Zama FHEVM  ·  Confidential Procurement  ·  Sepolia

Private supplier bids.
Publicly verifiable winners.

SilentRFQ lets buyers run supplier RFQs on-chain while vendors submit encrypted bid amounts. Zama FHE compares bids privately and reveals only the winning vendor.

Sepolia tested42 tests passingGateway reveal verifiedLosing bids stay private

silentrfq / fhe-procurement-core

LIVE · SEPOLIA

encrypted bid packets

VENDOR_010x456c...f1dc

bid: 0x1a4f8e...e839

VENDOR_020x3BDC...6798

bid: 0x8b2c1d...1f40

VENDOR_030x9f2e...a011

bid: 0x3d7ac9...c92e

FHE comparison core

TFHE.min(euint64, euint64, euint64)

Zama FHEVM · 3 encrypted operands

euint64

private

winner verified

0x3BDC...6798

Losing bids: permanently encryptedlive Sepolia
Sepolia liveFactory deployedEncrypted bidsGateway revealPublic winner

The Problem

Public on-chain RFQs leak supplier strategy.

On a standard EVM chain, every bid amount lands in calldata — readable by anyone. Competitors read a rival's price before the deadline and undercut by one unit. Suppliers build long-term pricing databases on each other. This destroys the sealed-bid model that makes competitive procurement work.

SilentRFQ uses Zama FHEVM to fix this:

  • Bid amounts are TFHE-encrypted before leaving the vendor's browser.
  • The smart contract compares bids homomorphically — no plaintext ever leaves FHE.
  • Only the winning vendor index is publicly decrypted via the Zama KMS gateway.
  • Losing bid amounts remain permanently encrypted on-chain.

How it works

Four steps. Zero plaintext.

01

Buyer creates RFQ

Post a procurement request with a description and deadline. Contract is deployed publicly — bid logic is private.

02

Vendors encrypt bids

Each vendor encrypts their price locally using the Zama SDK. Only a TFHE ciphertext lands on-chain. No plaintext, ever.

03

Buyer finalizes

After the deadline, the buyer calls finalize(). Bids have been compared homomorphically throughout the entire bidding period.

04

Gateway reveals winner

The Zama KMS decrypts only the winning vendor index. Any wallet submits the proof on-chain. Losing amounts stay private forever.

Why SilentRFQ wins

Confidential by construction, verifiable by design.

Bid amounts stay encrypted

Every bid is TFHE-ciphertext from the moment it leaves the vendor's browser. No plaintext price ever touches calldata.

Procurement remains auditable

RFQ metadata, vendor participation, and the final result are all public and independently verifiable on-chain.

Winner is publicly verifiable

The Zama KMS gateway decrypts only the winning index. Anyone can confirm the result without trusting the buyer.

No offchain bid custody

There is no backend database, no offchain matcher, no custodian holding bid data. The contract is the only source of truth.

Built on Zama FHEVM

Homomorphic comparison happens directly on encrypted euint64 values using the audited Zama FHEVM primitives.

Privacy model

What stays public. What stays private.

Public On-Chain

  • RFQ description and deadline
  • Vendor wallet addresses
  • Total bid count
  • Winner address (after reveal only)

Encrypted / Private

  • Individual bid amounts during bidding
  • Losing bid amounts (permanently encrypted)
  • Winning bid amount (buyer-only FHE access)
  • Live ranking during bidding period
  • Encrypted comparison path

Built for evaluators

What to verify.

The full RFQ lifecycle has been tested end-to-end on Sepolia. Every step is independently verifiable on-chain.

TFHE homomorphic comparison

Bid amounts are compared using TFHE operations on encrypted ciphertexts. No zero-knowledge proof needed. No trusted intermediary.

Permissionless reveal

Any wallet can submit the KMS decryption proof on-chain. Winner selection cannot be gamed, withheld, or front-run.

Verifiable on Sepolia

All contract logic is open source and independently verifiable. Factory and RFQ addresses are public on the testnet.