5.4. FHEOS Server (Computation)
The FHEOS (Fully Homomorphic Encryption Operating System) serves as the computational backbone of the CoFHE layer. By offloading heavy homomorphic comparisons (FHE.gt, FHE.select) from the L2 settlement chain to specialized off-chain coprocessors, the protocol achieves cryptographic finality without congesting block space or incurring prohibitive gas costs.
Version 2.0 formalizes FHEOS as a stateless, event-driven computation engine that receives encrypted ciphertext hashes, executes constant-time sorting and settlement logic, and returns mathematically verifiable results bound to EigenLayer AVS operator signatures. This architecture guarantees zero plaintext exposure, neutralizes timing side-channels, and scales horizontally independent of L2 throughput limits.
Core Design Principles
| Principle | Technical Implementation |
|---|---|
| Off-Chain Decoupling | Heavy FHE math executes outside L2 gas limits. The chain only stores bytes32 hashes and emits DecryptionRequested events. |
| Constant-Time Execution | FHE.select multiplexers route results based on encrypted boolean conditions, ensuring execution clocks remain uniform regardless of bid magnitude. Neutralizes timing side-channel attacks. |
| Batch-Optimized Processing | Requests are capped at 10 auctions/block to prevent API overload, manage coprocessor throughput, and eliminate Out-of-Gas (OOG) cascades during settlement spikes. |
| Zero Plaintext Exposure | Operates exclusively on ciphertext hashes. No intermediate decryption, plaintext logging, or value exposure occurs during sorting or settlement. |
| Deterministic & Verifiable Output | Results are cryptographically signed by multiple AVS operators. The on-chain contract independently verifies the aggregated proof before accepting state transitions. |
️ Technical Implementation
1. API & Endpoint Architecture
FHEOS exposes a secure, authenticated endpoint for batched ciphertext processing. The cofheDispatcher routes requests with strict timeout and retry logic.
// Conceptual FHEOS API Request Structure (cofheDispatcher → FHEOS)
const request = {
endpoint: process.env.FHEOS_API_ENDPOINT, // e.g., https://fheos.fhenix.zone/v1/compare
headers: {
'Authorization': `Bearer ${process.env.FHEOS_API_KEY}`,
'Content-Type': 'application/json'
},
body: {
batchId: uuidv4(),
auctionIds: ['0x1a2...b3', '0x4c5...d6'], // Max 10
ciphertextHashes: [
{ auctionId: '0x1a2...b3', hashes: ['0xabc...', '0xdef...', '0x123...'] }
],
operation: 'vickrey_sort', // Constant-time encrypted comparison
timeoutMs: 120_000 // Hard timeout before escalation
}
};2. Constant-Time Homomorphic Sorting Engine
The core computation relies on FHE.select to route encrypted values without decryption. This ensures that comparing 1 ETH vs 100 ETH consumes identical computational cycles.
// Pseudo-architecture: FHEOS Constant-Time Comparison Logic
function constantTimeVickreySort(encryptedBids: InEuint32[]): { winner: InEuint32, secondPrice: InEuint32 } {
let highest = encryptedBids[0];
let second = FHE.asEuint32(0);
for (let i = 1; i < encryptedBids.length; i++) {
const isGreater = FHE.gt(encryptedBids[i], highest);
// FHE.select: Cryptographic multiplexer routes without decryption
second = FHE.select(isGreater, highest, second);
highest = FHE.select(isGreater, encryptedBids[i], highest);
}
return { winner: highest, secondPrice: second };
}3. Batch Queue & Throughput Management
To prevent network congestion from overwhelming the coprocessor, FHEOS enforces strict batch limits and queue management:
- Max Batch Size:
10 auctions/block(configurable viaconfig.ts) - Queue Backend:
Redisfor distributed locking and request persistence - Idempotency: Each batch carries a unique
batchIdto prevent duplicate processing during network retries - Timeout Threshold:
120 secondsper batch. Exceeding this triggers a fallback log and escalates to theDynamic Dead Man's Switchmonitoring layer.
Data Flow: Dispatcher → FHEOS → AVS Binding
Performance & Security Specifications
| Metric | Target | Enforcement Mechanism |
|---|---|---|
| Batch Throughput | ≤ 10 auctions / dispatch cycle | Configurable BATCH_LIMIT in config.ts |
| Max Latency | ≤ 120 seconds | Hard timeout + Prometheus alerting |
| Timing Side-Channel Resistance | 100% | FHE.select constant-time multiplexers (execution time independent of values) |
| Plaintext Leakage | 0% | CI lint rules + static analysis + encrypted-only SDK transport |
| Request Durability | 99.99% | Redis-backed queue + exponential backoff retry (max 5 attempts) |
️ Security & Reliability Guarantees
- Timing Attack Neutralization: By enforcing
FHE.selectconstant-time gates at the coprocessor level, execution clocks remain identical for high and low values. Attackers cannot infer bid ranges by measuring server response times or computational variance. - OOG & DoS Prevention: The strict
10 auctions/blockbatch cap ensures that sudden auction closures never overwhelm the coprocessor or trigger cascading L2 gas spikes. - Network Partition Tolerance: The
Redisqueue persists unprocessed batches. If FHEOS endpoints become unreachable, the dispatcher halts submission, logs the anomaly, and triggers theDynamic Dead Man's Switchif the120sthreshold is breached. - Cryptographic Binding: FHEOS results are cryptographically signed by multiple nodes. The
avsSubmitterservice verifies the signature threshold before allowing on-chain resolution, preventing rogue coprocessor outputs from affecting state.
Audit Gate Compliance (P0)
Progression through Phase 3/4 is strictly blocked until all FHEOS-related P0 criteria are verified:
- [] Zero Plaintext Processing: FHEOS operates exclusively on
bytes32ciphertext hashes. No decryption, plaintext logging, or value exposure occurs during sorting. - [] Constant-Time Enforcement: All comparative operations use
FHE.selectmultiplexers. Timing variance< ±2msacross all input ranges (verified via side-channel audit). - [] Batch Limit Compliance: Dispatcher never exceeds
10 auctions/block. Hard timeout of120senforced before escalation. - [] Deterministic Output Verification: FHEOS results are cryptographically reproducible. AVS operators independently verify outputs before signing.
- [] Fault Tolerance Integration: Queue persistence and retry logic successfully handle simulated FHEOS downtime without data loss or state corruption.
Reference Architecture Files
| Component | Path | Purpose |
|---|---|---|
cofheDispatcher.ts | packages/keeper/src/services/cofheDispatcher.ts | Batch routing, API auth, timeout handling |
config.ts | packages/keeper/config.ts | FHEOS endpoint, BATCH_LIMIT, timeout thresholds |
avsSubmitter.ts | packages/keeper/src/services/avsSubmitter.ts | Signature aggregation, fraud proof validation |
CoFHEFlow.test.ts | packages/contracts/test/integration/CoFHEFlow.test.ts | End-to-end FHEOS simulation & latency profiling |
Next Steps
- Proceed to 5.5. SlashedPot.sol (Compensations) to understand penalty routing, pro-rata distribution, and seller accountability mechanics.
- Review Security Model → Threat Matrix for side-channel, timing attack, and coprocessor spoofing mitigations.
- Explore Developer Quickstart → Integration Tests to run local FHEOS simulation suites and latency benchmarks.