snarkvm_circuit_program/data/record/encrypt.rs
1// Copyright (c) 2019-2026 Provable Inc.
2// This file is part of the snarkVM library.
3
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at:
7
8// http://www.apache.org/licenses/LICENSE-2.0
9
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15
16use super::*;
17
18impl<A: Aleo> Record<A, Plaintext<A>> {
19 /// Encrypts `self` for the record owner under the given randomizer.
20 pub fn encrypt(&self, randomizer: &Scalar<A>) -> Record<A, Ciphertext<A>> {
21 // Output the encrypted record.
22 self.encrypt_symmetric(randomizer).0
23 }
24
25 /// Encrypts `self` for the record owner under the given randomizer,
26 /// and returns the encrypted record alongside the record view key.
27 pub fn encrypt_symmetric(&self, randomizer: &Scalar<A>) -> (Record<A, Ciphertext<A>>, Field<A>) {
28 // Ensure the randomizer corresponds to the record nonce.
29 A::assert_eq(&self.nonce, A::g_scalar_multiply(randomizer))
30 .expect("Randomizer must correspond to record nonce");
31 // Compute the record view key.
32 let record_view_key = ((*self.owner).to_group() * randomizer).to_x_coordinate();
33 // Encrypt the record.
34 let encrypted_record = self.encrypt_symmetric_unchecked(record_view_key.clone());
35 // Return the encrypted record and the record view key.
36 (encrypted_record, record_view_key)
37 }
38
39 /// Encrypts `self` under the given record view key.
40 /// Note: This method does not check that the record view key corresponds to the record owner.
41 /// Use `Self::encrypt` for the checked variant.
42 pub fn encrypt_symmetric_unchecked(&self, record_view_key: Field<A>) -> Record<A, Ciphertext<A>> {
43 // Determine the number of randomizers needed to encrypt the record.
44 let num_randomizers = self.num_randomizers();
45 // Prepare a randomizer for each field element.
46 let randomizers = A::hash_many_psd8(&[A::encryption_domain(), record_view_key], num_randomizers);
47 // Encrypt the record.
48 self.encrypt_with_randomizers(&randomizers)
49 }
50
51 /// Encrypts `self` under the given randomizers.
52 fn encrypt_with_randomizers(&self, randomizers: &[Field<A>]) -> Record<A, Ciphertext<A>> {
53 // Initialize an index to keep track of the randomizer index.
54 let mut index: usize = 0;
55
56 // Encrypt the owner.
57 let owner = match self.owner.is_public().eject_value() {
58 true => self.owner.encrypt(&[]),
59 false => self.owner.encrypt(&[randomizers[index].clone()]),
60 };
61
62 // Increment the index if the owner is private.
63 if owner.is_private().eject_value() {
64 index += 1;
65 }
66
67 // Encrypt the data.
68 let mut encrypted_data = IndexMap::with_capacity(self.data.len());
69 for (id, entry, num_randomizers) in self.data.iter().map(|(id, entry)| (id, entry, entry.num_randomizers())) {
70 // Retrieve the randomizers for this entry.
71 let randomizers = &randomizers[index..index + num_randomizers as usize];
72 // Encrypt the entry.
73 let entry = match entry {
74 // Constant entries do not need to be encrypted.
75 Entry::Constant(plaintext) => Entry::Constant(plaintext.clone()),
76 // Public entries do not need to be encrypted.
77 Entry::Public(plaintext) => Entry::Public(plaintext.clone()),
78 // Private entries are encrypted with the given randomizers.
79 Entry::Private(private) => Entry::Private(private.encrypt_with_randomizers(randomizers)),
80 };
81 // Insert the encrypted entry.
82 if encrypted_data.insert(id.clone(), entry).is_some() {
83 A::halt(format!("Duplicate identifier in record: {id}"))
84 }
85 // Increment the index.
86 index += num_randomizers as usize;
87 }
88
89 // Return the encrypted record.
90 Record { owner, data: encrypted_data, nonce: self.nonce.clone(), version: self.version.clone() }
91 }
92}