Owner: @Mehmet @Marcin Pawlowski

Reviewers: 🟢@Youngjoon Lee 🟢@Alexander Mozeika 🟢@Thomas Lavaur 🟢@Álvaro Castro-Castilla

Introduction

This document defines the key types used in the Blend protocol and describes the process of generating them.

Overview

This document ensures that the keys are used and generated in a common manner, which is necessary for making the Blend protocol work. The keys include:

• Non-ephemeral Quota Key (NQK) — used for proving that a node is a core node.
• Non-ephemeral Signing Key (NSK) — used to authenticate the node on the network level and derive the Non-ephemeral Encryption Key.
• Ephemeral Signing Key (ESK) — used for signing Blend messages, one per encapsulation.
• Non-ephemeral Encryption Key (NEK) — used for deriving shared secrets for message encryption.
• Ephemeral Encryption Key (EEK) — used for encrypting Blend messages, one per encapsulation.

Construction

Non-ephemeral Quota Key

A node generates a Non-ephemeral Quota Key (NQK) that is a ZkSignature (Zero Knowledge Signature Scheme (ZkSignature)). The NQK is stored on the ledger as the zk_id field in the DeclarationInfo of the node’s outcome of the participation in the Service Declaration Protocol (SDP — Service Declaration Protocol).

The NQK is used to prove that the node is part of the set of core nodes as indicated through the SDP.

Non-ephemeral Signing Key

A node generates a Non-ephemeral Signing Key (NSK) that is a Ed25519 key. The NSK is stored on the ledger as the provider_id field in the DeclarationInfo of the node’s outcome of the participation in the Service Declaration Protocol (SDP — Service Declaration Protocol).

The NSK is used to authenticate the node on the network level and to derive Non-ephemeral Encryption Key.

Ephemeral Signing Key

A node generates Ephemeral Signing Keys (ESK) that are proved to be limited in number by the Proof of Quota (PoQ — Proof of Quota Specification). The PoQ for core nodes requires a valid NQK for the session for which the PoQ is generated.