cyferio-labs · moven0831 · Jan 2, 2025 · Jan 1, 2025 · Jan 1, 2025 · Jan 1, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -85,7 +85,6 @@ sov-cyferio-hub = { path = "./crates/cyferio" }
 thiserror = "1.0.50"
 
 # fhe deps
-bincode = "1.3.3"
 hex = "0.4"
 
 # fhe modules

diff --git a/crates/confidential-token/Cargo.toml b/crates/confidential-token/Cargo.toml
@@ -27,12 +27,11 @@ sov-state = { workspace = true }
 
 # FHE depencencies
 [target.'cfg(all(target_arch = "x86_64", unix))'.dependencies]
-tfhe = { version = "0.7.2", features = ["boolean", "shortint", "integer", "x86_64-unix"] }
+tfhe = { version = "0.10.0", features = ["boolean", "shortint", "integer", "x86_64-unix"] }
 [target.'cfg(all(target_arch = "x86_64", not(unix)))'.dependencies]
-tfhe = { version = "0.7.2", features = ["boolean", "shortint", "integer", "x86_64"] }
+tfhe = { version = "0.10.0", features = ["boolean", "shortint", "integer", "x86_64"] }
 [target.'cfg(all(target_arch = "aarch64", unix))'.dependencies]
-tfhe = { version = "0.7.2", features = ["boolean", "shortint", "integer", "aarch64-unix"] }
-bincode = { workspace = true }
+tfhe = { version = "0.10.0", features = ["boolean", "shortint", "integer", "aarch64-unix"] }
 serde_json = { workspace = true }
 hex = { workspace = true }
 

diff --git a/crates/confidential-token/src/bin/fhe_keygen.rs b/crates/confidential-token/src/bin/fhe_keygen.rs
@@ -20,21 +20,32 @@ fn main() {
 
     // get the root path and join with the key directory
     let root_path = env::current_dir().unwrap();
-    let genesis_path = path::Path::new(&root_path).join("test-data/genesis/cyferio");
-    // let sui_genesis_path = path::Path::new(&root_path).join("test-data/genesis/sui");
+    let cyferio_genesis_path = path::Path::new(&root_path).join("test-data/genesis/cyferio");
+    let mock_genesis_path = path::Path::new(&root_path).join("test-data/genesis/mock");
     let key_path = path::Path::new(&root_path).join("test-data/keys");
 
-    // write the genesis file
+    // Ensure directories exist
+    fs::create_dir_all(&cyferio_genesis_path).unwrap();
+    fs::create_dir_all(&mock_genesis_path).unwrap();
+
+    // write the genesis file to both directories
+    fs::write(
+        cyferio_genesis_path.join("confidential_token.json"),
+        genesis_config.to_string(),
+    )
+    .unwrap();
+
     fs::write(
-        genesis_path.join("confidential_token.json"),
+        mock_genesis_path.join("confidential_token.json"),
         genesis_config.to_string(),
     )
     .unwrap();
 
     println!(
-        "[Init] FHE Keys generated and serialized in {:?}\n[Init] Public key and server key are stored in {:?}",
+        "[Init] FHE Keys generated and serialized in {:?}\n[Init] Public key and server key are stored in:\n  - {:?}\n  - {:?}",
         start.elapsed(),
-        genesis_path.join("confidential_token.json")
+        cyferio_genesis_path.join("confidential_token.json"),
+        mock_genesis_path.join("confidential_token.json")
     );
 
     // store the private key for debug usage

diff --git a/crates/confidential-token/src/bin/request_scripts_gen.rs b/crates/confidential-token/src/bin/request_scripts_gen.rs
@@ -3,8 +3,8 @@ use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::{env, fs, path};
 
-use bincode;
 use confidential_token::fhe_key::FheKeyConfig;
+use tfhe::safe_serialization::{safe_deserialize, safe_serialize};
 use tfhe::{prelude::*, set_server_key, CompressedPublicKey, CompressedServerKey, FheUint64};
 
 // For timing
@@ -29,22 +29,31 @@ fn main() {
     let raw_config = fs::read(fhe_key_config_path).expect("Failed to read fhe key config json");
     let config = serde_json::from_slice::<FheKeyConfig>(&raw_config)
         .expect("Failed to parse fhe key config json");
-    let fhe_public_key = bincode::deserialize::<CompressedPublicKey>(&config.fhe_public_key)
-        .unwrap()
-        .decompress();
+
+    // Use safe deserialization with a large max buffer size
+    let max_buffer_size = 1 << 30; // 1 GB
+    let fhe_public_key =
+        safe_deserialize::<CompressedPublicKey>(config.fhe_public_key.as_slice(), max_buffer_size)
+            .unwrap()
+            .decompress();
 
     // read and set the server key in this environment
-    let fhe_server_key = bincode::deserialize::<CompressedServerKey>(&config.fhe_server_key)
-        .unwrap()
-        .decompress();
+    let fhe_server_key =
+        safe_deserialize::<CompressedServerKey>(config.fhe_server_key.as_slice(), max_buffer_size)
+            .unwrap()
+            .decompress();
     set_server_key(fhe_server_key);
 
     // create-token request
     let init_balance = {
         let amount = FheUint64::try_encrypt(1_000 as u64, &fhe_public_key)
             .unwrap()
             .compress();
-        bincode::serialize(&amount).unwrap()
+
+        // Use safe serialization
+        let mut buffer = vec![];
+        safe_serialize(&amount, &mut buffer, max_buffer_size).unwrap();
+        buffer
     };
     let create_token_request = json!({
         "create_token": {
@@ -64,7 +73,11 @@ fn main() {
         let amount = FheUint64::try_encrypt(500 as u64, &fhe_public_key)
             .unwrap()
             .compress();
-        bincode::serialize(&amount).unwrap()
+
+        // Use safe serialization
+        let mut buffer = vec![];
+        safe_serialize(&amount, &mut buffer, max_buffer_size).unwrap();
+        buffer
     };
     let mint_request = json!({
         "mint": {
@@ -81,7 +94,11 @@ fn main() {
         let amount = FheUint64::try_encrypt(100 as u64, &fhe_public_key)
             .unwrap()
             .compress();
-        bincode::serialize(&amount).unwrap()
+
+        // Use safe serialization
+        let mut buffer = vec![];
+        safe_serialize(&amount, &mut buffer, max_buffer_size).unwrap();
+        buffer
     };
     let transfer_request = json!({
         "transfer": {

diff --git a/crates/confidential-token/src/call.rs b/crates/confidential-token/src/call.rs
@@ -13,7 +13,7 @@ use crate::{Bank, Coins, EncryptedAmount, Token, TokenId};
 
 // FHE deps
 use crate::mock_decryption;
-use bincode;
+use tfhe::safe_serialization::{safe_deserialize, safe_serialize};
 use tfhe::{prelude::*, set_server_key, CompressedPublicKey, CompressedServerKey};
 
 /// The maximum number of addresses that can be authorized to mint a token.
@@ -95,12 +95,19 @@ impl<S: Spec> Bank<S> {
             .collect::<Vec<_>>();
 
         // Fetch the fhe keys from state and set the server key in the environment
-        let fhe_public_key =
-            bincode::deserialize::<CompressedPublicKey>(&self.fhe_public_key.get(state)?.unwrap())?
-                .decompress();
-        let fhe_server_key =
-            bincode::deserialize::<CompressedServerKey>(&self.fhe_server_key.get(state)?.unwrap())?
-                .decompress();
+        let max_buffer_size = 1 << 30; // 1 GB
+        let fhe_public_key = safe_deserialize::<CompressedPublicKey>(
+            self.fhe_public_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
+        let fhe_server_key = safe_deserialize::<CompressedServerKey>(
+            self.fhe_server_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
         set_server_key(fhe_server_key);
 
         let (token_id, token) = Token::<S>::create(
@@ -204,12 +211,18 @@ impl<S: Spec> Bank<S> {
             .with_context(context_logger)??;
 
         // Fetch the fhe keys from state and set the server key in the environment
-        let fhe_public_key =
-            bincode::deserialize::<CompressedPublicKey>(&self.fhe_public_key.get(state)?.unwrap())?
-                .decompress();
-        let fhe_server_key = bincode::deserialize::<CompressedServerKey>(
-            &self.fhe_server_key.get(state)?.unwrap().as_ref(),
-        )?
+        let max_buffer_size = 1 << 30; // 1 GB
+        let fhe_public_key = safe_deserialize::<CompressedPublicKey>(
+            self.fhe_public_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
+        let fhe_server_key = safe_deserialize::<CompressedServerKey>(
+            self.fhe_server_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
         .decompress();
         set_server_key(fhe_server_key);
 
@@ -295,12 +308,19 @@ impl<S: Spec> Bank<S> {
         };
 
         // Fetch the fhe keys from state and set the server key in the environment
-        let fhe_public_key =
-            bincode::deserialize::<CompressedPublicKey>(&self.fhe_public_key.get(state)?.unwrap())?
-                .decompress();
-        let fhe_server_key =
-            bincode::deserialize::<CompressedServerKey>(&self.fhe_server_key.get(state)?.unwrap())?
-                .decompress();
+        let max_buffer_size = 1 << 30; // 1 GB
+        let fhe_public_key = safe_deserialize::<CompressedPublicKey>(
+            self.fhe_public_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
+        let fhe_server_key = safe_deserialize::<CompressedServerKey>(
+            self.fhe_server_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
         set_server_key(fhe_server_key);
 
         let token = self
@@ -336,10 +356,13 @@ impl<S: Spec> Bank<S> {
         };
 
         // Fetch the fhe keys from state and set the server key in the environment
-        let fhe_server_key =
-            bincode::deserialize::<CompressedServerKey>(&self.fhe_server_key.get(state)?.unwrap())
-                .unwrap()
-                .decompress();
+        let max_buffer_size = 1 << 30; // 1 GB
+        let fhe_server_key = safe_deserialize::<CompressedServerKey>(
+            self.fhe_server_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
         set_server_key(fhe_server_key);
 
         // decrypt the balance from FheUint64 to u64
@@ -385,10 +408,13 @@ impl<S: Spec> Bank<S> {
             .unwrap();
 
         // Fetch the fhe keys from state and set the server key in the environment
-        let fhe_server_key =
-            bincode::deserialize::<CompressedServerKey>(&self.fhe_server_key.get(state)?.unwrap())
-                .unwrap()
-                .decompress();
+        let max_buffer_size = 1 << 30; // 1 GB
+        let fhe_server_key = safe_deserialize::<CompressedServerKey>(
+            self.fhe_server_key.get(state)?.unwrap().as_slice(),
+            max_buffer_size,
+        )
+        .unwrap()
+        .decompress();
         set_server_key(fhe_server_key);
 
         // decrypt the total supply from FheUint64 to u64