Blog
 / 
Announcements
fhEVM

fhEVM v0.5: Enhanced Security and Efficiency for Encrypted Data

July 5, 2024
  -  
Clément Danjou
This is also a heading
This is a heading
This is also a heading

fhEVM v0.5 introduces many significant enhancements to improve the security and efficiency of handling encrypted data in your applications, including packed input mechanism, enhanced Access Control List (ACL), and updated decryption and re-encryption process. Most importantly, starting from fhEVM v0.5, the Solidity API comes into a stable and finalized version that will be compatible for future versions and across various chains.

 Packed input mechanism

The new version introduces the packing of inputs, allowing multiple plaintext values to be packed into a single ciphertext. This update is crucial for future development of fhEVM, particularly with the anticipated introduction of proven inputs.

In the example, [.c-inline-code]inputProof[.c-inline-code] is used as the ciphertext that contains all the encrypted data. The variables [.c-inline-code]param1[.c-inline-code], [.c-inline-code]param2[.c-inline-code], and [.c-inline-code]param3[.c-inline-code] are used as pointers. To access the encrypted value, you need to pass these pointers along with the actual data using the function [.c-inline-code]TFHE.asEuintXX[.c-inline-code]. This method retrieves the encrypted values pointed to, enabling their use in further encrypted operations.

function myExample(
 address account
 einput param1,
 uint id,
 einput param2,
 einput param3,
 bool isAllowed,
 bytes calldata inputProof
) {
  euint64 amount = TFHE.asEuint64(param1, inputProof);
}

Enhanced Access Control List (ACL)

With v0.5, managing ciphertext permissions has never been more robust. Access Control List (ACL) allows developers to define which addresses have the right to manipulate a ciphertext, ensuring the permission to be handled more explicitly and securely.

For this, we introduced two new functions to explicitly grant access to encrypted data: [.c-inline-code]TFHE.allow(ciphertext, account)[.c-inline-code] and [.c-inline-code]TFHE.allowTransient(ciphertext, account)[.c-inline-code]. These new functions will store permanently or in transient storage the permission for the account to compute or decrypt this ciphertext.

// MySecret.sol

function giveMySecret(einput encryptedSecret, bytes calldata inputProof) {
 // Create my secret
 euint16 mySecret = TFHE.asEuint16(encryptedSecret, inputProof);

 // Allow temporary the SecretStore contract to manipulate `mySecret`
 TFHE.allowTransient(mySecret, address(SecretStore));

 // Call `storeSecret` with `mySecret`
 SecretStore.storeSecret(mySecret);
}



// SecretStore.sol
function storeSecret(callerSecret euint16) {
 // Verify that the caller has also access to this ciphertext   require(TFHE.isSenderAllowed(callerSecret), "The caller is not authorized to access this secret.");

 // Store this ciphertext
 secret = callerSecret;

 // Make the transient allowance permanent for this ciphertext and for current contract.
 TFHE.allow(callerSecret, address(this));
}

Previously, making an encrypted state variable public was risky because other contracts could potentially access and use your encrypted data. However, with the new release, this concern is mitigated. Now, although a contract can access any ciphertext handle, it cannot manipulate or use the encrypted data without the appropriate permissions specified in the Access Control List (ACL). This ensures that your encrypted data remains secure, even if it is accessible.

Updated decryption and re-encryption process

Security and efficiency in re-encryption have been significantly improved by utilizing an off-chain service. This adjustment not only enhances security but also optimizes the performance of cryptographic operations by delegating this process.

In the previous release, we introduced asynchronous decryption that allows developers to batch multiple decryptions of the same type. In fhEVM v0.5, the API has been upgraded to allow decryption batches of multiple types: It is now possible to receive the decryption of an ebool and an euint64 in the same callback. See the decryption guide for more details.

Definitive API

fHEVM has significantly evolved over the past year, and with these new features, we're pleased to announce that fhEVM v0.5 represents the finalized version of the Solidity API. All contracts developed on v0.5 are designed to be compatible with future versions and across various chains, including L1 fhEVM blockchains and future coprocessors running on non-FHE chains. This ensures long-term stability and broad usability.

Other changes and improvements

fhEVM v0.5 introduces some other changes and improvements: 

If you haven’t tried out fhEVM v0.5 already, check our documentation and start building confidential smart contracts in FHE! In the next release, we’ll add zero-knowledge proofs for inputs and new types. Stay tuned!

Additional links 

Read more related posts

Zama Product Releases - July 2024

With these releases, Zama continues to build its suite of products to make homomorphic encryption accessible, easy, and fast.

July 5, 2024
 - 
The Zama Team
Announcements

TFHE-rs v0.7: Ciphertext Compression, Multi-GPU Support and More

TFHE-rs v0.7 introduces the compression of ciphertexts that encrypt the result of homomorphic computations and many improvements.

July 5, 2024
 - 
Jean-Baptiste Orfila, Arthur Meyre, Agnes Leroy
Announcements
TFHE-rs

Concrete ML v1.6: Bigger Neural Networks and Pre-trained Tree-based Models

Concrete ML v1.6 improves latency on large neural networks and supports pre-trained tree-based models with many other improvements

July 5, 2024
 - 
Andrei Stoian
Announcements
Concrete ML

Concrete v2.7: GPU Wheel, Extended Function Composition and Other Improvements

Concrete v2.7 introduces the first wheel that can accelerate computations on GPUs and adds many other new features.

July 5, 2024
 - 
Quentin Bourgerie
Announcements
Concrete
The Zama Team
July 5, 2024

Zama Product Releases - July 2024

With these releases, Zama continues to build its suite of products to make homomorphic encryption accessible, easy, and fast.

Read Article
Jean-Baptiste Orfila, Arthur Meyre, Agnes Leroy
July 5, 2024

TFHE-rs v0.7: Ciphertext Compression, Multi-GPU Support and More

TFHE-rs v0.7 introduces the compression of ciphertexts that encrypt the result of homomorphic computations and many improvements.

Read Article
Andrei Stoian
July 5, 2024

Concrete ML v1.6: Bigger Neural Networks and Pre-trained Tree-based Models

Concrete ML v1.6 improves latency on large neural networks and supports pre-trained tree-based models with many other improvements

Read Article
Quentin Bourgerie
July 5, 2024

Concrete v2.7: GPU Wheel, Extended Function Composition and Other Improvements

Concrete v2.7 introduces the first wheel that can accelerate computations on GPUs and adds many other new features.

Read Article
Back to Blog
Announcements
fhEVM
Libraries
TFHE-rs Concrete Concrete ML FHEVM
Developers
BlogDOCUMENTATION GITHUB FHE resources Research papers CommunityBounty Program Confidential AIConfidential blockchainThreshold key management Service
Company
Aboutintroduction to fheEventsMediaCareers Newsletter LegalContact us
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.Onward. By Eric Hughes. 9 March 1993.