DocumentationWebsiteGitHubStatus

FHEVM v0.9 - October 2025

Highlights

The upcoming v.0.9 version will introduce new keygen capabilities, dynamic coprocessor management, and a redesigned decryption events workflow. These changes improve flexibility, scalability, and consensus handling while deprecating older event formats.

New features

  • Support generation of FHE key and CRS on-chain:

    • Request the generation of an FHE key and a CRS directly through the Gateway.

    • New environment variables:

      • For the gateway contracts:

        • KMS_GENERATION_THRESHOLD : The threshold used to validate the consensus on an FHE key or CRS generation.

        • KMS_NODE_STORAGE_URL_[0-N]: The storage base URL where public materials are stored for each KMS node.

        Obsolete environment variable

        The following environment variables are not used anymore:

        • FHE_PARAMS_NAME

        • FHE_PARAMS_DIGEST

      • For the coprocessor (gw-listener):

        • KMS_GENERATION_ADDRESS : The address of the KMSGeneration gateway contract.

      • For the connector:

        • KMS_GENERATION_ADDRESS : The address of the KMSGeneration gateway contract.

  • New PauserSet immutable contract

    • Host and Gateway contracts can now be paused by any addresses added in the PauserSet contract.

    • New environment variables:

      • For the gateway contracts:

        • NUM_PAUSERS : The number of pauser addresses to add. Should be set to n_kms + n_copro, with n_kms the number of registered KMS nodes and n_copro the number of registered coprocessors.

        • PAUSER_ADDRESS_[0-N] : The pauser addresses.

        Obsolete environment variable

        The following environment variable is not used anymore:

        • PAUSER_ADDRESS

      • For the host contracts:

        • NUM_PAUSERS : The number of pauser addresses to add. Should be set to n_kms + n_copro, with n_kms the number of registered KMS nodes and n_copro the number of registered coprocessors.

        • PAUSER_ADDRESS_[0-N] : The pauser addresses.

        Obsolete environment variable

        The following environment variable is not used anymore:

        • PAUSER_ADDRESS

  • Re-randomisation of transaction inputs

    • All inputs (including from state) of transactions are re-encrypted before evaluation of FHE operations to provide sIND-CPAD security.

    • This new feature is transparent to users.

Improvements

  • User decryption response:

    • Encrypted shares and signatures are no longer aggregated on-chain in the Gateway. Each response sent by a KMS now directly emits an event containing them separately.

    • New events introduced in the Decryption contract:

      • UserDecryptionResponse(uint256 indexed decryptionId, uint256 indexShare, bytes userDecryptedShare, bytes signature, bytes extraData);

      • UserDecryptionResponseThresholdReached(uint256 indexed decryptionId);

    Breaking changes

    The following event is deprecated from the Gateway's Decryption contract:

    • PublicDecryptionResponse(uint256 indexed decryptionId, bytes decryptedResult, bytes[] signatures, bytes extraData)

  • User decryption request

    • The user EIP712 signature verification is simplified in the Gateway's Decryption contract.

    Breaking changes

    The uint256 contractsChainId field is no longer part of the UserDecryptRequestVerification struct used for EIP712 signature verification.

  • Gateway contract renaming

    • Two contracts have been renamed.

    Breaking changes

    The following Gateway contracts have been renamed:

    • MultichainAcl -> MultichainACL

    • KmsManagement -> KMSGeneration

    As a consequence, the following environment variable have been renamed:

    • KMS_MANAGEMENT_ADDRESS -> KMS_GENERATION_ADDRESS

    • KMS_CONNECTOR_KMS_MANAGEMENT_CONTRACT__ADDRESS -> KMS_CONNECTOR_KMS_GENERATION_CONTRACT__ADDRESS

    Also, in the values.yaml files of the KMS Connector's Helm chart, the following field has been renamed:

    • kmsManagement -> kmsGeneration

  • Gateway check functions replaced

    • All external check... view functions have been removed from the Gateway contracts.

    • Associated errors have been moved to different contracts or deleted.

    • They have been replaced by equivalent is... view functions that no longer revert and instead return a boolean.

    Breaking changes

    All check... view functions are not longer available in the Gateway contracts and associated events have been moved deleted. For example:

    • checkPublicDecryptAllowed have been replaced by isPublicDecryptAllowed

    • PublicDecryptNotAllowed error have been moved to Decryption contract

Resources

PreviousFHEVM v0.10 - October 2025NextFHEVM v0.8 - September 2025

Last updated