feature(decrypt): call KMS for decryption

IMPORTANT: the decrypt call should be replaced in most cases by cmux It is still called in Governor example in fhevm repository. To make tests passing we keep it for now. In the future, it will be replaced by async decryption For this early first version of KMS this is acceptable.
zama-ai · Dec 27, 2023 · 0319ca5 · 0319ca5
1 parent 5b1651b
commit 0319ca5
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 3 deletions.
diff --git a/fhevm/precompiles.go b/fhevm/precompiles.go
@@ -2025,11 +2025,52 @@ func decryptRun(environment EVMEnvironment, caller common.Address, addr common.A
 	} else if !optReqResult {
 		return nil, ErrExecutionReverted
 	}
-	plaintext, err := decryptValue(ct.ciphertext)
+
+	var fheType kms.FheType
+	switch ct.ciphertext.fheUintType {
+	case FheUint8:
+		fheType = kms.FheType_Euint8
+	case FheUint16:
+		fheType = kms.FheType_Euint16
+	case FheUint32:
+		fheType = kms.FheType_Euint32
+	}
+
+	pubKey := input[32:64]
+
+	// TODO: generate merkle proof for some data
+	proof := &kms.Proof{
+		Height:              4,
+		MerklePatriciaProof: []byte{},
+	}
+
+	decryptionRequest := &kms.DecryptionRequest{
+		FheType:    fheType,
+		Ciphertext: ct.ciphertext.serialization,
+		Request:    pubKey, // TODO: change according to the structure of `Request`
+		Proof:      proof,
+	}
+
+	conn, err := grpc.Dial(kms.KmsEndpointAddr, grpc.WithTransportCredentials(insecure.NewCredentials()))
+	if err != nil {
+		return nil, errors.New("kms unreachable")
+	}
+	defer conn.Close()
+
+	ep := kms.NewKmsEndpointClient(conn)
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	res, err := ep.Decrypt(ctx, decryptionRequest)
 	if err != nil {
 		logger.Error("decrypt failed", "err", err)
 		return nil, err
 	}
+
+	var plaintext = uint64(res.Plaintext)
+	logger.Info("decrypt success", "plaintext", plaintext)
+
 	// Always return a 32-byte big-endian integer.
 	ret := make([]byte, 32)
 	bigIntValue := big.NewInt(0)

diff --git a/fhevm/tfhe.go b/fhevm/tfhe.go
@@ -1574,7 +1574,7 @@ func InitGlobalKeysFromFiles(keysDir string) error {
 	var cksPath = path.Join(keysDir, "cks")
 	cksBytes, err := os.ReadFile(cksPath)
 	if err != nil {
-		return err
+		fmt.Println("INFO: cks not loaded from: " + keysDir)
 	}
 	var pksPath = path.Join(keysDir, "pks")
 	pksBytes, err := os.ReadFile(pksPath)
@@ -1587,7 +1587,11 @@ func InitGlobalKeysFromFiles(keysDir string) error {
 	pksHash = crypto.Keccak256Hash(pksBytes)
 	pks = C.deserialize_compact_public_key(toBufferView(pksBytes))
 
-	cks = C.deserialize_client_key(toBufferView(cksBytes))
+	// cks will be handled by the KMS from now on
+	// TODO: completely remove after KMS is well tested
+	if len(cksBytes) > 0 {
+		cks = C.deserialize_client_key(toBufferView(cksBytes))
+	}
 
 	initCiphertextSizes()