Security
Entropy leverages cutting-edge cryptographic techniques and distributed systems principles to deliver a highly secure network. Learn more about our security architecture and protocols.
Node encryption and authentication
When sending messages to threshold signature servers on the Entropy network, you must authenticate and encrypt the messages. This section covers that process.
The authentication process is simple: each node has a substrate account stored on the chain, referred to as a TSS account.
Messages are signed using SR25519. This encryption requires using an X25519 public key which gets used in Hybrid Public Key Encryption, using the hpke-rs
crate.
By combining the two, we can generate an EncryptedSignedMessage
. JavaScript bindings for creating these are available in the entropy-protocol-nodejs
and entropy-protocol-web
modules.
The concept is simple:
- Whenever you need to authenticate a party, you use a substrate key that is associated with them, whether it’s a user submitting an extrinsic or a node with a TSS account.
- When encrypting a message (only when communicating with nodes), you use their public key to create an encrypted message using HPKE.