EncryptionState

Holds the AES-GCM key and encryption keypair derived from ECDH key exchange.

Overview

EncryptionState encapsulates all cryptographic material needed for shielded transactions and signed reads. It's created by get_encryption() during wallet client setup and attached to w3.seismic.encryption.

The class provides encrypt() and decrypt() methods that handle AES-GCM encryption with metadata-bound Additional Authenticated Data (AAD).

Definition

@dataclass
class EncryptionState:
    """Holds the AES key and encryption keypair derived from ECDH.

    Created by :func:`get_encryption` during client setup.  Pure
    computation - works in both sync and async contexts.

    Attributes:
        aes_key: 32-byte AES-256 key derived from ECDH + HKDF.
        encryption_pubkey: Client's compressed secp256k1 public key.
        encryption_private_key: Client's secp256k1 private key.
    """

    aes_key: Bytes32
    encryption_pubkey: CompressedPublicKey
    encryption_private_key: PrivateKey

Attributes

Methods

encrypt()

Encrypt plaintext calldata with metadata-bound AAD.

Signature

Parameters

Returns

Example

decrypt()

Decrypt ciphertext with metadata-bound AAD.

Signature

Parameters

Returns

Raises

• cryptography.exceptions.InvalidTag - If authentication fails (wrong key, tampered data, or mismatched metadata)

Example

Examples

Access from Client

Manual Encryption Workflow

Custom Encryption Key

Verify Encryption/Decryption

How It Works

Initialization

When created, EncryptionState automatically initializes an internal AesGcmCrypto instance:

Encryption

1. Encode metadata as AAD using encode_metadata_as_aad()

2. Call AesGcmCrypto.encrypt(plaintext, nonce, aad)

3. Return ciphertext with 16-byte authentication tag

Decryption

1. Encode metadata as AAD

2. Call AesGcmCrypto.decrypt(ciphertext, nonce, aad)

3. Verify authentication tag (raises InvalidTag if fails)

4. Return plaintext

AAD Binding

The Additional Authenticated Data (AAD) ensures that ciphertext is cryptographically bound to transaction metadata:

• message_version

• chain_id

• client_pubkey

• nonce_seed

• recent_block_hash

• expires_at_block

If any metadata field changes, decryption will fail even with the correct key and nonce.

Notes

• Pure computation - no I/O operations

• Works in both sync and async contexts

• Created automatically by create_wallet_client() and create_async_wallet_client()

• You rarely need to call encrypt() or decrypt() directly - the SDK handles this

• The internal _crypto field is excluded from repr() and comparison

• Authentication tag is always 16 bytes (AES-GCM standard)

Security Considerations

• Key derivation - AES key is derived from ECDH + HKDF, ensuring forward secrecy

• AAD binding - Metadata binding prevents ciphertext reuse or manipulation

• Nonce uniqueness - Nonces must be unique per encryption; SDK generates fresh nonces automatically

• Key storage - encryption_private_key should be stored securely if deterministic keys are used

See Also

• get_encryption - Derive encryption state from TEE public key

• create_wallet_client - Sync client factory (creates EncryptionState)

• create_async_wallet_client - Async client factory

• EncryptionNonce - 12-byte nonce type

• TxSeismicMetadata - Metadata structure

• Shielded Write Guide - How shielded transactions work