Skip to main content

SkyeKiwi Protocol Spec

This document describes the core encoding schema for the SkyeKiwi Protocol.

Processing Pipeline & Two Rounds of Encryption​

The SkyeKiwi Protocol applies two rounds of encryption on the target secret. And follows a simplified processing pipeline as below:

  1. Pre-processing: read in the incoming data in bytes stream and chunckify the stream to a fixed size depends on network condition.
  2. (First Encryption) Core Encryption: use a randomly generated private key on Ed25519 curve to symmetrically encrypt the chunks. After each encryption process, the encrypted chunk will be stored in IPFS.
  3. Compile the PreSeal metadata: the list of the encrypted chunks, the private key used for encryption, a version number, the hash of the original file will be encoded into a fixed size 114 bytes PreSeal metadata. Refer to the Metadata section for more details.
  4. (Second Encryption) Seal Metadata: the 114 bytes PreSeal metadata will be encrypted with the public key of the recipeints according to a EncryptionSchema and encoded into the Sealed metadata. The Seale metadata will also be stored in IPFS.
  5. Write to Secret Registry: the IPFS CID of the Sealed metadata will be pushed to the Secret Registry on the SkyeKiwi Network.


The PreSeal metadata follows the following schema:

// NOTE: ordering matters!
pub struct PreSeal {
chunk_cid: types::ipfs::CID, // 46 bytes
hash: types::file::Hash, // 32 bytes
sealing_key: types::crypto::SecretboxKey, // 32bytes
version: [u8; 4] // 4 bytes

The Sealed Metadata follows the following schema:

// NOTE: ordering matters!
pub struct SealedMetadata {
is_public: bool, // encoded into 2 bytes [0, 0] for false, [1, 1] for true
cipher: Vec<u8>, // encrypted PreSealed data concatenated together
members_count: u64, // not encoded! Derived field
version: [u8; 4], // enoded into 4 bytes

The length of the cipher on SealedMetadata is always equal to 186 bytes multiplied by the number of recipients.


Currently the SkyeKiwi Protocol has been implemented on the following platforms:

  1. Browser/TypeScript version: Source Code
  2. The Intel SGX, Rust version: Source Code