Encryption

Encryption

Hyra Network employs AES encryption and asymmetric encryption using environment wallet public and private keys to ensure data security, privacy, and integrity across the distributed AI network.

Encryption Overview

Encryption in Hyra Network serves multiple purposes:

• Data Confidentiality: Protect sensitive AI task data from unauthorized access
• Data Integrity: Ensure data hasn’t been tampered with during transmission
• Authentication: Verify the identity of data sources using wallet keys
• Privacy: Maintain user privacy in AI computations with end-to-end encryption

Encryption Types Used

1. AES Encryption (Symmetric)

AES (Advanced Encryption Standard) is used for encrypting task input and output data:

# Example: AES encryption for task data
from hyra_network.crypto import AESEncryption

# Initialize AES encryption
aes = AESEncryption(key_size=256)

# Encrypt task input data
encrypted_input = aes.encrypt(task_input_data, aes_key)
print(f"Encrypted input: {encrypted_input}")

# Decrypt task input data
decrypted_input = aes.decrypt(encrypted_input, aes_key)
print(f"Decrypted input: {decrypted_input}")

// Example: AES encryption for task data
const { AESEncryption } = require("@hyra-network/sdk");

// Initialize AES encryption
const aes = new AESEncryption({ keySize: 256 });

// Encrypt task input data
const encryptedInput = aes.encrypt(taskInputData, aesKey);
console.log(`Encrypted input: ${encryptedInput}`);

// Decrypt task input data
const decryptedInput = aes.decrypt(encryptedInput, aesKey);
console.log(`Decrypted input: ${decryptedInput}`);

AES Features:

• Key Sizes: AES-128, AES-192, AES-256
• Modes: CBC, GCM, CTR for different security requirements
• Performance: Fast encryption/decryption for large data
• Security: Military-grade encryption standard

2. Asymmetric Encryption (RSA/ECC)

Asymmetric encryption using environment wallet public and private keys:

# Example: Asymmetric encryption with wallet keys
from hyra_network.crypto import AsymmetricEncryption
import os

# Get wallet keys from environment
private_key = os.getenv('WALLET_PRIVATE_KEY')
public_key = os.getenv('WALLET_PUBLIC_KEY')

# Initialize asymmetric encryption
crypto = AsymmetricEncryption()

# Encrypt data with recipient's public key
encrypted_data = crypto.encrypt(data, recipient_public_key)

# Decrypt data with your private key
decrypted_data = crypto.decrypt(encrypted_data, private_key)

// Example: Asymmetric encryption with wallet keys
const { AsymmetricEncryption } = require("@hyra-network/sdk");

// Get wallet keys from environment
const privateKey = process.env.WALLET_PRIVATE_KEY;
const publicKey = process.env.WALLET_PUBLIC_KEY;

// Initialize asymmetric encryption
const crypto = new AsymmetricEncryption();

// Encrypt data with recipient's public key
const encryptedData = crypto.encrypt(data, recipientPublicKey);

// Decrypt data with your private key
const decryptedData = crypto.decrypt(encryptedData, privateKey);

Asymmetric Encryption Features:

• RSA: Rivest-Shamir-Adleman algorithm for key exchange
• ECC: Elliptic Curve Cryptography for better performance
• Key Pairs: Public/private key pairs from wallet
• Digital Signatures: Verify data authenticity

Encryption in AI Context

Task Input Encryption

Encrypt AI task input data before submission to smart contracts:

# Example: Encrypt task input data
from hyra_network.crypto import TaskEncryption

# Initialize task encryption
task_crypto = TaskEncryption()

# Encrypt task input with AES
aes_key = task_crypto.generate_aes_key()
encrypted_input = task_crypto.encrypt_input(task_input, aes_key)

# Wrap AES key with recipient's public key
wrapped_key = task_crypto.wrap_aes_key(aes_key, recipient_public_key)

# Store encrypted data and wrapped key
encrypted_task = {
    'encrypted_data': encrypted_input,
    'wrapped_key': wrapped_key
}

// Example: Encrypt task input data
const { TaskEncryption } = require("@hyra-network/sdk");

// Initialize task encryption
const taskCrypto = new TaskEncryption();

// Encrypt task input with AES
const aesKey = taskCrypto.generateAESKey();
const encryptedInput = taskCrypto.encryptInput(taskInput, aesKey);

// Wrap AES key with recipient's public key
const wrappedKey = taskCrypto.wrapAESKey(aesKey, recipientPublicKey);

// Store encrypted data and wrapped key
const encryptedTask = {
  encryptedData: encryptedInput,
  wrappedKey: wrappedKey,
};

Task Output Encryption

Encrypt AI task output data before submission:

# Example: Encrypt task output data
from hyra_network.crypto import OutputEncryption

# Initialize output encryption
output_crypto = OutputEncryption()

# Encrypt task output with AES
aes_key = output_crypto.generate_aes_key()
encrypted_output = output_crypto.encrypt_output(task_output, aes_key)

# Wrap AES key for multiple recipients
wrapped_keys = {
    'verifier': output_crypto.wrap_aes_key(aes_key, verifier_public_key),
    'user': output_crypto.wrap_aes_key(aes_key, user_public_key),
    'worker': output_crypto.wrap_aes_key(aes_key, worker_public_key)
}

# Store encrypted output and wrapped keys
encrypted_result = {
    'encrypted_output': encrypted_output,
    'wrapped_keys': wrapped_keys
}

// Example: Encrypt task output data
const { OutputEncryption } = require("@hyra-network/sdk");

// Initialize output encryption
const outputCrypto = new OutputEncryption();

// Encrypt task output with AES
const aesKey = outputCrypto.generateAESKey();
const encryptedOutput = outputCrypto.encryptOutput(taskOutput, aesKey);

// Wrap AES key for multiple recipients
const wrappedKeys = {
  verifier: outputCrypto.wrapAESKey(aesKey, verifierPublicKey),
  user: outputCrypto.wrapAESKey(aesKey, userPublicKey),
  worker: outputCrypto.wrapAESKey(aesKey, workerPublicKey),
};

// Store encrypted output and wrapped keys
const encryptedResult = {
  encryptedOutput: encryptedOutput,
  wrappedKeys: wrappedKeys,
};

Cryptographic Algorithms

AES (Advanced Encryption Standard)

AES-256-GCM (Recommended)

# Example: AES-256-GCM encryption
from hyra_network.crypto import AES256GCM

aes = AES256GCM()
encrypted_data, auth_tag = aes.encrypt(data, key, nonce)
decrypted_data = aes.decrypt(encrypted_data, key, nonce, auth_tag)

Features:

• 256-bit key length: Maximum security
• GCM mode: Authenticated encryption
• Nonce: Unique nonce for each encryption
• Authentication: Built-in integrity verification

AES-128-CBC (Legacy)

# Example: AES-128-CBC encryption
from hyra_network.crypto import AES128CBC

aes = AES128CBC()
encrypted_data = aes.encrypt(data, key, iv)
decrypted_data = aes.decrypt(encrypted_data, key, iv)

Features:

• 128-bit key length: Good security
• CBC mode: Cipher Block Chaining
• IV: Initialization Vector for each encryption
• Compatibility: Widely supported

Asymmetric Encryption

RSA Encryption

# Example: RSA encryption
from hyra_network.crypto import RSAEncryption

rsa = RSAEncryption(key_size=2048)
public_key, private_key = rsa.generate_keypair()
encrypted_data = rsa.encrypt(data, public_key)
decrypted_data = rsa.decrypt(encrypted_data, private_key)

Features:

• 2048-bit key length: Strong security
• Key Exchange: Secure key distribution
• Digital Signatures: Data authenticity
• Widely Supported: Standard algorithm

ECC Encryption

# Example: ECC encryption
from hyra_network.crypto import ECCEncryption

ecc = ECCEncryption(curve='secp256k1')
public_key, private_key = ecc.generate_keypair()
encrypted_data = ecc.encrypt(data, public_key)
decrypted_data = ecc.decrypt(encrypted_data, private_key)

Features:

• secp256k1 curve: Bitcoin-compatible
• Smaller keys: More efficient than RSA
• Better performance: Faster encryption/decryption
• Mobile friendly: Lower computational requirements

Key Management

Environment Key Configuration

Python Environment Setup

# Example: Environment key configuration
import os
from hyra_network.crypto import KeyManager

# Set environment variables
os.environ['WALLET_PRIVATE_KEY'] = 'your_private_key_here'
os.environ['WALLET_PUBLIC_KEY'] = 'your_public_key_here'

# Initialize key manager
key_manager = KeyManager()

# Get keys from environment
private_key = key_manager.get_private_key()
public_key = key_manager.get_public_key()

Node.js Environment Setup

// Example: Environment key configuration
const { KeyManager } = require("@hyra-network/sdk");

// Set environment variables
process.env.WALLET_PRIVATE_KEY = "your_private_key_here";
process.env.WALLET_PUBLIC_KEY = "your_public_key_here";

// Initialize key manager
const keyManager = new KeyManager();

// Get keys from environment
const privateKey = keyManager.getPrivateKey();
const publicKey = keyManager.getPublicKey();

Key Generation

Generate New Key Pairs

# Example: Generate new key pairs
from hyra_network.crypto import KeyGenerator

keygen = KeyGenerator()

# Generate RSA key pair
rsa_public, rsa_private = keygen.generate_rsa_keypair(2048)

# Generate ECC key pair
ecc_public, ecc_private = keygen.generate_ecc_keypair('secp256k1')

# Generate AES key
aes_key = keygen.generate_aes_key(256)

// Example: Generate new key pairs
const { KeyGenerator } = require("@hyra-network/sdk");

const keygen = new KeyGenerator();

// Generate RSA key pair
const { publicKey: rsaPublic, privateKey: rsaPrivate } =
  keygen.generateRSAKeyPair(2048);

// Generate ECC key pair
const { publicKey: eccPublic, privateKey: eccPrivate } =
  keygen.generateECCKeyPair("secp256k1");

// Generate AES key
const aesKey = keygen.generateAESKey(256);

Key Storage

Secure Key Storage

# Example: Secure key storage
from hyra_network.crypto import SecureKeyStorage

storage = SecureKeyStorage()

# Store keys securely
storage.store_key('wallet_private', private_key, encrypted=True)
storage.store_key('wallet_public', public_key, encrypted=False)

# Retrieve keys
retrieved_private = storage.retrieve_key('wallet_private')
retrieved_public = storage.retrieve_key('wallet_public')

// Example: Secure key storage
const { SecureKeyStorage } = require("@hyra-network/sdk");

const storage = new SecureKeyStorage();

// Store keys securely
storage.storeKey("wallet_private", privateKey, { encrypted: true });
storage.storeKey("wallet_public", publicKey, { encrypted: false });

// Retrieve keys
const retrievedPrivate = storage.retrieveKey("wallet_private");
const retrievedPublic = storage.retrieveKey("wallet_public");

Security Considerations

Key Security

Key Length Requirements

• AES: Minimum 128-bit, recommended 256-bit
• RSA: Minimum 2048-bit, recommended 4096-bit
• ECC: Minimum 256-bit, recommended 384-bit

Key Randomness

# Example: Ensure cryptographic randomness
from hyra_network.crypto import SecureRandom

secure_random = SecureRandom()

# Generate cryptographically secure random key
random_key = secure_random.generate_key(256)
print(f"Random key: {random_key.hex()}")

// Example: Ensure cryptographic randomness
const { SecureRandom } = require("@hyra-network/sdk");

const secureRandom = new SecureRandom();

// Generate cryptographically secure random key
const randomKey = secureRandom.generateKey(256);
console.log(`Random key: ${randomKey.toString("hex")}`);

Algorithm Security

Algorithm Selection

• AES-256-GCM: For symmetric encryption
• RSA-2048: For key exchange and signatures
• ECC-secp256k1: For efficient asymmetric operations
• SHA-256: For hashing and integrity

Implementation Security

# Example: Secure implementation
from hyra_network.crypto import SecureImplementation

secure_impl = SecureImplementation()

# Use secure random nonces
nonce = secure_impl.generate_secure_nonce()

# Use authenticated encryption
encrypted_data, auth_tag = secure_impl.encrypt_authenticated(data, key, nonce)

// Example: Secure implementation
const { SecureImplementation } = require("@hyra-network/sdk");

const secureImpl = new SecureImplementation();

// Use secure random nonces
const nonce = secureImpl.generateSecureNonce();

// Use authenticated encryption
const { encryptedData, authTag } = secureImpl.encryptAuthenticated(
  data,
  key,
  nonce
);

Performance Optimization

Hardware Acceleration

AES-NI Support

# Example: Hardware-accelerated AES
from hyra_network.crypto import HardwareAES

hardware_aes = HardwareAES()
encrypted_data = hardware_aes.encrypt(data, key)  # Uses AES-NI if available

// Example: Hardware-accelerated AES
const { HardwareAES } = require("@hyra-network/sdk");

const hardwareAES = new HardwareAES();
const encryptedData = hardwareAES.encrypt(data, key); // Uses AES-NI if available

Batch Processing

Encrypt Multiple Data

# Example: Batch encryption
from hyra_network.crypto import BatchEncryption

batch_crypto = BatchEncryption()

# Encrypt multiple data items
data_items = [data1, data2, data3]
encrypted_items = batch_crypto.encrypt_batch(data_items, key)

// Example: Batch encryption
const { BatchEncryption } = require("@hyra-network/sdk");

const batchCrypto = new BatchEncryption();

// Encrypt multiple data items
const dataItems = [data1, data2, data3];
const encryptedItems = batchCrypto.encryptBatch(dataItems, key);

Compliance and Standards

Industry Standards

• FIPS 140-2: Federal Information Processing Standard
• Common Criteria: International security standard
• ISO 27001: Information security management

Regulatory Compliance

• GDPR: General Data Protection Regulation
• HIPAA: Health Insurance Portability and Accountability Act
• SOX: Sarbanes-Oxley Act

Future Developments

Post-Quantum Cryptography

Prepare for quantum computing threats:

• Lattice-Based: Lattice-based cryptography
• Code-Based: Code-based cryptography
• Hash-Based: Hash-based signatures

Advanced Encryption

• Fully Homomorphic: Complete homomorphic encryption
• Multi-Party: Secure multi-party computation
• Functional: Functional encryption schemes

Resources

• Encryption Documentation: docs.hyra.network/encryption
• Security Best Practices: docs.hyra.network/security
• GitHub: github.com/hyra-network
• Discord: discord.gg/hyra

Next Steps

Ready to implement encryption in your applications? Check out our guides:

• Two-Phase Encryption - Learn about our advanced encryption system
• Getting Started - Set up your development environment
• SDKs - Use our development tools