feat: handle more potential errors for input lists

1. Use conformant input deserialization. 2. Propagate errors after expansion of inputs instead of unwrap/expect. 3. Wrap public params in an Arc to avoid copying it when deserializing in different threads. 4. Update to tfhe-rs 0.8.2 for constructing conformance parameters out of public params.
zama-ai · Oct 9, 2024 · e89f8ec · e89f8ec
1 parent 406a606
commit e89f8ec
Show file tree

Hide file tree

Showing 11 changed files with 136 additions and 61 deletions.
diff --git a/fhevm-engine/Cargo.lock b/fhevm-engine/Cargo.lock
diff --git a/fhevm-engine/coprocessor/Cargo.toml b/fhevm-engine/coprocessor/Cargo.toml
@@ -4,9 +4,9 @@ version = "0.1.0"
 edition = "2021"
 
 [target.'cfg(target_arch = "x86_64")'.dependencies]
-tfhe = { version = "0.8.0", features = ["boolean", "shortint", "integer", "x86_64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
+tfhe = { version = "0.8.2", features = ["boolean", "shortint", "integer", "x86_64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
 [target.'cfg(target_arch = "aarch64")'.dependencies]
-tfhe = { version = "0.8.0", features = ["boolean", "shortint", "integer", "aarch64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
+tfhe = { version = "0.8.2", features = ["boolean", "shortint", "integer", "aarch64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
 
 [dependencies]
 # Common dependencies

diff --git a/fhevm-engine/coprocessor/src/db_queries.rs b/fhevm-engine/coprocessor/src/db_queries.rs
@@ -1,5 +1,6 @@
 use std::collections::{BTreeSet, HashMap};
 use std::str::FromStr;
+use std::sync::Arc;
 
 use crate::server::GrpcTracer;
 use crate::types::{CoprocessorError, TfheTenantKeys};
@@ -109,6 +110,7 @@ pub struct FetchTenantKeyResult {
     pub verifying_contract_address: String,
     pub acl_contract_address: String,
     pub server_key: tfhe::ServerKey,
+    pub public_params: Arc<tfhe::zk::CompactPkePublicParams>,
 }
 
 /// Returns chain id and verifying contract address for EIP712 signature and tfhe server key
@@ -130,6 +132,7 @@ where
                     verifying_contract_address: key.verifying_contract_address.clone(),
                     acl_contract_address: key.acl_contract_address.clone(),
                     server_key: key.sks.clone(),
+                    public_params: key.public_params.clone(),
                 });
             }
         }
@@ -169,7 +172,7 @@ where
             tenant_id: key.tenant_id,
             sks,
             pks,
-            public_params,
+            public_params: Arc::new(public_params),
             chain_id: key.chain_id,
             acl_contract_address: key.acl_contract_address,
             verifying_contract_address: key.verifying_contract_address,

diff --git a/fhevm-engine/coprocessor/src/server.rs b/fhevm-engine/coprocessor/src/server.rs
@@ -372,6 +372,7 @@ impl CoprocessorService {
             let cloned_input = ci.clone();
             let server_key = server_key.clone();
             let tracer = tracer.clone();
+            let public_params = fetch_key_response.public_params.clone();
 
             let mut blocking_span = tracer.child_span("blocking_ciphertext_list_expand");
             blocking_span.set_attributes(vec![KeyValue::new("idx", idx as i64)]);
@@ -389,11 +390,12 @@ impl CoprocessorService {
                     span.end();
 
                     let mut span = tracer.child_span("expand_ciphertext_list");
-                    let expanded = try_expand_ciphertext_list(&cloned_input.input_payload)
-                        .map_err(|e| {
-                            let err: Box<(dyn std::error::Error + Send + Sync)> = Box::new(e);
-                            (err, idx)
-                        })?;
+                    let expanded =
+                        try_expand_ciphertext_list(&cloned_input.input_payload, &public_params)
+                            .map_err(|e| {
+                                let err: Box<(dyn std::error::Error + Send + Sync)> = Box::new(e);
+                                (err, idx)
+                            })?;
 
                     span.set_attributes(vec![
                         KeyValue::new("idx", idx as i64),

diff --git a/fhevm-engine/coprocessor/src/types.rs b/fhevm-engine/coprocessor/src/types.rs
@@ -1,3 +1,5 @@
+use std::sync::Arc;
+
 use fhevm_engine_common::types::FhevmError;
 
 #[derive(Debug)]
@@ -184,5 +186,5 @@ pub struct TfheTenantKeys {
     #[allow(dead_code)]
     pub pks: tfhe::CompactPublicKey,
     #[allow(dead_code)]
-    pub public_params: tfhe::zk::CompactPkePublicParams,
+    pub public_params: Arc<tfhe::zk::CompactPkePublicParams>,
 }
diff --git a/fhevm-engine/executor/Cargo.toml b/fhevm-engine/executor/Cargo.toml
@@ -4,9 +4,9 @@ version = "0.1.0"
 edition = "2021"
 
 [target.'cfg(target_arch = "x86_64")'.dependencies]
-tfhe = { version = "0.8.0", features = ["boolean", "shortint", "integer", "x86_64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
+tfhe = { version = "0.8.2", features = ["boolean", "shortint", "integer", "x86_64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
 [target.'cfg(target_arch = "aarch64")'.dependencies]
-tfhe = { version = "0.8.0", features = ["boolean", "shortint", "integer", "aarch64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
+tfhe = { version = "0.8.2", features = ["boolean", "shortint", "integer", "aarch64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
 
 [dependencies]
 clap.workspace = true

diff --git a/fhevm-engine/executor/src/server.rs b/fhevm-engine/executor/src/server.rs
@@ -16,7 +16,7 @@ use fhevm_engine_common::{
     types::{get_ct_type, FhevmError, Handle, SupportedFheCiphertexts, HANDLE_LEN, SCALAR_LEN},
 };
 use sha3::{Digest, Keccak256};
-use tfhe::{integer::U256, set_server_key};
+use tfhe::{integer::U256, set_server_key, zk::CompactPkePublicParams};
 use tokio::task::spawn_blocking;
 use tonic::{transport::Server, Code, Request, Response, Status};
 
@@ -64,20 +64,25 @@ pub struct ComputationState {
     pub ciphertexts: HashMap<Handle, InMemoryCiphertext>,
 }
 
-struct FhevmExecutorService {}
+struct FhevmExecutorService {
+    keys: FhevmKeys,
+}
 
 #[tonic::async_trait]
 impl FhevmExecutor for FhevmExecutorService {
     async fn sync_compute(
         &self,
         req: Request<SyncComputeRequest>,
     ) -> Result<Response<SyncComputeResponse>, Status> {
+        let public_params = self.keys.public_params.clone();
         let resp = spawn_blocking(move || {
             let req = req.get_ref();
             let mut state = ComputationState::default();
 
             // Exapnd compact ciphertext lists for the whole request.
-            if Self::expand_compact_lists(&req.compact_ciphertext_lists, &mut state).is_err() {
+            if Self::expand_compact_lists(&req.compact_ciphertext_lists, &mut state, &public_params)
+                .is_err()
+            {
                 return SyncComputeResponse {
                     resp: Some(Resp::Error(SyncComputeError::BadInputList.into())),
                 };
@@ -129,7 +134,9 @@ impl FhevmExecutor for FhevmExecutorService {
 
 impl FhevmExecutorService {
     fn new() -> Self {
-        FhevmExecutorService {}
+        FhevmExecutorService {
+            keys: SerializedFhevmKeys::load_from_disk().into(),
+        }
     }
 
     #[allow(dead_code)]
@@ -157,9 +164,10 @@ impl FhevmExecutorService {
     fn expand_compact_lists(
         lists: &Vec<Vec<u8>>,
         state: &mut ComputationState,
+        public_params: &CompactPkePublicParams,
     ) -> Result<(), FhevmError> {
         for list in lists {
-            let cts = try_expand_ciphertext_list(&list)?;
+            let cts = try_expand_ciphertext_list(&list, &public_params)?;
             let list_hash: Handle = Keccak256::digest(list).to_vec();
             for (i, ct) in cts.iter().enumerate() {
                 let mut handle = list_hash.clone();

diff --git a/fhevm-engine/fhevm-engine-common/Cargo.toml b/fhevm-engine/fhevm-engine-common/Cargo.toml
@@ -4,9 +4,9 @@ version = "0.1.0"
 edition = "2021"
 
 [target.'cfg(target_arch = "x86_64")'.dependencies]
-tfhe = { version = "0.8.0", features = ["boolean", "shortint", "integer", "x86_64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
+tfhe = { version = "0.8.2", features = ["boolean", "shortint", "integer", "x86_64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
 [target.'cfg(target_arch = "aarch64")'.dependencies]
-tfhe = { version = "0.8.0", features = ["boolean", "shortint", "integer", "aarch64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
+tfhe = { version = "0.8.2", features = ["boolean", "shortint", "integer", "aarch64-unix", "zk-pok", "experimental-force_fft_algo_dif4"] }
 
 [dependencies]
 sha3.workspace = true

diff --git a/fhevm-engine/fhevm-engine-common/src/keys.rs b/fhevm-engine/fhevm-engine-common/src/keys.rs
@@ -1,24 +1,31 @@
-use std::fs::read;
+use std::{fs::read, sync::Arc};
 
 use tfhe::{
     generate_keys, set_server_key,
-    shortint::parameters::{
-        list_compression::COMP_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64,
-        PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64,
+    shortint::{
+        parameters::{
+            list_compression::COMP_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64,
+            CompressionParameters, PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64,
+        },
+        ClassicPBSParameters,
     },
     zk::{CompactPkeCrs, CompactPkePublicParams},
     ClientKey, CompactPublicKey, ConfigBuilder, ServerKey,
 };
 
 use crate::utils::{safe_deserialize_key, safe_serialize_key};
 
+pub const TFHE_PARAMS: ClassicPBSParameters = PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64;
+pub const TFHE_COMPRESSION_PARAMS: CompressionParameters =
+    COMP_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64;
+
 pub const MAX_BITS_TO_PROVE: usize = 2048;
 
 pub struct FhevmKeys {
     pub server_key: ServerKey,
     pub client_key: Option<ClientKey>,
     pub compact_public_key: CompactPublicKey,
-    pub public_params: CompactPkePublicParams,
+    pub public_params: Arc<CompactPkePublicParams>,
 }
 
 pub struct SerializedFhevmKeys {
@@ -31,18 +38,17 @@ pub struct SerializedFhevmKeys {
 impl FhevmKeys {
     pub fn new() -> Self {
         println!("Generating keys...");
-        let config =
-            ConfigBuilder::with_custom_parameters(PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64)
-                .enable_compression(COMP_PARAM_MESSAGE_2_CARRY_2_KS_PBS_TUNIFORM_2M64)
-                .build();
+        let config = ConfigBuilder::with_custom_parameters(TFHE_PARAMS)
+            .enable_compression(TFHE_COMPRESSION_PARAMS)
+            .build();
         let (client_key, server_key) = generate_keys(config);
         let compact_public_key = CompactPublicKey::new(&client_key);
         let crs = CompactPkeCrs::from_config(config, MAX_BITS_TO_PROVE).expect("CRS creation");
         FhevmKeys {
             server_key,
             client_key: Some(client_key),
             compact_public_key,
-            public_params: crs.public_params().clone(),
+            public_params: Arc::new(crs.public_params().clone()),
         }
     }
 
@@ -98,7 +104,7 @@ impl From<FhevmKeys> for SerializedFhevmKeys {
             server_key: safe_serialize_key(&f.server_key),
             client_key: f.client_key.map(|c| safe_serialize_key(&c)),
             compact_public_key: safe_serialize_key(&f.compact_public_key),
-            public_params: safe_serialize_key(&f.public_params),
+            public_params: safe_serialize_key(f.public_params.as_ref()),
         }
     }
 }
@@ -112,8 +118,9 @@ impl From<SerializedFhevmKeys> for FhevmKeys {
                 .map(|c| safe_deserialize_key(&c).expect("deserialize client key")),
             compact_public_key: safe_deserialize_key(&f.compact_public_key)
                 .expect("deserialize compact public key"),
-            public_params: safe_deserialize_key(&f.public_params)
-                .expect("deserialize public params"),
+            public_params: Arc::new(
+                safe_deserialize_key(&f.public_params).expect("deserialize public params"),
+            ),
         }
     }
 }