feat(gateway-contracts): implement coprocessor contexts

chore(gateway-contracts): start updating tests

chore(gateway-contracts): add and improve tests from regular contracts

chore(gateway-contracts): finish tests

chore(gateway-contracts): take reviews into account

chore(gateway-contracts): add upgrade test

chore(gateway-contracts): update inputs order in add copro

chore(gateway-contracts): remove chainId from add ciphertext hash

chore(gateway-contracts): include new reinitializer constant var

Author: melanciani

gateway-contracts/.env.example

@@ -51,21 +51,27 @@ KMS_TX_SENDER_ADDRESS_3="0xc45994e4098271c3140117ebD5c74C70dd56D9cd" # accounts[
 KMS_SIGNER_ADDRESS_3="0xDb216ECeC4cEd51CdfD9609b6Ce7653aB04f6cAd" # accounts[10] (address)
 KMS_NODE_IP_ADDRESS_3="127.0.0.4" # (string)
 
+# Coprocessor feature set
+COPROCESSORS_FEATURE_SET="1" # (uint256)
+
 # Coprocessors
 # The number of coprocessors must be lower or equal to the number of coprocessors' metadata defined below
 NUM_COPROCESSORS="3" # (number)
 
 # Coprocessor 1
+COPROCESSOR_NAME_0="Coprocessor 1" # (string)
 COPROCESSOR_TX_SENDER_ADDRESS_0="0x6518D50aDc9036Df37119eA465a8159E34417E2E" # accounts[11] (address)
 COPROCESSOR_SIGNER_ADDRESS_0="0xa5eE8292dA52d8234248709F3E217ffEBA5E8312" # accounts[12] (address)
 COPROCESSOR_S3_BUCKET_URL_0="s3://bucket-1" # (string)
 
 # Coprocessor 2
+COPROCESSOR_NAME_1="Coprocessor 2" # (string)
 COPROCESSOR_TX_SENDER_ADDRESS_1="0xCFbF539CB91c92ace0343c5B0487149Ad0b82078" # accounts[13] (address)
 COPROCESSOR_SIGNER_ADDRESS_1="0xA951F315d5FD35Cac111dFB5250DF231FB8eF905" # accounts[14] (address)
 COPROCESSOR_S3_BUCKET_URL_1="s3://bucket-2" # (string)
 
 # Coprocessor 3
+COPROCESSOR_NAME_2="Coprocessor 3" # (string)
 COPROCESSOR_TX_SENDER_ADDRESS_2="0x3C0033584da3A0f61AA5C7bde50eAF3642875a21" # accounts[15] (address)
 COPROCESSOR_SIGNER_ADDRESS_2="0x420AF5A5BBfAd922aE5a501d9a8Bf70a55F52E03" # accounts[16] (address)
 COPROCESSOR_S3_BUCKET_URL_2="s3://bucket-3" # (string)

gateway-contracts/README.md

@@ -9,14 +9,14 @@ The **FHEVM Gateway** is a set of smart contracts that enables decrypting FHE ci
 
 ## Main features
 
-| Contract | Description | Features |
-| --- | --- | --- |
-| `Decryption` | Decrypt FHE ciphertexts | - Request a public decryption<br>- Request a user decryption<br>- Request a delegated user decryption |
-| `InputVerification` | Verify an input's zero-knowledge proof of knowledge (ZKPoK) | - Verify a ZKPoK<br>- Reject a ZKPoK |
-| `MultichainAcl` | Centralize Access Control Lists (ACL) from all host chains | - Grant account access to ciphertexts<br>- Authorize public decryption of ciphertexts<br>- Delegate account access to ciphertexts |
-| `CiphertextCommits` | Store ciphertext commitments from all host chains | - Store regular ciphertext commitments<br>- Store Switch and Squash (SNS) ciphertext commitments |
-| `KmsManagement` | Orchestrate KMS-related materials | 🚧 _Not in use yet_ 🚧 |
-| `GatewayConfig` | Administer configuration settings | - Register KMS nodes, coprocessors and host chains. <br> - Update KMS nodes, coprocessors and host chains. |
+| Contract            | Description                                                 | Features                                                                                                                          |
+| ------------------- | ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| `Decryption`        | Decrypt FHE ciphertexts                                     | - Request a public decryption<br>- Request a user decryption<br>- Request a delegated user decryption                             |
+| `InputVerification` | Verify an input's zero-knowledge proof of knowledge (ZKPoK) | - Verify a ZKPoK<br>- Reject a ZKPoK                                                                                              |
+| `MultichainAcl`     | Centralize Access Control Lists (ACL) from all host chains  | - Grant account access to ciphertexts<br>- Authorize public decryption of ciphertexts<br>- Delegate account access to ciphertexts |
+| `CiphertextCommits` | Store ciphertext commitments from all host chains           | - Store regular ciphertext commitments<br>- Store Switch and Squash (SNS) ciphertext commitments                                  |
+| `KmsManagement`     | Orchestrate KMS-related materials                           | 🚧 _Not in use yet_ 🚧                                                                                                            |
+| `GatewayConfig`     | Administer configuration settings                           | - Register KMS nodes, coprocessors and host chains. <br> - Update KMS nodes, coprocessors and host chains.                        |
 
 ## Getting started
 

gateway-contracts/contracts/CiphertextCommits.sol

@@ -1,16 +1,19 @@
 // SPDX-License-Identifier: BSD-3-Clause-Clear
 pragma solidity ^0.8.24;
 import { gatewayConfigAddress } from "../addresses/GatewayConfigAddress.sol";
+import { coprocessorContextsAddress } from "../addresses/CoprocessorContextsAddress.sol";
 import { kmsManagementAddress } from "../addresses/KmsManagementAddress.sol";
 import { Ownable2StepUpgradeable } from "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
 import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
 import "./interfaces/ICiphertextCommits.sol";
 import "./interfaces/IGatewayConfig.sol";
+import { ICoprocessorContexts } from "./interfaces/ICoprocessorContexts.sol";
 import "./interfaces/IKmsManagement.sol";
 import "./shared/UUPSUpgradeableEmptyProxy.sol";
 import "./shared/GatewayConfigChecks.sol";
 import "./shared/Pausable.sol";
 import "./libraries/HandleOps.sol";
+import { ContextChecks } from "./shared/ContextChecks.sol";
 
 /**
  * @title CiphertextCommits smart contract
@@ -21,11 +24,15 @@ contract CiphertextCommits is
     Ownable2StepUpgradeable,
     UUPSUpgradeableEmptyProxy,
     GatewayConfigChecks,
-    Pausable
+    Pausable,
+    ContextChecks
 {
-    /// @notice The address of the GatewayConfig contract, used for fetching information about coprocessors.
+    /// @notice The address of the GatewayConfig contract, used for fetching information about host chains.
     IGatewayConfig private constant GATEWAY_CONFIG = IGatewayConfig(gatewayConfigAddress);
 
+    /// @notice The address of the CoprocessorContexts contract, used for fetching information about coprocessors.
+    ICoprocessorContexts private constant COPROCESSOR_CONTEXTS = ICoprocessorContexts(coprocessorContextsAddress);
+
     /// @notice The address of the KmsManagement contract, used for fetching information about the current key.
     IKmsManagement private constant KMS_MANAGEMENT = IKmsManagement(kmsManagementAddress);
 
@@ -34,12 +41,12 @@ contract CiphertextCommits is
     /// @dev they can still define their own private constants with the same name.
     string private constant CONTRACT_NAME = "CiphertextCommits";
     uint256 private constant MAJOR_VERSION = 0;
-    uint256 private constant MINOR_VERSION = 1;
+    uint256 private constant MINOR_VERSION = 2;
     uint256 private constant PATCH_VERSION = 0;
 
     /// Constant used for making sure the version number using in the `reinitializer` modifier is
     /// identical between `initializeFromEmptyProxy` and the reinitializeVX` method
-    uint64 private constant REINITIALIZER_VERSION = 2;
+    uint64 private constant REINITIALIZER_VERSION = 3;
 
     /// @notice The contract's variable storage struct (@dev see ERC-7201)
     /// @custom:storage-location erc7201:fhevm_gateway.storage.CiphertextCommits
@@ -63,6 +70,8 @@ contract CiphertextCommits is
             _alreadyAddedCoprocessorTxSenders;
         /// @notice The mapping of the coprocessor transaction senders that have added the ciphertext.
         mapping(bytes32 ctHandle => address[] coprocessorTxSenderAddresses) _coprocessorTxSenderAddresses;
+        /// @notice The coprocessor context ID associated to the add ciphertext
+        mapping(bytes32 addCiphertextHash => uint256 contextId) inputVerificationContextId;
     }
 
     /// @dev Storage location has been computed using the following command:
@@ -86,27 +95,50 @@ contract CiphertextCommits is
         __Pausable_init();
     }
 
+    /// @notice Re-initializes the contract from V1.
+    function reinitializeV2() external reinitializer(REINITIALIZER_VERSION) {}
+
     /// @notice See {ICiphertextCommits-addCiphertextMaterial}.
-    /// @dev This function calls the GatewayConfig contract to check that the sender address is a Coprocessor.
     function addCiphertextMaterial(
         bytes32 ctHandle,
         uint256 keyId,
         bytes32 ciphertextDigest,
         bytes32 snsCiphertextDigest
-    ) external virtual onlyCoprocessorTxSender whenNotPaused {
+    ) external virtual whenNotPaused refreshCoprocessorContextStatuses {
         /// @dev Extract the chainId from the ciphertext handle
         uint256 chainId = HandleOps.extractChainId(ctHandle);
 
         /// @dev Check that the associated host chain is registered
         GATEWAY_CONFIG.checkHostChainIsRegistered(chainId);
 
+        // Compute the hash of the ciphertext material to differentiate different ciphertext
+        // material additions
+        // Note that chainId is not included in the hash because it is already contained in the ctHandle.
+        bytes32 addCiphertextHash = keccak256(abi.encode(ctHandle, keyId, ciphertextDigest, snsCiphertextDigest));
+
         CiphertextCommitsStorage storage $ = _getCiphertextCommitsStorage();
 
-        /**
-         * @dev Check if the coprocessor transaction sender has already added the ciphertext handle.
-         * Note that a coprocessor transaction sender cannot add the same ciphertext material on
-         * two different host chains.
-         */
+        // Get the context ID from the input verification context ID mapping
+        uint256 contextId = $.inputVerificationContextId[addCiphertextHash];
+
+        // If the context ID is not set, get the active coprocessor context's ID and associate it to
+        // this ciphertext material addition
+        if (contextId == 0) {
+            contextId = COPROCESSOR_CONTEXTS.getActiveCoprocessorContextId();
+            $.inputVerificationContextId[addCiphertextHash] = contextId;
+
+            // Else, that means a coprocessor already started to add the ciphertext material
+            // and we need to check that the context is active or suspended
+            // If it is not, that means the context is no longer valid for this operation and we revert
+        } else if (!COPROCESSOR_CONTEXTS.isCoprocessorContextActiveOrSuspended(contextId)) {
+            ContextStatus contextStatus = COPROCESSOR_CONTEXTS.getCoprocessorContextStatus(contextId);
+            revert InvalidCoprocessorContextAddCiphertext(ctHandle, contextId, contextStatus);
+        }
+
+        // Only accept coprocessor transaction senders from the same context
+        COPROCESSOR_CONTEXTS.checkIsCoprocessorTxSenderFromContext(contextId, msg.sender);
+
+        // Check if the coprocessor transaction sender has already added the ciphertext handle.
         if ($._alreadyAddedCoprocessorTxSenders[ctHandle][msg.sender]) {
             revert CoprocessorAlreadyAdded(ctHandle, msg.sender);
         }
@@ -117,25 +149,20 @@ contract CiphertextCommits is
         // TODO: Re-enable this check once keys are generated through the Gateway
         // KMS_MANAGEMENT.checkCurrentKeyId(keyId);
 
-        /**
-         * @dev The addCiphertextHash is the hash of all received input arguments which means that multiple
-         * Coprocessors can only have a consensus on a ciphertext material with the same information.
-         * This hash is used to track the addition consensus on the received ciphertext material.
-         */
-        bytes32 addCiphertextHash = keccak256(
-            abi.encode(ctHandle, chainId, keyId, ciphertextDigest, snsCiphertextDigest)
-        );
+        // The addCiphertextHash is the hash of all received input arguments which means that multiple
+        // coprocessors can only have a consensus on a ciphertext material with the same information.
+        // This hash is used to track the addition consensus on the received ciphertext material.
         $._addCiphertextHashCounters[addCiphertextHash]++;
 
         $._alreadyAddedCoprocessorTxSenders[ctHandle][msg.sender] = true;
         $._coprocessorTxSenderAddresses[ctHandle].push(msg.sender);
 
-        /// @dev Only send the event if consensus has not been reached in a previous call
-        /// @dev and the consensus is reached in the current call.
-        /// @dev This means a "late" addition will not be reverted, just ignored
+        // Only send the event if consensus has not been reached in a previous call and the consensus
+        // is reached in the current call. This means a "late" addition will not be reverted, just ignored
+        // Besides, consensus only considers the coprocessors of the same context
         if (
             !$._isCiphertextMaterialAdded[ctHandle] &&
-            _isConsensusReached($._addCiphertextHashCounters[addCiphertextHash])
+            _isConsensusReached(contextId, $._addCiphertextHashCounters[addCiphertextHash])
         ) {
             $._ciphertextDigests[ctHandle] = ciphertextDigest;
             $._snsCiphertextDigests[ctHandle] = snsCiphertextDigest;
@@ -145,6 +172,7 @@ contract CiphertextCommits is
 
             emit AddCiphertextMaterial(
                 ctHandle,
+                contextId,
                 ciphertextDigest,
                 snsCiphertextDigest,
                 $._coprocessorTxSenderAddresses[ctHandle]
@@ -224,11 +252,14 @@ contract CiphertextCommits is
     // solhint-disable-next-line no-empty-blocks
     function _authorizeUpgrade(address _newImplementation) internal virtual override onlyOwner {}
 
-    /// @notice Checks if the consensus is reached among the Coprocessors.
-    /// @param coprocessorCounter The number of coprocessors that agreed
-    /// @return Whether the consensus is reached
-    function _isConsensusReached(uint256 coprocessorCounter) internal view virtual returns (bool) {
-        uint256 consensusThreshold = GATEWAY_CONFIG.getCoprocessorMajorityThreshold();
+    /**
+     * @notice Checks if the consensus is reached among the coprocessors from the same context.
+     * @param contextId The coprocessor context ID
+     * @param coprocessorCounter The number of coprocessors that agreed
+     * @return Whether the consensus is reached
+     */
+    function _isConsensusReached(uint256 contextId, uint256 coprocessorCounter) internal view virtual returns (bool) {
+        uint256 consensusThreshold = COPROCESSOR_CONTEXTS.getCoprocessorMajorityThresholdFromContext(contextId);
         return coprocessorCounter >= consensusThreshold;
     }