Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
documents
RFCs
Commits
62a7e3a4
Commit
62a7e3a4
authored
May 11, 2021
by
Éloïs
Browse files
[RFC17] add conversion ed25519 -> x25519
parent
5376a54b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
30 additions
and
11 deletions
+30
-11
rfc/0017_transaction_comment_encryption.md
rfc/0017_transaction_comment_encryption.md
+30
-11
No files found.
rfc/0017_transaction_comment_encryption.md
View file @
62a7e3a4
# RFC 17: Transaction Comment Encryption
Alice wants to send a transaction to bob with an encrypted comment
.
This RFC defines a format for encrypting transaction comments for the case of transactions involving a single issuer key and a single receiver key
.
Let
`Sa`
the private key of Alice and
`Pa`
its associated public key.
Let
`Sb`
the private key of Bob and
`Pb`
its associated public key.
Let
`Si`
the ed25519 secret key of the issuer and
`Pi`
its associated ed25519 public key.
Let
`Sr`
the ed25519 secret key of the receiver and
`Pr`
its associated ed25519 public key.
## Convert Ed25519 keys to x25519 keys
The first step is to convert the Ed25519 keys into x25519 keys (also called curve25519 keys).
### Convert Ed25519 secret key to x25519 secret key
Use the first 32 bytes of the extended secret key.
The extended secret key is derived from the seed by the NaCl function
`crypto_sign_ed25519_seed_keypair`
.
Let
`Si' = Si[..32]`
;
### Convert Ed25519 public key to x25519 public key
Use NaCl function
`crypto_sign_ed25519_pk_to_curve25519`
.
Let
`Pr' = crypto_sign_ed25519_pk_to_curve25519(Pr)`
## Generate symetric encryption key
We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.
Let
`R = crypto_box_beforenm(S
a
, P
b
) = crypto_box_beforenm(S
b
, P
a
)`
.
Let
`R = crypto_box_beforenm(S
i'
, P
r'
) = crypto_box_beforenm(S
r'
, P
i'
)`
.
Let
`s`
be a random salt of 16 bytes.
...
...
@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix.
Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).
## Decrypt transaction comment (
Bob
side)
## Decrypt transaction comment (
Receiver
side)
1.
Compute
`R = crypto_box_beforenm(Sb, Pa)`
2.
Read meta data
`l = Message length`
3.
Read meta data
`s = Salt`
4.
Generate symetric encryption key
`k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
5.
compute
`m = encryptedMessage ^ k`
6.
Interpret
`m`
as an UTF8 string
1.
compute
`Sr'`
and
`Pi'`
.
2.
Compute
`R = crypto_box_beforenm(Sr', Pi')`
3.
Read meta data
`l = Message length`
4.
Read meta data
`s = Salt`
5.
Generate symetric encryption key
`k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
6.
compute
`m = encryptedMessage ^ k`
7.
Interpret
`m`
as an UTF8 string
## Hide the real length of the message
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment