Cryptographic Access Control
for Onchain Data Flows
ZK proves policy compliance without disclosure; FHE computes on encrypted state; together they form a programmable confidentiality layer for agentic workflows.
Access Control = Who can decrypt what, when, under which policy
- Data path is explicit: inputs -> encrypted compute -> gated outputs.
- Decryption is a governed event: keys are not a server secret.
- Proofs make policies auditable: without ever revealing payloads.
Client
Encrypt
Encrypted State
FHE Eval
Encrypted Result
ZK Proof:
Policy Satisfied
Policy Satisfied
Policy Contract
Key Release /
Threshold Decrypt
Threshold Decrypt
Decrypted Output
Zero-Knowledge Proofs: Correctness Without Disclosure
Fully Homomorphic Encryption (CKKS): Compute on Encrypted State
CKKS is a homomorphic encryption scheme for approximate arithmetic, where precision, scale management, and rounding errors are central to the design.
Verifiable Confidential Computation
Combining ZK and FHE creates a powerful paradigm for decentralized applications.
Encrypted Execution
FHE keeps the state encrypted throughout the lifecycle, while ZK proves that policies were respected during execution.
Gated Decryption
Decryption becomes a privileged event visible onchain. ZK proofs and logs ensure that decryption happens only when specific conditions are met.
Zero-Exhaust Audit
Ideal for inter-institutional collaboration such as AML checks where you must verify compliance without sharing raw sensitive data.
Decentralized Key Management
Threshold Decryption as Access Control
- Split Control: Threshold FHE splits the decryption key among multiple parties. Decryption requires collaboration (PartDec/FinDec).
- Low Communication: Modern protocols focus on low-communication overhead, sometimes adding a randomization preprocessing step (ServerDec).
In this model, "Secrets-as-a-Service" is not just encrypted storage, but a decryption governance protocol.
Threat Model
| Entity | Scope |
|---|---|
| Adversary | Compute operator, chain observers, collaborating institutions, compromised client devices (limited scope). |
| Protected | Raw inputs, intermediate FHE states, counterparty data, business-logic parameters (optional). |
| Not Protected | Endpoint compromise (malware on user device), side-channel attacks on hardware, incorrect policy authoring. |