FHEVM deployment on the Sepolia Testnet

YookYookWanda · May 25, 2025, 11:29am

Hello,

I have a couple of questions regarding the current deployment of FHEVM on Sepolia. It’s possible I’ve overlooked something in the documentation, so even a brief pointer in the right direction would be greatly appreciated.

Computation Verification:

How are the computations performed by the FHE coprocessor currently verified? The FHEVM whitepaper mentions several approaches — such as optimistic rollups, trusted services, or zero-knowledge proofs — but I couldn’t find which one is currently implemented.

Threshold Key Management System (TKMS):

Is TKMS currently deployed on Sepolia, or is it still in active research and development? If not yet deployed, can the coprocessor operate without it — for example, when running as a trusted service?

Thank you for your time and for the great work on FHEVM.

Best regards,
Remo

benoit · May 26, 2025, 7:58am

Hello

For Computation Verification: it’s achieved thanks to consensus. You’ll see that soon in our revamp of fhevm (ie, coming 0.7 release).

For Threshold Key Management System (TKMS), it’s deployed yes, but the MPC parties are not running on chain: it’s just the orchestration which happens on chain. We’ll open source that a bit more in the coming month, but you can already see the cryptography part of the KMS on GitHub - zama-ai/threshold-fhe: Threshold MPC protocols for FHE

YookYookWanda · May 26, 2025, 8:25am

Thank you for your insights, Benoit.

For Computation Verification: it’s achieved thanks to consensus.

Just to clarify — is this consensus at the L1 level, or among the KMS (or coprocessor) nodes?

Given that FHE computations are deterministic, I assume the idea is that multiple nodes (or groups of nodes) can independently perform the same computation, and if a quorum agrees on the result, it’s considered valid. Is that the general mechanism being used?

We’ll open source that a bit more in the coming month

I’m looking forward to it!

clement · May 28, 2025, 8:44am

An event is emitted on L1 to trigger a computation. Then, multiple coprocessors independently perform the same FHE computation. Since FHE is deterministic, all honest nodes produce the same ciphertext. If a quorum of coprocessors agrees on the result, the ciphertext is accepted.

So yes, consensus is among the coprocessors.