E3 Computation Flow

Computation Flow

The computation process within Enclave is decentralized and open, allowing any participant to contribute to each phase of execution. This design ensures transparency and flexibility, enabling different roles to be fulfilled by various actors, including the application server, Compute Providers, or other network participant.

Phase 1: Request

  1. Define the E3 Program: Author your Secure Process using the tooling described in Writing the Secure Process. Enclave currently ships first-party support for the BFV scheme via fhe.rs (opens in a new tab) and the SAFE library.

  2. Choose a Compute Provider: Your program must align with the execution backend (e.g., RISC Zero (opens in a new tab) for CRISP or a custom FHE coprocessor).

  3. Assemble E3RequestParams:

    • threshold: the CiCo size/threshold tuple (t/n) used for decryption security
    • startWindow and duration: governs when inputs open/close and how long execution may run
    • e3Program, e3ProgramParams, computeProviderParams, and optional customParams

  4. Submit the Request: Call request with the struct to publish the new computation.

    function request(
  E3RequestParams calldata requestParams
) external returns (uint256 e3Id, E3 memory e3);
    struct E3RequestParams {
  uint32[2] threshold;
  uint256[2] startWindow;
  uint256 duration;
  IE3Program e3Program;
  bytes e3ProgramParams;
  bytes computeProviderParams;
  bytes customParams;
}

Phase 2: Node Selection

Each new request to the Enclave contracts initiates a verifiable sortition process to select a Ciphernode Committee (CiCo). The selected Ciphernodes use the E3 Program parameters to determine the appropriate Fully Homomorphic Encryption (FHE) scheme, then generate and publish a shared public encryption key.

Node Selection

Phase 3: Input Window

During this phase, Data Providers — who may include individual users, applications, or institutions — encrypt their data to the CiCo's public key and publish commitments to those inputs onchain.

  1. Data Encryption: Data Providers encrypt their inputs using the CiCo's public key.

  2. Input Validation: Data Providers generate several Zero-Knowledge Proofs about their inputs to ensure they are valid for the requested E3. Some of these proofs are generic (e.g., proof of valid encryption) while others will be specific to your application.

  3. Submit Inputs: Both encrypted data and ZKPs are submitted to the Enclave contract, which will call the validateInput function on your E3P smart contract. The input hash is then added to a Merkle tree, the root of which can later be used to anchor proofs of correct execution of your E3 Program.

    function validateInput(address sender, bytes memory data) external returns (bytes memory input);

Phase 4: Execution

In this phase, the Compute Provider (CP) executes the Secure Process defined in your E3 Program and publishes the encrypted output back to Enclave contract.

  1. Execution: The CP retrieves encrypted inputs and executes the Secure Process defined in your E3 program.

  2. Publish Output: Your E3 Program contract must implement a verify function that will be invoked by the Enclave contract to publish the ciphertext output of your computation.

    function publishCiphertextOutput(
  uint256 e3Id,
  bytes memory ciphertextOutput,
  bytes memory proof
) external returns (bool success);

Phase 5: Decryption

After the ciphertext output is published, the CiCo for the given E3 coordinates to decrypt the ciphertext output and publish the resulting plaintext. The plaintext output can be queried from the Enclave contract's getE3() function.

function getE3(uint256 e3Id) external view returns (E3 memory e3);

or by listening to the PlaintextOutputPublished event.

event PlaintextOutputPublished(uint256 indexed e3Id, bytes plaintextOutput);
Architecture OverviewUse Cases