Skip to content

feat(zk): add ElGamal & AES key derivation#413

Open
sonicfromnewyoke wants to merge 1 commit intosolana-foundation:mainfrom
sonicfromnewyoke:sonic/token2022-zk-kdf
Open

feat(zk): add ElGamal & AES key derivation#413
sonicfromnewyoke wants to merge 1 commit intosolana-foundation:mainfrom
sonicfromnewyoke:sonic/token2022-zk-kdf

Conversation

@sonicfromnewyoke
Copy link
Copy Markdown
Contributor

@sonicfromnewyoke sonicfromnewyoke commented Apr 22, 2026

Problem

solana-go has no Token-2022 confidential-transfer key-derivation support #412. Rust solana-zk-sdk and JS @solana/zk-sdk ship deterministic KDFs that turn a Solana signer + public seed into an ElGamal secret scalar and an AES-128-GCM-SIV key;
Go users currently have to call into Rust or JS/WASM just to produce the key material a confidential transfer needs.
First step of the port is the KDF itself, byte-for-byte compatible with the reference SDKs.

Summary of Changes

  • AeKey (16 bytes, AES-128-GCM-SIV key): AeKeyFromSeed, AeKeyFromSignature, AeKeyFromSigner, AeKeyFromSeedPhraseAndPassphrase
  • ElGamalSecretKey (32 bytes, canonical Ristretto/Ed25519 scalar mod ell): ElGamalSecretKeyFromSeed, ElGamalSecretKeyFromSignature, ElGamalSecretKeyFromSigner, ElGamalSecretKeyFromSeedPhraseAndPassphrase
  • Signer interface (minimal: Sign(message) -> solana.Signature, error); solana.PrivateKey satisfies it; hardware wallets and remote signers can plug in without changes.
  • Seed-length bounds and default-signature rejection mirror the Rust implementation (ErrSeedTooShort, ErrSeedTooLong, ErrDefaultSignature).

related to #412

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sonicfromnewyoke