📃 Read white paper | 📒 Documentation | 💛 Community support | 📚 FHE resources by Zama
fhEVM is a technology that enables confidential smart contracts on the EVM using fully homomorphic encryption (FHE).
Thanks to a breakthrough in homomorphic encryption, Zama’s fhEVM makes it possible to run confidential smart contracts on encrypted data, guaranteeing both confidentiality and composability with:
- End-to-end encryption of transactions and state: Data included in transactions is encrypted and never visible to anyone.
- Composability and data availability on-chain: States are updated while remaining encrypted at all times.
- No impact on existing dapps and state: Encrypted state co-exists alongside public one, and doesn't impact existing dapps.
- Solidity integration: fhEVM contracts are simple solidity contracts that are built using traditional solidity toolchains.
- Simple developer experience: Developers can use the
euint
data types to mark which part of their contracts should be private. - Programmable privacy: All the logic for access control of encrypted states is defined by developers in their smart contracts.
- High precision encrypted integers : Up to 256 bits of precision for integers
- Full range of operators : All typical operators are available:
+
,-
,*
,/
,<
,>
,==
, … - Encrypted if-else conditionals : Check conditions on encrypted states
- On-chain PRNG : Generate secure randomness without using oracles
- Configurable decryption : Threshold, centralized or KMS decryption
- Unbounded compute Depth : Unlimited consecutive FHE operations
Learn more about fhEVM features in the documentation.
fhEVM is built for developers to write confidential smart contracts without learning cryptography. Leveraging fhEVM, you can unlock a myriad of new use cases such as DeFI, gaming, and more. For instance:
- Tokenization: Swap tokens and RWAs on-chain without others seeing the amounts.
- Blind auctions: Bid on items without revealing the amount or the winner.
- On-chain games: Keep moves, selections, cards, or items hidden until ready to reveal.
- Confidential voting: Prevents bribery and blackmailing by keeping votes private.
- Encrypted DIDs: Store identities on-chain and generate attestations without ZK.
- Private transfers: Keep balances and amounts private, without using mixers.
Learn more use cases in the list of examples.
For now, fhEVM is implemented on evmos.
# Using npm
npm install fhevm
# Using Yarn
yarn add fhevm
# Using pnpm
pnpm add fhevm
Find more details on implementation instructions in this repository.
// SPDX-License-Identifier: BSD-3-Clause-Clear
pragma solidity ^0.8.24;
import "fhevm/lib/TFHE.sol";
contract Counter {
euint32 counter;
function add(einput valueInput, bytes calldata inputProof) public {
euint32 value = TFHE.asEuint32(valueInput, inputProof);
counter = TFHE.add(counter, value);
TFHE.allow(counter, address(this));
}
}
More examples are available here.
[!Note] >Zama 5-Question Developer Survey
We want to hear from you! Take 1 minute to share your thoughts and helping us enhance our documentation and libraries. 👉 Click here to participate.
- ERC-20: A variation of the standard ERC20 smart contract that incorporates encrypted balances, providing additional privacy for token holders.
- Darkpool: A smart contract that enables anonymous trading of cryptocurrencies or assets, typically used to execute large orders without affecting the market price. - by Owen Murovec
- Cipherbomb: A Hardhat-based template for developing Solidity smart contracts, with sensible defaults. - by Clément Danjou
- Battleship: A smart contract that replicates the classic Battleship game on a blockchain in a transparent manner. - by Owen Murovec
- Governor DAO: A DAO smart contract that facilitates governance decisions through encrypted voting.
- Blind auction: A smart contract for conducting blind auctions where bids are encrypted and the winning bid remains private.
- Decentralized ID: A blockchain-based identity management system using smart contracts to store and manage encrypted personal data.
If you have built awesome projects using fhEVM, please let us know and we will be happy to showcase them here!
- [Video tutorial] How to Write Confidential Smart Contracts Using Zama's fhEVM
- Confidential ERC-20 Tokens Using Homomorphic Encryption and the fhEVM
- On-chain Blind Auctions Using Homomorphic Encryption and the fhEVM
- Programmable Privacy and Onchain Compliance using Homomorphic Encryption
Explore more useful resources in fhEVM tutorials and Awesome Zama repo.
Full, comprehensive documentation is available here: https://docs.zama.ai/fhevm.
To support fhEVM in an EVM-based blockchain, the fhevm-go library can be used as it implements all the needed FHE functionalities. It is available here: fhevm-go
To integrate fhevm-go into any EVM-based blockchain, you can follow the Integration Guide.
Install dependencies (Solidity libraries and dev tools)
npm install
Note
Solidity files are formatted with prettier.
npm run codegen
Warning
Use this command to generate Solidity code and prettier result automatically!
Files that are generated now (can be seen inside codegen/main.ts
)
lib/Impl.sol
lib/TFHE.sol
mocks/Impl.sol
mocks/TFHE.sol
contracts/tests/TFHETestSuiteX.sol
test/tfheOperations/tfheOperations.ts
The easiest way to understand how to write/dev smart contract and interact with them using fhevmjs is to read and explore the available tests in this repository.
# in one terminal
npm run fhevm:start
# in another terminal
npm i
cp .env.example .env
./scripts/faucet.sh
npm test
We provide a docker image to spin up a fhEVM node for local development.
npm run fhevm:start
# stop
npm run fhevm:stop
For development purposes, we provide a ready to use wallet. In order to use it, prepare the .env file that contains the mnemonic.
cp .env.example .env
This allows the developer to use a few accounts, each account can get coins:
npm run fhevm:faucet:alice
npm run fhevm:faucet:bob
npm run fhevm:faucet:carol
npm test
Error: insufficient funds
Ensure the faucet command was successful.
Network1 doesn't support shanghai, so you should update the evmVersion
here to use paris
, and make sure contracts are compiled using that version.
# codegen for network1 network
TARGET_NETWORK=Network1 npx ts-node codegen/main.ts && npm run prettier
# run tests for network1 network, assumes network1 rpc already running locally
npx hardhat test --network localNetwork1
Operators can be defined as data inside codegen/common.ts
file and code automatically generates solidity overloads.
Test for overloads must be added (or the build doesn't pass) inside codegen/overloadsTests.ts
file.
The mocked mode allows faster testing and the ability to analyze coverage of the tests. In this mocked version, encrypted types are not really encrypted, and the tests are run on the original version of the EVM, on a local hardhat network instance. To run the tests in mocked mode, you can use directly the following command:
npm run test:mock
To analyze the coverage of the tests (in mocked mode necessarily, as this cannot be done on the real fhEVM node), you can use this command :
npm run coverage:mock
Then open the file coverage/index.html
. You can see there which line or branch for each contract which has been covered or missed by your test suite. This allows increased security by pointing out missing branches not covered yet by the current tests.
Note
Due to intrinsic limitations of the original EVM, the mocked version differ in few corner cases from the real fhEVM, the main difference is the difference in gas prices for the FHE operations. This means that before deploying to production, developers still need to run the tests with the original fhEVM node, as a final check in non-mocked mode, with npm run test
.
To cite fhEVM or the whitepaper in academic papers, please use the following entries:
@Misc{fhEVM,
title={{Private smart contracts on the EVM using homomorphic encryption}},
author={Zama},
year={2023},
note={\url{https://github.com/zama-ai/fhevm}},
}
@techreport{fhEVM,
author = "Morten Dahl, Clément Danjou, Daniel Demmler, Tore Frederiksen, Petar Ivanov,
Marc Joye, Dragos Rotaru, Nigel Smart, Louis Tremblay Thibault
",
title = "Confidential EVM Smart Contracts using Fully Homomorphic Encryption",
institution = "Zama",
year = "2023"
}
There are two ways to contribute to the Zama fhEVM:
- Open issues to report bugs and typos, or to suggest new ideas
- Request to become an official contributor by emailing hello@zama.ai.
Becoming an approved contributor involves signing our Contributor License Agreement (CLA)). Only approved contributors can send pull requests, so please make sure to get in touch before you do!
This software is distributed under the BSD-3-Clause-Clear license. Read this for more details.
Is Zama’s technology free to use?
Zama’s libraries are free to use under the BSD 3-Clause Clear license only for development, research, prototyping, and experimentation purposes. However, for any commercial use of Zama's open source code, companies must purchase Zama’s commercial patent license.
Everything we do is open source and we are very transparent on what it means for our users, you can read more about how we monetize our open source products at Zama in this blog post.
What do I need to do if I want to use Zama’s technology for commercial purposes?
To commercially use Zama’s technology you need to be granted Zama’s patent license. Please contact us at hello@zama.ai for more information.
Do you file IP on your technology?
Yes, all Zama’s technologies are patented.
Can you customize a solution for my specific use case?
We are open to collaborating and advancing the FHE space with our partners. If you have specific needs, please email us at hello@zama.ai.
🌟 If you find this project helpful or interesting, please consider giving it a star on GitHub! Your support helps to grow the community and motivates further development.