AES Keys

Acquiring Your AES Key

The gcEVM utilizes AES keys, unique to each user, for encrypting and decrypting their data. To securely retrieve your AES key, the system provides a precompiled contract designed to retrieve the key associated with your account.

To begin, you must generate an RSA key pair, as RSA encryption is used to securely transmit AES keys. Next, sign the generated RSA public key using your account's private key with the ECDSA signing scheme.

After completing these steps, call the GetUserKey function on the network's precompiled contract. Pass your RSA public key and its signature as arguments. The precompiled contract will respond (using an event on the blockchain) with your AES key, encrypted in a way that only your RSA private key could decrypt.

Encrypting Inputs

The gcEVM processes private inputs by encapsulating them within an Inputtext object. To use a private input, you need to create an Inputtext instance with your input data.

Each Inputtext instance contains an encrypted version of the input value and a signature. The signature is generated by concatenating the sender's address, the contract address, the target function, and the encrypted amount - that is the protocol for sending encrypted data.

The encryption process involves generating a random number, encrypting it with your AES key, and then applying a bitwise XOR operation between the input value and the encrypted random number. This ensures the input's confidentiality and integrity during processing.

Decrypting Outputs

The gcEVM stores encrypted values within a Ciphertext object. This object includes the encrypted value and a random number generated by the gcEVM during the encryption process.

To retrieve the decrypted value, the user must first encrypt the random number using their AES key. Then, perform a bitwise XOR operation between the encrypted value and the encrypted random number to reconstruct the original data.

Network Key

The "network key" is an AES encryption key fragmented using advanced crptographic techniques (e.g., threshold cryptography) so that each node in the network stores only an encrypted or protected portion. No single node or entity can reconstruct or access the entire key. However, through secure multi-party computation, the gcEVM can process data encrypted with the network key and transform it into a usable format for secure on-chain private computations.