HPKE
Hybrid Public Key Encryption (HPKE) is a modern method for sending encrypted messages to someone using only their public key. It allows any user or application to encrypt data for another party without needing a prearranged session or shared secret.
In GhostWare, HPKE serves as the foundation for private communication among users, wallets, and relays. It protects messages, metadata, and payloads as they move through the network.
Why It Matters
Most blockchain activity is public. Messages, memos, and data included in transactions can be read by anyone. HPKE fixes this by making sure that only the intended recipient can read the content.
Even if the data travels through untrusted nodes or public channels, no one else can decrypt it. This allows GhostWare to route encrypted information safely through relays and still confirm that it reaches the right destination.
How It Works in Simple Terms
Key Pairs Every participant has a public key and a private key. The public key is shared with others, while the private key is kept secret.
Encryption by the Sender When a sender wants to send data to a recipient, they use the recipient’s public key and generate a temporary key for themselves. They combine both keys to create a shared secret, then use it to encrypt the message.
Decryption by the Recipient The recipient uses their private key and the sender’s temporary public key to recreate the same shared secret. With that secret, they decrypt the message.
No one else can compute the shared secret because they do not have either private key. The message stays safe, even if it passes through a public blockchain or relay node.
Use in GhostWare
HPKE is used across multiple parts of GhostWare’s stack:
Darkrelay Messaging – Every message is encrypted with HPKE before being sent.
Tx ShadowNet – Node metadata and routing data are protected by HPKE.
GhostOS Sessions – Session keys are encrypted before being shared between temporary environments.
User Data and Proofs – Optional proofs or payloads attached to transactions are encrypted with HPKE before being posted on-chain.
In all cases, HPKE ensures that only the correct recipient can read the information. Even GhostWare relays cannot see the contents.
Advantages
Non-Interactive: The sender does not need to talk to the receiver first to agree on a key.
Fast and Lightweight: Works efficiently for small messages and keys, perfect for blockchain use.
Future Proof: Supports modern elliptic curves and can adapt to post-quantum algorithms in the future.
Secure: Provides strong confidentiality and resistance against chosen ciphertext attacks.
Example
Alice wants to send Bob a private message through GhostWare.
Alice encrypts the message using Bob’s public key.
The encryption process automatically creates a temporary key pair for Alice and produces two outputs: the encrypted message and the temporary public key.
Alice sends both to the network.
Bob receives them, uses his private key with Alice’s temporary public key to compute the shared secret, and decrypts the message.
Everyone else who sees the message or the temporary public key cannot read the content.
HPKE in Solana Context
Solana transactions often include memo or instruction data. By using HPKE, GhostWare replaces readable data with encrypted payloads. The blockchain only sees an encrypted blob and a reference key. Recipients can still verify authenticity using cryptographic proofs, but the content remains private.
This approach allows GhostWare to use the public chain as proof of delivery without leaking what is being sent.
The Result
HPKE makes private communication practical on Solana. It protects not just transaction data but every form of message GhostWare handles. When combined with stealth addresses and ShadowNet routing, it gives users true end-to-end encryption across the entire stack.
Last updated