed25519 secret key to x25519 secret key
+
+Use the first 32 bytes of the extended secret key.
+
+The extended secret key is derived from the seed by the NaCl function `crypto_sign_ed25519_seed_keypair`.
+
+Let `Si' = Si[..32]`;
+
+### Convert Ed25519 public key to x25519 public key
+
+Use NaCl function `crypto_sign_ed25519_pk_to_curve25519`.
+
+Let `Pr' = crypto_sign_ed25519_pk_to_curve25519(Pr)`

 ## Generate symetric encryption key

 We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.

-Let `R = crypto_box_beforenm(Sa, Pb) = crypto_box_beforenm(Sb, Pa)`.
+Let `R = crypto_box_beforenm(Si', Pr') = crypto_box_beforenm(Sr', Pi')`.

 Let `s` be a random salt of 16 bytes.

@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix.

 Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).

-## Decrypt transaction comment (Bob side)
+## Decrypt transaction comment (Receiver side)

-1. Compute `R = crypto_box_beforenm(Sb, Pa)`
-2. Read meta data `l = Message length`
-3. Read meta data `s = Salt`
-4. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
-5. compute `m = encryptedMessage ^ k`
-6. Interpret `m` as an UTF8 string
+1. compute `Sr'` and `Pi'`.
+2. Compute `R = crypto_box_beforenm(Sr', Pi')`
+3. Read meta data `l = Message length`
+4. Read meta data `s = Salt`
+5. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
+6. compute `m = encryptedMessage ^ k`
+7. Interpret `m` as an UTF8 string

 ## Hide the real length of the message