Skip to content

feat: add input encryption for validators#2342

Draft
juan518munoz wants to merge 1 commit into
nextfrom
jmunoz-tx-input-encryption-p1
Draft

feat: add input encryption for validators#2342
juan518munoz wants to merge 1 commit into
nextfrom
jmunoz-tx-input-encryption-p1

Conversation

@juan518munoz

Copy link
Copy Markdown
Collaborator

Closes #2319

Summary

Changelog

[[entry]]
scope       = ""
impact      = ""
description = ""

@sergerad sergerad self-requested a review July 16, 2026 08:27
@SantiagoPittella SantiagoPittella self-requested a review July 16, 2026 14:42
// Built entirely from state fixed at construction, so the endpoint stays available while a
// backup subscription holds the serve lock.
Ok(grpc::transaction::TransactionEncryptionKey {
scheme: u32::from(u8::from(ValidatorEncryptor::SCHEME)),

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we avoid this double casting?

/// Unlike the per-validator signing key, this value must be identical across every
/// validator in the set.
///
/// If not provided, a predefined insecure key is used.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we default to random?

Comment on lines +48 to +52
self.sign_commitment(header.commitment()).await
}

/// Signs a commitment using the configured signer.
pub async fn sign_commitment(&self, commitment: Word) -> anyhow::Result<Signature> {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks a bit redundant

Comment on lines +722 to +741
fn attestation_commitment_of(
scheme: u32,
key_id: u32,
genesis_commitment: Word,
public_key: &[u8],
) -> Word {
let genesis_commitment = genesis_commitment.to_bytes();
let mut payload = Vec::with_capacity(
ValidatorEncryptor::ATTESTATION_DOMAIN.len()
+ 2 * size_of::<u32>()
+ genesis_commitment.len()
+ public_key.len(),
);
payload.extend_from_slice(ValidatorEncryptor::ATTESTATION_DOMAIN);
payload.extend_from_slice(&scheme.to_le_bytes());
payload.extend_from_slice(&key_id.to_le_bytes());
payload.extend_from_slice(&genesis_commitment);
payload.extend_from_slice(public_key);
Hasher::hash(&payload)
}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we re-use the ValidatorEncryptor definition of this? otherwise we will need to update this on every update of that impl

Comment thread CHANGELOG.md
## Unreleased

- [BREAKING] Updated `miden-protocol` dependencies to use the `next` branch (v0.16). Block and transaction account updates now use the absolute `AccountPatch` representation instead of the relative `AccountDelta`, and the `miden-tx-batch-prover` crate was renamed to `miden-tx-batch` ([#2282](https://github.com/0xMiden/node/pull/2282)).
- Added the `GetTransactionEncryptionKey` endpoint to the validator and RPC APIs, returning the shared transaction encryption key attested by the serving validator's signing key. The shared secret is configured on the validator via `--encryption-key.hex`. `MIDEN_VALIDATOR_ENCRYPTION_KEY` and must be identical across the validator set ([#2319](https://github.com/0xMiden/node/issues/2319)).

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets remove this and use the PR description for the changelog entry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Transaction input encryption — simple validator-key scheme (Phase 1)

2 participants