Axiomatic
Privacy & Confidential Transfers

Note Encryption (ECDH)

X25519 ECDH per-note encryption for inter-sender privacy

Note Encryption

Axiomatic uses X25519 ECDH (Elliptic Curve Diffie-Hellman) for per-note encryption on the confidential ledger. Each note gets a unique encryption key, ensuring inter-sender privacy.

Encryption (Sender)

  1. Retrieve recipient's X25519 public key from their stealth meta-address
  2. Generate ephemeral X25519 keypair (r, R)
  3. Compute shared secret: x25519(r, recipientX25519Pub)
  4. Derive note key: HKDF-SHA256(sharedSecret, commitment, "axiomatic.note.ecdh.v1")
  5. Encrypt note data with AES-256-GCM
  6. Submit transaction with encryptedNote, ephemeralPubKey = R, scanTag

Decryption (Recipient)

  1. Derive X25519 private key from IVK: HKDF(ivk, "axiomatic.x25519.v1")
  2. Compute shared secret: x25519(x25519Private, ephemeralPubKey)
  3. Derive note key: HKDF-SHA256(sharedSecret, commitment, "axiomatic.note.ecdh.v1")
  4. Decrypt with AES-256-GCM

Inter-Sender Privacy

Because each sender generates a fresh ephemeral keypair per note:

  • Sender A's notes produce different shared secrets than Sender B's
  • Even if Sender A is compromised, they cannot decrypt Sender B's notes to the same recipient
  • The ephemeral private key r is discarded after computing the shared secret

Key Derivation

IVK (Incoming Viewing Key)
  |
  |-- HKDF(ivk, "axiomatic.x25519.v1") --> X25519 private key
  |
  |-- getPublicKey(private) --> X25519 public key

The X25519 public key is published in the stealth meta-address. The private key exists only on the client and (encrypted) on the server for cron scanning.

Shielded Notes

Note lifecycle, key management, and scanner architecture for the UTXO-based privacy system.

Scan Tags

Efficient note filtering for recipient scanning

On this page

Note EncryptionEncryption (Sender)Decryption (Recipient)Inter-Sender PrivacyKey Derivation