snarkvm_circuit_program/data/record/encrypt.rs
1// Copyright (c) 2019-2025 Provable Inc.
2// This file is part of the snarkVM library.
3
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at:
7
8// http://www.apache.org/licenses/LICENSE-2.0
9
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15
16use super::*;
17
18impl<A: Aleo> Record<A, Plaintext<A>> {
19 /// Encrypts `self` for the record owner under the given randomizer.
20 pub fn encrypt(&self, randomizer: &Scalar<A>) -> Record<A, Ciphertext<A>> {
21 // Output the encrypted record.
22 self.encrypt_symmetric(randomizer).0
23 }
24
25 /// Encrypts `self` for the record owner under the given randomizer,
26 /// and returns the encrypted record alongside the record view key.
27 pub fn encrypt_symmetric(&self, randomizer: &Scalar<A>) -> (Record<A, Ciphertext<A>>, Field<A>) {
28 // Ensure the randomizer corresponds to the record nonce.
29 A::assert_eq(&self.nonce, A::g_scalar_multiply(randomizer));
30 // Compute the record view key.
31 let record_view_key = ((*self.owner).to_group() * randomizer).to_x_coordinate();
32 // Encrypt the record.
33 let encrypted_record = self.encrypt_symmetric_unchecked(record_view_key.clone());
34 // Return the encrypted record and the record view key.
35 (encrypted_record, record_view_key)
36 }
37
38 /// Encrypts `self` under the given record view key.
39 /// Note: This method does not check that the record view key corresponds to the record owner.
40 /// Use `Self::encrypt` for the checked variant.
41 pub fn encrypt_symmetric_unchecked(&self, record_view_key: Field<A>) -> Record<A, Ciphertext<A>> {
42 // Determine the number of randomizers needed to encrypt the record.
43 let num_randomizers = self.num_randomizers();
44 // Prepare a randomizer for each field element.
45 let randomizers = A::hash_many_psd8(&[A::encryption_domain(), record_view_key], num_randomizers);
46 // Encrypt the record.
47 self.encrypt_with_randomizers(&randomizers)
48 }
49
50 /// Encrypts `self` under the given randomizers.
51 fn encrypt_with_randomizers(&self, randomizers: &[Field<A>]) -> Record<A, Ciphertext<A>> {
52 // Initialize an index to keep track of the randomizer index.
53 let mut index: usize = 0;
54
55 // Encrypt the owner.
56 let owner = match self.owner.is_public().eject_value() {
57 true => self.owner.encrypt(&[]),
58 false => self.owner.encrypt(&[randomizers[index].clone()]),
59 };
60
61 // Increment the index if the owner is private.
62 if owner.is_private().eject_value() {
63 index += 1;
64 }
65
66 // Encrypt the data.
67 let mut encrypted_data = IndexMap::with_capacity(self.data.len());
68 for (id, entry, num_randomizers) in self.data.iter().map(|(id, entry)| (id, entry, entry.num_randomizers())) {
69 // Retrieve the randomizers for this entry.
70 let randomizers = &randomizers[index..index + num_randomizers as usize];
71 // Encrypt the entry.
72 let entry = match entry {
73 // Constant entries do not need to be encrypted.
74 Entry::Constant(plaintext) => Entry::Constant(plaintext.clone()),
75 // Public entries do not need to be encrypted.
76 Entry::Public(plaintext) => Entry::Public(plaintext.clone()),
77 // Private entries are encrypted with the given randomizers.
78 Entry::Private(private) => Entry::Private(private.encrypt_with_randomizers(randomizers)),
79 };
80 // Insert the encrypted entry.
81 if encrypted_data.insert(id.clone(), entry).is_some() {
82 A::halt(format!("Duplicate identifier in record: {id}"))
83 }
84 // Increment the index.
85 index += num_randomizers as usize;
86 }
87
88 // Return the encrypted record.
89 Record { owner, data: encrypted_data, nonce: self.nonce.clone(), version: self.version.clone() }
90 }
91}