|
| 1 | +# 📜 Permits & Access Control |
| 2 | + |
| 3 | + |
| 4 | +In a Fully Homomorphic Encryption (FHE) framework, all data stored in a contract's storage is encrypted. Access control involves granting selective access to data by authorized parties while restricting access to unauthorized users. |
| 5 | + |
| 6 | +Solidity contracts generally expose their data using `view` functions. However, permissioned data is a challenge, since Solidity `view` functions do not come with any in-built mechanism to allow the contract to verify cryptographically that callers are who they say they are (for transactions, this is done by verifying the signature on the data). |
| 7 | +Fhenix handles this issue by implementing a `seal` function, which seals the data in a manner that only the intended recipient can decrypt and view (Fhenix uses the `decrypt` function for less sensitive data). This approach ensures that encrypted data remains confidential and only accessible to authorized users. |
| 8 | + |
| 9 | +## Permits and Access Control |
| 10 | + |
| 11 | +Fhenix Solidity libraries (specifically, fhenix.js) are equipped with an in-built access control scheme. |
| 12 | +This access control scheme enables contracts to perform a basic check of account ownership by adding authentication and authorization features to specific view functions. |
| 13 | +(An added benefit of the Fhenix Solidity libraries is that developers save coding effort each time a project has cryptographic access control requirements.) |
| 14 | + |
| 15 | +#### What is a Permit? |
| 16 | + |
| 17 | +A permit is a mechanism that allows the contract to verify cryptographically the identity of callers, ensuring that they are who they claim to be. |
| 18 | + |
| 19 | +In Fhenix, a permit is a signed message that contains the caller's public key, which the contract can use to verify the caller. The permit is a signed JSON object that follows the EIP-712 standard. |
| 20 | +The permit contains the necessary information, including a public key, which allows data re-sealing in a smart contract environment. |
| 21 | +The inclusion of this public key into the permit enables a secure process of data re-sealing within a smart contract after the JSON object is signed by the user. |
| 22 | + |
| 23 | +#### How to Generate a Permit |
| 24 | + |
| 25 | +Permits are generated using the `getPermit` method in `fhenix.js`. This method requires the following parameters: |
| 26 | + |
| 27 | +* `contractAddress` (required, string): The address of the contract. |
| 28 | +* `provider` (required): An `ethers` (or compatible) object that can sign EIP-712 formatted data. (Note that if you want to unseal data using your wallet's encryption key you can't use "JsonRpcProvider") |
| 29 | + |
| 30 | +```javascript |
| 31 | +const permit = await getPermit(contractAddress); |
| 32 | +``` |
| 33 | + |
| 34 | +#### What is a Permission? |
| 35 | + |
| 36 | +In Fhenix, a permission is that part of a permit that supplies proof that callers are who they say they are. |
| 37 | +A permission contains the signature and corresponding public key. |
| 38 | +In order to see how to verify a permission in a Solidity contract, please refer to our [Permissioned](../Solidity%20API/Permissioned.md). |
| 39 | + |
| 40 | +#### How to Generate a Permission |
| 41 | + |
| 42 | +The following is the syntax for generating a permission: |
| 43 | + |
| 44 | +```javascript |
| 45 | +const permission = client.extractPermitPermissions(permit); |
| 46 | +``` |
| 47 | + |
| 48 | +#### Using a Permission |
| 49 | + |
| 50 | +Once generated, the permission can be used and sent to the contract. It can also be used to unseal the output of the `sealoutput` function, assuming it was sealed using that same permission. |
| 51 | + |
| 52 | +The following code snippet shows how to implement the added cryptographic functionality of Fhenix (specifically, permits and permissions) on Ethereum using the Fhenix library. |
| 53 | + |
| 54 | +```javascript |
| 55 | +import { BrowserProvider } from "ethers"; |
| 56 | +import { FhenixClient, getPermit } from "fhenixjs"; |
| 57 | + |
| 58 | +const provider = new BrowserProvider(window.ethereum); |
| 59 | +const client = new FhenixClient({ provider }); |
| 60 | +const permit = await getPermit(contractAddress, provider); |
| 61 | +const permission = client.extractPemitPermissions(permit); |
| 62 | +client.storePermit(permit); // Stores a permit for a specific contract address. |
| 63 | +const response = await contract.connect(owner).getValue(permission); // Calling "getValue" which is a view function in "contract" |
| 64 | +const plaintext = await client.unseal(contractAddress, response); |
| 65 | +``` |
0 commit comments