Owner: @Marcin Pawlowski

Reviewers: 🟢@Youngjoon Lee 🟢@Alexander Mozeika 🟢@Mehmet 🟢@Álvaro Castro-Castilla 🟢@Daniel Kashepava 🟢@Daniel Sanchez Quiros

Introduction

The message encapsulation mechanism is part of the Blend Protocol and it describes the cryptographic operations necessary for building and processing messages by a Blend node.

This document is part of the Formatting section. Please read through that document to better understand the context of the encapsulation mechanism and constructions used here.

Overview

The Message Encapsulation Mechanism is a core component of the Blend Protocol that ensures privacy and security during node-to-node message transmission. By implementing multiple encryption layers and cryptographic operations, this mechanism keeps messages confidential while concealing their origins.

The encapsulation process includes:

Building a multi-layered structure with public headers, private headers, and encrypted payloads
Using cryptographic keys and proofs for layer security and authentication
Applying verifiable random node selection for message routing
Using shared key derivation for secure inter-node communication

This document outlines the cryptographic notation, data structures, and algorithms essential to the encapsulation process, providing a complete specification for implementing this mechanism within the Blend Protocol.

Notation

$\mathbf K^{n}h = \{(K^{n}{0}, k^{n}{0}, \pi{Q}^{K_{0}^{n}}),...,(K^{n}{h-1}, k^{n}{h-1}, \pi_{Q}^{K_{h-1}^{n}}) \}$ is a collection of $h$ key pairs for a node $n$ with proofs of quota, where $K_{i}^{n}$ is the $i$-th public key and $k_{i}^{n}$ is its corresponding private key, and $\pi_{Q}^{K_{i}^{n}}$ is its proof of quota.
```
Ed25519PublicKey = bytes
Ed25519PrivateKey = bytes
KEY_SIZE = 32
ProofOfQuota = bytes
PROOF_OF_QUOTA_SIZE = 160

KeyCollection = List[KeyPair]

class KeyPair:
	signing_public_key: Ed25519PublicKey
	signing_private_key: Ed25519PrivateKey
	proof_of_quota: ProofOfQuota
```
For more information about key generation mechanism please refer to Key Types and Generation Specification.

For more information about proof of quota please refer to Proof of Quota.
$P^n$ is a public key of the node $n$, which is globally accessible using the Service Declaration Protocol (SDP). We are using this notation to distinguish the origin of the key, hence the following simplified notation.

For more information about Service Declaration Protocol please refer to Service Declaration Protocol.
$\mathcal{N} = \text{SDP}(s)$ is the set of nodes globally accessible using the SDP.
```
Nodes = set[Ed25519PublicKey]  # set of signing public keys
```
$N =|\mathcal{N}|$ is the number of nodes globally accessible using the SDP.
$\kappa^{n,m}{i} = k^{n}{i} \cdot P^{m} = p^{m} \cdot K^{n}_{i}$ , is a shared key calculated between node $n$ and node $m$ using the $i$-th key of the node $n$, $P^{m}$ is the public key of the node $m$ retrieved from the SDP protocol and $p^m$ is its corresponding private key.
```
SharedKey = bytes  # KEY_SIZE
```
$\pi^{K^{n}{l},m}{S}$ is the proof of selection of the public key $K^{n}_l$ to the node index $m$ from a set of all nodes $\mathcal N$.
```
ProofOfSelection = bytes
PROOF_OF_SELECTION_SIZE = 32
```
For more information about the proof of selection, please refer to Proof of Selection.