Cylend Logo
Documentation

Encryption Implementation

Implementing the ECIES handshake for private transactions

The Sapphire Wrapper

Standard Web3 providers (like window.ethereum) send data in plaintext. To interact with Sapphire's private contracts, we wrap the provider with @oasisprotocol/sapphire-paratime.

import * as sapphire from '@oasisprotocol/sapphire-paratime';
import { ethers } from 'ethers';

// wrap the browser provider
const provider = new ethers.BrowserProvider(
    sapphire.wrap(window.ethereum)
);
const signer = await provider.getSigner();

// Now all transactions signed by 'signer' are automatically encrypted!
const tx = await contract.connect(signer).myPrivateFunction(secretData);

How It Works

1. Handshake

The wrapper automatically fetches the transient public key from the Sapphire node.

2. Encrypt

It encrypts the calldata (function arguments) using ECIES (Elliptic Curve Integrated Encryption Scheme).

3. Transmit

The encrypted blob is sent to the network. Only the TEE enclave can decrypt it.