From d26dbc0b78499b97b6a7edfbbbaece1477718cce Mon Sep 17 00:00:00 2001 From: Levent DEMIR Date: Thu, 5 Sep 2024 15:41:01 +0200 Subject: [PATCH] doc: start to write about decryption and reencryption in fundamentals --- docs/fundamentals/gateway/decryption.md | 29 +++++++++++++++++++++++ docs/fundamentals/gateway/reencryption.md | 8 +++++++ 2 files changed, 37 insertions(+) diff --git a/docs/fundamentals/gateway/decryption.md b/docs/fundamentals/gateway/decryption.md index 160ca24e..ee0cce41 100644 --- a/docs/fundamentals/gateway/decryption.md +++ b/docs/fundamentals/gateway/decryption.md @@ -1 +1,30 @@ # Decryption + +Everything in fhEVM is encrypted, at some point one could need to decrypt somes values. Let's give as illustration a blind auction application. +After reaching the end of the auction, one need to discover (only) the winner, here is where a asynchronous decrypt could appear. + + +> :warning: **Decryption is public**: It means everyone will be able to see the value. If this is a personal information see [Reencryption](./reencryption.md) + +## How it's working + +The Gateway acts as an oracle service: it will listen to decryption request events and return the decrypted value through a callback function. +The responsabilities of the Gateway are: +- Listening decryption request from fhEVM that contains a handle `h` to the associated ciphertext `C` +- Computing a storage proof `P` to attest C is decryptable +- Retrieve C from fhEVM using `h` as key +- Send a decyption request to TKMS which in turn is running an internal blockchain aka `KMS BC` +- Wait and listen for `decyptionResponse` (containing the plaitext and a few signatures from KMS to attest the integrity of the palintext) event from `KMS BC` +- Return `decyptionResponse` through the callback function + +## High level overview of the decryption flow + +We allow explicit decryption requests for any encrypted type. The values are decrypted with the network private key. + +![](asyncDecrypt.png) + + + + + + diff --git a/docs/fundamentals/gateway/reencryption.md b/docs/fundamentals/gateway/reencryption.md index 251e25d0..84f39e88 100644 --- a/docs/fundamentals/gateway/reencryption.md +++ b/docs/fundamentals/gateway/reencryption.md @@ -1 +1,9 @@ # Reencryption + + +Reencryption is performed on the client side by calling the gateway service using the [fhevmjs](https://github.com/zama-ai/fhevmjs/) library. To do this, you need to provide a view function that returns the ciphertext to be reencrypted. + +1. The dApp retrieves the ciphertext from the view function (e.g., balanceOf). +2. The dApp generates a keypair for the user and requests the user to sign the public key. +3. The dApp calls the gateway, providing the ciphertext, public key, user address, contract address, and the user's signature. +4. The dApp decrypts the received value with the private key. \ No newline at end of file