Encrypt/decrypt library in concordium smart contract

ulapcyber · May 8, 2023, 2:30pm

Hi,
Am planning to encrypt data with a private key and then pass it to a smart contract function that will then decrypt the data using a public key. What library (am using rust) can I use that is accessible within the smart contract? And then can I use the same library that will be accessible in the rust client sdk? Do you have a sample to do this in a smart contract – i.e., decrypt with a public key (will this be hard-coded into the contract or pass as another param somewhere? Thanks in advance.

abizjak · May 8, 2023, 6:05pm

I don’t quite understand your setup.

If the smart contract can decrypt the data then it needs access to the public key. Which then means that that key will be made public and thus anybody looking at the chain can decrypt the data. Which means it is not useful to encrypt it in the first place.

Or is there some time component here that is not described?

Also, usually it is the other way around for public-key crypto. You encrypt with public key and decrypt with secret key.

ulapcyber · May 9, 2023, 4:39am

Yes that is correct. The public key is “public”. We are using it more like – if we can decrypt it successfully within the smart contract function, then we know it came from an entity that we trust (might just be us) since only us or that entity can encrypt it (with the paired private key) and that it has not been tampered. So the encryption here is not so much to hide the information but just to wrap the message and then unwrap it without being tampered. Pretty much the same approach as server-to-client authentication with pub cert (using private/public keys) or JWT token validation really – i.e., validating or decrypting the JWT token with a public key for data integrity, no tampering, etc.Is there such a library in rust sdk and in the smart contract set of libraries? Thanks.

abizjak · May 9, 2023, 11:13am

What it looks like you are looking for is a signature. There is functionality for checking signatures in a contract, with ed25519 scheme. HasCryptoPrimitives in concordium_std - Rust

You can use any standard library for producing these signatures, for example ed25519_dalek - Rust

Remember to use some kind of nonce in these signatures to prevent replay/reuse issues.

ulapcyber · May 9, 2023, 3:00pm

Yes signature! Thanks Abizjak for the help.
This is exactly what I need.