Add ECIES encryption module for sr25519 keys#116
Draft
hitchhooker wants to merge 3 commits intoparitytech:masterfrom
Draft
Add ECIES encryption module for sr25519 keys#116hitchhooker wants to merge 3 commits intoparitytech:masterfrom
hitchhooker wants to merge 3 commits intoparitytech:masterfrom
Conversation
Implements Elliptic Curve Integrated Encryption Scheme (ECIES) over Ristretto255 using ChaCha20-Poly1305 and Merlin transcript key derivation. Signed-off-by: Tommi Niemi <tommi@rotko.net>
hitchhooker added a commit to hitchhooker/subxt that referenced this pull request Mar 13, 2026
Adds encrypt/decrypt methods to sr25519::Keypair using schnorrkel's new ECIES module. Gated behind the `ecies` feature flag. Depends on: paritytech/schnorrkel#116
4 tasks
hitchhooker added a commit to hitchhooker/subxt that referenced this pull request Mar 13, 2026
Adds encrypt/decrypt methods to sr25519::Keypair using schnorrkel's new ECIES module. Gated behind the `ecies` feature flag. Depends on: paritytech/schnorrkel#116
penumbra-style key hierarchy separating incoming decryption, outgoing decryption, and signing authority. all derivations are one-way via domain-separated merlin transcripts. - IncomingViewingKey: decrypt messages sent TO you - OutgoingViewingKey: decrypt messages sent BY you - FullViewingKey: bundles ivk + ovk + signing public key - ecies wire format always includes ovk-wrapped ephemeral secret - ovk blob cryptographically bound to main ciphertext - identity point rejection on encrypt and decrypt - zeroize on all secret material, constant-time equality
- known-answer test vector (pins wire format against silent KDF changes) - ovk blob swap between ciphertexts (verifies main-ciphertext binding) - key-type confusion (ivk vs signing key domain isolation) - self-encryption round-trip - empty context string - partial ovk blob truncation - main vs ovk nonce independence - tampered ephemeral public key
| This pull request has been mentioned on Polkadot Forum. There might be relevant details there: https://forum.polkadot.network/t/dystopia-awaits-lets-encrypt/17345/1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
eciesfeature flag withencrypt/decryptpublic API[version: 1B] [ephemeral_pk: 32B] [nonce: 12B] [ciphertext + tag: N+16B](61 bytes overhead)Test plan