-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: start to write about decryption and reencryption in fundamentals
- Loading branch information
Showing
2 changed files
with
37 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,30 @@ | ||
| # Decryption | ||
|
|
||
| Everything in fhEVM is encrypted, at some point one could need to decrypt somes values. Let's give as illustration a blind auction application. | ||
| After reaching the end of the auction, one need to discover (only) the winner, here is where a asynchronous decrypt could appear. | ||
|
|
||
|
|
||
| > :warning: **Decryption is public**: It means everyone will be able to see the value. If this is a personal information see [Reencryption](./reencryption.md) | ||
| ## How it's working | ||
|
|
||
| The Gateway acts as an oracle service: it will listen to decryption request events and return the decrypted value through a callback function. | ||
| The responsabilities of the Gateway are: | ||
| - Listening decryption request from fhEVM that contains a handle `h` to the associated ciphertext `C` | ||
| - Computing a storage proof `P` to attest C is decryptable | ||
| - Retrieve C from fhEVM using `h` as key | ||
| - Send a decyption request to TKMS which in turn is running an internal blockchain aka `KMS BC` | ||
| - Wait and listen for `decyptionResponse` (containing the plaitext and a few signatures from KMS to attest the integrity of the palintext) event from `KMS BC` | ||
| - Return `decyptionResponse` through the callback function | ||
|
|
||
| ## High level overview of the decryption flow | ||
|
|
||
| We allow explicit decryption requests for any encrypted type. The values are decrypted with the network private key. | ||
|
|
||
|  | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,9 @@ | ||
| # Reencryption | ||
|
|
||
|
|
||
| Reencryption is performed on the client side by calling the gateway service using the [fhevmjs](https://github.com/zama-ai/fhevmjs/) library. To do this, you need to provide a view function that returns the ciphertext to be reencrypted. | ||
|
|
||
| 1. The dApp retrieves the ciphertext from the view function (e.g., balanceOf). | ||
| 2. The dApp generates a keypair for the user and requests the user to sign the public key. | ||
| 3. The dApp calls the gateway, providing the ciphertext, public key, user address, contract address, and the user's signature. | ||
| 4. The dApp decrypts the received value with the private key. |