keyEncryptionState

Holds AES key and encryption keypair derived from ECDH

Holds the AESarrow-up-right-GCM key and encryption keypair derived from ECDHarrow-up-right key exchange.

Overview

EncryptionState encapsulates all cryptographic material needed for shielded transactions and signed reads. It's created by get_encryption() during wallet client setup and attached to w3.seismic.encryption.

The class provides encrypt() and decrypt() methods that handle AES-GCM encryption with metadata-bound Additional Authenticated Data (AAD).

Definition

@dataclass
class EncryptionState:
    """Holds the AES key and encryption keypair derived from ECDH.

    Created by :func:`get_encryption` during client setup.  Pure
    computation - works in both sync and async contexts.

    Attributes:
        aes_key: 32-byte AES-256 key derived from ECDH + HKDF.
        encryption_pubkey: Client's compressed secp256k1 public key.
        encryption_private_key: Client's secp256k1 private key.
    """

    aes_key: Bytes32
    encryption_pubkey: CompressedPublicKey
    encryption_private_key: PrivateKey

Attributes

Attribute
Type
Description

aes_key

32-byte AES-256 key derived from ECDH + HKDFarrow-up-right

encryption_pubkey

Client's 33-byte compressed secp256k1 public key

encryption_private_key

Client's 32-byte secp256k1 private key

Methods

encrypt()

Encrypt plaintext calldata with metadata-bound AAD.

Signature

Parameters

Parameter
Type
Description

plaintext

HexBytes

Raw calldata to encrypt

nonce

12-byte AES-GCM nonce

metadata

Transaction metadata (used to build AAD)

Returns

Type
Description

HexBytes

Ciphertext with 16-byte authentication tag appended

Example

decrypt()

Decrypt ciphertext with metadata-bound AAD.

Signature

Parameters

Parameter
Type
Description

ciphertext

HexBytes

Encrypted data (includes 16-byte auth tag)

nonce

12-byte AES-GCM nonce

metadata

Transaction metadata (used to build AAD)

Returns

Type
Description

HexBytes

Decrypted plaintext

Raises

  • cryptography.exceptions.InvalidTag - If authentication fails (wrong key, tampered data, or mismatched metadata)

Example

Examples

Access from Client

Manual Encryption Workflow

Custom Encryption Key

Verify Encryption/Decryption

How It Works

Initialization

When created, EncryptionState automatically initializes an internal AesGcmCrypto instance:

Encryption

  1. Encode metadata as AAD using encode_metadata_as_aad()

  2. Call AesGcmCrypto.encrypt(plaintext, nonce, aad)

  3. Return ciphertext with 16-byte authentication tag

Decryption

  1. Encode metadata as AAD

  2. Call AesGcmCrypto.decrypt(ciphertext, nonce, aad)

  3. Verify authentication tag (raises InvalidTag if fails)

  4. Return plaintext

AAD Binding

The Additional Authenticated Data (AAD) ensures that ciphertext is cryptographically bound to transaction metadata:

  • message_version

  • chain_id

  • client_pubkey

  • nonce_seed

  • recent_block_hash

  • expires_at_block

If any metadata field changes, decryption will fail even with the correct key and nonce.

Notes

  • Pure computation - no I/O operations

  • Works in both sync and async contexts

  • You rarely need to call encrypt() or decrypt() directly - the SDK handles this

  • The internal _crypto field is excluded from repr() and comparison

  • Authentication tag is always 16 bytes (AES-GCM standard)

Security Considerations

  • Key derivation - AESarrow-up-right key is derived from ECDHarrow-up-right + HKDFarrow-up-right, ensuring forward secrecy

  • AAD binding - Metadata binding prevents ciphertext reuse or manipulation

  • Nonce uniqueness - Nonces must be unique per encryption; SDK generates fresh nonces automatically

  • Key storage - encryption_private_key should be stored securely if deterministic keys are used

See Also

Last updated