refactor(coprocessor): remove tenants notion from DB and related code

Replace with:
 * keys table - containing FHE keys
 * crs table - containing the CRS
 * host_chains table - containing host chain info

Rationale is:
 * the fact that we now have only one FHE keychain (that can have
   multiple FHE keys)
 * CRS and keys can be changed independently via events from the GW
 * we want to support multiple host chains
 * we want to remove remains of previous design with tenants, IDs,
   tenant API keys, etc.

We also simplify code where it no longer needs tenants, chain IDs, etc.

Author: dartdart26

.devcontainer/post_create_command.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 
 # Package manager dependencies.
 sudo apt update
-sudo apt install -y protobuf-compiler build-essential libssl-dev pkg-config openssl vim git-lfs
+sudo apt install -y protobuf-compiler build-essential libssl-dev pkg-config openssl vim git-lfs postgresql-client
 
 # Cargo dependencies.
 cargo install sqlx-cli

charts/coprocessor/values.yaml

@@ -30,12 +30,6 @@ config:
       name: coprocessor-key
       key: coprocessor.hex
 
-  # API key for tenant authentication
-  apiKey:
-    secret:
-      name: coprocessor-api-key
-      key: coprocessor-api-key
-
   # Database connection configuration
   database:
     secret:
@@ -82,11 +76,13 @@ dbMigration:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
+    # KMS public key URLs for cryptographic setup
+    - name: PKS_URL
+      value: "http://minio:9000/kms-public/kms/PUB/PublicKey/d74037feb1394aec0eb724afc4a690e16a0203eb1dc868de08179f2e4828f335"
+    - name: SKS_URL
+      value: "http://minio:9000/kms-public/kms/PUB/ServerKey/812b602c11693dda4bfa68db78269849972b6f1920a725a98fc78cf619a6ab5f"
+    - name: PP_URL
+      value: "http://minio:9000/kms-public/kms/PUB/CRS/e4e3f0deef6492bde2fac3f2c698112ace878d4a3656b272197ed332391c48fa"
 
   serviceAccountName:
 
@@ -130,16 +126,10 @@ hostListener:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for the host listener
   args:
     - --database-url=$(DATABASE_URL)
-    - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=$(ETHEREUM_RPC_URL)
     - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
     - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
@@ -235,17 +225,11 @@ hostListenerPoller:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for the host listener poller
   args:
     ### Required parameters
     - --database-url=$(DATABASE_URL)
-    - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=$(ETHEREUM_RPC_HTTP_URL)
     - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
     - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
@@ -340,17 +324,11 @@ hostListenerCatchupOnly:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for the host listener catchup only mode
   # NOTE: --only-catchup-loop requires --end-at-block to be set
   args:
     - --database-url=$(DATABASE_URL)
-    - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=$(ETHEREUM_RPC_URL)
     - --acl-contract-address=$(ACL_CONTRACT_ADDRESS)
     - --tfhe-contract-address=$(FHEVM_EXECUTOR_CONTRACT_ADDRESS)
@@ -535,11 +513,6 @@ tfheWorker:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
     - name: ACL_CONTRACT_ADDRESS
       value: "0x05fD9B5EFE0a996095f42Ed7e77c390810CF660c"
     - name: INPUT_VERIFIER_ADDRESS
@@ -794,16 +767,10 @@ snsWorker:
         secretKeyRef:
           name: coprocessor-db-url
           key: coprocessor-db-url
-    - name: TENANT_API_KEY
-      valueFrom:
-        secretKeyRef:
-          name: coprocessor-api-key
-          key: coprocessor-api-key
 
   # Command line arguments for SNS worker
   args:
     - --database-url=$(DATABASE_URL)
-    - --tenant-api-key=$(TENANT_API_KEY)
     - --pg-listen-channels
     - event_pbs_computations
     - event_ciphertext_computed

coprocessor/docs/getting_started/fhevm/coprocessor/configuration.md

@@ -2,27 +2,6 @@
 
 ## Coprocessor Backend
 
-### Database
-Some settings of the Coprocessor backend are configured by inserting entries in the PostgreSQL DB.
-
-At the time of writing, we don't have a tool or automation for doing the configuration. The DB schema can be used as a reference, though: [schema](../../../../fhevm-engine/coprocessor/migrations/20240722111257_coprocessor.sql).
-
-The `tenants` table contains a list of tenants that are using the Coprocessor backend. A tenant could be thought of as a separate blockchain (or a separate FHE key, i.e. using multiple FHE keys on a blockchain). The fields in `tenants` are:
-
-| Field                      | Description                                        |
-| -------------------------- | -------------------------------------------------- |
-| tenant_id                  | unique tenant identifier                           |
-| tenant_api_key             | an API key that authenticates access to the server |
-| chain_id                   | the chain ID of the chain this tenant operates on  |
-| verifying_contract_address | address of the InputVerifier contract              |
-| acl_contract_address       | address of the ACL contract                        |
-| pks_key                    | a serialization of the FHE public key              |
-| sks_key                    | a serialization of the FHE server key              |
-| public_params              | a serialization of the CRS public params           |
-| cks_key                    | optional secret FHE key, for debugging only        |
-| is_admin                   | if tenant is an administrator                      |
-
-
 ### Command Line
 
 You can use the `--help` command line switch on the coprocessor to get a help screen as follows:

coprocessor/fhevm-engine/db-migration/describe_table.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+TABLE_NAME="$1"
+
+psql $DATABASE_URL -P pager=off -c "\d+ $TABLE_NAME"

coprocessor/fhevm-engine/db-migration/migrations/20260128095635_remove_tenants.sql

@@ -0,0 +1,100 @@
+BEGIN;
+
+-- Create the keys table.
+ALTER TABLE tenants RENAME TO keys;
+
+-- Enforce that keys (or what we called tenants) has zero or one row.
+DO $$
+BEGIN
+    IF (SELECT COUNT(*) FROM keys) > 1 THEN
+        RAISE EXCEPTION 'Expected zero or one row in keys table, but found %', (SELECT COUNT(*) FROM keys);
+    END IF;
+END $$;
+
+ALTER TABLE keys DROP COLUMN tenant_api_key;
+ALTER TABLE keys DROP COLUMN is_admin;
+ALTER TABLE keys DROP COLUMN sns_sk;
+ALTER TABLE keys DROP COLUMN verifying_contract_address;;
+
+-- key_id contains the key ID from the server key metadata (that is used in ciphertext metadata).
+ALTER TABLE keys ALTER COLUMN key_id SET NOT NULL;
+-- The current key_id for the existing key is empty.
+UPDATE keys SET key_id = ''::BYTEA;
+ALTER TABLE keys ADD CONSTRAINT unique_key_id UNIQUE (key_id);
+
+--key_id_gw contains the key ID from the GW event (that could be different from key_id).
+ALTER TABLE keys ADD column key_id_gw BYTEA NOT NULL;
+ALTER TABLE keys ADD CONSTRAINT unique_key_id_gw UNIQUE (key_id_gw);
+
+ALTER TABLE keys ADD COLUMN created_at TIMESTAMPTZ NOT NULL DEFAULT NOW();
+
+-- Split CRS from keys.
+CREATE TABLE crs (
+    -- The sequence number to identify the latest CRS.
+    sequence_number BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
+    crs_id BYTEA NOT NULL,
+    crs BYTEA NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    CONSTRAINT unique_crs_id UNIQUE (crs_id)
+);
+
+-- Move CRS from keys to crs.
+INSERT INTO crs (crs_id, crs)
+    SELECT ''::BYTEA, public_params FROM keys;
+ALTER TABLE keys DROP COLUMN public_params;
+
+-- Host chains.
+CREATE TABLE host_chains (
+    chain_id BIGINT PRIMARY KEY NOT NULL CHECK (chain_id > 0),
+    name TEXT NOT NULL,
+    acl_contract_address TEXT NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+-- Move ACL contract address.
+INSERT INTO host_chains (chain_id, name, acl_contract_address)
+    SELECT chain_id, 'ethereum', acl_contract_address FROM keys;
+ALTER TABLE keys DROP COLUMN acl_contract_address;
+
+
+-- allowed_handles.tenant_id no longer needed.
+ALTER TABLE allowed_handles DROP COLUMN tenant_id;
+ALTER TABLE allowed_handles ADD PRIMARY KEY (handle, account_address);
+
+-- input_blobs.tenant_id no longer needed.
+ALTER TABLE input_blobs DROP CONSTRAINT input_blobs_pkey;
+ALTER TABLE input_blobs DROP COLUMN tenant_id;
+ALTER TABLE input_blobs ADD PRIMARY KEY (blob_hash);
+
+-- ciphertext_digest.tenant_id no longer needed. Instead, put the host_chain_id there directly.
+ALTER TABLE ciphertext_digest ADD COLUMN host_chain_id BIGINT DEFAULT NULL;
+UPDATE ciphertext_digest SET host_chain_id = (SELECT chain_id FROM keys WHERE tenant_id = ciphertext_digest.tenant_id);
+ALTER TABLE ciphertext_digest ALTER COLUMN host_chain_id SET NOT NULL;
+ALTER TABLE ciphertext_digest ADD CONSTRAINT ciphertext_digest_host_chain_id_positive CHECK (host_chain_id > 0);
+ALTER TABLE ciphertext_digest DROP COLUMN tenant_id;
+ALTER TABLE ciphertext_digest ADD PRIMARY KEY (handle);
+ALTER TABLE ciphertext_digest ADD COLUMN key_id BYTEA NOT NULL; -- TODO for the future is to make this an index
+
+-- ciphertexts.tenant_id no longer needed.
+ALTER TABLE ciphertexts DROP CONSTRAINT ciphertexts_pkey;
+ALTER TABLE ciphertexts DROP COLUMN tenant_id;
+ALTER TABLE ciphertexts ADD PRIMARY KEY (handle, ciphertext_version);
+
+-- computations.tenant_id no longer needed.
+ALTER TABLE computations DROP CONSTRAINT computations_pkey;
+DROP INDEX IF EXISTS idx_computations_pk;
+ALTER TABLE computations DROP COLUMN tenant_id;
+ALTER TABLE computations ADD PRIMARY KEY (output_handle, transaction_id);
+
+-- pbs_computations.tenant_id no longer needed.
+ALTER TABLE pbs_computations DROP CONSTRAINT pbs_computations_pkey;
+ALTER TABLE pbs_computations DROP COLUMN tenant_id;
+ALTER TABLE pbs_computations ADD PRIMARY KEY (handle);
+
+-- We can now safely drop tenant_id and chain_id from keys.
+ALTER TABLE keys DROP COLUMN tenant_id;
+ALTER TABLE keys DROP COLUMN chain_id;
+-- The sequence_number can be used to identify the latest key.
+ALTER TABLE keys ADD COLUMN sequence_number BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY;
+
+COMMIT;

coprocessor/fhevm-engine/fhevm-engine-common/src/crs.rs

@@ -0,0 +1,42 @@
+use anyhow::Result;
+use sqlx::{PgPool, Row};
+use std::sync::Arc;
+use tfhe::zk::CompactPkeCrs;
+
+use crate::utils::safe_deserialize_key;
+
+pub type CrsId = Vec<u8>;
+
+#[derive(Clone)]
+pub struct Crs {
+    pub crs_id: CrsId,
+    pub crs: CompactPkeCrs,
+}
+
+#[derive(Clone, Default)]
+pub struct CrsCache {
+    latest: Option<Arc<Crs>>,
+}
+
+impl CrsCache {
+    pub async fn load(pool: &PgPool) -> Result<Self> {
+        let row = sqlx::query("SELECT crs_id, crs FROM crs ORDER BY sequence_number DESC LIMIT 1")
+            .fetch_optional(pool)
+            .await?;
+
+        let latest = row
+            .map(|row| {
+                Ok::<_, anyhow::Error>(Arc::new(Crs {
+                    crs_id: row.try_get("crs_id")?,
+                    crs: safe_deserialize_key(row.try_get("crs")?)?,
+                }))
+            })
+            .transpose()?;
+
+        Ok(Self { latest })
+    }
+
+    pub fn get_latest(&self) -> Option<&Crs> {
+        self.latest.as_deref()
+    }
+}