Skip to main content

Privacy Architecture (FHE)

Exosphere adds a Confidential Mode to any ERC‑20 stablecoin via a 1:1 wrapper. Users toggle between the public rail (base token $TOKEN) and the confidential rail ($exoTOKEN, an fhERC‑20). Amounts and balances are encrypted on‑chain; compliance visibility is selective via view‑keys.

At a glance

  • Wrap/Unwrap 1:1 — The Wrapper Vault escrows the base token $TOKEN and mints/burns $exoTOKEN at par.
  • Encrypted transfers — Wallets encrypt amounts locally and submit ciphertext + proof; the chain stores ciphertexts.
  • Selective transparency — Authorized parties get view‑keys; all grants are logged and revocable.
  • Rails — Allowlisted off‑ramps enable shielded redemption; the vault periodically nets with issuer reserves.

Architecture

Privacy architecture overview

Roles

  • Wallet / Custodian — Encrypts amounts locally; holds/decrypts balances with granted view‑keys.
  • Confidential Token $exoTOKEN (fhERC‑20) — ERC‑20‑compatible token with ciphertext balances and amounts.
  • Wrapper Vault (policy) — Escrows base token $TOKEN, mints/burns $exoTOKEN 1:1; enforces allowlists/limits/pause.
  • Base Stablecoin $TOKEN (ERC‑20) — Your existing public token; unchanged.
  • FHE Coprocessor (proofs) — Generates proofs for encrypted ops; the chain verifies without seeing plaintext.
  • Compliance Viewer (view‑key) — Scoped, revocable visibility for authorized parties.
  • Issuer Reserves / Minter (KYC/KYB) & Allowlisted Off‑Ramp (ACH/SEPA/SWIFT) — Shielded redemption with periodic netting.

Data visibility

  • On‑chain — Ciphertexts + proofs; no public amounts or balances.
  • Holders — See their own balances locally.
  • Authorized viewers — See scoped data via view‑keys (logged & revocable).
  • Public — Can verify supply ↔ reserves via wrapper/vault accounting.

Policy & controls

  • Parity with base token — Allowlists, limits, freeze/pause, and mint/burn roles mirror issuer policy.
  • Emergency controls — Pause/freeze paths and tamper‑evident ops logs.

Security & ops

  • Key separation for mint/burn vs. view‑key operations; rotation supported.
  • Audits for contracts/circuits; operational runbooks for incidents and disclosures.