mintlayer
diff --git a/‎Cargo.lock
Lines changed: 18 additions & 4 deletions b/‎Cargo.lock
Lines changed: 18 additions & 4 deletions
diff --git a/‎blockprod/src/detail/mod.rs
Lines changed: 12 additions & 1 deletion b/‎blockprod/src/detail/mod.rs
Lines changed: 12 additions & 1 deletion
diff --git a/‎blockprod/src/interface/blockprod_interface.rs
Lines changed: 13 additions & 0 deletions b/‎blockprod/src/interface/blockprod_interface.rs
Lines changed: 13 additions & 0 deletions
diff --git a/‎blockprod/src/interface/blockprod_interface_impl.rs
Lines changed: 20 additions & 0 deletions b/‎blockprod/src/interface/blockprod_interface_impl.rs
Lines changed: 20 additions & 0 deletions
diff --git a/‎blockprod/src/lib.rs
Lines changed: 3 additions & 0 deletions b/‎blockprod/src/lib.rs
Lines changed: 3 additions & 0 deletions
diff --git a/‎blockprod/src/rpc.rs
Lines changed: 48 additions & 0 deletions b/‎blockprod/src/rpc.rs
Lines changed: 48 additions & 0 deletions
diff --git a/‎crypto/Cargo.toml
Lines changed: 3 additions & 1 deletion b/‎crypto/Cargo.toml
Lines changed: 3 additions & 1 deletion
diff --git a/‎crypto/src/ephemeral_e2e/error.rs
Lines changed: 26 additions & 0 deletions b/‎crypto/src/ephemeral_e2e/error.rs
Lines changed: 26 additions & 0 deletions
@@ -39,7 +39,10 @@ use consensus::{
     generate_consensus_data_and_reward, ConsensusCreationError, ConsensusPoSError,
     FinalizeBlockInputData, GenerateBlockInputData, PoSFinalizeBlockInputData,
 };
-use crypto::random::{make_true_rng, Rng};
+use crypto::{
+    ephemeral_e2e::{self, EndToEndPrivateKey},
+    random::{make_true_rng, Rng},
+};
 use logging::log;
 use mempool::{
     tx_accumulator::{DefaultTxAccumulator, PackingStrategy, TransactionAccumulator},
@@ -116,6 +119,7 @@ pub struct BlockProduction {
     job_manager_handle: JobManagerHandle,
     mining_thread_pool: Arc<slave_pool::ThreadPool>,
     p2p_handle: P2pHandle,
+    e2e_encryption_key: ephemeral_e2e::EndToEndPrivateKey,
 }
 
 impl BlockProduction {
@@ -130,6 +134,8 @@ impl BlockProduction {
     ) -> Result<Self, BlockProductionError> {
         let job_manager_handle = Box::new(JobManagerImpl::new(Some(chainstate_handle.clone())));
 
+        let mut rng = make_true_rng();
+
         let block_production = Self {
             chain_config,
             blockprod_config,
@@ -139,6 +145,7 @@ impl BlockProduction {
             time_getter,
             job_manager_handle,
             mining_thread_pool,
+            e2e_encryption_key: EndToEndPrivateKey::new_from_rng(&mut rng),
         };
 
         Ok(block_production)
@@ -588,6 +595,10 @@ impl BlockProduction {
 
         Ok(())
     }
+
+    pub fn e2e_private_key(&self) -> &ephemeral_e2e::EndToEndPrivateKey {
+        &self.e2e_encryption_key
+    }
 }
 
 fn generate_finalize_block_data(
 
@@ -19,6 +19,7 @@ use common::{
     primitives::Id,
 };
 use consensus::GenerateBlockInputData;
+use crypto::ephemeral_e2e;
 use mempool::tx_accumulator::PackingStrategy;
 
 #[async_trait::async_trait]
@@ -47,4 +48,16 @@ pub trait BlockProductionInterface: Send + Sync {
         transaction_ids: Vec<Id<Transaction>>,
         packing_strategy: PackingStrategy,
     ) -> Result<Block, BlockProductionError>;
+
+    async fn e2e_public_key(&self) -> ephemeral_e2e::EndToEndPublicKey;
+
+    /// Same as generate_block, but with end-to-end encryption for the secret data
+    async fn generate_block_e2e(
+        &mut self,
+        encrypted_input_data: Vec<u8>,
+        public_key: ephemeral_e2e::EndToEndPublicKey,
+        transactions: Vec<SignedTransaction>,
+        transaction_ids: Vec<Id<Transaction>>,
+        packing_strategy: PackingStrategy,
+    ) -> Result<Block, BlockProductionError>;
 }
@@ -22,6 +22,7 @@ use common::{
     primitives::Id,
 };
 use consensus::GenerateBlockInputData;
+use crypto::ephemeral_e2e;
 use mempool::tx_accumulator::PackingStrategy;
 
 use super::blockprod_interface::BlockProductionInterface;
@@ -52,6 +53,25 @@ impl BlockProductionInterface for BlockProduction {
 
         Ok(block)
     }
+
+    async fn e2e_public_key(&self) -> ephemeral_e2e::EndToEndPublicKey {
+        self.e2e_private_key().public_key()
+    }
+
+    async fn generate_block_e2e(
+        &mut self,
+        encrypted_input_data: Vec<u8>,
+        public_key: ephemeral_e2e::EndToEndPublicKey,
+        transactions: Vec<SignedTransaction>,
+        transaction_ids: Vec<Id<Transaction>>,
+        packing_strategy: PackingStrategy,
+    ) -> Result<Block, BlockProductionError> {
+        let shared_secret = self.e2e_private_key().shared_secret(&public_key);
+        let input_data =
+            shared_secret.decrypt_then_decode::<GenerateBlockInputData>(&encrypted_input_data)?;
+        self.generate_block(input_data, transactions, transaction_ids, packing_strategy)
+            .await
+    }
 }
 
 impl subsystem::Subsystem for Box<dyn BlockProductionInterface> {
 
@@ -28,6 +28,7 @@ use common::{
 };
 use config::BlockProdConfig;
 use consensus::ConsensusCreationError;
+use crypto::ephemeral_e2e;
 use detail::{
     job_manager::{JobKey, JobManagerError},
     BlockProduction,
@@ -67,6 +68,8 @@ pub enum BlockProductionError {
     JobManagerError(#[from] JobManagerError),
     #[error("Mempool failed to construct block: {0}")]
     MempoolBlockConstruction(#[from] mempool::error::BlockConstructionError),
+    #[error("Failed to decrypt generate-block input data: {0}")]
+    E2eError(#[from] ephemeral_e2e::error::Error),
 }
 
 pub type BlockProductionSubsystem = Box<dyn BlockProductionInterface>;
 
@@ -21,6 +21,7 @@ use common::{
     primitives::Id,
 };
 use consensus::GenerateBlockInputData;
+use crypto::ephemeral_e2e::{self, EndToEndPublicKey};
 use mempool::tx_accumulator::PackingStrategy;
 use rpc::Result as RpcResult;
 use serialization::hex_encoded::HexEncoded;
@@ -51,6 +52,19 @@ trait BlockProductionRpc {
         transaction_ids: Vec<Id<Transaction>>,
         packing_strategy: PackingStrategy,
     ) -> RpcResult<HexEncoded<Block>>;
+
+    #[method(name = "e2e_public_key")]
+    async fn e2e_public_key(&self) -> RpcResult<HexEncoded<ephemeral_e2e::EndToEndPublicKey>>;
+
+    #[method(name = "generate_block_e2e")]
+    async fn generate_block_e2e(
+        &self,
+        encrypted_input_data: Vec<u8>,
+        public_key: HexEncoded<EndToEndPublicKey>,
+        transactions: Vec<HexEncoded<SignedTransaction>>,
+        transaction_ids: Vec<Id<Transaction>>,
+        packing_strategy: PackingStrategy,
+    ) -> RpcResult<HexEncoded<Block>>;
 }
 
 #[async_trait::async_trait]
@@ -102,4 +116,38 @@ impl BlockProductionRpcServer for super::BlockProductionHandle {
 
         Ok(block.into())
     }
+
+    async fn e2e_public_key(&self) -> rpc::Result<HexEncoded<EndToEndPublicKey>> {
+        let public_key: EndToEndPublicKey =
+            rpc::handle_result(self.call_async(move |this| this.e2e_public_key()).await)?;
+
+        Ok(public_key.into())
+    }
+
+    async fn generate_block_e2e(
+        &self,
+        encrypted_input_data: Vec<u8>,
+        public_key: HexEncoded<EndToEndPublicKey>,
+        transactions: Vec<HexEncoded<SignedTransaction>>,
+        transaction_ids: Vec<Id<Transaction>>,
+        packing_strategy: PackingStrategy,
+    ) -> RpcResult<HexEncoded<Block>> {
+        let transactions = transactions.into_iter().map(HexEncoded::take).collect::<Vec<_>>();
+        let public_key = public_key.take();
+
+        let block: Block = rpc::handle_result(
+            self.call_async_mut(move |this| {
+                this.generate_block_e2e(
+                    encrypted_input_data,
+                    public_key,
+                    transactions,
+                    transaction_ids,
+                    packing_strategy,
+                )
+            })
+            .await,
+        )?;
+
+        Ok(block.into())
+    }
 }
@@ -14,7 +14,7 @@ serialization = { path = "../serialization" }
 # The following crates don't work well with "workspace.dependencies"
 argon2 = { version = "0.5", features = ["std"] }
 merlin = { version = "3.0" , default-features = false }
-secp256k1 = { version = "0.27", default-features = false, features = ["global-context", "rand-std"] }
+secp256k1 = { version = "0.28", default-features = false, features = ["global-context", "rand-std"] }
 
 bip39 = { workspace = true, default-features = false, features = ["std", "zeroize"] }
 blake2.workspace = true
@@ -35,6 +35,8 @@ sha3.workspace = true
 thiserror.workspace = true
 zeroize.workspace = true
 
+x25519-dalek = { version = "2.0", features = ["reusable_secrets", "zeroize"] }
+
 [dev-dependencies]
 test-utils = { path = "../test-utils" }
 
 
@@ -0,0 +1,26 @@
+// Copyright (c) 2023 RBB S.r.l
+// [email protected]
+// SPDX-License-Identifier: MIT
+// Licensed under the MIT License;
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://github.com/mintlayer/mintlayer-core/blob/master/LICENSE
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#[derive(thiserror::Error, Debug, PartialEq, Eq, Clone)]
+pub enum Error {
+    #[error("Symmetric key creation from shared secret failed: {0}")]
+    SymmetricKeyCreationFailed(String),
+    #[error("Symmetric encryption failed: {0}")]
+    SymmetricEncryptionFailed(String),
+    #[error("Symmetric decryption failed: {0}")]
+    SymmetricDecryptionFailed(String),
+    #[error("Deserialization failed: {0}")]
+    DeserializationFailed(String),
+}