shield-halvedShielded Write

Encrypted transactions — lifecycle, security parameters, and the low-level API


How it works

When you call contract.write.someMethod(...), the SDK:

  1. Fetches your nonce and the latest block hash from the node

  2. Builds a TxSeismic (type 0x4a) with encryption metadata

  3. Encrypts the calldata using AES-GCM with a shared key derived via ECDH between your ephemeral keypair and the node's TEE public key

  4. Signs and broadcasts the transaction

The encrypted calldata is bound to the transaction context (chain ID, nonce, block hash, expiry) via AES-GCM additional authenticated data, so it can't be replayed or tampered with.


Security parameters

Every shielded transaction includes a block-hash freshness check and an expiry window. The defaults are sane (100-block window, random nonce, latest block hash), but you can override them per-call:

from seismic_web3 import SeismicSecurityParams

params = SeismicSecurityParams(
    blocks_window=50,          # expires after 50 blocks instead of 100
    encryption_nonce=None,     # random (default)
    recent_block_hash=None,    # latest block (default)
    expires_at_block=None,     # computed from blocks_window (default)
)

tx_hash = contract.write.setNumber(42, security=params)
result = contract.read.getNumber(security=params)

Low-level API

When you need manual control over calldata — contract deployments, pre-encoded data, or bypassing the ShieldedContract abstraction:


EIP-712 typed data

circle-info

Most Python users sign locally with a private key and don't need this. EIP-712 is relevant if you're integrating with MetaMask, WalletConnect, or other external signers that use eth_signTypedData_v4.

Last updated