This document introduces the concept of encrypted inputs in the fhEVM, explaining their role, structure, validation process, and how developers can integrate them into smart contracts and applications.
Understanding how encryption, decryption and reencryption works is a prerequisit before implementation, see Encryption, Decryption, Re-encryption, and Computation
Encrypted inputs are a core feature of fhEVM, enabling users to push encrypted data onto the blockchain while ensuring data confidentiality and integrity.
Encrypted inputs are data values submitted by users in ciphertext form. These inputs allow sensitive information to remain confidential while still being processed by smart contracts. They are accompanied by Zero-Knowledge Proofs of Knowledge (ZKPoKs) to ensure the validity of the encrypted data without revealing the plaintext.
Confidentiality: Data is encrypted using the public FHE key, ensuring that only authorized parties can decrypt or process the values.
Validation via ZKPoKs: Each encrypted input is accompanied by a proof verifying that the user knows the plaintext value of the ciphertext, preventing replay attacks or misuse.
Efficient packing: All inputs for a transaction are packed into a single ciphertext in a user-defined order, optimizing the size and generation of the zero-knowledge proof.
When a function in a smart contract is called, it may accept two types of parameters for encrypted inputs:
einput
: Refers to the index of the encrypted parameter, representing a specific encrypted input handle.
bytes
: Contains the ciphertext and the associated zero-knowledge proof used for validation.
Here’s an example of a Solidity function accepting multiple encrypted parameters:
In this example, param1
, param2
, and param3
are encrypted inputs, while inputProof
contains the corresponding ZKPoK to validate their authenticity.
To interact with such a function, developers can use the fhevmjs library to create and manage encrypted inputs. Below is an example implementation:
In this example:
add64
, addBool
, and add8
: Specify the types and values of inputs to encrypt.
encrypt
: Generates the encrypted inputs and the zero-knowledge proof.
Smart contracts process encrypted inputs by verifying them against the associated zero-knowledge proof. This is done using the TFHE.asEuintXX
, TFHE.asEbool
, or TFHE.asEaddress
functions, which validate the input and convert it into the appropriate encrypted type.
This example demonstrates a function that performs multiple encrypted operations, such as updating a user's encrypted balance and toggling an encrypted boolean flag:
encyrptedERC20.sol
smart contractHere’s an example of a smart contract function that verifies an encrypted input before proceeding:
Input verification:
The TFHE.asEuintXX
function ensures that the input is a valid ciphertext with a corresponding ZKPoK.
Type conversion:
The function transforms the einput
into the appropriate encrypted type (euintXX
, ebool
, etc.) for further operations within the contract.
Input packing: Minimize the size and complexity of zero-knowledge proofs by packing all encrypted inputs into a single ciphertext.
Frontend encryption: Always encrypt inputs using the FHE public key on the client side to ensure data confidentiality.
Proof management: Ensure that the correct zero-knowledge proof is associated with each encrypted input to avoid validation errors.
Encrypted inputs and their validation form the backbone of secure and private interactions in the fhEVM. By leveraging these tools, developers can create robust, privacy-preserving smart contracts without compromising functionality or scalability.
Now that we have new knowledge on how to add encrypted inputs, let's upgrade our counter contract.
The EncryptedCounter2
contract builds on the previous example by adding support for encrypted inputs. Here's how it works:
Encrypted state: Like before, the contract maintains an encrypted counter state variable of type euint8
.
Encrypted input handling: The incrementBy
function accepts two parameters:
einput amount
: An encrypted input handle representing the increment value
bytes calldata inputProof
: The zero-knowledge proof validating the encrypted input
Input processing: Inside incrementBy
:
The encrypted input is converted to a euint8
using TFHE.asEuint8()
This conversion validates the proof and creates a usable encrypted value
The value is then added to the counter using homomorphic addition
While we have resolved our problem with the Counter value visibility, there is still the problem with the Access Control for the counter
.
The counter is encrypted, but no access is granted to decrypt or view its value. Without proper ACL permissions, the counter remains inaccessible to users. To resolve this, refer to: