Skip to main content

Decrypt Result Signature Verification

The TaskManager supports permissionless publishing of decrypt results. Anyone holding a valid ECDSA signature from the Threshold Network’s Dispatcher can publish a decrypt result on-chain. The TaskManager verifies the signature before storing the result.

Key State

Functions

Signature Message Format

The signed message is a fixed 76-byte buffer: The message is hashed with keccak256 and verified using OpenZeppelin’s ECDSA.tryRecover. The enc_type and chain_id are derived on-chain, binding each signature to a specific ciphertext type and chain.

Enable / Disable Switch

The TaskManager carries a global isEnabled flag that owner-only enable() / disable() calls flip. While disabled, every entry point gated by onlyIfEnabled reverts with CofheIsUnavailable — including publishDecryptResult and publishDecryptResultBatch. Read access (getDecryptResultSafe, verifyDecryptResultSafe, etc.) is not gated and continues to work.

Reading the flag from a client

Apps can pre-flight the switch before submitting transactions:
For React apps using @cofhe/react, the useCofheEnabled hook wraps this read and reflects the result reactively — handy for showing a “CoFHE temporarily unavailable” banner without forcing users to fire a doomed transaction first.