coprocessor/docs/getting_started/tkms/create.md
Generating a new set of keys and crs is necessary when creating a new FHE Co-processor.
To do so one can use the TKMS cli tool packaged in the following docker image.
The configuration file of the CLI will need to be modified or mounted to a volume accessible within the Docker container. The accessible/modified file must include:
s3_endpoint = ""
object_folder = ["","","",""]
validator_addresses = [""]
http_validator_endpoints = [""]
kv_store_address = ""
faucet_address = ""
asc_address = ""
csc_address = ""
mnemonic = ""
Insecure key generation is the fastest way to generate a new key. The key is generated by a single party and shared with the other parties. Hence it is not directly insecure, but instead only generated with a centralized trust assumption.
cargo run -- -f <path-to-toml-config-file> insecure-key-gen
Secure key generation takes a lot longer and is a two step process. For development purposes insecure key generation is the recommended way since it is much faster.
This will do some pre-processing needed for key-generation. The pre-processing id will be needed to then launch a distributed key generation.
cargo run -- -f <path-to-toml-config-file> preproc-key-gen
cargo run -- -f <path-to-toml-config-file> key-gen --preproc-id <preprocessing-id>
The CRS is a public object used to generate zero-knowledge-proofs of plaintext knowledge (required to add a new ciphertext).
The max-num-bits argument specifies the maximum number of bits provable with a given CRS, usually 2048 is used, since this is the size of the largest data-type currently supported.
As for the insecure key-generation this operation will be done by a single party.
cargo run -- -f <path-to-toml-config-file> insecure-crs-gen --max-num-bits <max-num-bits>
This will launch a distributed CRS generation.
cargo run -- -f <path-to-toml-config-file> crs-gen --max-num-bits <max-num-bits>