Encryption Scheme

Every UTXO is encrypted with an authenticated encryption algorithm, particularly X25519-XChaCha20-Poly1305 which is ECDH over Curve25519 paired with the extended nonce variant of the ChaCha20-Poly1305 AEAD.

UTXOs are always encrypted with ephemeral Curve25519 key pairs, and the corresponding public key being set in the authenticated but plaintext part of the AEAD envelope. This eliminates the need for any public key registries while guaranteeing authenticity and confidentiality of the UTXO contents.

Let $G$ be the Curve25519 generator, $q$ be its prime order, and $a$ and $b$ be Alice's and Bob's private keys respectively:

$$a, b \xleftarrow{\$} \mathbb{F}_{q}$$

Obtain the shared secret via ECDH over Curve25519:

$$\quad s = \text{X25519}(a, b \cdot G) = \text{X25519}(b, a \cdot G)$$

Extend the shared secret with a 24-byte nonce to derive a strong 256-bit key for the symmetric cipher:

$$\quad k = \text{HChaCha20}(s, n_{24})$$

Let $M$ be the message plaintext, and $E$ be the sealed envelope - encrypted UTXO:

$$\quad A = n_{24} \parallel a \cdot G$$ $$\quad C = \text{ChaCha20}(k, n_{24}, M)$$ $$\quad T = \text{Poly1305}(k, n_{24}, A, C)$$ $$\quad E = A \parallel C \parallel T$$