chore(coprocessor): upgrade tfhe-rs to 1.6.0 with dedicated OPRF key

[PanGan21]

Summary

• Bumps tfhe 1.5.4→1.6.0, tfhe-versionable 0.6.2→0.7.0, and tfhe-zk-pok 0.8.0→0.8.1 in the coprocessor workspace.
• Enables the dedicated OPRF key (use_dedicated_oprf_key(true)) in the key generation config and propagates it through all server key derivation paths, so that fheRand uses a key isolated from the compute bootstrapping key.

Note

kms-connector and sdk/rust-sdk are not upgraded and remain on tfhe = "=1.5.1". Upgrading those two workspaces requires a KMS release that supports tfhe 1.6.0.

[github-actions]

Coprocessor Changed Lines Coverage

Coverage of added/modified lines in coprocessor: 0.0%

Per-file breakdown

Diff Coverage

Diff: origin/main...HEAD, staged and unstaged changes

• coprocessor/fhevm-engine/fhevm-engine-common/src/keys.rs (0.0%): Missing lines 97,109,147
• coprocessor/fhevm-engine/gw-listener/src/sks_key.rs (0.0%): Missing lines 22,41-44
• coprocessor/fhevm-engine/tfhe-worker/src/bin/utils.rs (0.0%): Missing lines 44,62

Summary

• Total: 10 lines
• Missing: 10 lines
• Coverage: 0%

coprocessor/fhevm-engine/fhevm-engine-common/src/keys.rs

   93             decompression_key,
   94             _noise_squashing_key,
   95             _noise_squashing_compression_key,
   96             re_randomization_keyswitching_key,
!  97             oprf_key,
   98             tag,
   99         ) = server_key.clone().into_raw_parts();
  100         #[cfg(not(feature = "gpu"))]
  101         let server_key_without_ns = ServerKey::from_raw_parts(

---

  105             decompression_key,
  106             None, // noise squashing key excluded
  107             None, // noise squashing compression key excluded
  108             re_randomization_keyswitching_key,
! 109             oprf_key,
  110             tag,
  111         );
  112 
  113         FhevmKeys {

---

  143                 TFHE_COMPACT_PK_PARAMS.pke_params,
  144                 TFHE_COMPACT_PK_PARAMS.ksk_params,
  145             ))
  146             .enable_ciphertext_re_randomization(TFHE_PKS_RERANDOMIZATION_PARAMS)
! 147             .use_dedicated_oprf_key(true)
  148             .build()
  149     }
  150 
  151     pub fn set_server_key_for_current_thread(&self) {

---

coprocessor/fhevm-engine/gw-listener/src/sks_key.rs

  18         decompression_key,
  19         noise_squashing_key,
  20         noise_squashing_compression_key,
  21         re_randomization_keyswitching_key,
! 22         oprf_key,
  23         tag,
  24     ) = server_key.into_raw_parts();
  25 
  26     if noise_squashing_key.is_none() {

---

  37         sks,
  38         kskm,
  39         compression_key,
  40         decompression_key,
! 41         None, // noise squashing key excluded
! 42         None, // noise squashing compression key excluded
! 43         re_randomization_keyswitching_key,
! 44         oprf_key,
  45         tag,
  46     )))
  47 }

---

coprocessor/fhevm-engine/tfhe-worker/src/bin/utils.rs

  40         decompression_key,
  41         noise_squashing_key,
  42         _noise_squashing_compression_key,
  43         re_randomization_keyswitching_key,
! 44         oprf_key,
  45         tag,
  46     ) = server_key.into_raw_parts();
  47     if noise_squashing_key.is_none() {
  48         error!("Server key does not have noise squashing");

---

  58         decompression_key,
  59         None, // noise squashing key excluded
  60         None, // noise squashing compression key excluded
  61         re_randomization_keyswitching_key,
! 62         oprf_key,
  63         tag,
  64     ));
  65 
  66     std::fs::write(dest_path, bytes).expect("write sks");

---

[PanGan21]

In my understanding the OprfServerKey introduced in 1.6.0 is a different key from the PBS bootstrapping key, so it produces different outputs for the same seeds. With upper_bound=4 for FheUint4 there are only 4 possible values, and seeds 1 and 7 both happened to map to 0 with the new key.

The fix here use seeds 0 and 42 (proven to differ in test_fhe_random_basic) and set the type 1 bound to 16 (full FheUint4 range) so the bounded path generates the same 4 random bits as the unbounded path.

Hopefully this is correct rationale for the reason that this test was failing after the upgrade.

[PanGan21]

[AUTOMATED]

Code Review

No blocking issues found. Checked for bugs, guideline compliance, and error handling.

What was reviewed:

• Correctness of oprf_key threading through all three ServerKey::into_raw_parts() / from_raw_parts() call sites (keys.rs, gw-listener/sks_key.rs, tfhe-worker/utils.rs) — all consistent ✓
• use_dedicated_oprf_key(true) placement in the key generation config — correct ✓
• Test changes in random.rs: seed [0; 16] is a valid PRF input with no degenerate behavior; bound=16 for FheUint4 avoids the small-range collision documented in the inline comment ✓
• The removed misleading comment // rerandomisation keyswitching key excluded was factually wrong (the key IS included) — removing it is a fix ✓
• Version mismatch between coprocessor (1.6.0) and kms-connector/sdk (1.5.1) is acknowledged in the PR; tfhe-rs handles it gracefully via backward-compatibility version upgrading (oprf_key: None for old keys, falling back to PBS key for fheRand) ✓

One informational note (non-blocking): The dedicated OPRF key security isolation only takes effect for keys freshly generated with the new 1.6.0 config. Keys deserialized from pre-1.6.0 format will transparently fall back to using the bootstrapping key for fheRand — correct behavior but worth confirming in the rollout plan that key regeneration is part of the deployment.