Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
R
RFCs
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Monitor
Service Desk
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
documents
RFCs
Commits
62a7e3a4
Commit
62a7e3a4
authored
4 years ago
by
Éloïs
Browse files
Options
Downloads
Patches
Plain Diff
[RFC17] add conversion ed25519 -> x25519
parent
5376a54b
No related branches found
No related tags found
1 merge request
!13
Tx comment encrypt
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
rfc/0017_transaction_comment_encryption.md
+30
-11
30 additions, 11 deletions
rfc/0017_transaction_comment_encryption.md
with
30 additions
and
11 deletions
rfc/0017_transaction_comment_encryption.md
+
30
−
11
View file @
62a7e3a4
# RFC 17: Transaction Comment Encryption
# RFC 17: Transaction Comment Encryption
Alice wants to send a transaction to bob with an encrypted comment
.
This RFC defines a format for encrypting transaction comments for the case of transactions involving a single issuer key and a single receiver key
.
Let
`Sa`
the private key of Alice and
`Pa`
its associated public key.
Let
`Si`
the ed25519 secret key of the issuer and
`Pi`
its associated ed25519 public key.
Let
`Sb`
the private key of Bob and
`Pb`
its associated public key.
Let
`Sr`
the ed25519 secret key of the receiver and
`Pr`
its associated ed25519 public key.
## Convert Ed25519 keys to x25519 keys
The first step is to convert the Ed25519 keys into x25519 keys (also called curve25519 keys).
### Convert Ed25519 secret key to x25519 secret key
Use the first 32 bytes of the extended secret key.
The extended secret key is derived from the seed by the NaCl function
`crypto_sign_ed25519_seed_keypair`
.
Let
`Si' = Si[..32]`
;
### Convert Ed25519 public key to x25519 public key
Use NaCl function
`crypto_sign_ed25519_pk_to_curve25519`
.
Let
`Pr' = crypto_sign_ed25519_pk_to_curve25519(Pr)`
## Generate symetric encryption key
## Generate symetric encryption key
We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.
We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.
Let
`R = crypto_box_beforenm(S
a
, P
b
) = crypto_box_beforenm(S
b
, P
a
)`
.
Let
`R = crypto_box_beforenm(S
i'
, P
r'
) = crypto_box_beforenm(S
r'
, P
i'
)`
.
Let
`s`
be a random salt of 16 bytes.
Let
`s`
be a random salt of 16 bytes.
...
@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix.
...
@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix.
Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).
Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).
## Decrypt transaction comment (
Bob
side)
## Decrypt transaction comment (
Receiver
side)
1.
Compute
`R = crypto_box_beforenm(Sb, Pa)`
1.
compute
`Sr'`
and
`Pi'`
.
2.
Read meta data
`l = Message length`
2.
Compute
`R = crypto_box_beforenm(Sr', Pi')`
3.
Read meta data
`s = Salt`
3.
Read meta data
`l = Message length`
4.
Generate symetric encryption key
`k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
4.
Read meta data
`s = Salt`
5.
compute
`m = encryptedMessage ^ k`
5.
Generate symetric encryption key
`k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
6.
Interpret
`m`
as an UTF8 string
6.
compute
`m = encryptedMessage ^ k`
7.
Interpret
`m`
as an UTF8 string
## Hide the real length of the message
## Hide the real length of the message
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment