Coprocessor

This document explains one of the key components of the Zama Protocol - Coprocessor, the Zama Protocol’s off-chain computation engine.

What is the Coprocessor?

Coprocessor performs the heavy cryptographic operations—specifically, fully homomorphic encryption (FHE) computations—on behalf of smart contracts that operate on encrypted data. Acting as a decentralized compute layer, the coprocessor bridges symbolic on-chain logic with real-world encrypted execution.

Coprocessor works together with the Gateway, verifying encrypted inputs, executing FHE instructions, and maintaining synchronization of access permissions, in particula

  • Listens to events emitted by host chains and the Gateway.

  • Executes FHE computations (add, mul, div, cmp, etc.) on ciphertexts.

  • Validates encrypted inputs and ZK proofs of correctness.

  • Maintains and updates a replica of the host chain’s Access Control Lists (ACLs).

  • Stores and serves encrypted data for decryption or bridging.

Each coprocessor independently executes tasks and publishes verifiable results, enabling a publicly auditable and horizontally scalable confidential compute infrastructure .

Responsibilities of the Coprocessor

Encrypted input verification

When users submit encrypted values to the Gateway, each coprocessor:

  • Verifies the associated Zero-Knowledge Proof of Knowledge (ZKPoK).

  • Extracts and unpacks individual ciphertexts from a packed submission.

  • Stores the ciphertexts under derived handles.

  • Signs the verified handles, embedding user and contract metadata.

  • Sends the signed data back to the Gateway for consensus.

This ensures only valid, well-formed encrypted values enter the system .

FHE computation execution

When a smart contract executes a function over encrypted values, the on-chain logic emits symbolic computation events. Each coprocessor:

  • Reads these events from the host chain node it runs.

  • Fetches associated ciphertexts from its storage.

  • Executes the required FHE operations using the TFHE-rs library (e.g., add, mul, select).

  • Stores the resulting ciphertext under a deterministically derived handle.

  • Optionally publishes a commitment (digest) of the ciphertext to the Gateway for verifiability.

This offloads expensive computation from the host chain while maintaining full determinism and auditability .

ACL replication

Coprocessors replicate the Access Control List (ACL) logic from host contracts. They:

  • Listen to Allowed and AllowedForDecryption events.

  • Push updates to the Gateway.

This ensures decentralized enforcement of access rights, enabling proper handling of decryptions, bridges, and contract interactions .

Ciphertext commitment

To ensure verifiability and mitigate misbehavior, each coprocessor:

  • Commits to ciphertext digests (via hash) when processing Allowed events.

  • Publishes these commitments to the Gateway.

  • Enables external verification of FHE computations.

This is essential for fraud-proof mechanisms and eventual slashing of malicious or faulty operators .

Bridging & decryption support

Coprocessors assist in:

  • Bridging encrypted values between host chains by generating new handles and signatures.

  • Preparing ciphertexts for public and user decryption using operations like Switch-n-Squash to normalize ciphertexts for the KMS.

These roles help maintain cross-chain interoperability and enable privacy-preserving data access for users and smart contracts .

Security and trust assumptions

Coprocessors are designed to be minimally trusted and publicly verifiable. Every FHE computation or input verification they perform is accompanied by a cryptographic commitment (hash digest) and a signature, allowing anyone to independently verify correctness.

The protocol relies on a majority-honest assumption: as long as more than 50% of coprocessors are honest, results are valid. The Gateway aggregates responses and accepts outputs only when a majority consensus is reached.

To enforce honest behavior, coprocessors must stake $ZAMA tokens and are subject to slashing if caught misbehaving—either through automated checks or governance-based fraud proofs.

This model ensures correctness through transparency, resilience through decentralization, and integrity through economic incentives.

Architecture & Scalability

The coprocessor architecture includes:

  • Event listeners for host chains and the Gateway

  • A task queue for FHE and ACL update jobs

  • Worker threads that process tasks in parallel

  • A public storage layer (e.g., S3) for ciphertext availability

This modular setup supports horizontal scaling: adding more workers or machines increases throughput. Symbolic computation and delayed execution also ensure low gas costs on-chain .

Last updated