refactor(coprocessor): remove tenants notion from DB and related code (#1856)

Replace with:
 * keys table - containing FHE keys
 * crs table - containing the CRS
 * host_chains table - containing host chain info

Rationale is:
 * the fact that we now have only one FHE keychain (that can have
   multiple FHE keys)
 * CRS and keys can be changed independently via events from the GW
 * we want to support multiple host chains
 * we want to remove remains of previous design with tenants, IDs,
   tenant API keys, etc.

We also simplify code where it no longer needs tenants, chain IDs, etc.

Co-authored-by: Oba <obatirou@gmail.com>

Author: dartdart26

.devcontainer/post_create_command.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 
 # Package manager dependencies.
 sudo apt update
-sudo apt install -y protobuf-compiler build-essential libssl-dev pkg-config openssl vim git-lfs
+sudo apt install -y protobuf-compiler build-essential libssl-dev pkg-config openssl vim git-lfs postgresql-client cmake
 
 # Cargo dependencies.
 cargo install sqlx-cli

.github/workflows/test-suite-e2e-tests.yml

@@ -241,6 +241,12 @@ jobs:
           echo "::group::Gateway Listener"
           ./fhevm-cli logs coprocessor-gw-listener
           echo "::endgroup::"
+          echo "::group::ZKProof Worker"
+          ./fhevm-cli logs coprocessor-zkproof-worker
+          echo "::endgroup::"
+          echo "::group::TFHE Worker"
+          ./fhevm-cli logs coprocessor-tfhe-worker
+          echo "::endgroup::"
 
       - name: Cleanup
         working-directory: test-suite/fhevm

charts/coprocessor/Chart.yaml

@@ -1,6 +1,6 @@
 name: coprocessor
 description: A helm chart to distribute and deploy Zama fhevm Co-Processor services
-version: 0.7.13
+version: 0.8.0
 apiVersion: v2
 keywords:
   - fhevm

charts/coprocessor/templates/coprocessor-init-config.yaml

@@ -12,14 +12,6 @@ data:
   create-secrets.sh: |
     #!/bin/sh
     set -e
-    API_KEY_SECRET_NAME="{{ .Values.config.apiKey.secret.name }}"
-    API_KEY_SECRET_KEY="{{ .Values.config.apiKey.secret.key }}"
-    if ! kubectl get secret ${API_KEY_SECRET_NAME}; then
-      COPROCESSOR_API_KEY_VALUE=$(uuidgen)
-      kubectl create secret generic ${API_KEY_SECRET_NAME} --from-literal ${API_KEY_SECRET_KEY}=${COPROCESSOR_API_KEY_VALUE}
-    else
-      echo "skipping: secret ${API_KEY_SECRET_NAME} already exists" 2>&1
-    fi
     apk update && apk add openssl
     COPROCESSOR_KEY_SECRET_NAME="{{ .Values.config.coprocessorKey.secret.name }}"
     COPROCESSOR_KEY_SECRET_KEY="{{ .Values.config.coprocessorKey.secret.key }}"

charts/coprocessor/values.yaml

@@ -30,12 +30,6 @@ config:
       name: coprocessor-key
       key: coprocessor.hex
 
-  # API key for tenant authentication
-  apiKey:
-    secret:
-      name: coprocessor-api-key
-      key: coprocessor-api-key
-
   # Database connection configuration
   database:
     secret:
@@ -82,11 +76,6 @@ dbMigration:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   serviceAccountName:
 
@@ -130,16 +119,10 @@ hostListener:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for the host listener
   args:
     - --database-url=$(DATABASE_URL)
-    - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=$(ETHEREUM_RPC_URL)
     - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
     - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
@@ -235,17 +218,11 @@ hostListenerPoller:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for the host listener poller
   args:
     ### Required parameters
     - --database-url=$(DATABASE_URL)
-    - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=$(ETHEREUM_RPC_HTTP_URL)
     - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
     - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
@@ -340,17 +317,11 @@ hostListenerCatchupOnly:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for the host listener catchup only mode
   # NOTE: --only-catchup-loop requires --end-at-block to be set
   args:
     - --database-url=$(DATABASE_URL)
-    - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=$(ETHEREUM_RPC_URL)
     - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
     - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
@@ -535,15 +506,8 @@ tfheWorker:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
     - name: ACL_CONTRACT_ADDRESS
       value: "0x05fD9B5EFE0a996095f42Ed7e77c390810CF660c"
-    - name: INPUT_VERIFIER_ADDRESS
-      value: "0xa1880e99d86F081E8D3868A8C4732C8f65dfdB11"
 
   # Command line arguments for TFHE worker
   args:
@@ -552,7 +516,7 @@ tfheWorker:
     - --worker-polling-interval-ms=10000
     - --work-items-batch-size=100  # scheduling changed
     - --dependence-chains-per-batch=100  # Deprecated. To be removed in a future release.
-    - --tenant-key-cache-size=32
+    - --key-cache-size=32
     - --coprocessor-fhe-threads=64  # scheduling changed
     - --tokio-threads=16  # scheduling changed
     - --pg-pool-max-connections=10
@@ -794,16 +758,10 @@ snsWorker:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for SNS worker
   args:
     - --database-url=$(DATABASE_URL)
-    - --tenant-api-key=$(TENANT_API_KEY)
     - --pg-listen-channels
     - event_pbs_computations
     - event_ciphertext_computed

coprocessor/docs/getting_started/fhevm/coprocessor/configuration.md

@@ -2,27 +2,6 @@
 
 ## Coprocessor Backend
 
-### Database
-Some settings of the Coprocessor backend are configured by inserting entries in the PostgreSQL DB.
-
-At the time of writing, we don't have a tool or automation for doing the configuration. The DB schema can be used as a reference, though: [schema](../../../../fhevm-engine/coprocessor/migrations/20240722111257_coprocessor.sql).
-
-The `tenants` table contains a list of tenants that are using the Coprocessor backend. A tenant could be thought of as a separate blockchain (or a separate FHE key, i.e. using multiple FHE keys on a blockchain). The fields in `tenants` are:
-
-| Field                      | Description                                        |
-| -------------------------- | -------------------------------------------------- |
-| tenant_id                  | unique tenant identifier                           |
-| tenant_api_key             | an API key that authenticates access to the server |
-| chain_id                   | the chain ID of the chain this tenant operates on  |
-| verifying_contract_address | address of the InputVerifier contract              |
-| acl_contract_address       | address of the ACL contract                        |
-| pks_key                    | a serialization of the FHE public key              |
-| sks_key                    | a serialization of the FHE server key              |
-| public_params              | a serialization of the CRS public params           |
-| cks_key                    | optional secret FHE key, for debugging only        |
-| is_admin                   | if tenant is an administrator                      |
-
-
 ### Command Line
 
 You can use the `--help` command line switch on the coprocessor to get a help screen as follows: