Skip to content

feat(host-contracts): implement context-aware KMSVerifier #2028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
obatirou merged 12 commits into from
Feb 27, 2026
Merged

feat(host-contracts): implement context-aware KMSVerifier #2028

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
f668449
feat(host-contracts): implement context-aware KMSVerifier
obatirou Feb 23, 2026
f35383a
refactor(host-contracts): simplify KMSVerifier tests
obatirou Feb 26, 2026
fd63217
test(host-contracts): add KMSVerifier tests for v1 trailing bytes and…
obatirou Feb 26, 2026
139f200
refactor(host-contracts): add distinct DeserializingExtraDataFail error
obatirou Feb 26, 2026
e2dc53b
style: make prettier
obatirou Feb 26, 2026
1d2d7e9
refactor(host-contracts): remove setThreshold from KMSVerifier
obatirou Feb 27, 2026
cf8b36e
docs(host-contracts): fix reinitializeV2 NatSpec
obatirou Feb 27, 2026
ad1373d
refactor(host-contracts): remove isValidKmsContext public view from K…
obatirou Feb 27, 2026
c8f2b9b
refactor(host-contracts): extract _setupTwoContexts helper in KMSVeri…
obatirou Feb 27, 2026
92d8848
refactor(host-contracts): extract _deployUninitializedKMSVerifierProx…
obatirou Feb 27, 2026
b053990
refactor(host-contracts): extract _buildSingleSignerProof helper in K…
obatirou Feb 27, 2026
8774604
style: prettier
obatirou Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
272 changes: 215 additions & 57 deletions host-contracts/contracts/KMSVerifier.sol
View file
Open in desktop

Large diffs are not rendered by default.

22 changes: 20 additions & 2 deletions host-contracts/docs/contract_selectors.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -648,10 +648,18 @@ KMSVerifier
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | defineNewContext(address[],uint256) | 0xda53c47d |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | destroyKmsContext(uint256) | 0xc0ae64f7 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | eip712Domain() | 0x84b0196e |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | getContextSignersAndThresholdFromExtraData(bytes) | 0xb7f47bd6 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | getCurrentKmsContextId() | 0x976f3eb9 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | getKmsSigners() | 0x7eaac8f2 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | getSignersForKmsContext(uint256) | 0x724f190b |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | getThreshold() | 0xe75235b8 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | getVersion() | 0x0d8e6e2c |
Expand All @@ -662,7 +670,7 @@ KMSVerifier
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | proxiableUUID() | 0x52d1902d |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | setThreshold(uint256) | 0x960bfe04 |
| Function | reinitializeV2() | 0xc4115874 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Function | upgradeToAndCall(address,bytes) | 0x4f1ef286 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
Expand All @@ -672,14 +680,20 @@ KMSVerifier
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Event | Initialized(uint64) | 0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Event | NewContextSet(address[],uint256) | 0x1dcd7e1de916ad3be0c1097968029899e2e7d0195cfa6967e16520c0e8d07cea |
| Event | KMSContextDestroyed(uint256) | 0x6061b48dc9932cb928f0ea6a9d126c1095be843d19641ed27c9164feb79762eb |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Event | NewContextSet(uint256,address[],uint256) | 0x520e0adcbbe0d097dfe4b243c722ac80df9c2413c936b092d9c4888118f01f92 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Event | Upgraded(address) | 0xbc7cd75a20ee27fd9adebab32041f755214dbc6bffa90cc0225b39da2e5c2d3b |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | AddressEmptyCode(address) | 0x9996b315 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | CurrentKMSContextCannotBeDestroyed(uint256) | 0x669db066 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | DeserializingDecryptionProofFail() | 0x8d9c3069 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | DeserializingExtraDataFail() | 0x8b248b60 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | ECDSAInvalidSignature() | 0xf645eedf |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | ECDSAInvalidSignatureLength(uint256) | 0xfce698f7 |
Expand All @@ -696,6 +710,8 @@ KMSVerifier
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | InvalidInitialization() | 0xf92ee8a9 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | InvalidKMSContext(uint256) | 0xb0dafc17 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | KMSAlreadySigner() | 0x9895a42c |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | KMSInvalidSigner(address) | 0x6475522d |
Expand All @@ -721,6 +737,8 @@ KMSVerifier
| Error | UUPSUnauthorizedCallContext() | 0xe07c8dba |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | UUPSUnsupportedProxiableUUID(bytes32) | 0xaa1d49a4 |
|----------+------------------------------------------------------------+--------------------------------------------------------------------|
| Error | UnsupportedExtraDataVersion(uint8) | 0x2139cc2c |
╰----------+------------------------------------------------------------+--------------------------------------------------------------------╯


Expand Down
24 changes: 15 additions & 9 deletions host-contracts/lib/FHE.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ interface IKMSVerifier {
uint256[] memory extensions
);

function getThreshold() external view returns (uint256);

function getKmsSigners() external view returns (address[] memory);
function getContextSignersAndThresholdFromExtraData(
bytes calldata extraData
) external view returns (address[] memory signers, uint256 threshold);
}

/**
Expand Down Expand Up @@ -9563,7 +9563,7 @@ library FHE {
}
bytes32 digest = _hashDecryptionResult(handlesList, abiEncodedCleartexts, extraData);

return _verifySignaturesDigest(digest, signatures);
return _verifySignaturesDigest(digest, signatures, extraData);
}

/*
Expand Down Expand Up @@ -9621,12 +9621,19 @@ library FHE {
}

/**
* @notice View function that verifies multiple signatures for a given message at a certain threshold.
* @notice View function that verifies multiple signatures for a given message using context-aware verification.
* @dev Delegates extraData parsing and context lookup to KMSVerifier via a single
* cross-contract call to `getContextSignersAndThresholdFromExtraData`.
* @param digest The hash of the message that was signed by all signers.
* @param signatures An array of signatures to verify.
* @param extraData The extra data bytes from the decryption proof, used to resolve the KMS context.
* @return isVerified true if enough provided signatures are valid, false otherwise.
*/
function _verifySignaturesDigest(bytes32 digest, bytes[] memory signatures) private view returns (bool) {
function _verifySignaturesDigest(
bytes32 digest,
bytes[] memory signatures,
bytes memory extraData
) private view returns (bool) {
uint256 numSignatures = signatures.length;

if (numSignatures == 0) {
Expand All @@ -9635,14 +9642,13 @@ library FHE {

CoprocessorConfig storage $ = Impl.getCoprocessorConfig();

uint256 threshold = IKMSVerifier($.KMSVerifierAddress).getThreshold();
(address[] memory KMSSigners, uint256 threshold) = IKMSVerifier($.KMSVerifierAddress)
.getContextSignersAndThresholdFromExtraData(extraData);

if (numSignatures < threshold) {
revert KMSSignatureThresholdNotReached(numSignatures);
}

address[] memory KMSSigners = IKMSVerifier($.KMSVerifierAddress).getKmsSigners();

address[] memory recoveredSigners = new address[](numSignatures);
uint256 uniqueValidCount;
for (uint256 i = 0; i < numSignatures; i++) {
Expand Down
1,841 changes: 1,714 additions & 127 deletions host-contracts/rust_bindings/src/kms_verifier.rs
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion host-contracts/test/fhevm-foundry/TestHostContractsDeployerTestUtils.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ contract TestHostContractsDeployerTestUtils is HostContractsDeployerTestUtils {

assertEq(address(kmsVerifierProxy), kmsVerifierAdd, "KMSVerifier proxy address mismatch");
assertNotEq(kmsVerifierImplementation, address(0), "Implementation not deployed");
assertEq(kmsVerifierProxy.getVersion(), "KMSVerifier v0.1.0", "Version mismatch");
assertEq(kmsVerifierProxy.getVersion(), "KMSVerifier v0.2.0", "Version mismatch");
assertEq(kmsVerifierProxy.getThreshold(), initialThreshold, "Threshold mismatch");
address[] memory storedSigners = kmsVerifierProxy.getKmsSigners();
assertEq(storedSigners.length, initialSigners.length, "Signers length mismatch");
Expand Down
Loading
Loading