During the ciphertext creation, the plaintext is encrypted using the public key of the global FHE key, and a zero-knowledge proof of plaintext knowledge (ZKPoK) is also generated. The ZKPoK guarantees that 1) the ciphertext correctly generated 2) the user knows the plaintext value 3) the ciphertext cannot be used in another smart contract.

When a user first stores an encrypted value to a smart contract, fhEVM will verify the ciphertext and its corresponding ZKPoK, store the ciphertext on-chain and keep a mapping between "handles" (ciphertexts location) and ciphertexts in memory, updated when new ciphertexts are computed during execution. The encrypted types (euints) are wrappers around the "handles", represented in the form of uint256, generated by hashing (Keccak256) the ciphertext. The likelihood of handles of ciphertexts or arbitrary uint256 values colliding is extremely low.

In sum, a ciphertext is only valid if the ZKPoK is also validated in the transaction.

Last updated