fhEVM
WebsiteLibrariesProduct & ServicesDevelopersSupport
0.6
0.6
  • Welcome to fhEVM
  • White paper
  • Getting Started
    • Overview
    • Quick Start
      • Remix
        • 1. Setting up Remix
        • 2. Connect your wallet to Remix
        • 3. Deploying ConfidentialERC20
        • 4. Interacting with the contract
      • Hardhat
        • Prerequisites
        • 1. Setting up Hardhat
        • 2. Writing contracts
        • 3. Testing in mocked mode
        • 4. Deploying the contract
        • 5. Interacting with the contract
  • Tutorials
    • See all tutorials
  • Smart contract
    • Key features
    • Configuration
    • FhEVM contracts
    • Supported types
    • Operations on encrypted types
    • Access Control List
      • ACL examples
    • Encrypted Inputs
    • Decryption
      • Decryption
      • Decryption in depth
      • Re-encryption
    • If sentences
    • Branching in FHE
    • AsEbool, asEuintXX, asEaddress and asEbytesXX operations
    • Generate random numbers
    • Error handling
    • Gas estimation
    • Debug decrypt
    • Using Foundry
  • Frontend
    • Setup
    • Build a web application
    • Using React.js
    • Using Next.js
    • Using Vue.js
    • Using Node or Typescript
    • Using the CLI
    • Common webpack errors
  • Explanations
    • Architectural overview
    • FHE on blockchain
    • fhEVM components
    • Encryption, decryption, re-encryption, and computation
  • References
    • Table of all addresses
    • Smart contracts - fhEVM API
    • Frontend - fhevmjs lib
    • Repositories
  • Developer
    • Contributing
    • Development roadmap
    • Release note
    • Feature request
    • Bug report
    • Status
Powered by GitBook

Libraries

  • TFHE-rs
  • Concrete
  • Concrete ML
  • fhEVM

Developers

  • Blog
  • Documentation
  • Github
  • FHE resources

Company

  • About
  • Introduction to FHE
  • Media
  • Careers
On this page
  • What is the ACL?
  • Why is the ACL important?
  • How does the ACL work?
  • Types of access
  • Transient vs. permanent allowance
  • Granting and verifying access
  • Granting access
  • Verifying access
  • Practical uses of the ACL

Was this helpful?

Export as PDF
  1. Smart contract

Access Control List

This document describes the Access Control List (ACL) system in fhEVM, a core feature that governs access to encrypted data. The ACL ensures that only authorized accounts or contracts can interact with specific ciphertexts, preserving confidentiality while enabling composable smart contracts. This overview provides a high-level understanding of what the ACL is, why it's essential, and how it works.

What is the ACL?

The ACL is a permission management system designed to control who can access, compute on, or decrypt encrypted values in fhEVM. By defining and enforcing these permissions, the ACL ensures that encrypted data remains secure while still being usable within authorized contexts.

Why is the ACL important?

Encrypted data in fhEVM is entirely confidential, meaning that without proper access control, even the contract holding the ciphertext cannot interact with it. The ACL enables:

  • Granular permissions: Define specific access rules for individual accounts or contracts.

  • Secure computations: Ensure that only authorized entities can manipulate or decrypt encrypted data.

  • Gas efficiency: Optimize permissions using transient access for temporary needs, reducing storage and gas costs.

How does the ACL work?

Types of access

  • Permanent allowance:

    • Configured using TFHE.allow(ciphertext, address).

    • Grants long-term access to the ciphertext for a specific address.

    • Stored in a dedicated contract for persistent storage.

  • Transient allowance:

    • Configured using TFHE.allowTransient(ciphertext, address).

    • Grants access to the ciphertext only for the duration of the current transaction.

    • Stored in transient storage, reducing gas costs.

    • Ideal for temporary operations like passing ciphertexts to external functions.

Syntactic sugar:

  • TFHE.allowThis(ciphertext) is shorthand for TFHE.allow(ciphertext, address(this)). It authorizes the current contract to reuse a ciphertext handle in future transactions.

Transient vs. permanent allowance

Allowance type
Purpose
Storage type
Use case

Transient

Temporary access during a transaction.

Calling external functions or computations with ciphertexts. Use when wanting to save on gas costs.

Permanent

Long-term access across multiple transactions.

Dedicated contract storage

Persistent ciphertexts for contracts or users requiring ongoing access.

Granting and verifying access

Granting access

Developers can use functions like allow, allowThis, and allowTransient to grant permissions:

  • allow: Grants permanent access to an address.

  • allowThis: Grants the current contract access to manipulate the ciphertext.

  • allowTransient: Grants temporary access to an address for the current transaction.

Verifying access

To check if an entity has permission to access a ciphertext, use functions like isAllowed or isSenderAllowed:

  • isAllowed: Verifies if a specific address has permission.

  • isSenderAllowed: Simplifies checks for the current transaction sender.

Practical uses of the ACL

  • Confidential parameters: Pass encrypted values securely between contracts, ensuring only authorized entities can access them.

  • Secure state management: Store encrypted state variables while controlling who can modify or read them.

  • Privacy-preserving computations: Enable computations on encrypted data with confidence that permissions are enforced.


PreviousOperations on encrypted typesNextACL examples

Last updated 5 months ago

Was this helpful?

(EIP-1153)

For a detailed explanation of the ACL's functionality, including code examples and advanced configurations, see .

ACL examples
Transient storage