Private supplier bids.
Publicly verifiable winners.
SilentRFQ lets buyers run supplier RFQs on-chain while vendors submit encrypted bid amounts. Zama FHE compares bids privately and reveals only the winning vendor.
silentrfq / fhe-procurement-core
encrypted bid packets
bid: 0x1a4f8e...e839
bid: 0x8b2c1d...1f40
bid: 0x3d7ac9...c92e
FHE comparison core
TFHE.min(euint64, euint64, euint64)
Zama FHEVM · 3 encrypted operands
euint64
private
winner verified
0x3BDC...6798
The Problem
Public on-chain RFQs leak supplier strategy.
On a standard EVM chain, every bid amount lands in calldata — readable by anyone. Competitors read a rival's price before the deadline and undercut by one unit. Suppliers build long-term pricing databases on each other. This destroys the sealed-bid model that makes competitive procurement work.
SilentRFQ uses Zama FHEVM to fix this:
- Bid amounts are TFHE-encrypted before leaving the vendor's browser.
- The smart contract compares bids homomorphically — no plaintext ever leaves FHE.
- Only the winning vendor index is publicly decrypted via the Zama KMS gateway.
- Losing bid amounts remain permanently encrypted on-chain.
How it works
Four steps. Zero plaintext.
Buyer creates RFQ
Post a procurement request with a description and deadline. Contract is deployed publicly — bid logic is private.
Vendors encrypt bids
Each vendor encrypts their price locally using the Zama SDK. Only a TFHE ciphertext lands on-chain. No plaintext, ever.
Buyer finalizes
After the deadline, the buyer calls finalize(). Bids have been compared homomorphically throughout the entire bidding period.
Gateway reveals winner
The Zama KMS decrypts only the winning vendor index. Any wallet submits the proof on-chain. Losing amounts stay private forever.
Why SilentRFQ wins
Confidential by construction, verifiable by design.
Bid amounts stay encrypted
Every bid is TFHE-ciphertext from the moment it leaves the vendor's browser. No plaintext price ever touches calldata.
Procurement remains auditable
RFQ metadata, vendor participation, and the final result are all public and independently verifiable on-chain.
Winner is publicly verifiable
The Zama KMS gateway decrypts only the winning index. Anyone can confirm the result without trusting the buyer.
No offchain bid custody
There is no backend database, no offchain matcher, no custodian holding bid data. The contract is the only source of truth.
Built on Zama FHEVM
Homomorphic comparison happens directly on encrypted euint64 values using the audited Zama FHEVM primitives.
Privacy model
What stays public. What stays private.
Public On-Chain
- RFQ description and deadline
- Vendor wallet addresses
- Total bid count
- Winner address (after reveal only)
Encrypted / Private
- Individual bid amounts during bidding
- Losing bid amounts (permanently encrypted)
- Winning bid amount (buyer-only FHE access)
- Live ranking during bidding period
- Encrypted comparison path
Built for evaluators
What to verify.
The full RFQ lifecycle has been tested end-to-end on Sepolia. Every step is independently verifiable on-chain.
TFHE homomorphic comparison
Bid amounts are compared using TFHE operations on encrypted ciphertexts. No zero-knowledge proof needed. No trusted intermediary.
Permissionless reveal
Any wallet can submit the KMS decryption proof on-chain. Winner selection cannot be gamed, withheld, or front-run.
Verifiable on Sepolia
All contract logic is open source and independently verifiable. Factory and RFQ addresses are public on the testnet.