Node encryption and authentication

Node encryption and authentication

When sending messages to threshold signature servers on the Entropy network, you must authenticate and encrypt the messages. This page covers that process.

The authentication process is simple: each node has a substrate account stored on the chain, referred to as a TSS account.

Messages are signed using SR25519. This encryption requires using an X25519 public key which gets used in Hybrid Public Key Encryption, using the hpke-rs crate.

By combining the two, we can generate an EncryptedSignedMessage. JavaScript bindings for creating these are available in the entropy-protocol-nodejs and entropy-protocol-web modules.

The concept is simple:

  • Whenever you need to authenticate a party, you use a substrate key that is associated with them, whether it’s a user submitting an extrinsic or a node with a TSS account.
  • When encrypting a message (only when communicating with nodes), you use their public key to create an encrypted message using HPKE.