Overview
Last updated
Last updated
fhEVM is a protocol enabling confidential smart contracts on EVM-compatible blockchains. By leveraging Fully Homomorphic Encryption (FHE), fhEVM ensures complete data privacy without sacrificing composability or usability.
The design of fhEVM is guided by the following principles:
Preserving security: No impact on the underlying blockchain's security guarantees.
Public verifiability: All computations are publicly verifiable while keeping data confidential.
Developer accessibility: Build confidential smart contracts using familiar Solidity tooling, without requiring cryptographic expertise.
Composability: Confidential smart contracts are fully interoperable with each other and public contracts.
fhEVM introduces encrypted data types compatible with Solidity:
Booleans: ebool
Unsigned Integers: euint4, euint8, euint16, euint32, euint64, euint128, euint256
Addresses: eaddress
Bytes: ebytes64, ebytes128, ebytes256
Input: einput for handling encrypted input data
Encrypted data is represented as ciphertext handles, ensuring secure computation and interaction.
For more information see use of encrypted types.
fhEVM provides functions to cast between encrypted types:
Casting between encrypted types: TFHE.asEbool converts encrypted integers to encrypted booleans
Casting to encrypted types: TFHE.asEuintX converts plaintext values to encrypted types
Casting to encrypted addresses: TFHE.asEaddress converts plaintext addresses to encrypted addresses
Casting to encrypted bytes: TFHE.asEbytesX converts plaintext bytes to encrypted bytes
For more information see use of encrypted types.
fhEVM enables symbolic execution of encrypted operations, supporting:
Arithmetic: TFHE.add, TFHE.sub, TFHE.mul, TFHE.min, TFHE.max, TFHE.neg, TFHE.div, TFHE.rem
Note: div and rem operations are supported only with plaintext divisors
Bitwise: TFHE.and, TFHE.or, TFHE.xor, TFHE.not, TFHE.shl, TFHE.shr, TFHE.rotl, TFHE.rotr
Comparison: TFHE.eq, TFHE.ne, TFHE.lt, TFHE.le, TFHE.gt, TFHE.ge
Advanced: TFHE.select for branching on encrypted conditions, TFHE.randEuintX for on-chain randomness.
For more information on operations, see Operations on encrypted types.
For more information on conditional branching, see Conditional logic in FHE.
For more information on random number generation, see Generate Random Encrypted Numbers.
fhEVM enforces access control with a blockchain-based Access Control List (ACL):
Persistent access: TFHE.allow, TFHE.allowThis grants permanent permissions for ciphertexts.
Transient access: TFHE.allowTransient provides temporary access for specific transactions.
Validation: TFHE.isSenderAllowed ensures that only authorized entities can interact with ciphertexts.
For more information see ACL.
The fhEVM architecture provides the foundation for confidential smart contracts on EVM-compatible blockchains. At its core is FHE, a cryptographic technique enabling computations directly on encrypted data, ensuring privacy at every stage.
This system relies on three key types:
The public key: used for encrypting data.
The private key: used for decryption and securely managed by the Key Management System or KMS
The evaluation key: enabling encrypted computations performed by the coprocessor.
The fhEVM leverages Zama's TFHE library, integrating seamlessly with blockchain environments to address transparency, composability, and scalability challenges. Its hybrid architecture combines:
On-chain smart contracts for encrypted state management and access controls.
Off-chain coprocessors for resource-intensive FHE computations.
The Gateway to coordinate between blockchain, KMS, and coprocessors.
The KMS for secure cryptographic key management and proof validation.
This architecture enables developers to write private, composable smart contracts using symbolic execution and zero-knowledge proofs, ensuring data confidentiality and computational integrity.
For a detailed exploration of the fhEVM architecture, including components, workflows, and deployment models, see Architecture Overview.
