Deprecation warning TFHE.decrypt
is deprecated and will be removed in the next release. We strongly encourage users to migrate their code to use the new asynchronous decryption method.
We allow explicit decryption requests for any encrypted type. The values are decrypted with the network private key (the threshold decryption protocol is in the works).
The decryption operation is asynchronous. To use it, your contract must extend the OracleCaller
contract. This will import automatically the Oracle
solidity library as well. See the following example:
Note that an OraclePredeploy
contract is already predeployed on the fhEVM testnet, and a default relayer account is added through the specification of the environment variable PRIVATE_KEY_ORACLE_RELAYER
in the .env
file. Relayers are the only accounts authorized to fulfil the decryption requests. However OraclePredeploy
would still check the KMS signature during the fulfilment, so we trust the relayer only to forward the request on time, a rogue relayer could not cheat by sending fake decryption results (the KMS signature is in the works).
The interface of the Oracle.requestDecryption
function from previous snippet is the following:
The first argument, ct
, should be an array of ciphertexts of a single same type i.e eXXX
stands for either ebool
, euint4
, euint8
, euint16
, euint32
, euint64
or eaddress
. ct
is the list of ciphertexts that are requested to be decrypted. Calling requestDecryption
will emit an EventDecryptionEXXX
on the OraclePredeploy
contract which will be detected by a relayer. Then, the relayer will send the corresponding ciphertexts to the KMS for decryption before fulfilling the request.
callbackSelector
is the function selector of the callback function which will be called by the OraclePredeploy
contract once the relayer fulfils the decryption request. Notice that the callback function should always follow this convention:
Here callbackName
is a custom name given by the developer to the callback function, requestID
will be the request id of the decryption (could be commented if not needed in the logic, but must be present) and x_0
, x_1
, ... x_N-1
are the results of the decryption of the ct
array values, i.e their number should be the size of the ct
array.
msgValue
is the value in native tokens to be sent to the calling contract during fulfilment, i.e when the callback will be called with the results of decryption.
maxTimestamp
is the maximum timestamp after which the callback will not be able to receive the results of decryption, i.e the fulfilment transaction will fail in this case. This can be used for time-sensitive applications, where we prefer to reject decryption results on too old, out-of-date, values.
WARNING: Notice that the callback should be protected by the
onlyOracle
modifier to ensure security, as only theOraclePredeploy
contract should be able to call it.
Finally, if you need to pass additional arguments to be used inside the callback, you could use any of the following utility functions during the request, which would store additional values in the storage of your smart contract:
With their corresponding getter functions to be used inside the callback:
For example, see this snippet where we add two uint
s during the request call, to make them available later during the callback:
When the decryption request is fufilled by the relayer, the OraclePredeploy
contract, when calling the callback function, will also emit one of the following events, depending on the type of requested ciphertext:
The first argument is the requestID
of the corresponding decryption request, success
is a boolean assessing if the call to the callback succeeded, and result
is the bytes array corresponding the to return data from the callback.
In your hardhat tests, if you sent some transactions which are requesting one or several decryptions and you wish to await the fulfilment of those decryptions, you should import the two helper methods asyncDecrypt
and awaitAllDecryptionResults
from the asyncDecrypt.ts
utility file. This would work both when testing on an fhEVM node or in mocked mode. Here is a simple hardhat test for the previous TestAsyncDecrypt
contract (more examples can be seen here):
You should setup the oracle handler by calling asyncDecrypt
at the top of the before
block. Notice that when testing on the fhEVM, a decryption is fulfilled usually 2 blocks after the request, while in mocked mode the fulfilment will always happen as soon as you call the awaitAllDecryptionResults
helper function. A good way to standardize hardhat tests is hence to always callawaitAllDecryptionResults
which will ensure that all pending decryptions are fulfilled in both modes.
The reencrypt functions takes as inputs a ciphertext and a public encryption key (namely, a NaCl box).
During reencryption, the ciphertext is decrypted using the network private key (the threshold decryption protocol is in the works). Then, the decrypted result is encrypted under the user-provided public encryption key. The result of this encryption is sent back to the caller as bytes memory
.
It is also possible to provide a default value to the reencrypt
function. In this case, if the provided ciphertext is not initialized (i.e., if the ciphertext handle is 0
), the function will return an encryption of the provided default value.
NOTE: If one of the following operations is called with an uninitialized ciphertext handle as an operand, this handle will be made to point to a trivial encryption of
0
before the operation is executed.
In the example above (balanceOf
), this view function need to validate the user to prevent anyone to reencrypt any user's balance. To prevent this, the user provides a signature of the given public key. The best way to do it is to use EIP-712 standard. Since this is something very useful, fhEVM library provide an abstract to use in your contract:
When a contract uses Reencrypt
abstract, a modifier is available to check user signature.
This signature can be generated on client side using fhevmjs library.