###### tags: `Aztec Connect Specs`, `Ariel` **Disclaimer:** This documentation was written on sometime in 2021. It is intended to give readers a high-level understanding. The codebase is the canonical source of truth, and over time this document might fall behind the implementation details of the code. # Note encryption and decryption see `barretenberg.js/src/client_proofs/note.ts` ## Note encryption Let $apk$ be the account public key we want to send to. 1. A random field element $esk$ is chosen. We obtain a pair $(esk,epk=esk*[g])$ where $g$ is the Grumpkin generator fixed in the code as `one`. 2. The shared secret $S$ is then computed as $S\triangleq esk\cdot [apk]$. 3. The aes secret $A$ is then computed as $A\triangleq SHA256(S,1)$. The viewing hint (called viewing key in the code) is composed of An AES encryption $c$ with key $A$ of - first 8 bytes of aes iv $A.iv$ - 32 byte $note.value$ - 4 byte $note.assetId$ - 4 byte $note.nonce$ Together with the 64 byte $epk$ ## Note decryption and confirmation of receipt 1. The recipient gets a viewing hint $(c,epk)$ and note leaf/commitment $nc$ 2. He computes a shared secret $S= ask\cdot [epk]$. 3. He computes an AES secret $A=sha256(S)$, and $notesecret\triangleq (sha256(S,2), sha256(S,3))\;mod\;p$. 4. He decrypts $c$ with $A$. If the first 8 bytes of $c$ are different from $A.iv$ he rejects. 5. Otherwise, he parses from the decryption $note.value,note.assetId,note.nonce$. Let $note$ be a value note with these fields together with $note.secret$ and $(note.owner.x,note.owner.y)=apk$. 6. Check if $NC(note)=nc$. If this hold confirm reciept of $note$, otherwise reject.