Securing Files on the Arweave Network: An In-Depth Look at Asymmetric Encryption with ChaCha20-Poly1305 in JavaScript


The Arweave network is a decentralized and permanent data storage platform that allows users to store any type of data in a secure and tamper-proof way. However, as with any public blockchain, the data stored on Arweave is publicly accessible, which means that it is important to take additional measures to protect sensitive information. One way to achieve this is by using asymmetric encryption to encrypt files before storing them on the Arweave network.

In this article, we will discuss how to implement a file protection method using asymmetric encryption with the ChaCha20-Poly1305 algorithm in JavaScript. We will also compare this method to the more commonly used AES-256 algorithm and explain why ChaCha20-Poly1305 is a more secure and efficient option.

Overview of Asymmetric Encryption

Asymmetric encryption is a method of encrypting data using two different keys - a public key and a private key. The public key is used to encrypt the data, while the private key is used to decrypt it. This means that anyone can encrypt a file using the public key, but only the owner of the private key can decrypt it.

One of the most common types of asymmetric encryption is RSA, which is widely used in various applications such as SSL/TLS and PGP. However, RSA has some limitations, such as slow encryption and decryption speeds and a relatively small key size.

ChaCha20-Poly1305: A More Secure and Efficient Option

To overcome the limitations of RSA and other commonly used asymmetric encryption algorithms, we will use the ChaCha20-Poly1305 algorithm in our implementation. ChaCha20-Poly1305 is a stream cipher that combines the ChaCha20 encryption algorithm with the Poly1305 authenticator.

ChaCha20 is an encryption algorithm that is faster and more secure than AES-256. It uses a 256-bit key and a 96-bit nonce (number used once) to encrypt the data. On the other hand, Poly1305 is an authenticator that is used to generate a 128-bit authentication tag for the encrypted data.


Before we begin, it's important to note that the code provided in this article is for demonstration purposes only and should not be used in production environments without proper testing and review.

Step 1: Generating the Public and Private Keys

The first step in our implementation is to generate the public and private keys that will be used for the asymmetric encryption. We will use the crypto module that is built into Node.js to generate the keys.

const crypto = require('crypto');

// Generate the public and private keys
const { publicKey, privateKey } = crypto.generateKeyPairSync('x25519');

Step 2: Encrypting the Symmetric Key

The next step is to encrypt the symmetric key that will be used to encrypt the data. In this example, we will be using the ChaCha20 encryption algorithm for the symmetric encryption.

// Generate the symmetric key
const symmetricKey = crypto.randomBytes(32);

// Encrypt the symmetric key with the user's public key
const userPublicKey = "user's public key";
const encryptedSymmetricKey = crypto.publicEncrypt(userPublicKey, symmetricKey);

Step 3: Generating the Nonce

The nonce, also known as the initialization vector, is a unique value that is used along with the symmetric key to encrypt the data. In this case, we will be using a 12-byte nonce for the ChaCha20-Poly1305 algorithm.

// Generate the nonce
const nonce = crypto.randomBytes(12);

Step 4: Encrypting the Data

Now that we have the symmetric key and the nonce, we can use them to encrypt the data. In this example, we will be using the ChaCha20-Poly1305 algorithm for the data encryption.

// Encrypt the data
const data = "sensitive data to be encrypted";
const cipher = crypto.createCipheriv("ChaCha20-Poly1305", symmetricKey, nonce);
let encryptedData = cipher.update(data, "utf8", "hex");
encryptedData +="hex");

Step 5: Storing the Encrypted Data on Arweave

Now that the data is encrypted, it can be stored on the Arweave network. In order to do this, we will need to create a Key-Value storage transaction and include the encrypted symmetric key, the nonce, and the encrypted data in the transaction.

// Create a new Arweave transaction
const transaction = await arweave.createTransaction({}, userPrivateKey);

// Add the encrypted symmetric key, nonce, and encrypted data to the transaction's tags
transaction.addTag("Encrypted-Symmetric-Key", encryptedSymmetricKey.toString("hex"));
transaction.addTag("Nonce", nonce.toString("hex")); = encryptedData;

// Sign and send the transaction
await arweave.transactions.sign(transaction, userPrivateKey);
const response = await;

And that's it! The data is now securely stored on the Arweave network, and can only be accessed by the user who has the private key that corresponds to the public key used to encrypt the symmetric key.

Please note that this is just an example and a starting point, in a real-world scenario you should use a more secure way to handle keys. Also, it's important to ensure that your code is properly tested and reviewed by security experts before deploying it to production.

In conclusion, using the combination of asymmetric and symmetric encryption, we can ensure that our data is secure on the public Arweave network. By encrypting the symmetric key with the user's public key, we can ensure that only the user with the corresponding private key can access the data. And by using the ChaCha20-Poly1305 algorithm for encrypting the data, we can ensure that the data is protected against tampering and eavesdropping.