Skip to main content

Secure Data Handling

The Kalypso protocol uses a combination of symmetric and asymmetric encryption to protect the integrity and confidentiality of private inputs. This prevents vulnerabilities like the replay attack mentioned in the previous section.

Step 1: Symmetric encryption of the private input (at Requester)

The private input is encrypted using AES-GCM-AEAD, a robust symmetric encryption standard.

AES-GCM-AEAD stands for Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) with Authenticated Encryption with Associated Data (AEAD).

  • AES: This is the core encryption algorithm, a widely used symmetric block cipher that comes in different key lengths (usually 128 or 256 bits).

  • GCM: This refers to the mode of operation. GCM combines counter mode encryption with a technique called Galois Message Authentication Code (GMAC) to provide both confidentiality and authenticity.

  • AEAD: This indicates that the encryption process authenticates the data along with encrypting it. This means it not only scrambles the data but also adds a tag to ensure the data hasn't been tampered with during transmission or storage.

The private input (pvt_input) is therefore encrypted with a symmetric key (sym_key) as

Cpvt_input,market_id=AES-GCM-AEADsym_key(pvt_input, market_id)\text{C}_{\text{pvt\_input,market\_id}} = \text{AES-GCM-AEAD}_{\text{sym\_key}}(\text{pvt\_input, market\_id})

The Market ID (market_id) is provided as associated data to the AES-GCM-AEAD algorithm. This is used in Step 3 to prevent replay attacks as described in the Security section.

Symmetric encryption is used here because: (i) It allows larger size data to be encrypted compared to asymmetric encryption. (ii) As will be seen in step 3, during reencryption, only the symmetric key needs to be decrypted and reencrypted by the matching engine for the Generator to be able to decrypt the private inputs. This saves time as well as gas fees as the reencrypted data is posted back on-chain by the Matching Engine.

Step 2: Asymmetric encryption of the symmetric key (at Requester)

sym_key is encrypted using the ECIES (Elliptic Curve Integrated Encryption Scheme) public key of the Matching Engine.

Csym_key,ME=ECIESpubkey-ME(sym_key)\text{C}_{\text{sym\_key},\text{ME}} = \text{ECIES}_{\text{pubkey-ME}}(\text{sym\_key})

Step 3: Reencryption of the symmetric key (at Matching Engine)

sym_key is decrypted by the Matching Engine using its private key

sym_key=ECIESprivkey-ME1(Csym_key,ME)\text{sym\_key} = \text{ECIES}^{-1}_{\text{privkey-ME}}(\text{C}_{\text{sym\_key},\text{ME}})

The Matching Engine then uses sym_key to decrypt Cinp,mid. There are two benefits to doing so:

  1. To make sure the encrypted inputs can be decrypted
  2. The Market ID matches the request’s expected Market. This foils replay attacks.
pvt_input, market_id=AES-GCM-AEADsym_key1(Cpvt_input,market_id)\text{pvt\_input, market\_id} = \text{AES-GCM-AEAD}^{-1}_{\text{sym\_key}}(\text{C}_{\text{pvt\_input,market\_id}})

sym_key is then encrypted using the ECIES (Elliptic Curve Integrated Encryption Scheme) public key of the Generator.

Csym_key,gen=ECIESpubkey-gen(sym_key)\text{C}_{\text{sym\_key},\text{gen}} = \text{ECIES}_{\text{pubkey-gen}}(\text{sym\_key})

Step 4: Decryption of the symmetric key and private input (at Generator)

sym_key is decrypted by the Generator using its private key

sym_key=ECIESprivkey-gen1(Csym_key,gen)\text{sym\_key} = \text{ECIES}^{-1}_{\text{privkey-gen}}(\text{C}_{\text{sym\_key},\text{gen}})

The private key is finally retrieved by decrypting Cinp using sym_key.

pvt_input, market_id=AES-GCM-AEADsym_key1(Cpvt_input,market_id)\text{pvt\_input, market\_id} = \text{AES-GCM-AEAD}^{-1}_{\text{sym\_key}}(\text{C}_{\text{pvt\_input,market\_id}})