feat: improve message encryption (#5288)

Description
---
Improves message encryption using key-blinding signatures. Updates
`tari-crypto` to the [latest
version](https://crates.io/crates/tari_crypto/0.16.12) for proper
compatibility.

Closes [issue 5255](#5255).

Motivation and Context
---
Currently, message encryption uses an encrypted signature. A [recent
formalization](https://eprint.iacr.org/2023/380) of key-blinding
signatures offers an interesting new approach that allows any network
node to verify an unencrypted signature on a masked key. This PR updates
message encryption to use such a design.

How Has This Been Tested?
---
Existing, modified, and new tests pass.

What process can a PR reviewer use to test or verify this change?
---
Examine and run tests. Assert that message encryption follows [these
flowcharts](#5255 (comment)).

Breaking Changes
---
None. While existing messages will not verify, this should not affect
new messages that use the updated design.

applications/tari_app_grpc/Cargo.toml

@@ -11,7 +11,7 @@ edition = "2018"
 tari_common_types = {  path = "../../base_layer/common_types" }
 tari_comms = { path = "../../comms/core" }
 tari_core = { path = "../../base_layer/core" }
-tari_crypto = { version="0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_script = { path = "../../infrastructure/tari_script" }
 tari_utilities = { version = "0.4.10"}
 

applications/tari_base_node/Cargo.toml

@@ -15,7 +15,7 @@ tari_comms = { path = "../../comms/core", features = ["rpc"] }
 tari_common_types = { path = "../../base_layer/common_types" }
 tari_comms_dht = { path = "../../comms/dht" }
 tari_core = { path = "../../base_layer/core", default-features = false, features = ["transactions"] }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_libtor = { path = "../../infrastructure/libtor", optional = true }
 tari_p2p = { path = "../../base_layer/p2p", features = ["auto-update"] }
 tari_storage = {path="../../infrastructure/storage"}

applications/tari_console_wallet/Cargo.toml

@@ -13,7 +13,7 @@ tari_common_types = { path = "../../base_layer/common_types" }
 tari_comms = { path = "../../comms/core" }
 tari_comms_dht = { path = "../../comms/dht" }
 tari_contacts = { path = "../../base_layer/contacts" }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_key_manager = { path = "../../base_layer/key_manager" }
 tari_libtor = { path = "../../infrastructure/libtor", optional = true }
 tari_p2p = { path = "../../base_layer/p2p", features = ["auto-update"] }

applications/tari_miner/Cargo.toml

@@ -14,7 +14,7 @@ tari_common_types = { path = "../../base_layer/common_types" }
 tari_comms = { path = "../../comms/core" }
 tari_app_utilities = { path = "../tari_app_utilities" }
 tari_app_grpc = { path = "../tari_app_grpc" }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_utilities = "0.4.10"
 
 borsh = "0.9.3"

base_layer/common_types/Cargo.toml

@@ -7,7 +7,7 @@ version = "0.50.0-pre.0"
 edition = "2018"
 
 [dependencies]
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_utilities = "0.4.10"
 # TODO: remove this dependency and move Network into tari_common_types
 tari_common = {  path = "../../common" }

base_layer/contacts/Cargo.toml

@@ -12,7 +12,7 @@ tari_common_sqlite = { path = "../../common_sqlite" }
 tari_common_types = {  path = "../../base_layer/common_types" }
 tari_comms = {  path = "../../comms/core" }
 tari_comms_dht = { path = "../../comms/dht" }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_p2p = {  path = "../p2p", features = ["auto-update"] }
 tari_service_framework = {  path = "../service_framework" }
 tari_shutdown = {  path = "../../infrastructure/shutdown" }

base_layer/core/Cargo.toml

@@ -24,7 +24,7 @@ tari_common_types = {  path = "../../base_layer/common_types" }
 tari_comms = {  path = "../../comms/core" }
 tari_comms_dht = {  path = "../../comms/dht" }
 tari_comms_rpc_macros = {  path = "../../comms/rpc_macros" }
-tari_crypto = { version="0.16.11", features = ["borsh"] }
+tari_crypto = { version = "0.16.12", features = ["borsh"] }
 tari_metrics = { path = "../../infrastructure/metrics" }
 tari_mmr = {  path = "../../base_layer/mmr", optional = true, features = ["native_bitmap"] }
 tari_p2p = {  path = "../../base_layer/p2p" }

base_layer/key_manager/Cargo.toml

@@ -12,7 +12,7 @@ crate-type = ["lib", "cdylib"]
 
 # NB: All dependencies must support or be gated for the WASM target.
 [dependencies]
-tari_crypto = "0.16.11"
+tari_crypto = {version = "0.16.12"}
 tari_utilities = "0.4.10"
 tari_common_sqlite = { path = "../../common_sqlite" }
 tari_common_types = {  path = "../../base_layer/common_types"}

base_layer/mmr/Cargo.toml

@@ -14,7 +14,7 @@ benches = ["criterion"]
 
 [dependencies]
 tari_utilities = "0.4.10"
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_common = {path = "../../common"}
 thiserror = "1.0.26"
 borsh = "0.9.3"

base_layer/p2p/Cargo.toml

@@ -13,7 +13,7 @@ edition = "2018"
 tari_comms = {  path = "../../comms/core" }
 tari_comms_dht = {  path = "../../comms/dht" }
 tari_common = {  path = "../../common" }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_service_framework = {  path = "../service_framework" }
 tari_shutdown = {  path = "../../infrastructure/shutdown" }
 tari_storage = {  path = "../../infrastructure/storage" }

base_layer/tari_mining_helper_ffi/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2018"
 
 [dependencies]
 tari_comms = {  path = "../../comms/core" }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_common = {  path = "../../common" }
 tari_core = {  path = "../core", default-features = false, features = ["transactions"]}
 tari_utilities = "0.4.10"

base_layer/wallet/Cargo.toml

@@ -12,7 +12,7 @@ tari_common = { path = "../../common" }
 tari_common_types = {  path = "../../base_layer/common_types" }
 tari_comms = {  path = "../../comms/core" }
 tari_comms_dht = {  path = "../../comms/dht" }
-tari_crypto = "0.16.11"
+tari_crypto = { version = "0.16.12"}
 tari_key_manager = {  path = "../key_manager", features = ["key_manager_service"] }
 tari_p2p = {  path = "../p2p", features = ["auto-update"] }
 tari_script = { path = "../../infrastructure/tari_script" }

base_layer/wallet_ffi/Cargo.toml

@@ -12,7 +12,7 @@ tari_common = { path="../../common" }
 tari_common_types = { path="../common_types" }
 tari_comms = {  path = "../../comms/core", features = ["c_integration"]}
 tari_comms_dht = {  path = "../../comms/dht", default-features = false }
-tari_crypto = { version="0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_key_manager = {  path = "../key_manager" }
 tari_p2p = {  path = "../p2p" }
 tari_script = { path = "../../infrastructure/tari_script" }

common/Cargo.toml

@@ -14,7 +14,7 @@ build = ["toml", "prost-build"]
 static-application-info = ["git2"]
 
 [dependencies]
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 
 anyhow = "1.0.53"
 config = { version = "0.13.0", default_features = false, features = ["toml"] }

comms/core/Cargo.toml

@@ -10,7 +10,7 @@ version = "0.50.0-pre.0"
 edition = "2018"
 
 [dependencies]
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_metrics = { path = "../../infrastructure/metrics" }
 tari_storage = {  path = "../../infrastructure/storage" }
 tari_shutdown = {  path = "../../infrastructure/shutdown" }

comms/dht/Cargo.toml

@@ -13,7 +13,7 @@ edition = "2018"
 tari_comms = {  path = "../core", features = ["rpc"] }
 tari_common = { path = "../../common" }
 tari_comms_rpc_macros = {  path = "../rpc_macros" }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = { version = "0.16.12"}
 tari_utilities = "0.4.10"
 tari_shutdown = {  path = "../../infrastructure/shutdown" }
 tari_storage = {  path = "../../infrastructure/storage" }

comms/dht/src/dht.rs

@@ -508,6 +508,7 @@ mod test {
         let mut service = dht.inbound_middleware_layer().layer(SinkService::new(out_tx));
 
         let msg = wrap_in_envelope_body!(b"secret".to_vec());
+        // Don't encrypt
         let dht_envelope = make_dht_envelope(
             &node_identity,
             &msg,
@@ -540,10 +541,11 @@ mod test {
         peer_manager.add_peer(node_identity.to_peer()).await.unwrap();
 
         // Dummy out channel, we are not testing outbound here.
-        let (out_tx, _out_rx) = mpsc::channel(10);
+        let (out_tx, _) = mpsc::channel(10);
 
         let shutdown = Shutdown::new();
         let dht = Dht::builder()
+            .local_test()
             .with_outbound_sender(out_tx)
             .build(
                 Arc::clone(&node_identity),
@@ -619,7 +621,7 @@ mod test {
         let ecdh_key = CommsDHKE::new(node_identity2.secret_key(), node_identity2.public_key());
         let key_message = crypt::generate_key_message(&ecdh_key);
         let mut encrypted_bytes = msg.encode_into_bytes_mut();
-        crypt::encrypt_message(&key_message, &mut encrypted_bytes).unwrap();
+        crypt::encrypt_message(&key_message, &mut encrypted_bytes, b"test associated data").unwrap();
         let dht_envelope = make_dht_envelope(
             &node_identity2,
             &encrypted_bytes.to_vec(),

comms/dht/src/envelope.rs

@@ -140,8 +140,6 @@ impl DhtMessageType {
 pub struct DhtMessageHeader {
     pub version: DhtProtocolVersion,
     pub destination: NodeDestination,
-    /// Encoded MessageSignature. Depending on message flags, this may be encrypted. This can refer to the same peer
-    /// that sent the message or another peer if the message is being propagated.
     pub message_signature: Vec<u8>,
     pub ephemeral_public_key: Option<CommsPublicKey>,
     pub message_type: DhtMessageType,