Skip to content

Commit 22afec6

Browse files
basfromanbasfroman
authored
Merge pull request #66 from opentensor/feat/roman/extend-encrypt_mlkem768-logic
Extend `encrypt_mlkem768` logic
2 parents 21ac4bd + 9a819e6 commit 22afec6

File tree

6 files changed

+240
-251
lines changed

6 files changed

+240
-251
lines changed

Cargo.lock

Lines changed: 8 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "bittensor-drand"
3-
version = "1.2.0"
3+
version = "1.3.0"
44
edition = "2021"
55

66
[lib]
@@ -23,6 +23,7 @@ libc = "0.2.172"
2323
# ML-KEM dependencies
2424
ml-kem = "0.2.1"
2525
chacha20poly1305 = "0.10"
26+
twox-hash = { version = "2.1", default-features = false, features = ["xxhash64"] }
2627

2728
[features]
2829
default = ["extension-module"]

bittensor_drand/__init__.py

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -179,26 +179,28 @@ def get_latest_round() -> int:
179179
return _get_latest_round()
180180

181181

182-
def encrypt_mlkem768(pk_bytes: bytes, plaintext: bytes) -> bytes:
182+
def encrypt_mlkem768(pk_bytes: bytes, plaintext: bytes, include_key_hash: bool = False) -> bytes:
183183
"""Encrypts data using ML-KEM-768 + XChaCha20Poly1305.
184184
185185
This function encrypts plaintext using ML-KEM-768 key encapsulation followed by XChaCha20Poly1305 authenticated
186186
encryption. The public key is rotated every block and can be queried from the NextKey storage item.
187187
188-
Blob format: [u16 kem_len LE][kem_ct][nonce24][aead_ct]
188+
Blob format (include_key_hash=False): [u16 kem_len LE][kem_ct][nonce24][aead_ct]
189+
Blob format (include_key_hash=True): [key_hash(16)][u16 kem_len LE][kem_ct][nonce24][aead_ct]
189190
190191
Arguments:
191192
pk_bytes: ML-KEM-768 public key bytes (from NextKey storage, 1184 bytes)
192-
plaintext: Data to encrypt. For MEV Shield, this should be: payload_core + b"\\x01" + signature where
193-
payload_core = signer_bytes (32B) + key_hash_bytes (32B) + SCALE(call)
193+
plaintext: Data to encrypt.
194+
include_key_hash: If True, prepends the twox_128 hash of pk_bytes (16 bytes) to the output.
195+
Required for the MEV Shield wire format (pallet-shield v2).
194196
195197
Returns:
196198
bytes: Encrypted blob
197199
198200
Raises:
199201
ValueError: If encryption fails (invalid public key, buffer too small, etc.)
200202
"""
201-
return _encrypt_mlkem768(pk_bytes, plaintext)
203+
return _encrypt_mlkem768(pk_bytes, plaintext, include_key_hash)
202204

203205

204206
def mlkem_kdf_id() -> bytes:

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[project]
22
name = "bittensor-drand"
3-
version = "1.2.0"
3+
version = "1.3.0"
44
description = ""
55
readme = "README.md"
66
license = {file = "LICENSE"}

0 commit comments

Comments
 (0)