Skip to content
Snippets Groups Projects
Commit 62a7e3a4 authored by Éloïs's avatar Éloïs
Browse files

[RFC17] add conversion ed25519 -> x25519

parent 5376a54b
No related branches found
No related tags found
1 merge request!13Tx comment encrypt
# RFC 17: Transaction Comment Encryption # RFC 17: Transaction Comment Encryption
Alice wants to send a transaction to bob with an encrypted comment. This RFC defines a format for encrypting transaction comments for the case of transactions involving a single issuer key and a single receiver key.
Let `Sa` the private key of Alice and `Pa` its associated public key. Let `Si` the ed25519 secret key of the issuer and `Pi` its associated ed25519 public key.
Let `Sb` the private key of Bob and `Pb` its associated public key. Let `Sr` the ed25519 secret key of the receiver and `Pr` its associated ed25519 public key.
## Convert Ed25519 keys to x25519 keys
The first step is to convert the Ed25519 keys into x25519 keys (also called curve25519 keys).
### Convert Ed25519 secret key to x25519 secret key
Use the first 32 bytes of the extended secret key.
The extended secret key is derived from the seed by the NaCl function `crypto_sign_ed25519_seed_keypair`.
Let `Si' = Si[..32]`;
### Convert Ed25519 public key to x25519 public key
Use NaCl function `crypto_sign_ed25519_pk_to_curve25519`.
Let `Pr' = crypto_sign_ed25519_pk_to_curve25519(Pr)`
## Generate symetric encryption key ## Generate symetric encryption key
We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce. We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.
Let `R = crypto_box_beforenm(Sa, Pb) = crypto_box_beforenm(Sb, Pa)`. Let `R = crypto_box_beforenm(Si', Pr') = crypto_box_beforenm(Sr', Pi')`.
Let `s` be a random salt of 16 bytes. Let `s` be a random salt of 16 bytes.
...@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix. ...@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix.
Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters). Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).
## Decrypt transaction comment (Bob side) ## Decrypt transaction comment (Receiver side)
1. Compute `R = crypto_box_beforenm(Sb, Pa)` 1. compute `Sr'` and `Pi'`.
2. Read meta data `l = Message length` 2. Compute `R = crypto_box_beforenm(Sr', Pi')`
3. Read meta data `s = Salt` 3. Read meta data `l = Message length`
4. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)` 4. Read meta data `s = Salt`
5. compute `m = encryptedMessage ^ k` 5. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
6. Interpret `m` as an UTF8 string 6. compute `m = encryptedMessage ^ k`
7. Interpret `m` as an UTF8 string
## Hide the real length of the message ## Hide the real length of the message
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment