📃 Read white paper | 📒 Documentation | 💛 Community support | 📚 FHE resources by Zama
fhEVM is a technology that enables confidential smart contracts on the EVM using fully homomorphic encryption (FHE).
Thanks to a breakthrough in homomorphic encryption, Zama’s fhEVM makes it possible to run confidential smart contracts on encrypted data, guaranteeing both confidentiality and composability with:
- End-to-end encryption of transactions and state: Data included in transactions is encrypted and never visible to anyone.
- Composability and data availability on-chain: States are updated while remaining encrypted at all times.
- No impact on existing dapps and state: Encrypted state co-exists alongside public one, and doesn't impact existing dapps.
- Solidity Integration: fhEVM contracts are simple solidity contracts that are built using traditional solidity toolchains.
- Simple Developer Experience: Developers can use the
euint
data types to mark which part of their contracts should be private. - Programmable Privacy: All the logic for access control of encrypted states is defined by developers in their smart contracts.
- High Precision Encrypted Integers : Up to 256 bits of precision for integers
- Full range of Operators : All typical operators are available:
+
,-
,*
,/
,<
,>
,==
, … - Encrypted If-Else Conditionals : Check conditions on encrypted states
- On-chain PRNG : Generate secure randomness without using oracles
- Configurable Decryption : Threshold, centralized or KMS decryption
- Unbounded Compute Depth : Unlimited consecutive FHE operations
Learn more about fhEVM features in the documentation.
fhEVM is built for developers to write confidential smart contracts without learning cryptography. Leveraging fhEVM, you can unlock a myriad of new use cases such as DeFI, gaming, and more. For instance:
- Tokenization: Swap tokens and RWAs on-chain without others seeing the amounts.
- Blind auctions: Bid on items without revealing the amount or the winner.
- On-chain games: Keep moves, selections, cards, or items hidden until ready to reveal.
- Confidential voting: Prevents bribery and blackmailing by keeping votes private.
- Encrypted DIDs: Store identities on-chain and generate attestations without ZK.
- Private transfers: Keep balances and amounts private, without using mixers.
Learn more use cases in the list of examples.
For now, fhEVM is implemented on evmos.
# Using npm
npm install fhevm
# Using Yarn
yarn add fhevm
# Using pnpm
pnpm add fhevm
Find more details on implementation instructions in this repository.
// SPDX-License-Identifier: BSD-3-Clause-Clear
pragma solidity ^0.8.20;
import "fhevm/lib/TFHE.sol";
contract Counter {
euint32 counter;
function add(bytes calldata encryptedValue) public {
euint32 value = TFHE.asEuint32(encryptedValue);
counter = counter + value;
}
function getCounter(bytes32 publicKey) returns (bytes memory) {
return TFHE.reencrypt(counter, publicKey);
}
}
This example is explained in more detail in here.
- ERC-20: A variation of the standard ERC20 smart contract that incorporates encrypted balances, providing additional privacy for token holders.
- Darkpool: A smart contract that enables anonymous trading of cryptocurrencies or assets, typically used to execute large orders without affecting the market price. - by Owen Murovec
- Ciperbomb: A Hardhat-based template for developing Solidity smart contracts, with sensible defaults. - by Clément Danjou
- Battleship: A smart contract that replicates the classic Battleship game on a blockchain in a transparent manner. - by Owen Murovec
- Governor DAO: A DAO smart contract that facilitates governance decisions through encrypted voting.
- Blind auction: A smart contract for conducting blind auctions where bids are encrypted and the winning bid remains private.
- Decentralized ID: A blockchain-based identity management system using smart contracts to store and manage encrypted personal data.
If you have built awesome projects using fhEVM, please let us know and we will be happy to showcase them here!
- [Video tutorial] How to Write Confidential Smart Contracts Using Zama's fhEVM
- Confidential ERC-20 Tokens Using Homomorphic Encryption and the fhEVM
- On-chain Blind Auctions Using Homomorphic Encryption and the fhEVM
- Programmable Privacy and Onchain Compliance using Homomorphic Encryption
Explore more useful resources in fhEVM tutorials and Awesome Zama repo.
Full, comprehensive documentation is available here: https://docs.zama.ai/fhevm.
To support fhEVM in an EVM-based blockchain, the fhevm-go library can be used as it implements all the needed FHE functionalities. It is available here: fhevm-go
To integrate fhevm-go into any EVM-based blockchain, you can follow the Integration Guide.
Install dependencies (Solidity libraries and dev tools)
npm install
Note
Solidity files are formatted with prettier.
npm run codegen
Warning
Use this command to generate Solidity code and prettier result automatically!
Files that are generated now (can be seen inside codegen/main.ts
)
lib/Impl.sol
lib/TFHE.sol
mocks/Impl.sol
mocks/TFHE.sol
contracts/tests/TFHETestSuiteX.sol
test/tfheOperations/tfheOperations.ts
The easiest way to understand how to write/dev smart contract and interact with them using fhevmjs is to read and explore the available tests in this repository.
# in one terminal
npm run fhevm:start
# in another terminal
npm i
cp .env.example .env
./scripts/faucet.sh
npm test
We provide a docker image to spin up a fhEVM node for local development.
npm run fhevm:start
# stop
npm run fhevm:stop
For development purposes, we provide a ready to use wallet. In order to use it, prepare the .env file that contains the mnemonic.
cp .env.example .env
This allows the developer to use a few accounts, each account can get coins:
npm run fhevm:faucet:alice
npm run fhevm:faucet:bob
npm run fhevm:faucet:carol
npm test
Error: insufficient funds
Ensure the faucet command was successful.
Network1 doesn't support shanghai, so you should update the evmVersion
here to use paris
, and make sure contracts are compiled using that version.
# codegen for network1 network
TARGET_NETWORK=Network1 npx ts-node codegen/main.ts && npm run prettier
# run tests for network1 network, assumes network1 rpc already running locally
npx hardhat test --network localNetwork1
Operators can be defined as data inside codegen/common.ts
file and code automatically generates solidity overloads.
Test for overloads must be added (or the build doesn't pass) inside codegen/overloadsTests.ts
file.
The mocked mode allows faster testing and the ability to analyze coverage of the tests. In this mocked version, encrypted types are not really encrypted, and the tests are run on the original version of the EVM, on a local hardhat network instance. To run the tests in mocked mode, you can use directly the following command:
npm run test:mock
To analyze the coverage of the tests (in mocked mode necessarily, as this cannot be done on the real fhEVM node), you can use this command :
npm run coverage:mock
Then open the file coverage/index.html
. You can see there which line or branch for each contract which has been covered or missed by your test suite. This allows increased security by pointing out missing branches not covered yet by the current tests.
Note
Due to intrinsic limitations of the original EVM, the mocked version differ in few corner cases from the real fhEVM, the most important change is the TFHE.isInitialized
method which will always return true
in the mocked version. Another big difference in mocked mode, compared to the real fhEVM implementation, is that there is no ciphertext verification neither checking that a ciphertext has been honestly obtained (see section 4 of the whitepaper). This means that before deploying to production, developers still need to run the tests with the original fhEVM node, as a final check in non-mocked mode, with npm run test
.
To cite fhEVM or the whitepaper in academic papers, please use the following entries:
@Misc{fhEVM,
title={{Private smart contracts on the EVM using homomorphic encryption}},
author={Zama},
year={2023},
note={\url{https://github.com/zama-ai/fhevm}},
}
@techreport{fhEVM,
author = "Morten Dahl, Clément Danjou, Daniel Demmler, Tore Frederiksen, Petar Ivanov,
Marc Joye, Dragos Rotaru, Nigel Smart, Louis Tremblay Thibault
",
title = "Confidential EVM Smart Contracts using Fully Homomorphic Encryption",
institution = "Zama",
year = "2023"
}
There are two ways to contribute to the Zama fhEVM:
- Open issues to report bugs and typos, or to suggest new ideas
- Request to become an official contributor by emailing hello@zama.ai.
Becoming an approved contributor involves signing our Contributor License Agreement (CLA)). Only approved contributors can send pull requests, so please make sure to get in touch before you do!
This software is distributed under the BSD-3-Clause-Clear license. If you have any questions, please contact us at hello@zama.ai.
🌟 If you find this project helpful or interesting, please consider giving it a star on GitHub! Your support helps to grow the community and motivates further development.