docs(common): update architecture content (#350)

Author: immortal-tofu

docs/protocol/SUMMARY.md

@@ -3,6 +3,7 @@
 ## Protocol
 
 - [FHE on Blockchain](architecture/overview.md)
+  - [FHE library](architecture/library.md)
   - [Coprocessor](architecture/coprocessor.md)
   - [Gateway](architecture/gateway.md)
   - [KMS](architecture/kms.md)

docs/protocol/architecture/coprocessor.md

@@ -1,25 +1,107 @@
 # Coprocessor
 
-The coprocessor is the compute engine of FHEVM, designed to handle resource-intensive homomorphic operations.
+The Coprocessor is the FHEVM protocol’s off-chain computation engine. It performs the heavy cryptographic
+operations—specifically, fully homomorphic encryption (FHE) computations—on behalf of smart contracts that operate on
+encrypted data. Acting as a decentralized compute layer, the coprocessor bridges symbolic on-chain logic with real-world
+encrypted execution.
 
-### **Key functions**:
+It works in tandem with the Gateway, verifying encrypted inputs, executing FHE instructions, and maintaining
+synchronization of access permissions.
 
-1. **Execution**: Performs encrypted operations (e.g., _add_, _mul_) on ciphertexts using the evaluation key.
-2. **Ciphertext management**: Stores and retrieves ciphertexts securely in an off-chain database. Only handles are
-   returned on-chain.
+## What is the Coprocessor?
 
-## **Computation**
+The Coprocessor is an off-chain service that:
 
-Encrypted computations are performed using the **evaluation key** on the coprocessor.
+- Listens to events emitted by host chains and the Gateway.
+- Executes FHE computations (`add`, `mul`, `div`, `cmp`, etc.) on ciphertexts.
+- Validates encrypted inputs and ZK proofs of correctness.
+- Maintains and updates a replica of the host chain’s Access Control Lists (ACLs).
+- Stores and serves encrypted data for decryption or bridging.
 
-- **How it works**:
-  1. The smart contract emits FHE operation events as symbolic instructions.
-  2. These events are picked up by the coprocessor, which evaluates each operation individually using the evaluation
-     key, without ever decrypting the data.
-  3. The resulting ciphertext is persisted in the coprocessor database, while only a handle is returned on-chain.
-- **Data flow**:
-  - **Source**: Blockchain smart contracts (via symbolic execution).
-  - **Processing**: Coprocessor (using the evaluation key).
-  - **Destination**: Blockchain (updated ciphertexts).
+Each coprocessor independently executes tasks and publishes verifiable results, enabling a publicly auditable and
+horizontally scalable confidential compute infrastructure .
 
-<figure><img src="../.gitbook/assets/computation.png" alt="computation"><figcaption></figcaption></figure>
+## Responsibilities of the Coprocessor
+
+### Encrypted Input Verification
+
+When users submit encrypted values to the Gateway, each coprocessor:
+
+- Verifies the associated Zero-Knowledge Proof of Knowledge (ZKPoK).
+- Extracts and unpacks individual ciphertexts from a packed submission.
+- Stores the ciphertexts under derived handles.
+- Signs the verified handles, embedding user and contract metadata.
+- Sends the signed data back to the Gateway for consensus.
+
+This ensures only valid, well-formed encrypted values enter the system .
+
+### FHE Computation Execution
+
+When a smart contract executes a function over encrypted values, the on-chain logic emits symbolic computation events.
+Each coprocessor:
+
+- Reads these events from the host chain node it runs.
+- Fetches associated ciphertexts from its storage.
+- Executes the required FHE operations using the TFHE-rs library (e.g., add, mul, select).
+- Stores the resulting ciphertext under a deterministically derived handle.
+- Optionally publishes a commitment (digest) of the ciphertext to the Gateway for verifiability.
+
+This offloads expensive computation from the host chain while maintaining full determinism and auditability .
+
+### ACL Replication
+
+Coprocessors replicate the Access Control List (ACL) logic from host contracts. They:
+
+- Listen to Allowed and AllowedForDecryption events.
+- Push updates to the Gateway.
+
+This ensures decentralized enforcement of access rights, enabling proper handling of decryptions, bridges, and contract
+interactions .
+
+### Ciphertext Commitment
+
+To ensure verifiability and mitigate misbehavior, each coprocessor:
+
+- Commits to ciphertext digests (via hash) when processing Allowed events.
+- Publishes these commitments to the Gateway.
+- Enables external verification of FHE computations.
+
+This is essential for fraud-proof mechanisms and eventual slashing of malicious or faulty operators .
+
+### Bridging & Decryption Support
+
+Coprocessors assist in:
+
+- Bridging encrypted values between host chains by generating new handles and signatures.
+- Preparing ciphertexts for public and user decryption using operations like Switch-n-Squash to normalize ciphertexts
+  for the KMS.
+
+These roles help maintain cross-chain interoperability and enable privacy-preserving data access for users and smart
+contracts .
+
+## Security and Trust Assumptions
+
+Coprocessors are designed to be minimally trusted and publicly verifiable. Every FHE computation or input verification
+they perform is accompanied by a cryptographic commitment (hash digest) and a signature, allowing anyone to
+independently verify correctness.
+
+The protocol relies on a majority-honest assumption: as long as more than 50% of coprocessors are honest, results are
+valid. The Gateway aggregates responses and accepts outputs only when a majority consensus is reached.
+
+To enforce honest behavior, coprocessors must stake $ZAMA tokens and are subject to slashing if caught
+misbehaving—either through automated checks or governance-based fraud proofs.
+
+This model ensures correctness through transparency, resilience through decentralization, and integrity through economic
+incentives.
+
+## Architecture & Scalability
+
+The coprocessor architecture includes:
+
+- Event listeners for host chains and the Gateway
+- A task queue for FHE and ACL update jobs
+- Worker threads that process tasks in parallel
+- A public storage layer (e.g., S3) for ciphertext availability
+
+This modular setup supports horizontal scaling: adding more workers or machines increases throughput. Symbolic
+computation and delayed execution also ensure low gas costs on-chain .

docs/protocol/architecture/gateway.md

@@ -1,12 +1,87 @@
 # Gateway
 
-The Gateway acts as the communication hub between the blockchain, the coprocessor, the KMS, and user-facing
-applications.
+The Gateway is a central orchestrator within Zama’s FHEVM protocol, playing a critical role in enabling secure,
+composable, and confidential smart contracts across multiple blockchains. It coordinates interactions between users,
+host chains, coprocessors, and the Key Management Service (KMS), ensuring that encrypted data flows securely and
+correctly through the system.
 
-### **Key functions**:
+## What is the Gateway?
 
-- **API for developers**: Exposes endpoints to submit encrypted inputs, request decryption, and manage user decryption.
-- **Proof validation**: Forwards ZKPoKs to the Coprocessor for verification.
-- **Off-chain coordination**: Handles smart contract and user decryption workflows in a verifiable and secure manner.
+The Gateway is a specialized blockchain component (implemented as an Arbitrum rollup) responsible for managing:
 
-The Gateway abstracts complex cryptographic flows, simplifying developer integration.
+- Validation of encrypted inputs from users and applications.
+- Bridging of encrypted ciphertexts across different blockchains.
+- Decryption orchestration via KMS nodes.
+- Consensus enforcement among decentralized coprocessors.
+- Staking and reward distribution to operators participating in FHE computations.
+
+It is designed to be trust-minimized: computations are independently verifiable, and no sensitive data or decryption
+keys are stored on the Gateway itself.
+
+## Responsibilities of the Gateway
+
+### Encrypted Input Validation
+
+The Gateway ensures that encrypted values provided by users are well-formed and valid. It does this by:
+
+- Accepting encrypted inputs along with Zero-Knowledge Proofs of Knowledge (ZKPoKs).
+- Emitting verification events for coprocessors to validate.
+- Aggregating signatures from a majority of coprocessors to generate attestations, which can then be used on-chain as
+  trusted external values.
+
+### Access Control Coordination
+
+The Gateway maintains a synchronized copy of Access Control Lists (ACLs) from host chains, enabling it to independently
+determine if decryption or computation rights should be granted for a ciphertext. This helps enforce:
+
+- Access permissions (allow)
+- Public decryption permissions (allowForDecryption)
+
+These ACL updates are replicated by coprocessors and pushed to the Gateway for verification and enforcement.
+
+### Decryption Orchestration
+
+When a smart contract or user requests the decryption of an encrypted value:
+
+1. The Gateway verifies ACL permissions.
+2. It then triggers the KMS to decrypt (either publicly or privately).
+3. Once the KMS returns signed results, the Gateway emits events that can be picked up by an oracle (for smart contract
+   decryption) or returned to the user (for private decryption).
+
+This ensures asynchronous, secure, and auditable decryption without the Gateway itself knowing the plaintext.
+
+### Cross-Chain Bridging
+
+The Gateway also handles bridging of encrypted handles between host chains. It:
+
+- Verifies access rights on the source chain using its ACL copy.
+- Requests the coprocessors to compute new handles for the target chain.
+- Collects signatures from coprocessors.
+
+Issues attestations allowing these handles to be used on the destination chain.
+
+### Consensus and Slashing Enforcement
+
+The Gateway enforces consensus across decentralized coprocessors and KMS nodes. If discrepancies occur:
+
+- Coprocessors must provide commitments to ciphertexts.
+- Fraudulent or incorrect behavior can be challenged and slashed.
+- Governance mechanisms can be triggered for off-chain verification when necessary.
+
+### Protocol Administration
+
+The Gateway runs smart contracts that administer:
+
+- Operator and participant registration (coprocessors, KMS nodes, host chains)
+- Key management and rotation
+- Bridging logic
+- Input validation and decryption workflows
+
+## Security and Trust Assumptions
+
+The Gateway is designed to operate without requiring trust:
+
+- It does not perform any computation itself—it merely orchestrates and validates.
+- All actions are signed, and cryptographic verification is built into every step.
+
+The protocol assumes no trust in the Gateway for security guarantees—it can be fully audited and replaced if necessary.

docs/protocol/architecture/hostchain.md

@@ -1,22 +1,58 @@
-# Host chain
+# Host contracts
 
-FHEVM smart contracts are Solidity contracts that interact with encrypted values through symbolic execution.
+## What Are Host Contracts?
 
-### **Symbolic execution in Solidity**
+Host contracts are smart contracts deployed on any supported blockchain (EVM or non-EVM) that act as trusted bridges
+between on-chain applications and the FHEVM protocol. They serve as the minimal and foundational interface that
+confidential smart contracts use to:
 
-- **Handles**: Smart contract operations return handles (references to ciphertexts), rather than directly manipulating
-  encrypted data.
-- **Lazy Execution**: Actual computation is done off-chain by the coprocessor after the contract emits symbolic
-  instructions.
+- Interact with encrypted data (handles)
+- Perform access control operations
+- Emit events for the off-chain components (coprocessors, Gateway)
 
-This allows efficient, gas-minimized interaction with encrypted data, while preserving EVM compatibility.
+These host contracts are used indirectly by developers via the FHEVM Solidity library, abstracting away complexity and
+integrating smoothly into existing workflows.
 
-### **Zero-Knowledge proofs of knowledge (ZKPoKs)**
+## Responsibilities of Host Contracts
 
-FHEVM incorporates ZKPoKs to verify the correctness of encrypted inputs and outputs:
+### Trusted Interface Layer
 
-- **Validation**: ZKPoKs ensure that inputs are correctly formed and correspond to known plaintexts without revealing
-  sensitive data.
-- **Integrity**: They prevent misuse of ciphertexts and ensure the correctness of computations.
+Host contracts are the only on-chain components that:
 
-By combining symbolic execution and ZKPoKs, FHEVM smart contracts maintain both privacy and verifiability.
+- Maintain and enforce Access Control Lists (ACLs) for ciphertexts.
+- Emit events that trigger coprocessor execution.
+- Validate access permissions (persistent, transient, or decryption-related).
+
+They are effectively the on-chain authority for:
+
+- Who is allowed to access a ciphertext
+- When and how they can use it
+- These ACLs are mirrored on the Gateway for off-chain enforcement and bridging.
+
+### Access Control API
+
+Host contracts expose access control logic via standardized function calls (wrapped by the FHEVM library):
+
+- `allow(handle, address)`: Grants persistent access.
+- `allowTransient(handle, address)`: Grants temporary access for a single transaction.
+- `allowForDecryption(handle)`: Marks a handle as publicly decryptable.
+- `isAllowed(handle, address)`: Returns whether a given address has access.
+- `isSenderAllowed(handle)`: Checks if msg.sender is allowed to use a handle.
+
+They also emit:
+
+- `Allowed(handle, address)`
+- `AllowedForDecryption(handle)`
+
+These events are crucial for triggering coprocessor state updates and ensuring proper ACL replication to the Gateway.
+
+### Security Role
+
+Although the FHE computation happens off-chain, host contracts play a critical role in protocol security by:
+
+- Enforcing ACL-based gating
+- Ensuring only authorized contracts and users can decrypt or use a handle
+- Preventing misuse of encrypted data (e.g., computation without access)
+
+Access attempts without proper authorization are rejected at the smart contract level, protecting both the integrity of
+confidential operations and user privacy.