How Tessera works
Private Transaction flow between Quorum and Tessera
Each Tessera node hosts a number of public/private key pairs, with the public keys advertised over a public API.
A node is able to determine all nodes in the network by being provided the information of at least one node on start-up:
- When a node starts up, it will reach out to the nodes that it has been provided the details of.
- Each of these nodes will share the list of peers they know of to the new node.
- The new node will then reach out to the peers in this list, sharing details of the nodes it knows about and receiving details of the nodes they know about.
- In this way, a node will eventually have the details of each node in the network.
On startup, a node will also retrieve all transactions from its peers where it is a participant. This is used to ensure that it is full in sync.
A heartbeat is sent between Tessera nodes every two seconds to ensure synchronization. Each node will maintain the same public key registry after synchronization and can start sending messages to any known public key.
When a Quorum node starts up, it connects to its local Tessera node, enabling it to process private transactions.
When Quorum sends private transactions to its local Tessera node:
The local node validates the sender's public key.
The local node checks if it has the corresponding private key and once validated encrypts the payload by:
- Generating a symmetric key and random nonce.
- Generating a recipient nonce.
- Encrypting the payload using the symmetric key and random nonce.
- Hashing the encrypted payload using the SHA3 algorithm.
- For each recipient, encrypting the symmetric key with the corresponding recipient nonce and recipient public key.
The local node stores the payload locally and transmits to each recipient:
- The encrypted payload
- The encrypted symmetric key
- The random and recipient nonce
Each recipient will regenerate the hash using the same algorithm.
Once all recipient Tessera nodes have confirmed receipt and storage of the payload, the local node returns the hash of the encrypted payload to the Quorum node.
Quorum propagates the transaction hash to the network using the Ethereum P2P protocol.
A block containing this transaction hash will be created and distributed across the network.
Every Quorum node will attempt to process this transaction
- Each Quorum node's Tessera node will look for the transaction hash in its local DB and abort if not found.
- If found, the node will use the private key stored for that sender to decrypt the symmetric key.
- The symmetric key will be used to decrypt the transaction payload and store this data in its private store DB.