Zama's full-stack framework for confidential smart contracts using Fully Homomorphic Encryption (TFHE). Adds encrypted integer/boolean types (`euint8`..`euint256`, `ebool`) usable directly inside Solidity.
- 01confidential ERC20 / votes
- 02private auctions and games
- 03encrypted on-chain state
- 04compliance-friendly privacy
- 05FHE-native dApps
- pnpm add @fhevm/solidity @fhevm/hardhat-plugin
- pnpm add @zama-fhe/relayer-sdk
| Variable | Scope | Description |
|---|---|---|
| NEXT_PUBLIC_FHEVM_GATEWAY_URL | Client | Zama relayer/gateway URL used by the client SDK to encrypt inputs and request decryptions. |
Use FHEVM to keep state encrypted on-chain. Import `import "@fhevm/solidity/lib/FHE.sol"` and declare encrypted variables with types like `euint64 balance`. Operate on them with `FHE.add`, `FHE.lt`, `FHE.select`; grant decrypt permissions with `FHE.allow(handle, addr)` and request user decryption from the client via the relayer SDK (`createInstance({ chainId, gatewayUrl })`, then `instance.userDecrypt(handle, signer)`). For development use the Hardhat plugin (`@fhevm/hardhat-plugin`) and the mock FHEVM coprocessor to run tests locally.
- ⚑FHE operations are 100x–1000x more gas-expensive than plaintext equivalents — design state to minimize ciphertext arithmetic and prefer `FHE.select` over branching on encrypted booleans.
- ⚑TFHE supports only the bit-widths that the coprocessor exposes (e.g. 8/16/32/64/128/256). Division and modulo by encrypted divisors are limited or unsupported — check the current op-table before assuming an operation exists.
- ⚑Decryption is asynchronous via the gateway/relayer: results are not available in the same transaction. Architect contracts around `requestDecryption` callbacks or use user-decrypt for client-side reveal.
- ⚑ACL is mandatory: a ciphertext handle is unusable by another contract or the gateway unless `FHE.allow`/`FHE.allowThis` was called — forgetting this produces silent reverts in callbacks.
- ⚑Production FHEVM only runs on chains that have deployed the Zama coprocessor (Sepolia testnet, supported L2s). On vanilla EVM chains you must run the mock plugin and cannot deploy live.