FAQ

While it is true that FHE requires intensive computation and cannot support use cases that require scale (such as training ML models on top of encrypted data), it is currently fast enough to support crypto use cases. This is because FHE is only used for performing hidden state transitions, which can be optimized through parallelization and hardware acceleration.

Typically, TPS (transactions per second) is measured using standard ERC-20 transfers. In our case, it will be based on confidential ERC-20 transfers, which involve FHE-based operations such as addition, subtraction, comparison, and conditional multiplexing (select). We anticipate that mainnet will support at least 10 TPS using a single GPU. It’s important to highlight that FHE computations are parallelizable, allowing for horizontal scaling. Furthermore, we expect FPGA hardware acceleration to enhance scalability by an additional factor of 10-100x over time.

The TFHE scheme is based on lattice cryptography, which has been endorsed by the National Institute for Standards and Technology (NIST) to be resistant to quantum computers.

During the ciphertext creation, the plaintext is encrypted using the public key of the global FHE key, and a zero-knowledge proof of plaintext knowledge (ZKPoK) is also generated. The ZKPoK guarantees that 1) the ciphertext correctly generated 2) the user knows the plaintext value 3) the ciphertext cannot be used in another smart contract. In sum, a ciphertext is only valid if the ZKPoK is also validated in the transaction.