feat(common): keygen (#937)

* feat(common): support keygen via gateway contracts

Author: rudy-6-4

.github/workflows/coprocessor-cargo-clippy.yml

@@ -82,6 +82,8 @@ jobs:
       run: |
         # For now, only specify the `bench latency throughput` features as the
         # other ones require specific dependencies (e.g. GPU, etc.).
+        SQLX_OFFLINE=true cargo clippy -p host-listener --all-targets \
+          -- -W clippy::perf -W clippy::suspicious -W clippy::style -D warnings
         SQLX_OFFLINE=true cargo clippy --all-targets --features "bench latency throughput" \
           -- -W clippy::perf -W clippy::suspicious -W clippy::style -D warnings
       working-directory: coprocessor/fhevm-engine

.github/workflows/gateway-contracts-deployment-tests.yml

@@ -95,6 +95,34 @@ jobs:
             echo "Host chain registration completed successfully with expected completion message"
           fi
 
+          ## Check key generation triggering
+          timeout 300s bash -c 'while docker ps --filter "name=trigger-keygen" --format "{{.Status}}" | grep -q "Up"; do sleep 5; done'
+          docker compose logs trigger-keygen > keygen_logs.txt
+          EXIT_CODE_KEYGEN=$(docker inspect --format='{{.State.ExitCode}}' trigger-keygen)
+          if [ "$EXIT_CODE_KEYGEN" -ne 0 ]; then
+            echo "Key generation triggering failed with exit code $EXIT_CODE_KEYGEN"
+            exit 1
+          elif ! grep -q "Keygen triggering done!" keygen_logs.txt; then
+            echo "Key generation triggering did not complete successfully - 'Keygen triggering done!' message not found in logs"
+            exit 1
+          else
+            echo "Key generation triggering completed successfully with expected completion message"
+          fi
+
+          ## Check CRS generation triggering
+          timeout 300s bash -c 'while docker ps --filter "name=trigger-crsgen" --format "{{.Status}}" | grep -q "Up"; do sleep 5; done'
+          docker compose logs trigger-crsgen > crsgen_logs.txt
+          EXIT_CODE_CRSGEN=$(docker inspect --format='{{.State.ExitCode}}' trigger-crsgen)
+          if [ "$EXIT_CODE_CRSGEN" -ne 0 ]; then
+            echo "CRS generation triggering failed with exit code $EXIT_CODE_CRSGEN"
+            exit 1
+          elif ! grep -q "Crsgen triggering done!" crsgen_logs.txt; then
+            echo "CRS generation triggering did not complete successfully - 'Crsgen triggering done!' message not found in logs"
+            exit 1
+          else
+            echo "CRS generation triggering completed successfully with expected completion message"
+          fi
+
       - name: Clean up
         working-directory: gateway-contracts
         if: always()

.github/workflows/gateway-contracts-upgrade-tests.yml

@@ -48,7 +48,7 @@ jobs:
         with:
           # This version should be updated whenever we release new contract versions or
           # touch a contract upgrade path.
-          ref: v0.8.0-4
+          ref: v0.8.0-6
           path: previous-fhevm
           persist-credentials: 'false'
 
@@ -127,36 +127,38 @@ jobs:
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade GatewayConfig contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeGatewayConfig \
-      #       --current-implementation previous-contracts/GatewayConfig.sol:GatewayConfig \
-      #       --new-implementation contracts/GatewayConfig.sol:GatewayConfig \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade GatewayConfig contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeGatewayConfig \
+            --current-implementation previous-contracts/GatewayConfig.sol:GatewayConfig \
+            --new-implementation contracts/GatewayConfig.sol:GatewayConfig \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade Decryption contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeDecryption \
-      #       --current-implementation previous-contracts/Decryption.sol:Decryption \
-      #       --new-implementation contracts/Decryption.sol:Decryption \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade Decryption contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeDecryption \
+            --current-implementation previous-contracts/Decryption.sol:Decryption \
+            --new-implementation contracts/Decryption.sol:Decryption \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
+      # TODO: We should instead automatically detect if the contract needs to be upgraded
+      #  See https://github.com/zama-ai/fhevm-internal/issues/379
       - name: Upgrade CiphertextCommits contract
         working-directory: current-fhevm/gateway-contracts
         env:
@@ -173,51 +175,51 @@ jobs:
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade InputVerification contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeInputVerification \
-      #       --current-implementation previous-contracts/InputVerification.sol:InputVerification \
-      #       --new-implementation contracts/InputVerification.sol:InputVerification \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade InputVerification contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeInputVerification \
+            --current-implementation previous-contracts/InputVerification.sol:InputVerification \
+            --new-implementation contracts/InputVerification.sol:InputVerification \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
       #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade MultichainACL contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeMultichainACL \
-      #       --current-implementation previous-contracts/MultichainACL.sol:MultichainACL \
-      #       --new-implementation contracts/MultichainACL.sol:MultichainACL \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      - name: Upgrade MultichainACL contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeMultichainACL \
+            --current-implementation previous-contracts/MultichainACL.sol:MultichainACL \
+            --new-implementation contracts/MultichainACL.sol:MultichainACL \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       # TODO: We should instead automatically detect if the contract needs to be upgraded
-      #  See https://github.com/zama-ai/fhevm-internal/issues/379
-      # - name: Upgrade KmsManagement contract
-      #   working-directory: current-fhevm/gateway-contracts
-      #   env:
-      #     DOTENV_CONFIG_PATH: .env
-      #     HARDHAT_NETWORK: staging
-      #     CHAIN_ID_GATEWAY: 54321
-      #     RPC_URL: http://localhost:8546
-      #   run: |
-      #     npx hardhat task:upgradeKmsManagement \
-      #       --current-implementation previous-contracts/KmsManagement.sol:KmsManagement \
-      #       --new-implementation contracts/KmsManagement.sol:KmsManagement \
-      #       --use-internal-proxy-address true \
-      #       --verify-contract false
+      # See https://github.com/zama-ai/fhevm-internal/issues/379
+      - name: Upgrade KMSGeneration contract
+        working-directory: current-fhevm/gateway-contracts
+        env:
+          DOTENV_CONFIG_PATH: .env
+          HARDHAT_NETWORK: staging
+          CHAIN_ID_GATEWAY: 54321
+          RPC_URL: http://localhost:8546
+        run: |
+          npx hardhat task:upgradeKmsGeneration \
+            --current-implementation previous-contracts/KmsGeneration.sol:KmsGeneration \
+            --new-implementation contracts/KmsGeneration.sol:KmsGeneration \
+            --use-internal-proxy-address true \
+            --verify-contract false
 
       - name: Clean up
         working-directory: previous-fhevm/gateway-contracts

.github/workflows/test-suite-e2e-tests.yml

@@ -186,16 +186,19 @@ jobs:
         if: always()
         run: |
           echo "::group::Relayer Logs"
-          ./fhevm-cli logs relayer
+          ./fhevm-cli logs fhevm-relayer
           echo "::endgroup::"
           echo "::group::SNS Worker Logs"
-          ./fhevm-cli logs sns-worker | grep -v "Selected 0 rows to process"
+          ./fhevm-cli logs coprocessor-sns-worker | grep -v "Selected 0 rows to process"
           echo "::endgroup::"
           echo "::group::Transaction Sender Logs (filtered)"
-          ./fhevm-cli logs transaction-sender | grep -v "Selected 0 rows to process"
+          ./fhevm-cli logs coprocessor-transaction-sender | grep -v "Selected 0 rows to process"
           echo "::endgroup::"
           echo "::group::Host Listener"
-          ./fhevm-cli logs host-listener
+          ./fhevm-cli logs coprocessor-host-listener
+          echo "::endgroup::"
+          echo "::group::Gateway Listener"
+          ./fhevm-cli logs coprocessor-gw-listener
           echo "::endgroup::"
 
       - name: Cleanup

charts/kms-connector/Chart.yaml

@@ -1,6 +1,6 @@
 name: kms-connector
 description: A helm chart to distribute and deploy the Zama KMS Connector services
-version: 1.0.0
+version: 1.0.1
 apiVersion: v2
 keywords:
   - fhevm

charts/kms-connector/templates/kms-connector-gw-listener-deployment.yaml

@@ -66,8 +66,8 @@ spec:
               value: {{ .Values.commonConfig.gatewayContractAddresses.decryption | quote }}
             - name: KMS_CONNECTOR_GATEWAY_CONFIG_CONTRACT__ADDRESS
               value: {{ .Values.commonConfig.gatewayContractAddresses.gatewayConfig | quote }}
-            - name: KMS_CONNECTOR_KMS_MANAGEMENT_CONTRACT__ADDRESS
-              value: {{ .Values.commonConfig.gatewayContractAddresses.kmsManagement | quote }}
+            - name: KMS_CONNECTOR_KMS_GENERATION_CONTRACT__ADDRESS
+              value: {{ .Values.commonConfig.gatewayContractAddresses.kmsGeneration | quote }}
           {{- if default .Values.commonConfig.tracing.enabled .Values.kmsConnectorGwListener.tracing.enabled }}
             - name: OTEL_EXPORTER_OTLP_ENDPOINT
               value: {{ .Values.commonConfig.tracing.endpoint }}

charts/kms-connector/templates/kms-connector-kms-worker-deployment.yaml

@@ -66,8 +66,8 @@ spec:
               value: {{ .Values.commonConfig.gatewayContractAddresses.decryption | quote }}
             - name: KMS_CONNECTOR_GATEWAY_CONFIG_CONTRACT__ADDRESS
               value: {{ .Values.commonConfig.gatewayContractAddresses.gatewayConfig | quote }}
-            - name: KMS_CONNECTOR_KMS_MANAGEMENT_CONTRACT__ADDRESS
-              value: {{ .Values.commonConfig.gatewayContractAddresses.kmsManagement | quote }}
+            - name: KMS_CONNECTOR_KMS_GENERATION_CONTRACT__ADDRESS
+              value: {{ .Values.commonConfig.gatewayContractAddresses.kmsGeneration | quote }}
           {{- if default .Values.commonConfig.tracing.enabled .Values.kmsConnectorKmsWorker.tracing.enabled }}
             - name: OTEL_EXPORTER_OTLP_ENDPOINT
               value: {{ .Values.commonConfig.tracing.endpoint }}

charts/kms-connector/templates/kms-connector-tx-sender-deployment.yaml

@@ -66,8 +66,8 @@ spec:
               value: {{ .Values.commonConfig.gatewayContractAddresses.decryption | quote }}
             - name: KMS_CONNECTOR_GATEWAY_CONFIG_CONTRACT__ADDRESS
               value: {{ .Values.commonConfig.gatewayContractAddresses.gatewayConfig | quote }}
-            - name: KMS_CONNECTOR_KMS_MANAGEMENT_CONTRACT__ADDRESS
-              value: {{ .Values.commonConfig.gatewayContractAddresses.kmsManagement | quote }}
+            - name: KMS_CONNECTOR_KMS_GENERATION_CONTRACT__ADDRESS
+              value: {{ .Values.commonConfig.gatewayContractAddresses.kmsGeneration | quote }}
             - name: KMS_CONNECTOR_PRIVATE_KEY
               valueFrom:
                 secretKeyRef:

charts/kms-connector/values.yaml

@@ -5,7 +5,7 @@ commonConfig:
   gatewayContractAddresses:
     decryption: "0xc9bAE822fE6793e3B456144AdB776D5A318CB71e"
     gatewayConfig: "0xeAC2EfFA07844aB326D92d1De29E136a6793DFFA"
-    kmsManagement: "0xF0bFB159C7381F7CB332586004d8247252C5b816"
+    kmsGeneration: "0xF0bFB159C7381F7CB332586004d8247252C5b816"
   tracing:
     enabled: false
     endpoint: "http://otel-deployment-opentelemetry-collector.observability.svc.cluster.local:4317"

coprocessor/README.md

@@ -145,19 +145,17 @@ Options:
 
 ```bash
 $ gw_listener --help
-Usage: gw_listener [OPTIONS] --gw-url <GW_URL> --input-verification-address <INPUT_VERIFICATION_ADDRESS>
+Usage: gw_listener [OPTIONS] --gw-url <GW_URL> --input-verification-address <INPUT_VERIFICATION_ADDRESS> --kms-management-address <KMS_MANAGEMENT_ADDRESS>
 
 Options:
       --database-url <DATABASE_URL>
-          
       --database-pool-size <DATABASE_POOL_SIZE>
           [default: 16]
       --verify-proof-req-database-channel <VERIFY_PROOF_REQ_DATABASE_CHANNEL>
           [default: verify_proof_requests]
       --gw-url <GW_URL>
-          
   -i, --input-verification-address <INPUT_VERIFICATION_ADDRESS>
-          
+      --kms-management-address <KMS_MANAGEMENT_ADDRESS>
       --error-sleep-initial-secs <ERROR_SLEEP_INITIAL_SECS>
           [default: 1]
       --error-sleep-max-secs <ERROR_SLEEP_MAX_SECS>