Go implementation of encrypt/decrypt and ECDH to work together with the circuits

.github/workflows/e2e.yaml

@@ -41,9 +41,18 @@ jobs:
         run: |
           npm install -g snarkjs
 
-      - name: Checkout circuits
+      - name: Checkout Zeto
         uses: actions/checkout@v4
         with:
+          path: zeto
+          fetch-depth: 0
+
+      - name: Checkout kaleido's fork of go-iden3-crypto
+        uses: actions/checkout@v3
+        with:
+          path: go-iden3-crypto
+          repository: kaleido-io/go-iden3-crypto
+          ref: multi-states
           fetch-depth: 0
 
       - name: Setup temp dir for the artifacts
@@ -55,7 +64,7 @@ jobs:
           CIRCUITS_ROOT: ${{ runner.temp }}/zeto-artifacts
           PROVING_KEYS_ROOT: ${{ runner.temp }}/zeto-artifacts
           PTAU_DOWNLOAD_PATH: ${{ runner.temp }}/zeto-artifacts
-        working-directory: zkp/circuits
+        working-directory: zeto/zkp/circuits
         run: |
           npm install
           npm run gen
@@ -64,15 +73,15 @@ jobs:
         env:
           PROVING_KEYS_ROOT: ${{ runner.temp }}/zeto-artifacts
           CIRCUITS_ROOT: ${{ runner.temp }}/zeto-artifacts
-        working-directory: go-sdk
+        working-directory: zeto/go-sdk
         run: |
           make e2e
 
       - name: Run js e2e tests
         env:
           PROVING_KEYS_ROOT: ${{ runner.temp }}/zeto-artifacts
           CIRCUITS_ROOT: ${{ runner.temp }}/zeto-artifacts
-        working-directory: zkp/js
+        working-directory: zeto/zkp/js
         run: |
           npm install
           npm run test:e2e
@@ -81,7 +90,7 @@ jobs:
         env:
           PROVING_KEYS_ROOT: ${{ runner.temp }}/zeto-artifacts
           CIRCUITS_ROOT: ${{ runner.temp }}/zeto-artifacts
-        working-directory: solidity
+        working-directory: zeto/solidity
         run: |
           npm install
           npm t
@@ -91,7 +100,7 @@ jobs:
           USE_FACTORY: true
           PROVING_KEYS_ROOT: ${{ runner.temp }}/zeto-artifacts
           CIRCUITS_ROOT: ${{ runner.temp }}/zeto-artifacts
-        working-directory: solidity
+        working-directory: zeto/solidity
         run: |
           npm install
           npm t

.github/workflows/golang.yaml

@@ -28,5 +28,5 @@ jobs:
 
       - uses: codecov/codecov-action@v4
         with:
-          codecov_yml_path: ./codecov.yml
+          codecov_yml_path: ./go-sdk/coverage.txt
           token: ${{ secrets.CODECOV_TOKEN }}

go-sdk/go.mod

@@ -32,8 +32,8 @@ require (
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/x-cray/logrus-prefixed-formatter v0.5.2 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/term v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/term v0.24.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 )
 
@@ -46,10 +46,12 @@ require (
 	github.com/iden3/go-rapidsnark/types v0.0.2 // indirect
 	github.com/iden3/go-rapidsnark/witness/v2 v2.0.0
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gorm.io/driver/postgres v1.5.9
 	gorm.io/driver/sqlite v1.5.6
 	gorm.io/gorm v1.25.11
 )
+
+replace github.com/iden3/go-iden3-crypto => github.com/kaleido-io/go-iden3-crypto v0.0.0-20240905154504-333f60687c26

go-sdk/go.sum

@@ -25,8 +25,6 @@ github.com/hyperledger/firefly-common v1.4.6 h1:qqXoSaRml3WjUnWcWxrrXs5AIOWa+UcM
 github.com/hyperledger/firefly-common v1.4.6/go.mod h1:jkErZdQmC9fsAJZQO427tURdwB9iiW+NMUZSqS3eBIE=
 github.com/hyperledger/firefly-signer v1.1.13 h1:eiHjc6HPRG8AzXUCUgm51qqX1I9BokiuiiqJ89XwK4M=
 github.com/hyperledger/firefly-signer v1.1.13/go.mod h1:pK6kivzBFSue3zpJSQpH67VasnLLbwBJOBUNv0zHbRA=
-github.com/iden3/go-iden3-crypto v0.0.16 h1:zN867xiz6HgErXVIV/6WyteGcOukE9gybYTorBMEdsk=
-github.com/iden3/go-iden3-crypto v0.0.16/go.mod h1:dLpM4vEPJ3nDHzhWFXDjzkn1qHoBeOT/3UEhXsEsP3E=
 github.com/iden3/go-rapidsnark/prover v0.0.10 h1:NvOfRPpex/k646UsqOcUy7a7uVl17t4ok9kWvpQg4+k=
 github.com/iden3/go-rapidsnark/prover v0.0.10/go.mod h1:wgDsmKOGCuWGtgVtuW9ARWNguNr4NJAIyg2G7+uTax0=
 github.com/iden3/go-rapidsnark/types v0.0.2 h1:CjJSrlbWchHzuMRdxSYrEh7n/akP+Z2PLNbwT5yBmQY=
@@ -49,6 +47,8 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/kaleido-io/go-iden3-crypto v0.0.0-20240905154504-333f60687c26 h1:WHlF6wdeN4sJ9iB38fLpIm0tugEwmBzoxgWIHXXd1qU=
+github.com/kaleido-io/go-iden3-crypto v0.0.0-20240905154504-333f60687c26/go.mod h1:dLpM4vEPJ3nDHzhWFXDjzkn1qHoBeOT/3UEhXsEsP3E=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -88,21 +88,21 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/x-cray/logrus-prefixed-formatter v0.5.2 h1:00txxvfBM9muc0jiLIEAkAcIMJzfthRT6usrui8uGmg=
 github.com/x-cray/logrus-prefixed-formatter v0.5.2/go.mod h1:2duySbKsL6M18s5GU7VPsoEPHyzalCE06qoARUCeBBE=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
-golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
+golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

go-sdk/integration-test/db_test.go

@@ -22,11 +22,11 @@ import (
 	"testing"
 
 	"github.com/hyperledger-labs/zeto/go-sdk/internal/testutils"
+	"github.com/hyperledger-labs/zeto/go-sdk/pkg/crypto"
 	"github.com/hyperledger-labs/zeto/go-sdk/pkg/sparse-merkle-tree/core"
 	"github.com/hyperledger-labs/zeto/go-sdk/pkg/sparse-merkle-tree/node"
 	"github.com/hyperledger-labs/zeto/go-sdk/pkg/sparse-merkle-tree/smt"
 	"github.com/hyperledger-labs/zeto/go-sdk/pkg/sparse-merkle-tree/storage"
-	"github.com/hyperledger-labs/zeto/go-sdk/pkg/utxo"
 	"github.com/stretchr/testify/assert"
 	"gorm.io/driver/postgres"
 	"gorm.io/driver/sqlite"
@@ -68,7 +68,7 @@ func TestSqliteStorage(t *testing.T) {
 	uriString := "https://example.com/token/1001"
 	assert.NoError(t, err)
 	sender := testutils.NewKeypair()
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 
 	utxo1 := node.NewNonFungible(tokenId, uriString, sender.PublicKey, salt1)
 	n1, err := node.NewLeafNode(utxo1)
@@ -116,7 +116,7 @@ func TestPostgresStorage(t *testing.T) {
 	tokenUri := "https://example.com/token/1001"
 	assert.NoError(t, err)
 	sender := testutils.NewKeypair()
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 
 	utxo1 := node.NewNonFungible(tokenId, tokenUri, sender.PublicKey, salt1)
 	n1, err := node.NewLeafNode(utxo1)

go-sdk/integration-test/e2e_test.go

@@ -26,6 +26,7 @@ import (
 	"time"
 
 	"github.com/hyperledger-labs/zeto/go-sdk/internal/testutils"
+	"github.com/hyperledger-labs/zeto/go-sdk/pkg/crypto"
 	keyscore "github.com/hyperledger-labs/zeto/go-sdk/pkg/key-manager/core"
 	"github.com/hyperledger-labs/zeto/go-sdk/pkg/key-manager/key"
 	"github.com/hyperledger-labs/zeto/go-sdk/pkg/sparse-merkle-tree/node"
@@ -124,15 +125,15 @@ func TestZeto_1_SuccessfulProving(t *testing.T) {
 	inputValues := []*big.Int{big.NewInt(30), big.NewInt(40)}
 	outputValues := []*big.Int{big.NewInt(32), big.NewInt(38)}
 
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 	input1, _ := poseidon.Hash([]*big.Int{inputValues[0], salt1, sender.PublicKey.X, sender.PublicKey.Y})
-	salt2 := utxo.NewSalt()
+	salt2 := crypto.NewSalt()
 	input2, _ := poseidon.Hash([]*big.Int{inputValues[1], salt2, sender.PublicKey.X, sender.PublicKey.Y})
 	inputCommitments := []*big.Int{input1, input2}
 
-	salt3 := utxo.NewSalt()
+	salt3 := crypto.NewSalt()
 	output1, _ := poseidon.Hash([]*big.Int{outputValues[0], salt3, receiver.PublicKey.X, receiver.PublicKey.Y})
-	salt4 := utxo.NewSalt()
+	salt4 := crypto.NewSalt()
 	output2, _ := poseidon.Hash([]*big.Int{outputValues[1], salt4, sender.PublicKey.X, sender.PublicKey.Y})
 	outputCommitments := []*big.Int{output1, output2}
 
@@ -185,19 +186,19 @@ func TestZeto_2_SuccessfulProving(t *testing.T) {
 	inputValues := []*big.Int{big.NewInt(30), big.NewInt(40)}
 	outputValues := []*big.Int{big.NewInt(32), big.NewInt(38)}
 
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 	input1, _ := poseidon.Hash([]*big.Int{inputValues[0], salt1, sender.PublicKey.X, sender.PublicKey.Y})
-	salt2 := utxo.NewSalt()
+	salt2 := crypto.NewSalt()
 	input2, _ := poseidon.Hash([]*big.Int{inputValues[1], salt2, sender.PublicKey.X, sender.PublicKey.Y})
 	inputCommitments := []*big.Int{input1, input2}
 
-	salt3 := utxo.NewSalt()
+	salt3 := crypto.NewSalt()
 	output1, _ := poseidon.Hash([]*big.Int{outputValues[0], salt3, receiver.PublicKey.X, receiver.PublicKey.Y})
-	salt4 := utxo.NewSalt()
+	salt4 := crypto.NewSalt()
 	output2, _ := poseidon.Hash([]*big.Int{outputValues[1], salt4, sender.PublicKey.X, sender.PublicKey.Y})
 	outputCommitments := []*big.Int{output1, output2}
 
-	encryptionNonce := utxo.NewEncryptionNonce()
+	encryptionNonce := crypto.NewEncryptionNonce()
 
 	witnessInputs := map[string]interface{}{
 		"inputCommitments":      inputCommitments,
@@ -224,6 +225,30 @@ func TestZeto_2_SuccessfulProving(t *testing.T) {
 	assert.Equal(t, 3, len(proof.Proof.B))
 	assert.Equal(t, 3, len(proof.Proof.C))
 	assert.Equal(t, 9, len(proof.PubSignals))
+
+	// the receiver would be able to get the encrypted values and salts
+	// from the transaction events
+	encryptedValues := make([]*big.Int, 4)
+	for i := 0; i < 4; i++ {
+		v, ok := new(big.Int).SetString(proof.PubSignals[i], 10)
+		assert.True(t, ok)
+		encryptedValues[i] = v
+	}
+
+	// the first two elements in the public signals are the encrypted value and salt
+	// for the first output. decrypt using the receiver's private key and compare with
+	// the UTXO hash
+	secret := crypto.GenerateECDHSharedSecret(receiver.PrivateKey, sender.PublicKey)
+	decrypted, err := crypto.PoseidonDecrypt(encryptedValues, []*big.Int{secret.X, secret.Y}, encryptionNonce, 2)
+	assert.NoError(t, err)
+	assert.Equal(t, outputValues[0].String(), decrypted[0].String())
+	assert.Equal(t, salt3.String(), decrypted[1].String())
+
+	// as the receiver, to check if the decryption was successful, we hash the decrypted
+	// value and salt and compare with the output commitment
+	calculatedHash, err := poseidon.Hash([]*big.Int{decrypted[0], decrypted[1], receiver.PublicKey.X, receiver.PublicKey.Y})
+	assert.NoError(t, err)
+	assert.Equal(t, output1.String(), calculatedHash.String())
 }
 
 func TestZeto_3_SuccessfulProving(t *testing.T) {
@@ -237,9 +262,9 @@ func TestZeto_3_SuccessfulProving(t *testing.T) {
 	inputValues := []*big.Int{big.NewInt(30), big.NewInt(40)}
 	outputValues := []*big.Int{big.NewInt(32), big.NewInt(38)}
 
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 	input1, _ := poseidon.Hash([]*big.Int{inputValues[0], salt1, sender.PublicKey.X, sender.PublicKey.Y})
-	salt2 := utxo.NewSalt()
+	salt2 := crypto.NewSalt()
 	input2, _ := poseidon.Hash([]*big.Int{inputValues[1], salt2, sender.PublicKey.X, sender.PublicKey.Y})
 	inputCommitments := []*big.Int{input1, input2}
 
@@ -268,9 +293,9 @@ func TestZeto_3_SuccessfulProving(t *testing.T) {
 	circomProof2, err := proof2.ToCircomVerifierProof(input2, input2, mt.Root(), MAX_HEIGHT)
 	assert.NoError(t, err)
 
-	salt3 := utxo.NewSalt()
+	salt3 := crypto.NewSalt()
 	output1, _ := poseidon.Hash([]*big.Int{outputValues[0], salt3, receiver.PublicKey.X, receiver.PublicKey.Y})
-	salt4 := utxo.NewSalt()
+	salt4 := crypto.NewSalt()
 	output2, _ := poseidon.Hash([]*big.Int{outputValues[1], salt4, sender.PublicKey.X, sender.PublicKey.Y})
 	outputCommitments := []*big.Int{output1, output2}
 
@@ -323,9 +348,9 @@ func TestZeto_4_SuccessfulProving(t *testing.T) {
 	inputValues := []*big.Int{big.NewInt(30), big.NewInt(40)}
 	outputValues := []*big.Int{big.NewInt(32), big.NewInt(38)}
 
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 	input1, _ := poseidon.Hash([]*big.Int{inputValues[0], salt1, sender.PublicKey.X, sender.PublicKey.Y})
-	salt2 := utxo.NewSalt()
+	salt2 := crypto.NewSalt()
 	input2, _ := poseidon.Hash([]*big.Int{inputValues[1], salt2, sender.PublicKey.X, sender.PublicKey.Y})
 	inputCommitments := []*big.Int{input1, input2}
 
@@ -354,13 +379,13 @@ func TestZeto_4_SuccessfulProving(t *testing.T) {
 	circomProof2, err := proof2.ToCircomVerifierProof(input2, input2, mt.Root(), MAX_HEIGHT)
 	assert.NoError(t, err)
 
-	salt3 := utxo.NewSalt()
+	salt3 := crypto.NewSalt()
 	output1, _ := poseidon.Hash([]*big.Int{outputValues[0], salt3, receiver.PublicKey.X, receiver.PublicKey.Y})
-	salt4 := utxo.NewSalt()
+	salt4 := crypto.NewSalt()
 	output2, _ := poseidon.Hash([]*big.Int{outputValues[1], salt4, sender.PublicKey.X, sender.PublicKey.Y})
 	outputCommitments := []*big.Int{output1, output2}
 
-	encryptionNonce := utxo.NewEncryptionNonce()
+	encryptionNonce := crypto.NewEncryptionNonce()
 
 	proof1Siblings := make([]*big.Int, len(circomProof1.Siblings)-1)
 	for i, s := range circomProof1.Siblings[0 : len(circomProof1.Siblings)-1] {
@@ -413,11 +438,11 @@ func TestZeto_5_SuccessfulProving(t *testing.T) {
 	tokenUri, err := utxo.HashTokenUri("https://example.com/token/1001")
 	assert.NoError(t, err)
 
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 	input1, err := poseidon.Hash([]*big.Int{tokenId, tokenUri, salt1, sender.PublicKey.X, sender.PublicKey.Y})
 	assert.NoError(t, err)
 
-	salt3 := utxo.NewSalt()
+	salt3 := crypto.NewSalt()
 	output1, err := poseidon.Hash([]*big.Int{tokenId, tokenUri, salt3, receiver.PublicKey.X, receiver.PublicKey.Y})
 	assert.NoError(t, err)
 
@@ -472,7 +497,7 @@ func TestZeto_6_SuccessfulProving(t *testing.T) {
 	tokenUri, err := utxo.HashTokenUri(uriString)
 	assert.NoError(t, err)
 
-	salt1 := utxo.NewSalt()
+	salt1 := crypto.NewSalt()
 	input1, err := poseidon.Hash([]*big.Int{tokenId, tokenUri, salt1, sender.PublicKey.X, sender.PublicKey.Y})
 	assert.NoError(t, err)
 
@@ -494,7 +519,7 @@ func TestZeto_6_SuccessfulProving(t *testing.T) {
 		proof1Siblings[i] = s.BigInt()
 	}
 
-	salt3 := utxo.NewSalt()
+	salt3 := crypto.NewSalt()
 	output1, err := poseidon.Hash([]*big.Int{tokenId, tokenUri, salt3, receiver.PublicKey.X, receiver.PublicKey.Y})
 	assert.NoError(t, err)
 

go-sdk/internal/crypto/ecdh.go

@@ -0,0 +1,24 @@
+// Copyright © 2024 Kaleido, Inc.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crypto
+
+import "github.com/iden3/go-iden3-crypto/babyjub"
+
+func GenerateECDHSharedSecret(privKey *babyjub.PrivateKey, pubKey *babyjub.PublicKey) *babyjub.Point {
+	privKeyForZkp := babyjub.SkToBigInt(privKey)
+	return babyjub.NewPoint().Mul(privKeyForZkp, pubKey.Point())
+}