Encryption support for the statement store (#14440)

* Added ECIES encryption * tweaks * fmt * Make clippy happy * Use local keystore * qed
2026-04-25 23:27:56 +00:00 · 2023-07-17 20:41:41 +02:00
parent c761d4c39e
commit d6d9bd9ea3
28 changed files with 351 additions and 71 deletions
@@ -10159,6 +10159,7 @@ dependencies = [
 "parity-db",
 "parking_lot 0.12.1",
 "sc-client-api",
+ "sc-keystore",
 "sp-api",
 "sp-blockchain",
 "sp-core",
@@ -11592,8 +11593,14 @@ dependencies = [
 name = "sp-statement-store"
 version = "4.0.0-dev"
 dependencies = [
+ "aes-gcm 0.10.2",
+ "curve25519-dalek 3.2.0",
+ "ed25519-dalek",
+ "hkdf",
 "parity-scale-codec",
+ "rand 0.8.5",
 "scale-info",
+ "sha2 0.10.6",
 "sp-api",
 "sp-application-crypto",
 "sp-core",
@@ -11602,6 +11609,7 @@ dependencies = [
 "sp-runtime-interface",
 "sp-std",
 "thiserror",
+ "x25519-dalek 2.0.0-pre.1",
 ]

 [[package]]
@@ -241,6 +241,7 @@ pub fn new_partial(
 		&config.data_path,
 		Default::default(),
 		client.clone(),
+		keystore_container.local_keystore(),
 		config.prometheus_registry(),
 		&task_manager.spawn_handle(),
 	)
@@ -400,7 +400,7 @@ mod tests {
 			},
 		);

-		let Some(output) = output else { return } ;
+		let Some(output) = output else { return };

 		let stderr = dbg!(String::from_utf8(output.stderr).unwrap());

@@ -26,6 +26,7 @@ use std::io;
 /// Local keystore implementation
 mod local;
 pub use local::LocalKeystore;
+pub use sp_keystore::Keystore;

 /// Keystore error.
 #[derive(Debug, thiserror::Error)]
@@ -548,7 +548,7 @@ impl NetworkBehaviour for DiscoveryBehaviour {
 		addresses: &[Multiaddr],
 		effective_role: Endpoint,
 	) -> Result<Vec<Multiaddr>, ConnectionDenied> {
-		let Some(peer_id) = maybe_peer else { return Ok(Vec::new()); };
+		let Some(peer_id) = maybe_peer else { return Ok(Vec::new()) };

 		let mut list = self
 			.permanent_addresses
@@ -658,9 +658,7 @@ impl ProtocolController {
 	/// disconnected, `Ok(false)` if it wasn't found, `Err(PeerId)`, if the peer found, but not in
 	/// connected state.
 	fn drop_reserved_peer(&mut self, peer_id: &PeerId) -> Result<bool, PeerId> {
-		let Some(state) = self.reserved_nodes.get_mut(peer_id) else {
-			return Ok(false)
-		};
+		let Some(state) = self.reserved_nodes.get_mut(peer_id) else { return Ok(false) };

 		if let PeerState::Connected(direction) = state {
 			trace!(
@@ -678,9 +676,7 @@ impl ProtocolController {
 	/// Try dropping the peer as a regular peer. Return `true` if the peer was found and
 	/// disconnected, `false` if it wasn't found.
 	fn drop_regular_peer(&mut self, peer_id: &PeerId) -> bool {
-		let Some(direction) = self.nodes.remove(peer_id) else {
-			return false
-		};
+		let Some(direction) = self.nodes.remove(peer_id) else { return false };

 		trace!(
 			target: LOG_TARGET,
@@ -162,7 +162,8 @@ where
 			},
 		};
 		// Keep track of the subscription.
-		let Some(rx_stop) = self.subscriptions.insert_subscription(sub_id.clone(), with_runtime) else {
+		let Some(rx_stop) = self.subscriptions.insert_subscription(sub_id.clone(), with_runtime)
+		else {
 			// Inserting the subscription can only fail if the JsonRPSee
 			// generated a duplicate subscription ID.
 			debug!(target: LOG_TARGET, "[follow][id={:?}] Subscription already accepted", sub_id);
@@ -339,9 +339,7 @@ where
 		let mut events = Vec::new();

 		// Nothing to be done if no finalized hashes are provided.
-		let Some(first_hash) = finalized_block_hashes.get(0) else {
-			return Ok(Default::default())
-		};
+		let Some(first_hash) = finalized_block_hashes.get(0) else { return Ok(Default::default()) };

 		// Find the parent header.
 		let Some(first_header) = self.client.header(*first_hash)? else {
@@ -328,9 +328,7 @@ impl<Block: BlockT, BE: Backend<Block>> SubscriptionsInner<Block, BE> {

 	/// Remove the subscription ID with associated pinned blocks.
 	pub fn remove_subscription(&mut self, sub_id: &str) {
-		let Some(mut sub) = self.subs.remove(sub_id) else {
-			return
-		};
+		let Some(mut sub) = self.subs.remove(sub_id) else { return };

 		// The `Stop` event can be generated only once.
 		sub.stop();
@@ -237,7 +237,7 @@ pub async fn build_system_rpc_future<
 		// Answer incoming RPC requests.
 		let Some(req) = rpc_rx.next().await else {
 			debug!("RPC requests stream has terminated, shutting down the system RPC future.");
-			return;
+			return
 		};

 		match req {
@@ -24,6 +24,7 @@ sp-blockchain = { version = "4.0.0-dev", path = "../../primitives/blockchain" }
 sp-core = { version = "21.0.0", path = "../../primitives/core" }
 sp-runtime = { version = "24.0.0", path = "../../primitives/runtime" }
 sc-client-api = { version = "4.0.0-dev", path = "../api" }
+sc-keystore = { version = "4.0.0-dev", path = "../../client/keystore" }

 [dev-dependencies]
 tempfile = "3.1.0"
@@ -54,9 +54,10 @@ pub use sp_statement_store::{Error, StatementStore, MAX_TOPICS};
 use metrics::MetricsLink as PrometheusMetrics;
 use parking_lot::RwLock;
 use prometheus_endpoint::Registry as PrometheusRegistry;
+use sc_keystore::LocalKeystore;
 use sp_api::ProvideRuntimeApi;
 use sp_blockchain::HeaderBackend;
-use sp_core::{hexdisplay::HexDisplay, traits::SpawnNamed, Decode, Encode};
+use sp_core::{crypto::UncheckedFrom, hexdisplay::HexDisplay, traits::SpawnNamed, Decode, Encode};
 use sp_runtime::traits::Block as BlockT;
 use sp_statement_store::{
 	runtime_api::{
@@ -201,6 +202,7 @@ pub struct Store {
 			+ Send
 			+ Sync,
 	>,
+	keystore: Arc<LocalKeystore>,
 	// Used for testing
 	time_override: Option<u64>,
 	metrics: PrometheusMetrics,
@@ -479,6 +481,7 @@ impl Store {
 		path: &std::path::Path,
 		options: Options,
 		client: Arc<Client>,
+		keystore: Arc<LocalKeystore>,
 		prometheus: Option<&PrometheusRegistry>,
 		task_spawner: &dyn SpawnNamed,
 	) -> Result<Arc<Store>>
@@ -493,7 +496,7 @@ impl Store {
 			+ 'static,
 		Client::Api: ValidateStatement<Block>,
 	{
-		let store = Arc::new(Self::new(path, options, client, prometheus)?);
+		let store = Arc::new(Self::new(path, options, client, keystore, prometheus)?);

 		// Perform periodic statement store maintenance
 		let worker_store = store.clone();
@@ -518,6 +521,7 @@ impl Store {
 		path: &std::path::Path,
 		options: Options,
 		client: Arc<Client>,
+		keystore: Arc<LocalKeystore>,
 		prometheus: Option<&PrometheusRegistry>,
 	) -> Result<Store>
 	where
@@ -566,6 +570,7 @@ impl Store {
 			db,
 			index: RwLock::new(Index::new(options)),
 			validate_fn,
+			keystore,
 			time_override: None,
 			metrics: PrometheusMetrics::new(prometheus),
 		};
@@ -768,7 +773,45 @@ impl StatementStore for Store {
 	/// Return the decrypted data of all known statements whose decryption key is identified as
 	/// `dest`. The key must be available to the client.
 	fn posted_clear(&self, match_all_topics: &[Topic], dest: [u8; 32]) -> Result<Vec<Vec<u8>>> {
-		self.collect_statements(Some(dest), match_all_topics, |statement| statement.into_data())
+		self.collect_statements(Some(dest), match_all_topics, |statement| {
+			if let (Some(key), Some(_)) = (statement.decryption_key(), statement.data()) {
+				let public: sp_core::ed25519::Public = UncheckedFrom::unchecked_from(key);
+				let public: sp_statement_store::ed25519::Public = public.into();
+				match self.keystore.key_pair::<sp_statement_store::ed25519::Pair>(&public) {
+					Err(e) => {
+						log::debug!(
+							target: LOG_TARGET,
+							"Keystore error: {:?}, for statement {:?}",
+							e,
+							HexDisplay::from(&statement.hash())
+						);
+						None
+					},
+					Ok(None) => {
+						log::debug!(
+							target: LOG_TARGET,
+							"Keystore is missing key for statement {:?}",
+							HexDisplay::from(&statement.hash())
+						);
+						None
+					},
+					Ok(Some(pair)) => match statement.decrypt_private(&pair.into_inner()) {
+						Ok(r) => r,
+						Err(e) => {
+							log::debug!(
+								target: LOG_TARGET,
+								"Decryption error: {:?}, for statement {:?}",
+								e,
+								HexDisplay::from(&statement.hash())
+							);
+							None
+						},
+					},
+				}
+			} else {
+				None
+			}
+		})
 	}

 	/// Submit a statement to the store. Validates the statement and returns validation result.
@@ -887,6 +930,7 @@ impl StatementStore for Store {
 #[cfg(test)]
 mod tests {
 	use crate::Store;
+	use sc_keystore::Keystore;
 	use sp_core::Pair;
 	use sp_statement_store::{
 		runtime_api::{InvalidStatement, ValidStatement, ValidateStatement},
@@ -916,6 +960,7 @@ mod tests {
 			RuntimeApi { _inner: self.clone() }.into()
 		}
 	}
+
 	sp_api::mock_impl_runtime_apis! {
 		impl ValidateStatement<Block> for RuntimeApi {
 			fn validate_statement(
@@ -983,7 +1028,8 @@ mod tests {
 		let client = std::sync::Arc::new(TestClient);
 		let mut path: std::path::PathBuf = temp_dir.path().into();
 		path.push("db");
-		let store = Store::new(&path, Default::default(), client, None).unwrap();
+		let keystore = std::sync::Arc::new(sc_keystore::LocalKeystore::in_memory());
+		let store = Store::new(&path, Default::default(), client, keystore, None).unwrap();
 		(store, temp_dir) // return order is important. Store must be dropped before TempDir
 	}

@@ -1086,12 +1132,13 @@ mod tests {
 		assert_eq!(store.statements().unwrap().len(), 3);
 		assert_eq!(store.broadcasts(&[]).unwrap().len(), 3);
 		assert_eq!(store.statement(&statement1.hash()).unwrap(), Some(statement1.clone()));
+		let keystore = store.keystore.clone();
 		drop(store);

 		let client = std::sync::Arc::new(TestClient);
 		let mut path: std::path::PathBuf = temp.path().into();
 		path.push("db");
-		let store = Store::new(&path, Default::default(), client, None).unwrap();
+		let store = Store::new(&path, Default::default(), client, keystore, None).unwrap();
 		assert_eq!(store.statements().unwrap().len(), 3);
 		assert_eq!(store.broadcasts(&[]).unwrap().len(), 3);
 		assert_eq!(store.statement(&statement1.hash()).unwrap(), Some(statement1));
@@ -1196,7 +1243,6 @@ mod tests {
 			statement(2, 4, None, 1000).hash(),
 			statement(3, 4, Some(3), 300).hash(),
 			statement(3, 5, None, 500).hash(),
-			//statement(4, 6, None, 100).hash(),
 		];
 		expected_statements.sort();
 		let mut statements: Vec<_> =
@@ -1220,13 +1266,31 @@ mod tests {
 		store.set_time(DEFAULT_PURGE_AFTER_SEC + 1);
 		store.maintain();
 		assert_eq!(store.index.read().expired.len(), 0);
+		let keystore = store.keystore.clone();
 		drop(store);

 		let client = std::sync::Arc::new(TestClient);
 		let mut path: std::path::PathBuf = temp.path().into();
 		path.push("db");
-		let store = Store::new(&path, Default::default(), client, None).unwrap();
+		let store = Store::new(&path, Default::default(), client, keystore, None).unwrap();
 		assert_eq!(store.statements().unwrap().len(), 0);
 		assert_eq!(store.index.read().expired.len(), 0);
 	}
+
+	#[test]
+	fn posted_clear_decrypts() {
+		let (store, _temp) = test_store();
+		let public = store
+			.keystore
+			.ed25519_generate_new(sp_core::crypto::key_types::STATEMENT, None)
+			.unwrap();
+		let statement1 = statement(1, 1, None, 100);
+		let mut statement2 = statement(1, 2, None, 0);
+		let plain = b"The most valuable secret".to_vec();
+		statement2.encrypt(&plain, &public).unwrap();
+		store.submit(statement1, StatementSource::Network);
+		store.submit(statement2, StatementSource::Network);
+		let posted_clear = store.posted_clear(&[], public.into()).unwrap();
+		assert_eq!(posted_clear, vec![plain]);
+	}
 }
@@ -271,9 +271,7 @@ pub mod pallet {
 		///
 		/// Tries to come as close to the limit as possible.
 		pub(crate) fn waste_at_most_proof_size(meter: &mut WeightMeter) {
-			let Ok(n) = Self::calculate_proof_size_iters(&meter) else {
-				return;
-			};
+			let Ok(n) = Self::calculate_proof_size_iters(&meter) else { return };

 			meter.defensive_saturating_accrue(T::WeightInfo::waste_proof_size_some(n));

@@ -303,9 +301,7 @@ pub mod pallet {
 		///
 		/// Tries to come as close to the limit as possible.
 		pub(crate) fn waste_at_most_ref_time(meter: &mut WeightMeter) {
-			let Ok(n) = Self::calculate_ref_time_iters(&meter) else {
-				return;
-			};
+			let Ok(n) = Self::calculate_ref_time_iters(&meter) else { return };
 			meter.defensive_saturating_accrue(T::WeightInfo::waste_ref_time_iter(n));

 			let clobber = Self::waste_ref_time_iter(vec![0u8; 64], n);
@@ -166,11 +166,11 @@ fn ensure_valid_return_type(item_fn: &ItemFn) -> Result<()> {
 	if let ReturnType::Type(_, typ) = &item_fn.sig.output {
 		let non_unit = |span| return Err(Error::new(span, "expected `()`"));
 		let Type::Path(TypePath { path, qself: _ }) = &**typ else {
-				return Err(Error::new(
+			return Err(Error::new(
 					typ.span(),
 					"Only `Result<(), BenchmarkError>` or a blank return type is allowed on benchmark function definitions",
 				))
-			};
+		};
 		let seg = path
 			.segments
 			.last()
@@ -780,7 +780,7 @@ fn expand_benchmark(
 			let call_name = match *expr_call.func {
 				Expr::Path(expr_path) => {
 					// normal function call
-					let Some(segment) = expr_path.path.segments.last() else { return call_err(); };
+					let Some(segment) = expr_path.path.segments.last() else { return call_err() };
 					segment.ident.to_string()
 				},
 				Expr::Infer(_) => {
@@ -100,9 +100,7 @@ pub fn expand_outer_enum(
 	let enum_name_ident = Ident::new(enum_ty.struct_name(), Span::call_site());

 	for pallet_decl in pallet_decls {
-		let Some(pallet_entry) = pallet_decl.find_part(enum_name_str) else {
-			continue
-		};
+		let Some(pallet_entry) = pallet_decl.find_part(enum_name_str) else { continue };

 		let path = &pallet_decl.path;
 		let pallet_name = &pallet_decl.name;
@@ -88,9 +88,7 @@ pub fn generate_decl_runtime_metadata(decl: &ItemTrait) -> TokenStream2 {
 	let mut where_clause = Vec::new();
 	for item in &decl.items {
 		// Collect metadata for methods only.
-		let syn::TraitItem::Fn(method) = item else {
-			continue
-		};
+		let syn::TraitItem::Fn(method) = item else { continue };

 		// Collect metadata only for the latest methods.
 		let is_changed_in =
@@ -103,9 +101,7 @@ pub fn generate_decl_runtime_metadata(decl: &ItemTrait) -> TokenStream2 {
 		let signature = &method.sig;
 		for input in &signature.inputs {
 			// Exclude `self` from metadata collection.
-			let syn::FnArg::Typed(typed) = input else {
-				continue
-			};
+			let syn::FnArg::Typed(typed) = input else { continue };

 			let pat = &typed.pat;
 			let name = quote!(#pat).to_string();
@@ -153,9 +149,7 @@ pub fn generate_decl_runtime_metadata(decl: &ItemTrait) -> TokenStream2 {
 	// The trait generics where already extended with `Block: BlockT`.
 	let mut generics = decl.generics.clone();
 	for generic_param in generics.params.iter_mut() {
-		let syn::GenericParam::Type(ty) = generic_param else {
-			continue
-		};
+		let syn::GenericParam::Type(ty) = generic_param else { continue };

 		// Default type parameters are not allowed in functions.
 		ty.eq_token = None;
@@ -266,9 +266,7 @@ pub fn get_doc_literals(attrs: &[syn::Attribute]) -> Vec<syn::Lit> {
 	attrs
 		.iter()
 		.filter_map(|attr| {
-			let syn::Meta::NameValue(meta) = &attr.meta else {
-				return None
-			};
+			let syn::Meta::NameValue(meta) = &attr.meta else { return None };
 			let Ok(lit) = syn::parse2::<syn::Lit>(meta.value.to_token_stream()) else {
 				unreachable!("non-lit doc attribute values do not exist");
 			};
@@ -179,6 +179,13 @@ macro_rules! app_crypto_pair {
 		impl $crate::AppPair for Pair {
 			type Generic = $pair;
 		}
+
+		impl Pair {
+			/// Convert into wrapped generic key pair type.
+			pub fn into_inner(self) -> $pair {
+				self.0
+			}
+		}
 	};
 }

@@ -52,9 +52,7 @@ fn check<N>(f: N, n: N, d: N, r: Rounding)
 where
 	N: MultiplyRational + Into<u128> + Copy + core::fmt::Debug,
 {
-	let Some(got) = f.multiply_rational(n, d, r) else {
-		return;
-	};
+	let Some(got) = f.multiply_rational(n, d, r) else { return };

 	let (ae, be, ce) =
 		(Fraction::from(f.into()), Fraction::from(n.into()), Fraction::from(d.into()));
@@ -196,9 +196,7 @@ pub trait Backend<Block: BlockT>:
 		base_hash: Block::Hash,
 		import_lock: &RwLock<()>,
 	) -> Result<Option<Block::Hash>> {
-		let Some(base_header) = self.header(base_hash)? else {
-			return Ok(None)
-		};
+		let Some(base_header) = self.header(base_hash)? else { return Ok(None) };

 		let leaves = {
 			// ensure no blocks are imported during this code block.
@@ -57,7 +57,6 @@ sp-runtime-interface = { version = "17.0.0", default-features = false, path = ".
 w3f-bls = { version = "0.1.3", default-features = false, optional = true}

 [dev-dependencies]
-rand = "0.8.5"
 criterion = "0.4.0"
 serde_json = "1.0"
 sp-core-hashing-proc-macro = { version = "9.0.0", path = "./hashing/proc-macro" }
@@ -422,12 +422,8 @@ impl TraitPair for Pair {
 	///
 	/// Returns true if the signature is good.
 	fn verify<M: AsRef<[u8]>>(sig: &Self::Signature, message: M, public: &Self::Public) -> bool {
-		let Ok(public) = VerificationKey::try_from(public.as_slice()) else {
-			return false
-		};
-		let Ok(signature) = ed25519_zebra::Signature::try_from(sig.as_ref()) else {
-			return false
-		};
+		let Ok(public) = VerificationKey::try_from(public.as_slice()) else { return false };
+		let Ok(signature) = ed25519_zebra::Signature::try_from(sig.as_ref()) else { return false };
 		public.verify(&signature, message.as_ref()).is_ok()
 	}

@@ -505,12 +505,8 @@ impl TraitPair for Pair {
 	}

 	fn verify<M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: &Self::Public) -> bool {
-		let Ok(signature) = schnorrkel::Signature::from_bytes(sig.as_ref()) else {
-			return false
-		};
-		let Ok(public) = PublicKey::from_bytes(pubkey.as_ref()) else {
-			return false
-		};
+		let Ok(signature) = schnorrkel::Signature::from_bytes(sig.as_ref()) else { return false };
+		let Ok(public) = PublicKey::from_bytes(pubkey.as_ref()) else { return false };
 		public.verify_simple(SIGNING_CTX, message.as_ref(), &signature).is_ok()
 	}

@@ -776,9 +776,7 @@ pub trait Crypto {
 				return false
 			};

-			let Ok(sig) = ed25519_dalek::Signature::from_bytes(&sig.0) else {
-				return false
-			};
+			let Ok(sig) = ed25519_dalek::Signature::from_bytes(&sig.0) else { return false };

 			public_key.verify(msg, &sig).is_ok()
 		} else {
@@ -24,6 +24,15 @@ sp-runtime-interface = { version = "17.0.0", default-features = false, path = ".
 sp-externalities = { version = "0.19.0", default-features = false, path = "../externalities" }
 thiserror = { version = "1.0", optional = true }

+# ECIES dependencies
+ed25519-dalek = { version = "1.0", optional = true }
+x25519-dalek = { version = "2.0.0-pre.1", optional = true }
+curve25519-dalek = { version = "3.2", optional = true }
+aes-gcm = { version = "0.10", optional = true }
+hkdf = { version = "0.12.0", optional = true }
+sha2 = { version = "0.10.0", optional = true }
+rand = { version = "0.8.5", features = ["small_rng"],  optional = true }
+
 [features]
 default = ["std"]
 std = [
@@ -36,6 +45,14 @@ std = [
 	"sp-api/std",
 	"sp-application-crypto/std",
 	"thiserror",
+
+	"ed25519-dalek",
+	"x25519-dalek",
+	"curve25519-dalek",
+	"aes-gcm",
+	"hkdf",
+	"sha2",
+	"rand",
 ]
 serde = [
        "scale-info/serde",
@@ -0,0 +1,174 @@
+// This file is part of Substrate.
+
+// Copyright (C) Parity Technologies (UK) Ltd.
+// SPDX-License-Identifier: Apache-2.0
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// 	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// tag::description[]
+//! ECIES encryption scheme using x25519 key exchange and AEAD.
+// end::description[]
+
+use aes_gcm::{aead::Aead, AeadCore, KeyInit};
+use rand::rngs::OsRng;
+use sha2::Digest;
+use sp_core::crypto::Pair;
+
+/// x25519 secret key.
+pub type SecretKey = x25519_dalek::StaticSecret;
+/// x25519 public key.
+pub type PublicKey = x25519_dalek::PublicKey;
+
+/// Encryption or decryption error.
+#[derive(Debug, PartialEq, Eq, thiserror::Error)]
+pub enum Error {
+	/// Generic AES encryption error.
+	#[error("Encryption error")]
+	Encryption,
+	/// Generic AES decryption error.
+	#[error("Decryption error")]
+	Decryption,
+	/// Error reading key data. Not enough data in the buffer.
+	#[error("Bad cypher text")]
+	BadData,
+}
+
+const NONCE_LEN: usize = 12;
+const PK_LEN: usize = 32;
+const AES_KEY_LEN: usize = 32;
+
+fn aes_encrypt(key: &[u8; AES_KEY_LEN], nonce: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, Error> {
+	let enc = aes_gcm::Aes256Gcm::new(key.into());
+
+	enc.encrypt(nonce.into(), aes_gcm::aead::Payload { msg: plaintext, aad: b"" })
+		.map_err(|_| Error::Encryption)
+}
+
+fn aes_decrypt(key: &[u8; AES_KEY_LEN], nonce: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>, Error> {
+	let dec = aes_gcm::Aes256Gcm::new(key.into());
+	dec.decrypt(nonce.into(), aes_gcm::aead::Payload { msg: ciphertext, aad: b"" })
+		.map_err(|_| Error::Decryption)
+}
+
+fn kdf(shared_secret: &[u8]) -> [u8; AES_KEY_LEN] {
+	let hkdf = hkdf::Hkdf::<sha2::Sha256>::new(None, shared_secret);
+	let mut aes_key = [0u8; AES_KEY_LEN];
+	hkdf.expand(b"", &mut aes_key)
+		.expect("There's always enough data for derivation. qed.");
+	aes_key
+}
+
+/// Encrypt `plaintext` with the given public x25519 public key. Decryption can be performed with
+/// the matching secret key.
+pub fn encrypt_x25519(pk: &PublicKey, plaintext: &[u8]) -> Result<Vec<u8>, Error> {
+	let ephemeral_sk = x25519_dalek::StaticSecret::new(OsRng);
+	let ephemeral_pk = x25519_dalek::PublicKey::from(&ephemeral_sk);
+
+	let mut shared_secret = ephemeral_sk.diffie_hellman(pk).to_bytes().to_vec();
+	shared_secret.extend_from_slice(ephemeral_pk.as_bytes());
+
+	let aes_key = kdf(&shared_secret);
+
+	let nonce = aes_gcm::Aes256Gcm::generate_nonce(OsRng);
+	let ciphertext = aes_encrypt(&aes_key, &nonce, plaintext)?;
+
+	let mut out = Vec::with_capacity(ciphertext.len() + PK_LEN + NONCE_LEN);
+	out.extend_from_slice(ephemeral_pk.as_bytes());
+	out.extend_from_slice(nonce.as_slice());
+	out.extend_from_slice(ciphertext.as_slice());
+
+	Ok(out)
+}
+
+/// Encrypt `plaintext` with the given ed25519 public key. Decryption can be performed with the
+/// matching secret key.
+pub fn encrypt_ed25519(pk: &sp_core::ed25519::Public, plaintext: &[u8]) -> Result<Vec<u8>, Error> {
+	let ed25519 = curve25519_dalek::edwards::CompressedEdwardsY(pk.0);
+	let x25519 = ed25519.decompress().ok_or(Error::BadData)?.to_montgomery();
+	let montgomery = x25519_dalek::PublicKey::from(x25519.to_bytes());
+	encrypt_x25519(&montgomery, plaintext)
+}
+
+/// Decrypt with the given x25519 secret key.
+pub fn decrypt_x25519(sk: &SecretKey, encrypted: &[u8]) -> Result<Vec<u8>, Error> {
+	if encrypted.len() < PK_LEN + NONCE_LEN {
+		return Err(Error::BadData)
+	}
+	let mut ephemeral_pk: [u8; PK_LEN] = Default::default();
+	ephemeral_pk.copy_from_slice(&encrypted[0..PK_LEN]);
+	let ephemeral_pk = PublicKey::from(ephemeral_pk);
+
+	let mut shared_secret = sk.diffie_hellman(&ephemeral_pk).to_bytes().to_vec();
+	shared_secret.extend_from_slice(ephemeral_pk.as_bytes());
+
+	let aes_key = kdf(&shared_secret);
+
+	let nonce = &encrypted[PK_LEN..PK_LEN + NONCE_LEN];
+	aes_decrypt(&aes_key, &nonce, &encrypted[PK_LEN + NONCE_LEN..])
+}
+
+/// Decrypt with the given ed25519 key pair.
+pub fn decrypt_ed25519(pair: &sp_core::ed25519::Pair, encrypted: &[u8]) -> Result<Vec<u8>, Error> {
+	let raw = pair.to_raw_vec();
+	let hash: [u8; 32] = sha2::Sha512::digest(&raw).as_slice()[..32]
+		.try_into()
+		.map_err(|_| Error::Decryption)?;
+	let secret = x25519_dalek::StaticSecret::from(hash);
+	decrypt_x25519(&secret, encrypted)
+}
+
+#[cfg(test)]
+mod test {
+	use super::*;
+	use rand::rngs::OsRng;
+	use sp_core::crypto::Pair;
+
+	#[test]
+	fn basic_x25519_encryption() {
+		let sk = SecretKey::new(OsRng);
+		let pk = PublicKey::from(&sk);
+
+		let plain_message = b"An important secret message";
+		let encrypted = encrypt_x25519(&pk, plain_message).unwrap();
+
+		let decrypted = decrypt_x25519(&sk, &encrypted).unwrap();
+		assert_eq!(plain_message, decrypted.as_slice());
+	}
+
+	#[test]
+	fn basic_ed25519_encryption() {
+		let (pair, _) = sp_core::ed25519::Pair::generate();
+		let pk = pair.into();
+
+		let plain_message = b"An important secret message";
+		let encrypted = encrypt_ed25519(&pk, plain_message).unwrap();
+
+		let decrypted = decrypt_ed25519(&pair, &encrypted).unwrap();
+		assert_eq!(plain_message, decrypted.as_slice());
+	}
+
+	#[test]
+	fn fails_on_bad_data() {
+		let sk = SecretKey::new(OsRng);
+		let pk = PublicKey::from(&sk);
+
+		let plain_message = b"An important secret message";
+		let encrypted = encrypt_x25519(&pk, plain_message).unwrap();
+
+		assert_eq!(decrypt_x25519(&sk, &[]), Err(Error::BadData));
+		assert_eq!(
+			decrypt_x25519(&sk, &encrypted[0..super::PK_LEN + super::NONCE_LEN - 1]),
+			Err(Error::BadData)
+		);
+	}
+}
@@ -49,6 +49,8 @@ pub use store_api::{
 	Error, NetworkPriority, Result, StatementSource, StatementStore, SubmitResult,
 };

+#[cfg(feature = "std")]
+mod ecies;
 pub mod runtime_api;
 #[cfg(feature = "std")]
 mod store_api;
@@ -61,12 +63,17 @@ mod sr25519 {
 	pub type Public = app_sr25519::Public;
 }

-mod ed25519 {
+/// Statement-store specific ed25519 crypto primitives.
+pub mod ed25519 {
 	mod app_ed25519 {
 		use sp_application_crypto::{app_crypto, ed25519, key_types::STATEMENT};
 		app_crypto!(ed25519, STATEMENT);
 	}
+	/// Statement-store specific ed25519 public key.
 	pub type Public = app_ed25519::Public;
+	/// Statement-store specific ed25519 key pair.
+	#[cfg(feature = "std")]
+	pub type Pair = app_ed25519::Pair;
 }

 mod ecdsa {
@@ -507,6 +514,28 @@ impl Statement {
 		}
 		output
 	}
+
+	/// Encrypt give data with given key and store both in the statements.
+	#[cfg(feature = "std")]
+	pub fn encrypt(
+		&mut self,
+		data: &[u8],
+		key: &sp_core::ed25519::Public,
+	) -> core::result::Result<(), ecies::Error> {
+		let encrypted = ecies::encrypt_ed25519(key, data)?;
+		self.data = Some(encrypted);
+		self.decryption_key = Some((*key).into());
+		Ok(())
+	}
+
+	/// Decrypt data (if any) with the given private key.
+	#[cfg(feature = "std")]
+	pub fn decrypt_private(
+		&self,
+		key: &sp_core::ed25519::Pair,
+	) -> core::result::Result<Option<Vec<u8>>, ecies::Error> {
+		self.data.as_ref().map(|d| ecies::decrypt_ed25519(key, d)).transpose()
+	}
 }

 #[cfg(test)]
@@ -615,4 +644,18 @@ mod test {
 		statement.remove_proof();
 		assert_eq!(statement.verify_signature(), SignatureVerificationResult::NoSignature);
 	}
+
+	#[test]
+	fn encrypt_decrypt() {
+		let mut statement = Statement::new();
+		let (pair, _) = sp_core::ed25519::Pair::generate();
+		let plain = b"test data".to_vec();
+
+		//let sr25519_kp = sp_core::sr25519::Pair::from_string("//Alice", None).unwrap();
+		statement.encrypt(&plain, &pair.public()).unwrap();
+		assert_ne!(plain.as_slice(), statement.data().unwrap().as_slice());
+
+		let decrypted = statement.decrypt_private(&pair).unwrap();
+		assert_eq!(decrypted, Some(plain));
+	}
 }
@@ -222,7 +222,7 @@ fn get_rustup_command() -> Option<CargoCommand> {
 			continue
 		}

-		let Some(cargo_version) = cmd.version() else { continue; };
+		let Some(cargo_version) = cmd.version() else { continue };

 		versions.push((cargo_version, rustup_version.to_string()));
 	}