Module encryption 

Cryptographic key derivation and note encryption.

This module implements two key derivation schemes:

1. Encryption Keys (X25519): For encrypting/decrypting note data off-chain. Derived from Freighter signature using SHA-256.

2. Note Identity Keys (BN254): For proving ownership in ZK circuits. Also derived from Freighter signature using SHA-256 with domain separation.

Both key types are deterministically derived from wallet signatures, ensuring users can recover all keys using only their wallet seed phrase.

We use SHA-256 as the hash function for both key derivation and encryption. We use sha instead of Poseidon2 because:

• It won’t be used in the circuit context
• SHA is well-established and its security has been more researched than Poseidon2

Key Architecture

Freighter Wallet (Ed25519)
       │
       ├── signMessage("Sign to access Privacy Pool [v1]")
       │          │
       │          └── SHA-256 → X25519 Encryption Keypair
       │
       └── signMessage("Privacy Pool Spending Key [v1]")
                  │
                  └── SHA-256 → BN254 Note Private Key
                                     │
                                     └── Poseidon2 → Note Public Key

Functions

decrypt_note_data

Decrypt note data using X25519-XSalsa20-Poly1305.

derive_keypair_from_signature

Encryption key derivation (X25519). Used for off-chain note encryption/decryption Derive X25519 encryption keypair deterministically from a Freighter signature.

derive_note_private_key

Derive private key (BN254 scalar) deterministically from a Freighter signature for note identity. Used for ZK circuit ownership proofs

encrypt_note_data

Encrypt note data using X25519-XSalsa20-Poly1305 (NaCl crypto_box).

generate_random_blinding

Generate a cryptographically random blinding factor for a note.