newton-core 0.4.16

newton protocol core sdk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

//! Encrypted partial DH types for Phase 1b TEE threshold mode.
//!
//! These types are shared between the enclave crate (produces/consumes them)
//! and the aggregator crate (carries them on the wire). Placed in core to
//! avoid a dependency from aggregator → enclave.

use serde::{Deserialize, Serialize};

/// 32-byte operator identifier. Matches `eigensdk::types::operator::OperatorId`
/// but defined independently so the enclave binary (which does not depend on
/// eigensdk) can use it.
pub type EnclaveOperatorId = [u8; 32];

/// A partial DH output encrypted to a specific peer enclave's ephemeral X25519 pubkey.
///
/// Produced by the enclave during Prepare phase (`partial_dh` with `peer_enclave_pubkeys`).
/// The gateway relays these opaque blobs without being able to read them.
/// Each receiving enclave decrypts with its own ephemeral private key during Commit.
///
/// AAD is `sender_index(4 bytes LE) || task_id(32 bytes) || recipient(32 bytes)` —
/// binds the ciphertext to sender, task, and recipient to prevent replay and swap attacks.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EncryptedPartialDH {
    /// Operator ID of the intended recipient enclave.
    pub recipient: EnclaveOperatorId,
    /// DKG share index of the sender (needed for AAD reconstruction on decrypt).
    pub sender_index: u32,
    /// HPKE encapped key (32 bytes X25519).
    pub encapped_key: Vec<u8>,
    /// HPKE ciphertext (serialized `Vec<PartialDecryptionData>` + Poly1305 tag).
    pub ciphertext: Vec<u8>,
}