The Waves Enterprise platform provides the possibility to choose the cryptography used depending on the specifics of the project under implementation and the jurisdiction of the customer.
Hashing operations in the platform are performed by Blake2b256 and Keccak256 functions sequentially, or by “Stribog” function in accordance with GOST R 34.11-2012 “Information Technology. Cryptographic protection of information. Hash function”. The output data block size is 256 bits.
Algorithms for key generation, formation and verification of electronic signature are implemented on the basis of Curve25519 elliptic curve (ED25519 with X25519 keys), or in accordance with GOST R 34.10-2012 “Information technology. Cryptographic protection of information. The processes of formation and verification of electronic digital signature”.
The platform implements the ability to encrypt data using session keys based on the Diffi-Helman protocol. This operation is used to encrypt any type of text information, such as smart contract data, which should not be available to other blockchain participants. Encryption can be performed individually for each recipient, with the formation of a unique instance of ciphertext, or with the formation of a single ciphertext for a group of recipients.
The algorithms used for symmetric encryption comply with the AES standard or GOST R 34.12-2015 “Information technology. Cryptographic protection of information. Block cipher”.
Symmetric CEK and KEK keys are used to encrypt/decrypt data. CEK (Content Encryption Key) is the key for the encrypting text data, KEK (Key Encryption Key) is the key for encrypting the CEK. The CEK key is generated by a node randomly using the appropriate hashing algorithms. The KEK key is generated by a node based on Diffie-Hellman algorithm, using public and private keys of sender and recipients, and is used to encrypt the CEK key.
For a description of encryption methods and their use, see Data encryption operations.
An encryption algorithm of the off-chain protocol for private data transfer depends on a used version of the node. For instance, in an actual version 1.5, in case of GOST encryption usage, the protocol establishes an encrypted TLS-like connection with the use of the Kuznechik encryption algorhithm.