COTI V2 Documentation
  • Welcome
  • Networks
    • Faucet
    • Contracts Addresses
    • Adding the COTI Network to Metamask
  • How COTI Works
    • Introduction
      • EVM Introduction
      • Conceptual Overview
      • Use Cases and Applications
      • COTI Architecture
    • Advanced Topics
      • Garbled Circuits
      • AES Keys
      • Precompiles
      • Whitepaper
      • COTI vs others
  • Build on COTI
    • Core Concepts
      • Account Onboarding Procedure
      • Private Data Types
      • Supported Operations on Private Data Types
    • Quickstart
    • Guides
      • Basic Private Smart Contract
      • Account Onboard
      • Sending a Transaction with Encrypted Inputs
      • Resolving a Transaction's Encrypted Outputs
      • Writing a Private Smart Contract
      • Dos and Don'ts
        • Proper Use of Types
        • No Constant/Immutable Secret Types
        • No Public Contract Variables
      • Best Practices
        • Careful Onboarding
        • Careful Decrypting
        • Don't loop over an array without an index
        • Check Overflow
    • Tools
      • TypeScript SDK
      • Ethers.js
      • Python SDK
      • Web3.py
      • Contracts Library
        • MPC Core
        • Data Privacy Framework
        • Tokens
          • Private ERC20
          • Private ERC721
        • Onboard
      • Hardhat
      • Remix Plugin
      • COTI MetaMask Snap
      • Developer Sandbox
  • Running a COTI Node
    • COTI Node Ecosystem Litepaper
  • COTI Bridge
    • Swap COTI V1 Funds to COTI V2
  • Support and Community
    • Glossary
    • Telegram
    • Discord
    • GitHub
    • X
    • YouTube
  • COTI Builders Program
Powered by GitBook
On this page
  • Acquiring Your AES Key
  • Encrypting Inputs
  • Decrypting Outputs
  • Network Key

Was this helpful?

Edit on GitHub
  1. How COTI Works
  2. Advanced Topics

AES Keys

Acquiring Your AES Key

The gcEVM utilizes AES keys, unique to each user, for encrypting and decrypting their data. To securely retrieve your AES key, the system provides a precompiled contract designed to retrieve the key associated with your account.

To begin, you must generate an RSA key pair, as RSA encryption is used to securely transmit AES keys. Next, sign the generated RSA public key using your account's private key with the ECDSA signing scheme.

After completing these steps, call the GetUserKey function on the network's precompiled contract. Pass your RSA public key and its signature as arguments. The precompiled contract will respond (using an event on the blockchain) with your AES key, encrypted in a way that only your RSA private key could decrypt.

Encrypting Inputs

The gcEVM processes private inputs by encapsulating them within an Inputtext object. To use a private input, you need to create an Inputtext instance with your input data.

Each Inputtext instance contains an encrypted version of the input value and a signature. The signature is generated by concatenating the sender's address, the contract address, the target function, and the encrypted amount - that is the protocol for sending encrypted data.

The encryption process involves generating a random number, encrypting it with your AES key, and then applying a bitwise XOR operation between the input value and the encrypted random number. This ensures the input's confidentiality and integrity during processing.

Decrypting Outputs

The gcEVM stores encrypted values within a Ciphertext object. This object includes the encrypted value and a random number generated by the gcEVM during the encryption process.

To retrieve the decrypted value, the user must first encrypt the random number using their AES key. Then, perform a bitwise XOR operation between the encrypted value and the encrypted random number to reconstruct the original data.

Network Key

The "network key" is an AES encryption key fragmented using advanced crptographic techniques (e.g., threshold cryptography) so that each node in the network stores only an encrypted or protected portion. No single node or entity can reconstruct or access the entire key. However, through secure multi-party computation, the gcEVM can process data encrypted with the network key and transform it into a usable format for secure on-chain private computations.

PreviousGarbled CircuitsNextPrecompiles

Last updated 5 months ago

Was this helpful?