3.7.5 Encryption and Decryption

In classical blockchain systems, information stored on the blockchain is typically open and visible to all participants in the network. This transparency is a fundamental characteristic of blockchain technology, as it promotes trust, immutability, and audibility. However, this openness may pose challenges when it comes to confidentiality, especially for sensitive or private data that should not be accessible to all network participants.

DGT addresses the issue of confidentiality by implementing encryption mechanisms that provide enhanced privacy and security for specific aspects of the blockchain network. By employing encryption techniques, DGT ensures that certain information remains hidden or accessible only to authorized entities. This approach strikes a balance between the transparency and openness of classical blockchain systems and the need for confidentiality in certain use cases.

Application Point	Encryption Mechanism	Description
DGT Communication Encryption	ZMQ Encryption (CurveZMQ)	- Communications between DGT nodes and components within a Sawtooth node, such as Validator, REST API, and Transaction Processor processes, are encrypted. - DGT utilizes ZeroMQ (ZMQ or 0MQ) for communications, and encryption and authentication are implemented using CurveZMQ. - CurveZMQ employs a 256-bit ECC key with the elliptic curve Curve25519 to provide secure and encrypted communication channels.
Transaction Payload Encryption	Payload Encryption	- Transactions in DGT consist of transaction headers and payload. - The transaction headers include information such as the signer public key, more batch public key, addresses read from and written to the nonce, and payload digest. - The payload, which contains the actual content of the transaction, can be encrypted to restrict access only to specific transaction processors. - By encrypting the payload, the contents of these transactions remain confidential and inaccessible to entities outside the designated transaction processors.
Private Transactions (see also 3.6.6)	Zero-Knowledge Proofs (ZKP)	- DGT employs Zero-Knowledge Proof mechanisms to enhance privacy and security in certain transactions. - In private transactions, the use of ZKP techniques helps conceal transaction addresses, preventing the direct calculation of access addresses. - This ensures that the addresses involved in the transaction remain hidden and not directly discoverable through analysis of the open ledger accessible to the entire network.

By incorporating encryption and confidentiality measures at various levels, DGT safeguards the integrity and privacy of communications, transaction payloads, and sensitive information within the network.