Storing Encrypted Messages

Hello Tez Devs. I have some Tezos Smart Contract development knowledge. I’m trying to develop a DApp and really need your help.

I want users to be able to store encrypted messages on my DApp. But before submitting it to the network, this process must be verified by some users (like by signing the transaction).
After the submission, I want only those users to be able to decrypt and view the message.

I don’t really know from where to start. I’ll be really grateful If you help me to implement this system or guide me to some technical resources.

ChatGPT is explaining your question this way, does it correspond to what you want?


  1. Alice wants to store an encrypted message on the DApp.
  2. Before her encrypted message is submitted to the network, it needs to be verified by Bob (the verifier).
  3. Once verified and submitted, only those involved (in this example, Alice and Bob) should be able to decrypt and view the original message.

Step-by-step Explanation with Functions:

  1. Alice’s Submission:
  • Alice has a message m.
  • Alice encrypts m using the function encrypt to produce enc.
  • Alice then submits enc to the DApp but it’s not yet saved/stored on the network.
  1. Bob’s Verification:
  • Bob, as a verifier, will receive a notification (or somehow be informed) that there’s a new encrypted message enc awaiting verification.
  • Bob verifies the transaction in some way (e.g., by signing it). The specifics on how Bob verifies it are dependent on the desired mechanism, but in traditional systems, he might use a signature method to approve the transaction.
  • Once Bob verifies the transaction, enc is officially submitted and stored on the network.
  1. Decrypting and Viewing the Message:
  • Only Alice and Bob have the decryption key or method to transform enc back to m.
  • Alice and Bob can use this key or method to decrypt enc anytime and retrieve the original message m.


  • Alice wants to send the message m = “Hello, Tezos!”.
  • She encrypts the message using the encrypt function: enc = encrypt("Hello, Tezos!"). Let’s assume enc becomes something like “QmFzZTY0RW5jcnlwdGVkIQ==”.
  • Alice submits “QmFzZTY0RW5jcnlwdGVkIQ==” to the DApp.
  • Bob receives a notice about Alice’s new submission. He verifies it, and once he approves, “QmFzZTY0RW5jcnlwdGVkIQ==” is stored on the Tezos network.
  • At any later point, either Alice or Bob can decrypt “QmFzZTY0RW5jcnlwdGVkIQ==” to view the original message, “Hello, Tezos!”.

Thank you Jordan for replying to me. The scenario is exactly what I’m trying to implement. Also, Bob must be able to see the original message before verifying it.
So, can you give me some deeper technical information?

From your description, it seems you have flexibility in choosing encryption methods, and you’re mainly using the blockchain to deposit data or even just evidence of that data.

How large is the data you intend to store? Storing substantial amounts on the chain can be both costly and inefficient.

With that in mind, you might consider not storing the encrypted data directly on the blockchain. Instead, you could deposit just a hash of the encrypted data, or even better, the hash of the original data. The actual data sharing between Alice and Bob could then be facilitated off-chain through a separate system. Would this approach address your needs?

The data size may differ, let’s say it can be around 1kb.
The reason to use Tezos network here is to store the data on a decentralized network. So no one will be able to manipulate it. For example, I know the icon of a token is stored on IPFS, but AFAIK, data on IPFS can be removed. I may be wrong.
Do you know a decentralized solution for storing data off-chain?

As long as someone has the original data, it can always be re-uploaded to IPFS. This is one of the key benefits of IPFS - data persistence as long as there’s interest in the data.

To ensure the data remains available on IPFS, you can use a “pinning” service. Pinning services are essentially nodes that commit to hosting your data for a certain period, ensuring its continued availability.

Tezos is too costly for uploading 1kb of data. Instead of storing the entire data on Tezos, store just the IPFS hash of your data on the Tezos blockchain. This way, you’re leveraging the immutability and trustworthiness of the blockchain to vouch for the authenticity of your data, while the actual data resides on IPFS.

I don’t know much about other decentralized storing solutions but I’m not sure they will be better.

Hmmm, isn’t Byte cost of Tezos 0.00025 tez currently? 0.00025 × 1000 equals to 0.25 tez which doesn’t seem like a big deal. I may also use text compression algorithms to decrease the data size.

I thought it was higher.
That’s still a high price for data but yes it comes with guarantees.

What I understand from your questions is the solution you’re looking for is independent of Tezos.
You should ask on Tezos Agora, stack exchange or the slack as it’s not directly related to SmartPy.

I was thinking about your IPFS solution and actually was missing an important point. Re-uploading the exact file will give you the same hash. You were right, what you suggested solves my problem.
I could also find a solution for the verification process. I can add a boolean property that indicates if the message is verified by the second user or not.
I asked my question here cuz I though I would need some deep SmartPy knowledge to solve the problem.
Anyway, Thank you so much Jordan for taking your time to help me.

1 Like