Package net.finmath.decryptionoracle.execution.service

Class CallDecryptionServiceImplementation

java.lang.Object
net.finmath.decryptionoracle.execution.service.CallDecryptionServiceImplementation
All Implemented Interfaces:
CallDecryptionService
@Service public class CallDecryptionServiceImplementation extends Object implements CallDecryptionService
Default implementation of CallDecryptionService that:
  • uses the same ABI encoding/decoding as Solidity (via web3j), and
  • enforces eligibility based on the encrypted ArgsDescriptor structure.

It assumes that on-chain, the following Solidity types are used:

 struct CallDescriptor {
     address targetContract;
     bytes4  selector;
     uint256 validUntilBlock;
 }

 struct ArgsDescriptor {
     address[] eligibleCaller;
     bytes     argsPlain;
 }

The encrypted blobs are:

  • callCiphertext = ENC(publicKeyId, abi.encode(CallDescriptor))
  • argsCiphertext = ENC(publicKeyId, abi.encode(ArgsDescriptor))

This class does not implement the actual cryptography. Instead it delegates to the existing DecryptionOracle / DecryptionOracleRSA stack.

Author:
Christian Fries

  • Constructor Details

    • CallDecryptionServiceImplementation

      public CallDecryptionServiceImplementation(DecryptionOracle decryptionOracle)

      Constructor for CallDecryptionServiceImplementation.

      Parameters:
      decryptionOracle - a DecryptionOracle object

  • Method Details

    • decryptEncryptedCall

      public CallDecryptionService.DecryptedCall decryptEncryptedCall(byte[] callCiphertext, byte[] callPublicKeyId, byte[] argsCiphertext, byte[] argsPublicKeyId, String requester)
      Decrypt the call descriptor and argument blob and enforce eligibility. Implementations are expected to: - decrypt callCiphertext using callPublicKeyId into a CallDescriptor, and - decrypt argsCiphertext using argsPublicKeyId into an ArgsDescriptor (containing eligibleCaller[] and argsPlain), - ensure that the original requester is contained in eligibleCaller[], unless eligibleCaller is empty (meaning "any requester"), - return the decoded CallDescriptor and argsPlain.
      Specified by:
      decryptEncryptedCall in interface CallDecryptionService
      Parameters:
      callCiphertext - ciphertext of abi.encode(CallDescriptor)
      callPublicKeyId - identifier of the key used to encrypt the call descriptor (bytes32)
      argsCiphertext - ciphertext of abi.encode(ArgsDescriptor)
      argsPublicKeyId - identifier of the key used for argument encryption (bytes32)
      requester - address of the original requester (hex string)
      Returns:
      DecryptedCall containing the CallDescriptor and plaintext argsPlain

    • decryptArguments

      public byte[] decryptArguments(byte[] argsCiphertext, byte[] argsPublicKeyId, String requester)
      Decrypt only the encrypted arguments and enforce eligibility. Used for TransparentCallRequested where the call descriptor is already on-chain and only the argsCiphertext needs to be decrypted. Implementations are expected to: - decrypt argsCiphertext into an ArgsDescriptor, - ensure that the original requester is contained in eligibleCaller[], unless eligibleCaller is empty, - return argsPlain.
      Specified by:
      decryptArguments in interface CallDecryptionService
      Parameters:
      argsCiphertext - ciphertext of abi.encode(ArgsDescriptor)
      argsPublicKeyId - identifier of the key for argument encryption (bytes32)
      requester - address of the original requester (hex string)
      Returns:
      plaintext argument payload bytes