Skip to main content

Confidential TokenOps

Confidential TokenOps is a privacy layer for on-chain token management, covering airdrops, batch distributions, and vesting, where all sensitive values remain encrypted using Fully Homomorphic Encryption (FHE).

Every token airdrop, vesting schedule, and batch distribution on a public chain is visible to anyone: competitors, snipers, and speculators can see amounts before recipients do. Confidential TokenOps changes that. Built on Zama's fhEVM and the ERC-7984 Confidential Token standard, it keeps token amounts encrypted on-chain so only authorized parties can decrypt them. Core contracts are audited by OpenZeppelin.

What stays private, what stays public

Private (Encrypted)

  • Token amounts per recipient
  • Claimed amounts
  • Total reserved amounts
  • Fee reserves

Public (Plaintext)

  • Recipient addresses
  • Vesting schedules and timelines
  • Role assignments
  • Whether a vesting is revocable

Confidential Features

Confidential Airdrop

Encrypts every claim amount so only the recipient sees their allocation. Audited by OpenZeppelin.

Highlights:
  • Encrypted claim amounts via ERC-7984
  • EIP-712 signature-based authorization
  • CREATE3 cross-chain deployment
  • Audited and ready for deployment

Confidential Disperse

Batch-distribute tokens to multiple recipients while keeping per-address amounts encrypted end-to-end.

Highlights:
  • Encrypted per-recipient amounts
  • Wallet-based, direct, and token-fee modes
  • Gas and token fee options
  • Per-user wallet system

Confidential Vesting

Token amounts stay encrypted throughout the full vesting lifecycle while schedules remain transparent.

Highlights:
  • Encrypted allocations and claims
  • Selective disclosure to third parties
  • Batch vesting creation
  • Gas-sponsored and partial claims

Architecture

SDK Preview

The TokenOps SDK extends to support confidential operations with the same patterns you already use. Deploy and interact with confidential contracts using familiar factory and provider abstractions.

Confidential Airdrop

import { ConfidentialAirdropFactory } from 'tokenops-sdk';

// Preview: API subject to change
const factory = new ConfidentialAirdropFactory(factoryAddress, provider);

// Deploy a new confidential airdrop clone
const result = await factory.newConfidentialAirdrop(
  confidentialTokenAddress,  // ERC-7984 confidential token
  gasFee,                    // Gas fee per claim (in wei)
  startTime,                 // Claim window start
  endTime,                   // Claim window end
  canExtendClaimWindow,      // Whether admin can extend the window
  { account: deployerAddress }
);

console.log('Confidential Airdrop deployed:', result.confidentialAirdrop);

// Recipients claim with an admin-signed EIP-712 signature
const airdrop = new ConfidentialAirdrop(airdropAddress, provider);

await airdrop.claim(
  encryptedAmount,           // Encrypted claim amount
  inputProof,                // FHE input proof
  adminSignature,            // EIP-712 typed data signature from admin
  { account: recipientAddress, value: gasFee }
);

Confidential Disperse

import { DisperseConfidential } from 'tokenops-sdk';

// Preview: API subject to change
const disperse = new DisperseConfidential(disperseAddress, provider);

// Register to create per-user wallets for secure distribution
await disperse.register(
  confidentialTokenAddress,   // ERC-7984 confidential token
  { account: senderAddress }
);

// Disperse encrypted amounts to multiple recipients
await disperse.disperseConfidentialTokens(
  confidentialTokenAddress,   // ERC-7984 confidential token
  recipients,                 // Array of recipient addresses
  encryptedAmounts,           // Encrypted amount per recipient
  encryptedSubtotals,         // Encrypted subtotals for wallet groups
  inputProof,                 // FHE input proof
  { account: senderAddress, value: gasFee }
);

Why FHE?

Fully Homomorphic Encryption allows smart contracts to perform computations directly on encrypted data without ever decrypting it. While zero-knowledge proofs prove facts about hidden data, FHE goes further by enabling contract logic to compute directly on encrypted state. Zama's fhEVM combines both techniques to deliver an EVM-compatible execution environment where token amounts stay as ciphertext throughout the entire operation: claim, vest, distribute. Only authorized parties can see the plaintext.

note

Confidential TokenOps is in active development. Contract interfaces and SDK APIs may evolve as audits complete and the protocol matures.