> For the complete documentation index, see [llms.txt](https://ghostwareos.gitbook.io/docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ghostwareos.gitbook.io/docs/cryptography/hpke.md).

# HPKE

<figure><img src="/files/iZR0BKIJ8XU7IDrnPcpS" alt=""><figcaption></figcaption></figure>

Hybrid Public Key Encryption (HPKE) is a modern method for sending encrypted messages to someone using only their public key. It allows any user or application to encrypt data for another party without needing a prearranged session or shared secret.

In GhostWare, HPKE serves as the foundation for private communication among users, wallets, and relays. It protects messages, metadata, and payloads as they move through the network.

### Why It Matters

Most blockchain activity is public. Messages, memos, and data included in transactions can be read by anyone. HPKE fixes this by making sure that only the intended recipient can read the content.

Even if the data travels through untrusted nodes or public channels, no one else can decrypt it. This allows GhostWare to route encrypted information safely through relays and still confirm that it reaches the right destination.

### How It Works in Simple Terms

1. **Key Pairs**\
   Every participant has a public key and a private key. The public key is shared with others, while the private key is kept secret.
2. **Encryption by the Sender**\
   When a sender wants to send data to a recipient, they use the recipient’s public key and generate a temporary key for themselves. They combine both keys to create a shared secret, then use it to encrypt the message.
3. **Decryption by the Recipient**\
   The recipient uses their private key and the sender’s temporary public key to recreate the same shared secret. With that secret, they decrypt the message.

No one else can compute the shared secret because they do not have either private key. The message stays safe, even if it passes through a public blockchain or relay node.

### Use in GhostWare

HPKE is used across multiple parts of GhostWare’s stack:

* **Darkrelay Messaging** – Every message is encrypted with HPKE before being sent.
* **Tx ShadowNet** – Node metadata and routing data are protected by HPKE.
* **GhostOS Sessions** – Session keys are encrypted before being shared between temporary environments.
* **User Data and Proofs** – Optional proofs or payloads attached to transactions are encrypted with HPKE before being posted on-chain.

In all cases, HPKE ensures that only the correct recipient can read the information. Even GhostWare relays cannot see the contents.

### Advantages

* **Non-Interactive:** The sender does not need to talk to the receiver first to agree on a key.
* **Fast and Lightweight:** Works efficiently for small messages and keys, perfect for blockchain use.
* **Future Proof:** Supports modern elliptic curves and can adapt to post-quantum algorithms in the future.
* **Secure:** Provides strong confidentiality and resistance against chosen ciphertext attacks.

### Example

Alice wants to send Bob a private message through GhostWare.

1. Alice encrypts the message using Bob’s public key.
2. The encryption process automatically creates a temporary key pair for Alice and produces two outputs: the encrypted message and the temporary public key.
3. Alice sends both to the network.
4. Bob receives them, uses his private key with Alice’s temporary public key to compute the shared secret, and decrypts the message.

Everyone else who sees the message or the temporary public key cannot read the content.

### HPKE in Solana Context

Solana transactions often include memo or instruction data. By using HPKE, GhostWare replaces readable data with encrypted payloads. The blockchain only sees an encrypted blob and a reference key. Recipients can still verify authenticity using cryptographic proofs, but the content remains private.

This approach allows GhostWare to use the public chain as proof of delivery without leaking what is being sent.

### The Result

HPKE makes private communication practical on Solana. It protects not just transaction data but every form of message GhostWare handles. When combined with stealth addresses and ShadowNet routing, it gives users true end-to-end encryption across the entire stack.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ghostwareos.gitbook.io/docs/cryptography/hpke.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.