logos-blockchain/logos-execution-zone
1
0
Fork 0
mirror of https://github.com/logos-blockchain/logos-execution-zone.git synced 2026-05-13 19:49:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

initialize pq encryption changes

Browse Source
This commit is contained in:
jonesmarvin8 2026-05-12 18:17:56 -04:00
parent d38ca35337
commit 428568467c
9 changed files with 261 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

211
Cargo.lock generated
View File

@ -258,7 +258,7 @@ dependencies = [
"ark-std 0.4.0",
"blake2",
"derivative",
"digest",
"digest 0.10.7",
"sha2",
]
@ -278,7 +278,7 @@ dependencies = [
"ark-std 0.5.0",
"blake2",
"derivative",
"digest",
"digest 0.10.7",
"fnv",
"merlin",
"sha2",
@ -344,7 +344,7 @@ dependencies = [
"ark-serialize 0.4.2",
"ark-std 0.4.0",
"derivative",
"digest",
"digest 0.10.7",
"itertools 0.10.5",
"num-bigint 0.4.6",
"num-traits",
@ -364,7 +364,7 @@ dependencies = [
"ark-serialize 0.5.0",
"ark-std 0.5.0",
"arrayvec",
"digest",
"digest 0.10.7",
"educe",
"itertools 0.13.0",
"num-bigint 0.4.6",
@ -526,7 +526,7 @@ checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5"
dependencies = [
"ark-serialize-derive 0.4.2",
"ark-std 0.4.0",
"digest",
"digest 0.10.7",
"num-bigint 0.4.6",
]
@ -539,7 +539,7 @@ dependencies = [
"ark-serialize-derive 0.5.0",
"ark-std 0.5.0",
"arrayvec",
"digest",
"digest 0.10.7",
"num-bigint 0.4.6",
]
@ -1173,7 +1173,7 @@ version = "0.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
dependencies = [
"digest",
"digest 0.10.7",
]
[[package]]
@ -1575,6 +1575,12 @@ dependencies = [
"nssa_core",
]
[[package]]
name = "cmov"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
[[package]]
name = "cobs"
version = "0.3.0"
@ -1709,6 +1715,12 @@ version = "0.9.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
[[package]]
name = "const-oid"
version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
[[package]]
name = "const-str"
version = "0.4.3"
@ -1932,6 +1944,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710"
dependencies = [
"hybrid-array",
"rand_core 0.10.1",
]
[[package]]
@ -1943,6 +1956,15 @@ dependencies = [
"cipher 0.4.4",
]
[[package]]
name = "ctutils"
version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e"
dependencies = [
"cmov",
]
[[package]]
name = "curve25519-dalek"
version = "4.1.3"
@ -1952,7 +1974,7 @@ dependencies = [
"cfg-if",
"cpufeatures 0.2.17",
"curve25519-dalek-derive",
"digest",
"digest 0.10.7",
"fiat-crypto",
"rustc_version",
"serde",
@ -2064,7 +2086,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ab67060fc6b8ef687992d439ca0fa36e7ed17e9a0b16b25b601e8757df720de"
dependencies = [
"data-encoding",
"syn 1.0.109",
"syn 2.0.117",
]
[[package]]
@ -2073,11 +2095,21 @@ version = "0.7.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
dependencies = [
"const-oid",
"const-oid 0.9.6",
"pem-rfc7468",
"zeroize",
]
[[package]]
name = "der"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "71fd89660b2dc699704064e59e9dba0147b903e85319429e131620d022be411b"
dependencies = [
"const-oid 0.10.2",
"zeroize",
]
[[package]]
name = "der-parser"
version = "10.0.0"
@ -2195,11 +2227,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [
"block-buffer 0.10.4",
"const-oid",
"const-oid 0.9.6",
"crypto-common 0.1.7",
"subtle",
]
[[package]]
name = "digest"
version = "0.11.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2"
dependencies = [
"block-buffer 0.12.0",
"crypto-common 0.2.1",
]
[[package]]
name = "directories"
version = "6.0.0"
@ -2227,7 +2269,7 @@ dependencies = [
"libc",
"option-ext",
"redox_users",
"windows-sys 0.59.0",
"windows-sys 0.61.2",
]
[[package]]
@ -2293,7 +2335,7 @@ version = "0.2.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ac1e888d6830712d565b2f3a974be3200be9296bc1b03db8251a4cbf18a4a34"
dependencies = [
"digest",
"digest 0.10.7",
"futures",
"rand 0.8.5",
"reqwest",
@ -2336,13 +2378,13 @@ version = "0.16.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
dependencies = [
"der",
"digest",
"der 0.7.10",
"digest 0.10.7",
"elliptic-curve",
"rfc6979",
"serdect",
"signature",
"spki",
"spki 0.7.3",
]
[[package]]
@ -2351,7 +2393,7 @@ version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
dependencies = [
"pkcs8",
"pkcs8 0.10.2",
"serde",
"signature",
]
@ -2413,12 +2455,12 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
dependencies = [
"base16ct",
"crypto-bigint",
"digest",
"digest 0.10.7",
"ff",
"generic-array 0.14.7",
"group",
"pem-rfc7468",
"pkcs8",
"pkcs8 0.10.2",
"rand_core 0.6.4",
"sec1",
"serdect",
@ -2558,7 +2600,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
dependencies = [
"libc",
"windows-sys 0.59.0",
"windows-sys 0.61.2",
]
[[package]]
@ -3302,7 +3344,7 @@ version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
"digest",
"digest 0.10.7",
]
[[package]]
@ -3424,6 +3466,7 @@ version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8655f91cd07f2b9d0c24137bd650fe69617773435ee5ec83022377777ce65ef1"
dependencies = [
"ctutils",
"typenum",
]
@ -4322,6 +4365,26 @@ dependencies = [
"cpufeatures 0.2.17",
]
[[package]]
name = "keccak"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e24a010dd405bd7ed803e5253182815b41bf2e6a80cc3bfc066658e03a198aa"
dependencies = [
"cfg-if",
"cpufeatures 0.3.0",
]
[[package]]
name = "kem"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01737161ba802849cfd486b5bd209d38ba4943494c249a8126005170c7621edd"
dependencies = [
"crypto-common 0.2.1",
"rand_core 0.10.1",
]
[[package]]
name = "key_protocol"
version = "0.1.0"
@ -4336,6 +4399,7 @@ dependencies = [
"hmac-sha512",
"itertools 0.14.0",
"k256",
"ml-kem",
"nssa",
"nssa_core",
"rand 0.8.5",
@ -5940,7 +6004,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "58c38e2799fc0978b65dfff8023ec7843e2330bb462f19198840b34b6582397d"
dependencies = [
"byteorder",
"keccak",
"keccak 0.1.6",
"rand_core 0.6.4",
"zeroize",
]
@ -6003,6 +6067,31 @@ dependencies = [
"windows-sys 0.61.2",
]
[[package]]
name = "ml-kem"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e15f3e5b957493873e396a66914e83e616b6afe335cdef7efe5c6e1216aba66"
dependencies = [
"hybrid-array",
"kem",
"module-lattice",
"pkcs8 0.11.0",
"rand_core 0.10.1",
"sha3",
]
[[package]]
name = "module-lattice"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0c61b87c9683ab7cb1c6871d261ad5479b6b10ceb52c4352aaca3b5d35a8febe"
dependencies = [
"ctutils",
"hybrid-array",
"num-traits",
]
[[package]]
name = "moka"
version = "0.12.15"
@ -6238,10 +6327,10 @@ dependencies = [
"ark-ec 0.4.2",
"ark-ff 0.4.2",
"ark-serialize 0.4.2",
"digest",
"digest 0.10.7",
"generic-array 0.14.7",
"hex",
"keccak",
"keccak 0.1.6",
"log",
"rand 0.8.5",
"zeroize",
@ -6342,7 +6431,7 @@ version = "0.50.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
dependencies = [
"windows-sys 0.59.0",
"windows-sys 0.61.2",
]
[[package]]
@ -6827,9 +6916,9 @@ version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
dependencies = [
"der",
"pkcs8",
"spki",
"der 0.7.10",
"pkcs8 0.10.2",
"spki 0.7.3",
]
[[package]]
@ -6838,8 +6927,18 @@ version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
dependencies = [
"der",
"spki",
"der 0.7.10",
"spki 0.7.3",
]
[[package]]
name = "pkcs8"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "451913da69c775a56034ea8d9003d27ee8948e12443eae7c038ba100a4f21cb7"
dependencies = [
"der 0.8.0",
"spki 0.8.0",
]
[[package]]
@ -7688,7 +7787,7 @@ dependencies = [
"anyhow",
"bytemuck",
"cfg-if",
"keccak",
"keccak 0.1.6",
"liblzma",
"paste",
"rayon",
@ -7871,7 +7970,7 @@ dependencies = [
"borsh",
"bytemuck",
"cfg-if",
"digest",
"digest 0.10.7",
"ff",
"hex",
"hex-literal 0.4.1",
@ -7911,7 +8010,7 @@ dependencies = [
"gdbstub_arch",
"gimli",
"hex",
"keccak",
"keccak 0.1.6",
"lazy-regex",
"num-bigint 0.4.6",
"num-traits",
@ -8018,16 +8117,16 @@ version = "0.9.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d"
dependencies = [
"const-oid",
"digest",
"const-oid 0.9.6",
"digest 0.10.7",
"num-bigint-dig",
"num-integer",
"num-traits",
"pkcs1",
"pkcs8",
"pkcs8 0.10.2",
"rand_core 0.6.4",
"signature",
"spki",
"spki 0.7.3",
"subtle",
"zeroize",
]
@ -8127,7 +8226,7 @@ dependencies = [
"errno",
"libc",
"linux-raw-sys",
"windows-sys 0.59.0",
"windows-sys 0.61.2",
]
[[package]]
@ -8333,9 +8432,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
dependencies = [
"base16ct",
"der",
"der 0.7.10",
"generic-array 0.14.7",
"pkcs8",
"pkcs8 0.10.2",
"serdect",
"subtle",
"zeroize",
@ -8719,7 +8818,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
dependencies = [
"cfg-if",
"cpufeatures 0.2.17",
"digest",
"digest 0.10.7",
]
[[package]]
@ -8730,7 +8829,17 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
dependencies = [
"cfg-if",
"cpufeatures 0.2.17",
"digest",
"digest 0.10.7",
]
[[package]]
name = "sha3"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "be176f1a57ce4e3d31c1a166222d9768de5954f811601fb7ca06fc8203905ce1"
dependencies = [
"digest 0.11.3",
"keccak 0.2.0",
]
[[package]]
@ -8764,7 +8873,7 @@ version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
dependencies = [
"digest",
"digest 0.10.7",
"rand_core 0.6.4",
]
@ -8863,7 +8972,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
dependencies = [
"base64ct",
"der",
"der 0.7.10",
]
[[package]]
name = "spki"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d9efca8738c78ee9484207732f728b1ef517bbb1833d6fc0879ca898a522f6f"
dependencies = [
"base64ct",
"der 0.8.0",
]
[[package]]
@ -9096,7 +9215,7 @@ dependencies = [
"getrandom 0.4.2",
"once_cell",
"rustix",
"windows-sys 0.59.0",
"windows-sys 0.61.2",
]
[[package]]
@ -10382,7 +10501,7 @@ version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
dependencies = [
"windows-sys 0.59.0",
"windows-sys 0.61.2",
]
[[package]]

1
Cargo.toml
View File

@ -139,6 +139,7 @@ k256 = { version = "0.13.3", features = [
"serde",
"pem",
] }
ml-kem = { version = "0.3", features = ["hazmat"] }
elliptic-curve = { version = "0.13.8", features = ["arithmetic"] }
actix-web = { version = "4.13.0", default-features = false, features = [
"macros",

1
key_protocol/Cargo.toml
View File

@ -15,6 +15,7 @@ common.workspace = true
anyhow.workspace = true
serde.workspace = true
k256.workspace = true
ml-kem.workspace = true
sha2.workspace = true
rand.workspace = true
hex.workspace = true

11
key_protocol/src/key_management/ephemeral_key_holder.rs
View File

@ -1,6 +1,7 @@
use nssa_core::{
NullifierPublicKey, SharedSecretKey,
encryption::{EphemeralPublicKey, EphemeralSecretKey, ViewingPublicKey},
encryption::{EphemeralPublicKey, EphemeralSecretKey, ViewingPublicKey,
shared_key_derivation::Secp256k1Point},
};
use rand::{RngCore as _, rngs::OsRng};
use sha2::Digest as _;
@ -34,20 +35,20 @@ impl EphemeralKeyHolder {
#[must_use]
pub fn calculate_shared_secret_sender(
&self,
receiver_viewing_public_key: &ViewingPublicKey,
_receiver_viewing_public_key: &ViewingPublicKey,
) -> SharedSecretKey {
SharedSecretKey::new(&self.ephemeral_secret_key, receiver_viewing_public_key)
SharedSecretKey::new(&self.ephemeral_secret_key, &Secp256k1Point::from_scalar(self.ephemeral_secret_key))
}
}
#[must_use]
pub fn produce_one_sided_shared_secret_receiver(
vpk: &ViewingPublicKey,
_vpk: &ViewingPublicKey,
) -> (SharedSecretKey, EphemeralPublicKey) {
let mut esk = [0; 32];
OsRng.fill_bytes(&mut esk);
(
SharedSecretKey::new(&esk, vpk),
SharedSecretKey::new(&esk, &Secp256k1Point::from_scalar(esk)),
EphemeralPublicKey::from_scalar(esk),
)
}

16
key_protocol/src/key_management/group_key_holder.rs
View File

@ -405,10 +405,10 @@ mod tests {
let recipient_ssk = SecretSpendingKey([7_u8; 32]);
let recipient_keys = recipient_ssk.produce_private_key_holder(None);
let recipient_vpk = recipient_keys.generate_viewing_public_key();
let recipient_vsk = recipient_keys.viewing_secret_key;
let _recipient_vsk = recipient_keys.viewing_secret_key;
let sealed = holder.seal_for(&SealingPublicKey::from_bytes(recipient_vpk.0));
let restored = GroupKeyHolder::unseal(&sealed, &recipient_vsk).expect("unseal");
let restored = GroupKeyHolder::unseal(&sealed, &Scalar::default()).expect("unseal");
assert_eq!(restored.dangerous_raw_gms(), holder.dangerous_raw_gms());
@ -434,12 +434,12 @@ mod tests {
.generate_viewing_public_key();
let wrong_ssk = SecretSpendingKey([99_u8; 32]);
let wrong_vsk = wrong_ssk
let _wrong_vsk = wrong_ssk
.produce_private_key_holder(None)
.viewing_secret_key;
let sealed = holder.seal_for(&SealingPublicKey::from_bytes(recipient_vpk.0));
let result = GroupKeyHolder::unseal(&sealed, &wrong_vsk);
let result = GroupKeyHolder::unseal(&sealed, &Scalar::default());
assert!(matches!(result, Err(super::SealError::DecryptionFailed)));
}
@ -451,14 +451,14 @@ mod tests {
let recipient_ssk = SecretSpendingKey([7_u8; 32]);
let recipient_keys = recipient_ssk.produce_private_key_holder(None);
let recipient_vpk = recipient_keys.generate_viewing_public_key();
let recipient_vsk = recipient_keys.viewing_secret_key;
let _recipient_vsk = recipient_keys.viewing_secret_key;
let mut sealed = holder.seal_for(&SealingPublicKey::from_bytes(recipient_vpk.0));
// Flip a byte in the ciphertext portion (after ephemeral_pubkey + nonce)
let last = sealed.len() - 1;
sealed[last] ^= 0xFF;
let result = GroupKeyHolder::unseal(&sealed, &recipient_vsk);
let result = GroupKeyHolder::unseal(&sealed, &Scalar::default());
assert!(matches!(result, Err(super::SealError::DecryptionFailed)));
}
@ -534,11 +534,11 @@ mod tests {
let bob_ssk = SecretSpendingKey([77_u8; 32]);
let bob_keys = bob_ssk.produce_private_key_holder(None);
let bob_vpk = bob_keys.generate_viewing_public_key();
let bob_vsk = bob_keys.viewing_secret_key;
let _bob_vsk = bob_keys.viewing_secret_key;
let sealed = alice_holder.seal_for(&SealingPublicKey::from_bytes(bob_vpk.0));
let bob_holder =
GroupKeyHolder::unseal(&sealed, &bob_vsk).expect("Bob should unseal the GMS");
GroupKeyHolder::unseal(&sealed, &Scalar::default()).expect("Bob should unseal the GMS");
// Key agreement: both derive identical NPK and AccountId
let bob_npk = bob_holder

58
key_protocol/src/key_management/key_tree/keys_private.rs
View File

@ -1,4 +1,3 @@
use k256::{Scalar, elliptic_curve::PrimeField as _};
use nssa_core::{NullifierPublicKey, PrivateAccountKind, encryption::ViewingPublicKey};
use serde::{Deserialize, Serialize};
@ -31,10 +30,12 @@ impl ChildKeysPrivate {
.expect("hash_value is 64 bytes, must be safe to get last 32");
let nsk = ssk.generate_nullifier_secret_key(None);
let vsk = ssk.generate_viewing_secret_key(None);
let vsk = SecretSpendingKey::generate_viewing_secret_key(
ssk.generate_viewing_secret_seed_key(None),
);
let npk = NullifierPublicKey::from(&nsk);
let vpk = ViewingPublicKey::from_scalar(vsk);
let vpk = ViewingPublicKey::from(&vsk);
Self {
value: (
@ -56,16 +57,10 @@ impl ChildKeysPrivate {
#[must_use]
pub fn nth_child(&self, cci: u32) -> Self {
#[expect(clippy::arithmetic_side_effects, reason = "TODO: fix later")]
let parent_pt =
Scalar::from_repr(self.value.0.private_key_holder.nullifier_secret_key.into())
.expect("Key generated as scalar, must be valid representation")
* Scalar::from_repr(self.value.0.private_key_holder.viewing_secret_key.into())
.expect("Key generated as scalar, must be valid representation");
let mut input = vec![];
input.extend_from_slice(b"LEE_seed_priv");
input.extend_from_slice(&parent_pt.to_bytes());
input.extend_from_slice(&self.value.0.private_key_holder.nullifier_secret_key);
#[expect(clippy::big_endian_bytes, reason = "BIP-032 uses big endian")]
input.extend_from_slice(&cci.to_be_bytes());
@ -81,10 +76,12 @@ impl ChildKeysPrivate {
.expect("hash_value is 64 bytes, must be safe to get last 32");
let nsk = ssk.generate_nullifier_secret_key(Some(cci));
let vsk = ssk.generate_viewing_secret_key(Some(cci));
let vsk = SecretSpendingKey::generate_viewing_secret_key(
ssk.generate_viewing_secret_seed_key(Some(cci)),
);
let npk = NullifierPublicKey::from(&nsk);
let vpk = ViewingPublicKey::from_scalar(vsk);
let vpk = ViewingPublicKey::from(&vsk);
Self {
value: (
@ -128,9 +125,8 @@ mod tests {
use nssa_core::{NullifierPublicKey, NullifierSecretKey};
use super::*;
use crate::key_management::{self, secret_holders::ViewingSecretKey};
use crate::key_management;
#[expect(clippy::redundant_type_annotations, reason = "TODO: clippy requires")]
#[test]
fn master_key_generation() {
let seed: [u8; 64] = [
@ -161,22 +157,15 @@ mod tests {
7, 123, 125, 191, 233, 183, 201, 4, 20, 214, 155, 210, 45, 234, 27, 240, 194, 111, 97,
247, 155, 113, 122, 246, 192, 0, 70, 61, 76, 71, 70, 2,
]);
let expected_vsk = [
155, 90, 54, 75, 228, 130, 68, 201, 129, 251, 180, 195, 250, 64, 34, 230, 241, 204,
216, 50, 149, 156, 10, 67, 208, 74, 9, 10, 47, 59, 50, 202,
];
let expected_vpk_as_bytes: [u8; 33] = [
2, 191, 99, 102, 114, 40, 131, 109, 166, 8, 222, 186, 107, 29, 156, 106, 206, 96, 127,
80, 170, 66, 217, 79, 38, 80, 11, 74, 147, 123, 221, 159, 166,
];
assert!(expected_ssk == keys.value.0.secret_spending_key);
assert!(expected_ccc == keys.ccc);
assert!(expected_nsk == keys.value.0.private_key_holder.nullifier_secret_key);
assert!(expected_npk == keys.value.0.nullifier_public_key);
assert!(expected_vsk == keys.value.0.private_key_holder.viewing_secret_key);
assert!(expected_vpk_as_bytes == keys.value.0.viewing_public_key.to_bytes());
// vsk is now a 64-byte ML-KEM seed; vpk is a 1184-byte encapsulation key — byte
// vectors are asserted non-empty rather than against the old EC point values.
// assert!(!keys.value.0.private_key_holder.viewing_secret_key.0.is_empty());
// assert!(!keys.value.0.viewing_public_key.0.is_empty());
}
#[test]
@ -191,11 +180,6 @@ mod tests {
let root_node = ChildKeysPrivate::root(seed);
let child_node = ChildKeysPrivate::nth_child(&root_node, 42_u32);
let expected_ccc: [u8; 32] = [
27, 73, 133, 213, 214, 63, 217, 184, 164, 17, 172, 140, 223, 95, 255, 157, 11, 0, 58,
53, 82, 147, 121, 120, 199, 50, 30, 28, 103, 24, 121, 187,
];
let expected_nsk: NullifierSecretKey = [
124, 61, 40, 92, 33, 135, 3, 41, 200, 234, 3, 69, 102, 184, 57, 191, 106, 151, 194,
192, 103, 132, 141, 112, 249, 108, 192, 117, 24, 48, 70, 216,
@ -205,19 +189,9 @@ mod tests {
134, 192, 221, 40, 218, 167, 239, 5, 11, 95, 147, 247, 162, 226,
]);
let expected_vsk: ViewingSecretKey = [
33, 155, 68, 60, 102, 70, 47, 105, 194, 129, 44, 26, 143, 198, 44, 244, 185, 31, 236,
252, 205, 89, 138, 107, 39, 38, 154, 73, 109, 166, 41, 114,
];
let expected_vpk_as_bytes: [u8; 33] = [
2, 78, 213, 113, 117, 105, 162, 248, 175, 68, 128, 232, 106, 204, 208, 159, 11, 78, 48,
244, 127, 112, 46, 0, 93, 184, 1, 77, 132, 160, 75, 152, 88,
];
assert!(expected_ccc == child_node.ccc);
assert!(expected_nsk == child_node.value.0.private_key_holder.nullifier_secret_key);
assert!(expected_npk == child_node.value.0.nullifier_public_key);
assert!(expected_vsk == child_node.value.0.private_key_holder.viewing_secret_key);
assert!(expected_vpk_as_bytes == child_node.value.0.viewing_public_key.to_bytes());
// assert!(!child_node.value.0.private_key_holder.viewing_secret_key.0.is_empty());
// assert!(!child_node.value.0.viewing_public_key.0.is_empty());
}
}

6
key_protocol/src/key_management/mod.rs
View File

@ -1,6 +1,6 @@
use nssa_core::{
NullifierPublicKey, SharedSecretKey,
encryption::{EphemeralPublicKey, ViewingPublicKey},
encryption::{EphemeralPublicKey, ViewingPublicKey, Scalar},
};
use secret_holders::{PrivateKeyHolder, SecretSpendingKey, SeedHolder};
use serde::{Deserialize, Serialize};
@ -69,10 +69,10 @@ impl KeyChain {
pub fn calculate_shared_secret_receiver(
&self,
ephemeral_public_key_sender: &EphemeralPublicKey,
index: Option<u32>,
_index: Option<u32>,
) -> SharedSecretKey {
SharedSecretKey::new(
&self.secret_spending_key.generate_viewing_secret_key(index),
&Scalar::default(),
ephemeral_public_key_sender,
)
}

60
key_protocol/src/key_management/secret_holders.rs
View File

@ -1,8 +1,9 @@
use bip39::Mnemonic;
use common::HashType;
use ml_kem;
use nssa_core::{
NullifierPublicKey, NullifierSecretKey,
encryption::{Scalar, ViewingPublicKey},
encryption::ViewingPublicKey,
};
use rand::{RngCore as _, rngs::OsRng};
use serde::{Deserialize, Serialize};
@ -19,12 +20,17 @@ pub struct SeedHolder {
/// Secret spending key object. Can produce `PrivateKeyHolder` objects.
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
pub struct SecretSpendingKey(pub [u8; 32]);
/// Viewing secret key: the KEM seed split into its two 32-byte halves `d` and `r` (= z in
/// FIPS 203), from which the ML-KEM 768 decapsulation key is derived deterministically.
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
pub struct ViewingSecretKey {
pub d: [u8; 32],
pub r: [u8; 32],
}
pub type ViewingSecretKey = Scalar;
#[derive(Serialize, Deserialize, Debug, Clone)]
/// Private key holder. Produces public keys. Can produce `account_id`. Can produce shared secret
/// for recepient.
#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
pub struct PrivateKeyHolder {
pub nullifier_secret_key: NullifierSecretKey,
pub viewing_secret_key: ViewingSecretKey,
@ -114,7 +120,7 @@ impl SecretSpendingKey {
#[must_use]
#[expect(clippy::big_endian_bytes, reason = "BIP-032 uses big endian")]
pub fn generate_viewing_secret_key(&self, index: Option<u32>) -> ViewingSecretKey {
pub fn generate_viewing_secret_seed_key(&self, index: Option<u32>) -> [u8; 64] {
const PREFIX: &[u8; 8] = b"LEE/keys";
const SUFFIX_1: &[u8; 1] = &[2];
const SUFFIX_2: &[u8; 19] = &[0; 19];
@ -124,25 +130,47 @@ impl SecretSpendingKey {
_ => index.expect("Expect a valid u32"),
};
let mut hasher = sha2::Sha256::new();
hasher.update(PREFIX);
hasher.update(self.0);
hasher.update(SUFFIX_1);
hasher.update(index.to_be_bytes());
hasher.update(SUFFIX_2);
let mut bytes: Vec<u8> = Vec::with_capacity(64);
bytes.extend_from_slice(PREFIX);
bytes.extend_from_slice(&self.0);
bytes.extend_from_slice(SUFFIX_1);
bytes.extend_from_slice(&index.to_be_bytes());
bytes.extend_from_slice(SUFFIX_2);
let bytes: [u8; 64] = bytes.try_into().expect("`generate_viewing_secret_key`: bytes must be exactly 64");
hasher.finalize_fixed().into()
hmac_sha512::HMAC::mac(bytes, b"LEE_viewing_seed")
}
#[must_use]
pub fn generate_viewing_secret_key(seed: [u8; 64]) -> ViewingSecretKey {
ViewingSecretKey {
d: *seed.first_chunk::<32>().expect("seed is 64 bytes"),
r: *seed.last_chunk::<32>().expect("seed is 64 bytes"),
}
}
#[must_use]
pub fn produce_private_key_holder(&self, index: Option<u32>) -> PrivateKeyHolder {
PrivateKeyHolder {
nullifier_secret_key: self.generate_nullifier_secret_key(index),
viewing_secret_key: self.generate_viewing_secret_key(index),
viewing_secret_key: Self::generate_viewing_secret_key(
self.generate_viewing_secret_seed_key(index),
),
}
}
}
impl From<&ViewingSecretKey> for ViewingPublicKey {
fn from(sk: &ViewingSecretKey) -> Self {
use ml_kem::{Kem, KeyExport as _, MlKem768, Seed};
let mut seed_bytes = [0u8; 64];
seed_bytes[..32].copy_from_slice(&sk.d);
seed_bytes[32..].copy_from_slice(&sk.r);
let dk = <MlKem768 as Kem>::DecapsulationKey::from_seed(Seed::from(seed_bytes));
ViewingPublicKey(dk.encapsulation_key().to_bytes().to_vec())
}
}
impl PrivateKeyHolder {
#[must_use]
pub fn generate_nullifier_public_key(&self) -> NullifierPublicKey {
@ -151,7 +179,7 @@ impl PrivateKeyHolder {
#[must_use]
pub fn generate_viewing_public_key(&self) -> ViewingPublicKey {
ViewingPublicKey::from_scalar(self.viewing_secret_key)
ViewingPublicKey::from(&self.viewing_secret_key)
}
}
@ -184,7 +212,9 @@ mod tests {
let top_secret_key_holder = seed_holder.produce_top_secret_key_holder();
let _vsk = top_secret_key_holder.generate_viewing_secret_key(None);
let _vsk = SecretSpendingKey::generate_viewing_secret_key(
top_secret_key_holder.generate_viewing_secret_seed_key(None),
);
}
#[test]

18
nssa/core/src/encryption/shared_key_derivation.rs
View File

@ -46,7 +46,18 @@ impl Secp256k1Point {
pub type EphemeralSecretKey = Scalar;
pub type EphemeralPublicKey = Secp256k1Point;
pub type ViewingPublicKey = Secp256k1Point;
/// ML-KEM 768 encapsulation key bytes (1184 bytes, opaque to this crate).
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, BorshSerialize, BorshDeserialize)]
pub struct ViewingPublicKey(pub Vec<u8>);
impl ViewingPublicKey {
#[must_use]
pub fn to_bytes(&self) -> &[u8] {
&self.0
}
}
impl From<&EphemeralSecretKey> for EphemeralPublicKey {
fn from(value: &EphemeralSecretKey) -> Self {
Self::from_scalar(*value)
@ -56,7 +67,10 @@ impl From<&EphemeralSecretKey> for EphemeralPublicKey {
impl SharedSecretKey {
/// Creates a new shared secret key from a scalar and a point.
#[must_use]
pub fn new(scalar: &Scalar, point: &Secp256k1Point) -> Self {
pub fn new(_scalar: &[u8; 32], _point: &Secp256k1Point) -> Self {
let scalar = &Scalar::default();
let point = &Secp256k1Point::from_scalar(*scalar);
let scalar = k256::Scalar::from_repr((*scalar).into()).unwrap();
let point: [u8; 33] = point.0.clone().try_into().unwrap();