Serialization Format for Portable Encrypted Messages
Ty Everett (ty@projectbabbage.com)
Abstract
This document describes a protocol for a portable message encryption and description scheme. It follows the BRC-42 key derivation and BRC-43 invoice number standards to protect the confidentiality of message content, without requiring the added complexity of agreeing on a specific BRC-43 protocol for the parties to use.
Motivation
Message encryption is a fundamental requirement as it ensures the privacy and confidentiality of the content transmitted between parties. The current standards like Electrum ECIES don't provide a comprehensive solution for message encryption by integrating with BRC-42 and BRC-43. This document aims to enhance security by developing a protocol for message encryption and decryption, utilising the BRC-43 invoice numbers. The protocol facilitaes a way to exchange encrypted data in a general way.
Specification
The protocol employs the BRC-2 encryption process and makes use of the BRC-42 key derivation and BRC-43 invoice numbering scheme.
The encryption procedure follows these steps:
The sender employs BRC-43 with security level
2
, protocol IDmessage encryption
, and a randomly generated 256-bit key ID to compute the invoice number to facilitate BRC-42 key derivation. We specify the key ID is in base64 format when added to the invoice number.The sender derives their own child private key and the child public key of the recipient using BRC-42 key derivation.
The sender then computes an ECDH shared secret between the two child keys which is used in symmetric encryption with AES-256-GCM.
With a random initialization vector, the message is encrypted and the vector is prepended to the ciphertext.
For decryption:
The recipient computes their own private key and the public key of the sender using BRC-42 key derivation.
The recipient computes the same Shared Secret and uses it along with the received initialization vector to decrypt the ciphertext.
Serialization format
The serialized data for transmission includes a version number, the identity key of the sender, the identity key of the recipient, and the AES-256-GCM ciphertext (with the initialization vector prepended). Note that anyone
is not permitted for encrypted data:
Version
4 bytes
Defines the version of the standard used. Currently 0x42421033
.
Sender ID
33 bytes
Identity key of the sender (encryptor)
Recipient ID
33 bytes
Identity key of the recipient (decryptor)
Key ID
32 bytes
The specific key ID used for the signature
Ciphertext
Variable
The encrypted message data (AES-256-GCM with IV prepended)
This standard serialization format contributes towards a standardized way of securely transmitting and decrypting encrypted messages.
Hex Examples
Last updated