Commit 62a7e3a4 authored by Éloïs's avatar Éloïs
Browse files

[RFC17] add conversion ed25519 -> x25519

parent 5376a54b
# RFC 17: Transaction Comment Encryption
Alice wants to send a transaction to bob with an encrypted comment.
This RFC defines a format for encrypting transaction comments for the case of transactions involving a single issuer key and a single receiver key.
Let `Sa` the private key of Alice and `Pa` its associated public key.
Let `Sb` the private key of Bob and `Pb` its associated public key.
Let `Si` the ed25519 secret key of the issuer and `Pi` its associated ed25519 public key.
Let `Sr` the ed25519 secret key of the receiver and `Pr` its associated ed25519 public key.
## Convert Ed25519 keys to x25519 keys
The first step is to convert the Ed25519 keys into x25519 keys (also called curve25519 keys).
### Convert Ed25519 secret key to x25519 secret key
Use the first 32 bytes of the extended secret key.
The extended secret key is derived from the seed by the NaCl function `crypto_sign_ed25519_seed_keypair`.
Let `Si' = Si[..32]`;
### Convert Ed25519 public key to x25519 public key
Use NaCl function `crypto_sign_ed25519_pk_to_curve25519`.
Let `Pr' = crypto_sign_ed25519_pk_to_curve25519(Pr)`
## Generate symetric encryption key
We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.
Let `R = crypto_box_beforenm(Sa, Pb) = crypto_box_beforenm(Sb, Pa)`.
Let `R = crypto_box_beforenm(Si', Pr') = crypto_box_beforenm(Sr', Pi')`.
Let `s` be a random salt of 16 bytes.
......@@ -63,14 +81,15 @@ A possible future format should increment the first byte of the prefix.
Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).
## Decrypt transaction comment (Bob side)
## Decrypt transaction comment (Receiver side)
1. Compute `R = crypto_box_beforenm(Sb, Pa)`
2. Read meta data `l = Message length`
3. Read meta data `s = Salt`
4. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
5. compute `m = encryptedMessage ^ k`
6. Interpret `m` as an UTF8 string
1. compute `Sr'` and `Pi'`.
2. Compute `R = crypto_box_beforenm(Sr', Pi')`
3. Read meta data `l = Message length`
4. Read meta data `s = Salt`
5. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
6. compute `m = encryptedMessage ^ k`
7. Interpret `m` as an UTF8 string
## Hide the real length of the message
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment