[EVM] Threshold encryption library
What
This MR adds a crate with common types and primitives for integrating threshold encryption into Etherlink.
Why
This library implements a variant of the common BZTE scheme tailored for Etherlink use case. It is intended to be used by the DSN node, kernel, and possibly other tooling.
How
This is an implementation of the Baek-Zheng threshold cryptosystem (BZTE) for the BLS12-381 curve with several modifications:
- The payload is first encrypted with a symmetric cipher (ChaCha), and symmetric key (constant size) is encrypted with BZTE;
- The BLS signature (ciphertext component) binds both the encrypted key and original payload to prevent replay attacks;
- This is a variant where both public keys and decryption shares are from G1
The crate contains several optimizations to tackle spamming attacks and to improve the overall preformance:
- Partial deserialization to avoid unnecessary computations in case of an early exit
- Batch verification of ciphertexts / decryption shares
The crate reuses most of the functionality from the blsttc
crate by MaidSafe.
It is also inspired by Ferveo, especially batch optimizations.
Check out the full scheme description: https://hackmd.io/@m-kus/rJXTo9_pT
Manually testing the MR
Run tests:
cargo test
Checklist
-
Document the interface of any function added or modified (see the coding guidelines) -
Document any change to the user interface, including configuration parameters (see node configuration) -
Provide automatic testing (see the testing guide). -
For new features and bug fixes, add an item in the appropriate changelog ( docs/protocols/alpha.rst
for the protocol and the environment,CHANGES.rst
at the root of the repository for everything else). -
Select suitable reviewers using the Reviewers
field below. -
Select as Assignee
the next person who should take action on that MR