diff --git a/clean_tfhe_rs_api.sh b/clean_tfhe_rs_api.sh new file mode 100755 index 000000000000..ecb3f3089744 --- /dev/null +++ b/clean_tfhe_rs_api.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +rm -rf tfhe-rs +rm core/vm/lib/libtfhe.* +rm core/vm/tfhe.h diff --git a/core/vm/contracts.go b/core/vm/contracts.go index 4aefe40537d1..a6727801e6df 100644 --- a/core/vm/contracts.go +++ b/core/vm/contracts.go @@ -16,11 +16,86 @@ package vm +/* +#cgo LDFLAGS: -Llib -ltfhe +#include "tfhe.h" +#include +#include + +void add_encrypted_integers(BufferView sks_view, BufferView ct1_view, BufferView ct2_view, Buffer* result) +{ + ShortintServerKey *sks = NULL; + ShortintCiphertext *ct1 = NULL; + ShortintCiphertext *ct2 = NULL; + ShortintCiphertext *result_ct = NULL; + + int deser_sks_ok = shortint_deserialize_server_key(sks_view, &sks); + assert(deser_sks_ok == 0); + + int deser_ct1_ok = shortint_deserialize_ciphertext(ct1_view, &ct1); + assert(deser_ct1_ok == 0); + + int deser_ct2_ok = shortint_deserialize_ciphertext(ct2_view, &ct2); + assert(deser_ct2_ok == 0); + + int add_ok = shortint_server_key_smart_add(sks, ct1, ct2, &result_ct); + assert(add_ok == 0); + + int ser_ok = shortint_serialize_ciphertext(result_ct, result); + assert(ser_ok == 0); + + destroy_shortint_server_key(sks); + destroy_shortint_ciphertext(ct1); + destroy_shortint_ciphertext(ct2); + destroy_shortint_ciphertext(result_ct); +} + + +void encrypt_integer(BufferView cks_buff_view, uint64_t val, Buffer* ct_buf) +{ + ShortintCiphertext *ct = NULL; + ShortintClientKey *cks = NULL; + + int deser_ok = shortint_deserialize_client_key(cks_buff_view, &cks); + assert(deser_ok == 0); + + int encrypt_ok = shortint_client_key_encrypt(cks, val, &ct); + assert(encrypt_ok == 0); + + int ser_ok = shortint_serialize_ciphertext(ct, ct_buf); + assert(ser_ok == 0); +} + +uint64_t decrypt_integer(BufferView cks_buf_view, BufferView ct_buf_view) +{ + ShortintCiphertext *ct = NULL; + ShortintClientKey *cks = NULL; + uint64_t res = -1; + + int cks_deser_ok = shortint_deserialize_client_key(cks_buf_view, &cks); + assert(cks_deser_ok == 0); + + int ct_deser_ok = shortint_deserialize_ciphertext(ct_buf_view, &ct); + assert(ct_deser_ok == 0); + + int ct_decrypt = shortint_client_key_decrypt(cks, ct, &res); + assert(ct_decrypt == 0); + + return res; +} + +*/ +import "C" + import ( "crypto/sha256" "encoding/binary" + "encoding/hex" "errors" "math/big" + "os" + "strconv" + "unsafe" "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/common/math" @@ -58,6 +133,8 @@ var PrecompiledContractsHomestead = map[common.Address]PrecompiledContract{ common.BytesToAddress([]byte{66}): &verifyCiphertext{}, common.BytesToAddress([]byte{67}): &reencrypt{}, common.BytesToAddress([]byte{68}): &delegateCiphertext{}, + common.BytesToAddress([]byte{69}): &fheDecrypt{}, + common.BytesToAddress([]byte{70}): &fheEncrypt{}, } // PrecompiledContractsByzantium contains the default set of pre-compiled Ethereum @@ -77,6 +154,8 @@ var PrecompiledContractsByzantium = map[common.Address]PrecompiledContract{ common.BytesToAddress([]byte{66}): &verifyCiphertext{}, common.BytesToAddress([]byte{67}): &reencrypt{}, common.BytesToAddress([]byte{68}): &delegateCiphertext{}, + common.BytesToAddress([]byte{69}): &fheDecrypt{}, + common.BytesToAddress([]byte{70}): &fheEncrypt{}, } // PrecompiledContractsIstanbul contains the default set of pre-compiled Ethereum @@ -97,6 +176,8 @@ var PrecompiledContractsIstanbul = map[common.Address]PrecompiledContract{ common.BytesToAddress([]byte{66}): &verifyCiphertext{}, common.BytesToAddress([]byte{67}): &reencrypt{}, common.BytesToAddress([]byte{68}): &delegateCiphertext{}, + common.BytesToAddress([]byte{69}): &fheDecrypt{}, + common.BytesToAddress([]byte{70}): &fheEncrypt{}, } // PrecompiledContractsBerlin contains the default set of pre-compiled Ethereum @@ -117,6 +198,8 @@ var PrecompiledContractsBerlin = map[common.Address]PrecompiledContract{ common.BytesToAddress([]byte{66}): &verifyCiphertext{}, common.BytesToAddress([]byte{67}): &reencrypt{}, common.BytesToAddress([]byte{68}): &delegateCiphertext{}, + common.BytesToAddress([]byte{69}): &fheDecrypt{}, + common.BytesToAddress([]byte{70}): &fheEncrypt{}, } // PrecompiledContractsBLS contains the set of pre-compiled Ethereum @@ -137,6 +220,8 @@ var PrecompiledContractsBLS = map[common.Address]PrecompiledContract{ common.BytesToAddress([]byte{66}): &verifyCiphertext{}, common.BytesToAddress([]byte{67}): &reencrypt{}, common.BytesToAddress([]byte{68}): &delegateCiphertext{}, + common.BytesToAddress([]byte{69}): &fheDecrypt{}, + common.BytesToAddress([]byte{70}): &fheEncrypt{}, } var ( @@ -1086,11 +1171,169 @@ func (e *fheAdd) RequiredGas(input []byte) uint64 { } func (e *fheAdd) Run(accessibleState PrecompileAccessibleState, caller common.Address, addr common.Address, input []byte, readOnly bool) (ret []byte, err error) { - // state is editable here, e.g. - // accessibleState.GetStateDB().SetNonce(caller, 233) - // will change the caller's (contract that called this precompiled contract) to 233. + if len(input) != 64 { + return nil, errors.New("Input needs to contain two 256-bit sized values") + } - return input, nil + verifiedCiphertext1, exists := accessibleState.Interpreter().verifiedCiphertexts[common.BytesToHash(input[0:32])] + if !exists { + return nil, errors.New("unverified ciphertext handle") + } + verifiedCiphertext2, exists := accessibleState.Interpreter().verifiedCiphertexts[common.BytesToHash(input[32:64])] + if !exists { + return nil, errors.New("unverified ciphertext handle") + } + + var decoded_sks_str = "" + serializedSks, err := hex.DecodeString(decoded_sks_str) + if err != nil { + return nil, err + } + + cCiphertext1 := C.CBytes(verifiedCiphertext1.ciphertext) + viewCiphertext1 := C.BufferView{ + pointer: (*C.uchar)(cCiphertext1), + length: (C.ulong)(len(verifiedCiphertext1.ciphertext)), + } + + cCiphertext2 := C.CBytes(verifiedCiphertext2.ciphertext) + viewCiphertext2 := C.BufferView{ + pointer: (*C.uchar)(cCiphertext2), + length: (C.ulong)(len(verifiedCiphertext2.ciphertext)), + } + + cServerKey := C.CBytes(serializedSks) + viewServerKey := C.BufferView{ + pointer: (*C.uchar)(cServerKey), + length: (C.ulong)(len(serializedSks)), + } + + result := &C.Buffer{} + C.add_encrypted_integers(viewServerKey, viewCiphertext1, viewCiphertext2, result) + + ctBytes := C.GoBytes(unsafe.Pointer(result.pointer), C.int(result.length)) + verifiedCiphertext := &verifiedCiphertext{ + depth: accessibleState.Interpreter().evm.depth, + ciphertext: ctBytes, + } + + err = os.WriteFile("/tmp/add_result", ctBytes, 0644) + if err != nil { + return nil, err + } + + ctHash := crypto.Keccak256Hash(verifiedCiphertext.ciphertext) + accessibleState.Interpreter().verifiedCiphertexts[ctHash] = verifiedCiphertext + + C.free(cServerKey) + C.free(cCiphertext1) + C.free(cCiphertext2) + + return ctHash[:], nil +} + +type fheDecrypt struct{} + +func (e *fheDecrypt) RequiredGas(input []byte) uint64 { + // TODO + return 8 +} + +func (e *fheDecrypt) Run(accessibleState PrecompileAccessibleState, caller common.Address, addr common.Address, input []byte, readOnly bool) (ret []byte, err error) { + if len(input) != 32 { + return nil, errors.New("Input needs to contain one 256-bit sized value") + } + + verifiedCiphertext1, exists := accessibleState.Interpreter().verifiedCiphertexts[common.BytesToHash(input[0:32])] + if !exists { + return nil, errors.New("unverified ciphertext handle") + } + + var decoded_cks_str = "0c010000000000000000000020000000000000000100000000000000000000000000000000000000000000000100000000000000000000000000000001000000000000000100000000000000000000000000000001000000000000000100000000000000000000000000000000000000000000000100000000000000010000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000014010000000000000000000020000000000000000100000000000000000000000000000000000000000000000100000000000000000000000000000001000000000000000100000000000000000000000000000001000000000000000100000000000000000000000000000000000000000000000100000000000000010000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000100000000000000010000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000020000000000000005c00000000000000000000000a0000000000000000000000000000000100000000000000000000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000a00000000000000010000000000000020000000000000005d58a7a27f665d399b2ba1869b8426390f0000000000000001000000000000000600000000000000030000000000000001000000000000000f00000000000000bd89d897b2d2bc380000000000000000000000000000000008000000000000000100000000000000" + serializedcks, err := hex.DecodeString(decoded_cks_str) + if err != nil { + return nil, err + } + + cCiphertext1 := C.CBytes(verifiedCiphertext1.ciphertext) + viewCiphertext1 := C.BufferView{ + pointer: (*C.uchar)(cCiphertext1), + length: (C.ulong)(len(verifiedCiphertext1.ciphertext)), + } + + cServerKey := C.CBytes(serializedcks) + viewServerKey := C.BufferView{ + pointer: (*C.uchar)(cServerKey), + length: (C.ulong)(len(serializedcks)), + } + + // we need all those conversions because the precompiled contract + // must return a byte array + decryted_value := C.decrypt_integer(viewServerKey, viewCiphertext1) + decryted_value_bytes := uint256.NewInt(uint64(decryted_value)).Bytes() + + err = os.WriteFile("/tmp/decryption_result", decryted_value_bytes, 0644) + if err != nil { + return nil, err + } + + C.free(cServerKey) + C.free(cCiphertext1) + + return decryted_value_bytes, nil +} + +type fheEncrypt struct{} + +func (e *fheEncrypt) RequiredGas(input []byte) uint64 { + // TODO + return 8 +} + +func (e *fheEncrypt) Run(accessibleState PrecompileAccessibleState, caller common.Address, addr common.Address, input []byte, readOnly bool) (ret []byte, err error) { + + value, err := strconv.ParseInt(common.Bytes2Hex(input), 16, 64) + if err != nil { + return nil, errors.New("error during conversion from smart contract input to uint") + } + + if (value) < 0 { + return nil, errors.New("input must be greater than 0") + } + + // TODO: load this key from file + var decoded_cks_str = "0cc00000000000000000000000a0000000000000000000000000000000100000000000000000000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000a00000000000000010000000000000020000000000000005d58a7a27f665d399b2ba1869b8426390f0000000000000001000000000000000600000000000000030000000000000001000000000000000f00000000000000bd89d897b2d2bc380000000000000000000000000000000008000000000000000100000000000000" + serializedcks, err := hex.DecodeString(decoded_cks_str) + if err != nil { + return nil, err + } + + cServerKey := C.CBytes(serializedcks) + viewServerKey := C.BufferView{ + pointer: (*C.uchar)(cServerKey), + length: (C.ulong)(len(serializedcks)), + } + + result := &C.Buffer{} + C.encrypt_integer(viewServerKey, C.ulong(value), result) + + ctBytes := C.GoBytes(unsafe.Pointer(result.pointer), C.int(result.length)) + verifiedCiphertext := &verifiedCiphertext{ + depth: accessibleState.Interpreter().evm.depth, + ciphertext: ctBytes, + } + + err = os.WriteFile("/tmp/encrypt_result", ctBytes, 0644) + if err != nil { + return nil, err + } + + ctHash := crypto.Keccak256Hash(verifiedCiphertext.ciphertext) + accessibleState.Interpreter().verifiedCiphertexts[ctHash] = verifiedCiphertext + + C.free(cServerKey) + + return ctHash[:], nil } type verifyCiphertext struct{} diff --git a/install_thfe_rs_api.sh b/install_thfe_rs_api.sh new file mode 100755 index 000000000000..4e3b902448b2 --- /dev/null +++ b/install_thfe_rs_api.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +git clone git@github.com:zama-ai/tfhe-rs.git +mkdir -p core/vm/lib +cd tfhe-rs +make build_c_api +cp target/release/libtfhe.* ../core/vm/lib +cp target/release/tfhe.h ../core/vm diff --git a/tests/solidity/zama/handles.sol b/tests/solidity/zama/handles.sol index e77708819485..526ef9281d5c 100644 --- a/tests/solidity/zama/handles.sol +++ b/tests/solidity/zama/handles.sol @@ -3,6 +3,45 @@ pragma solidity >=0.7.0 <0.9.0; contract Precompiles { + + function precompile_add(uint256 handle1, uint256 handle2) internal view returns (uint256 out_handle) { + bytes32[2] memory input; + input[0] = bytes32(handle1); + input[1] = bytes32(handle2); + bytes32[1] memory output; + assembly { + if iszero(staticcall(gas(), 65, input, 64, output, 32)) { + revert(0, 0) + } + } + out_handle = uint256(output[0]); + } + + function precompile_decrypt(uint256 handle1) internal view returns (uint256 out_handle) { + bytes32[1] memory input; + input[0] = bytes32(handle1); + bytes32[1] memory output; + assembly { + if iszero(staticcall(gas(), 69, input, 32, output, 32)) { + revert(0, 0) + } + } + out_handle = uint256(output[0]); + + } + + function precompile_encrypt(uint256 to_be_encrypted) internal view returns (uint256 out_handle) { + bytes32[1] memory input; + input[0] = bytes32(to_be_encrypted); + bytes32[1] memory output; + assembly { + if iszero(staticcall(gas(), 70, input, 32, output, 32)) { + revert(0, 0) + } + } + out_handle = uint256(output[0]); + } + function precompile_reencrypt(uint256 in_handle) internal view returns (uint256 out_handle) { bytes32[1] memory input; input[0] = bytes32(in_handle); @@ -41,6 +80,7 @@ contract Precompiles { contract HandleOwner is Precompiles { uint256 public handle; + uint256 public handle2; uint256 public bogus_handle = 42; Callee callee; address payable owner; @@ -54,6 +94,22 @@ contract HandleOwner is Precompiles { handle = precompile_verify(ciphertext); } + function store2(bytes memory ciphertext) public { + handle2 = precompile_verify(ciphertext); + } + + function add() public view returns (uint256) { + return precompile_add(handle, handle2); + } + + function decrypt() public view returns (uint256) { + return precompile_decrypt(handle); + } + + function encrypt(uint256 input) public view returns (uint256) { + return precompile_encrypt(input); + } + // If called before `ovewrite_handle()`, `reencrypt()` must suceed. function reencrypt() public view returns (uint256) { return precompile_reencrypt(handle); @@ -126,4 +182,4 @@ contract Caller is Precompiles { owner.load_handle_without_returning_it(); return precompile_reencrypt(handle); } -} +} \ No newline at end of file