Aegis

privacy infrastructure for the on-chain world.

Comment

Inspiration

The Aegis project was sparked by the need to secure Custos Diretriz (custosdiretriz.com) agreements and crime videos, which were publicly exposed. Inspired by age (filippo.io/age) and rage (github.com/str4d/rage), we adapted their multirecipient encryption for blockchain protocols like Starknet and X25519.

What it does

Aegis is a robust Rust library enabling multirecipient, multi-protocol encryption for secure data sharing. It uses AES-256-GCM for message encryption and wraps symmetric keys with recipient-specific protocols (e.g., Starknet ECIES, X25519 ECDH), supporting cross-chain encryption for recipients on different blockchains in a single operation. Applications include:

  • Encrypting sensitive documents (agreements, videos) for selective access.
  • Cross-chain data privacy in DeFi, DAOs, or multi-network dApps.
  • Secure data exchange in heterogeneous blockchain environments.
  • Can be used in IOT devices for secure communications

How we built it

Built with Rust 1.70+ (github.com/Goodness5/privacy-engine, docs: superrman.gitbook.io/privacy-engine):

  • Core: CryptoProtocol trait (src/traits/crypto.rs) for pluggable schemes. Hybrid encryption: $C = \text{AES-256-GCM}(M, K, N)$, with $K$ wrapped per recipient.
  • Code:
let message = b"Agreement data";
let recipients = vec![
    RecipientInfo { pubkey: stark_wallet_pubkey, protocol: Protocol::Starknet },
    RecipientInfo { pubkey: x25519_pubkey, protocol: Protocol::X25519 },
];
let result = encrypt_message(message, recipients)?;
  • Modules: encrypt.rs, decrypt.rs, chains/starknet.rs. Uses Cargo, stdlib, and crates (aes_gcm, curve25519-dalek).

Challenges we ran into

  • Decryption UX: Starknet wallets lack eth_decrypt-like methods, requiring custom decryption, impacting UX.

Accomplishments that we're proud of

  • Built a protocol-agnostic library with robust cross-chain encryption, unifying Starknet and X25519.
  • Seamless wallet integration via BIP-44 derivation, enabling key recovery without new keygen.
  • Lightweight deployment with zero external dependencies beyond Rust crates.

What we learned

  • Hybrid Encryption: Mastered AES-256-GCM with ECDH key wrapping ($\text{Shared Secret} = sk_A \cdot pk_B \mod p$).
  • Stark Curve: Learned ECDSA on twisted Edwards curve for ZK proofs.
  • Wallets: Understood BIP-44 paths for deterministic key derivation.
  • Rust: Leveraged aes_gcm, curve25519-dalek for constant-time crypto.
  • WASM: Wasm bindings for browser use, and formal verification.

What's next for Aegis

Add Secp256k1 support, and other protocol support, Contributions welcome at github.com/Goodness5/privacy-engine.

Built With

Share this project:

Updates