1.2. CoFHE Off-Chain Processing

The CoFHE (Coprocessed Fully Homomorphic Encryption) layer serves as the computational backbone of the Fhenix-FairMarket protocol. By offloading heavy homomorphic comparisons (FHE.gt, FHE.select) from the settlement blockchain to specialized off-chain FHEOS (Fully Homomorphic Encryption Operating System) servers, the protocol achieves cryptographic finality without congesting L2 block space or incurring prohibitive gas costs.

This layer operates as a stateless, event-driven dispatch system that collects encrypted bid hashes, processes them in optimized batches, and returns mathematically verifiable ciphertext results to the verification network.

Core Design Principles

Principle	Technical Implementation
Asynchronous Decoupling	Computation is entirely detached from block production. The L2 chain only emits `DecryptionRequested` events; processing occurs independently via the Keeper network.
Batch-Optimized Dispatch	Requests are aggregated into batches (capped at `10 auctions/block`) to prevent API rate limits, manage FHEOS throughput, and eliminate `Out-of-Gas` (OOG) risks during settlement spikes.
Constant-Time Execution	All comparisons utilize `FHE.select` multiplexers, ensuring execution duration remains uniform regardless of input magnitude. This neutralizes timing side-channel attacks.
Zero Plaintext Exposure	At no point are decrypted bid values stored, logged, or transmitted. Only `bytes32` ciphertext hashes and encrypted winner identifiers traverse the network.
Resilient Queue Management	Local `Redis`/SQLite queues with retry logic and exponential backoff guarantee request persistence during FHEOS latency or network partitions.

️ Technical Implementation

1. Dispatcher Service Architecture (`cofheDispatcher.ts`)

The dispatcher acts as the orchestration bridge between on-chain events and off-chain cryptographic servers.

// Pseudo-architecture of the CoFHE Dispatcher Service
class CoFHEDispatcher {
 async processBatch(auctionIds: string[]): Promise<ResolutionPayload> {
 // 1. Fetch ciphertext hashes from on-chain storage/events
 const cipherHashes = await fetchCipherHashes(auctionIds);
 
 // 2. Construct authenticated FHEOS request
 const payload = {
 endpoint: process.env.FHEOS_ENDPOINT, // e.g., https://fheos.fhenix.zone
 headers: { 'Authorization': `Bearer ${process.env.FHEOS_API_KEY}` },
 body: { 
 operation: 'compare_encrypted', 
 hashes: cipherHashes,
 timeout_ms: 120000 
 }
 };
 
 // 3. Dispatch with circuit breaker & retry logic
 const response = await this.dispatchWithRetry(payload);
 
 // 4. Parse encrypted result & AVS proof bundle
 return {
 winnerCiphertext: response.winning_bid_hash,
 avsProof: response.operator_signatures,
 latency_ms: response.processing_time
 };
 }
}

2. Batch Queue & Rate Limiting

Max Batch Size: 10 auctions/block (configurable via config.ts)
Queue Backend: Redis for distributed locking and state persistence
Idempotency: Each batch request carries a unique nonce to prevent duplicate FHEOS submissions during network retries
Timeout Threshold: 120 seconds per batch. Exceeding this triggers a fallback log and escalates to the Dead Man's Switch monitoring layer.

3. FHEOS Execution Pipeline

Ingestion: cofheDispatcher sends encrypted hashes via REST/gRPC to FHEOS nodes.
Homomorphic Comparison: FHEOS executes FHE.gt(a, b) across all bids in the batch using FHE.select constant-time gates.
Result Generation: Returns only the winnerCiphertext and second-price ciphertext (if Vickrey mode is enabled).
AVS Binding: FHEOS nodes cryptographically sign the result bundle. These signatures are aggregated before on-chain submission.

Performance & Security Specifications

Metric	Target	Enforcement Mechanism
Batch Throughput	≤ 10 auctions / dispatch cycle	Configurable `BATCH_LIMIT` in `config.ts`
Max Latency	≤ 120 seconds	Hard timeout + Prometheus alerting
Side-Channel Resistance	100%	`FHE.select` constant-time multiplexers (execution time independent of values)
Plaintext Leakage	0%	CI lint rules + static analysis + encrypted-only SDK transport
Request Durability	99.99%	Redis-backed queue + exponential backoff retry (max 5 attempts)

Data Flow: On-Chain → Off-Chain → Verification

️ Security & Reliability Guarantees

Timing Attack Neutralization: By enforcing FHE.select constant-time gates at the coprocessor level, execution clocks remain identical for high and low values. Attackers cannot infer bid ranges by measuring server response times.
OOG & DoS Prevention: The strict 10 auctions/block batch cap ensures that sudden auction closures never overwhelm the coprocessor or trigger cascading L2 gas spikes.
Network Partition Tolerance: The Redis queue persists unprocessed batches. If FHEOS endpoints become unreachable, the dispatcher halts submission, logs the anomaly, and triggers the Dynamic Dead Man's Switch if the 120s threshold is breached.
Cryptographic Binding: FHEOS results are cryptographically signed by multiple nodes. The avsSubmitter service verifies the signature threshold before allowing on-chain resolution, preventing rogue coprocessor outputs from affecting state.

Next Steps

Proceed to 1.3. EigenLayer AVS Verification to understand how off-chain results are cryptoeconomically secured.

Review 4.2. Keeper Network & Infrastructure for Docker configuration, race condition prevention, and batch routing.

See Security Model → Threat Matrix for side-channel and timing attack mitigations.

1.1 Async FHE Coprocessing 1.3 EigenLayer AVS Verification