This repository contains a Circom implementation of a hybrid encryption scheme combining ECDSA, AES-CTR, and HMAC-SHA256 for secure message encryption and authentication.
The hybrid encryption scheme provides confidentiality and authenticity by combining:
- ECDH (Elliptic Curve Diffie-Hellman) for key exchange
- HKDF-SHA256 for key derivation
- AES-CTR for encryption
- HMAC-SHA256 for authentication
The implementation follows cryptographic standards and best practices for hybrid encryption schemes.
The main circuit components are:
The primary encryption template that orchestrates the entire encryption process:
template Encrypt(npt, ns1, ns2)Parameters:
npt: Length of plaintextns1: Length of first salt (for key derivation)ns2: Length of second salt (for authentication)
Implements ECDH key exchange using secp256k1:
template GenSharedKey()Generates a shared secret from:
- Private key (r)
- Public key coordinates (px, py)
Derives encryption and HMAC keys using HKDF-SHA256:
template KeyGen(ni)Parameters:
ni: Length of info/salt for key derivation
- circom-ecdsa: ECDSA and secp256k1 operations
- hmac-circom: HMAC-SHA256 implementation
- hkdf-circom: HKDF key derivation
- aes-circom: AES-CTR mode encryption
The circuit provides:
- Confidentiality: Using AES-CTR encryption
- Authentication: Using HMAC-SHA256
- Forward Secrecy: Using ephemeral ECDH key exchange
- Public Key Authentication: Including sender's public key
The encrypted message format is:
pubkey.x | pubkey.y | iv | ciphertext | hmac
Where:
pubkey: Sender's public key (for verification)iv: 16-byte initialization vectorciphertext: AES-CTR encrypted messagehmac: Authentication tag
| Test Case | Constraints | Plaintext Size | Salt1 Size | Salt2 Size |
|---|---|---|---|---|
| Basic | 2177825 | 32 | 0 | 0 |
To run the tests:
yarn test