4.3. Phase 3: CoFHE & AVS Integration

Phase 3 marks the critical transition from synchronous on-chain computation to a fully asynchronous, economically secured settlement layer. By decoupling heavy homomorphic comparisons from the blockchain and delegating them to specialized FHEOS coprocessors, the protocol achieves near-zero gas consumption while maintaining mathematical integrity. Economic finality is enforced through EigenLayer Actively Validated Services (AVS), replacing expensive ZK-circuits with threshold signature aggregation and automated fraud-proof slashing.

This phase unlocks the protocol’s core value proposition: privacy-preserving auctions that scale horizontally, resolve deterministically, and remain resilient to single-point failures.

Phase Objective

Convert finalizeAuction() into a lightweight event emitter, eliminating on-chain FHE comparisons.
Build the Keeper Network (auctionMonitor, cofheDispatcher, avsSubmitter) for off-chain orchestration.
Integrate EigenLayer AVS verification, requiring aggregated operator signatures before state acceptance.
Implement MockEigenLayerAVS.sol for deterministic local testing of fraud proofs and slashing logic.
Achieve 100% pass rate on the CoFHEFlow.test.ts end-to-end integration suite.

Target File Structure

packages/
├── contracts/
│ ├── interfaces/
│ │ └── ISettlementEngine.sol # Unified resolution signatures
│ ├── core/
│ │ └── FhenixFairMarket.sol # finalizeAuction(), submitResolution()
│ ├── test/
│ │ ├── integration/
│ │ │ └── CoFHEFlow.test.ts # Full async cycle simulation
│ │ └── mocks/
│ │ └── MockEigenLayerAVS.sol # Local AVS & Fraud Proof simulator
│
└── keeper/
 ├── src/services/
 │ ├── auctionMonitor.ts # Watches endTime & triggers finalization
 │ ├── cofheDispatcher.ts # Batches & routes to FHEOS
 │ └── avsSubmitter.ts # Aggregates signatures & submits proof
 └── config.ts # API keys, thresholds, retry limits

️ Execution Tasks & Audit Gates

Task	Description	Audit Gate (P0)
3.1 Async Finalization	Refactor `finalizeAuction()` to emit `DecryptionRequested` event. Zero FHE math executes on-chain. State transitions to `RESOLVING`.	No `FHE.gt`/`FHE.select` calls inside `finalizeAuction()`. Event emits exactly at `block.timestamp >= endTime`.
3.2 Keeper Dispatch	Build `auctionMonitor.ts` to watch chain events. `cofheDispatcher.ts` batches up to 10 auctions/block and routes to FHEOS with retry logic.	Monitor detects closure within ±1 block. Dispatcher queues complete without plaintext leakage.
3.3 AVS Verification	`avsSubmitter.ts` collects operator signatures. Contract verifies `avsProof` in `submitResolution()` before accepting result.	Contract rejects `submitResolution` without valid aggregated AVS proof. Fraud proof logic triggers rejection on mismatch.
3.4 E2E Integration	`CoFHEFlow.test.ts` simulates full cycle: create → encrypt → close → AVS result → withdrawal. Measures latency & gas.	Test passes 100%. Total resolution latency ≤ 120s in simulation. Branch coverage ≥ 90%.

Technical Implementation

1. Event-Driven Finalization (`finalizeAuction`)

The contract acts purely as a state registry and event broadcaster. Heavy computation is entirely offloaded.

function finalizeAuction(uint256 auctionId) external {
 Auction storage auction = auctions[auctionId];
 require(auction.state == AuctionState.ACTIVE, "Not active");
 require(block.timestamp >= auction.endTime, "Not ended yet");
 
 // State lock: prevents new bids
 auction.state = AuctionState.RESOLVING;
 
 // Emit event for off-chain Keeper layer
 // Zero FHE computation, zero loops, O(1) gas
 emit DecryptionRequested(auctionId, auction.ciphertextHashes);
}

2. AVS Submitter Service (`avsSubmitter.ts`)

Off-chain service responsible for cryptographic aggregation and economic verification before on-chain submission.

// packages/keeper/src/services/avsSubmitter.ts
import { ethers } from 'ethers';
import { AVS_CONTRACT_ABI, THRESHOLD } from '../config';
 
export class AVSSubmitter {
 async aggregateAndSubmit(auctionId: string, winnerCiphertext: string): Promise<void> {
 // 1. Request signatures from EigenLayer AVS operators
 const partialSigs = await this.requestOperatorSignatures(auctionId, winnerCiphertext);
 
 // 2. Verify threshold consensus (e.g., 3/5)
 if (partialSigs.length < THRESHOLD) {
 throw new Error(`Threshold not met: ${partialSigs.length}/${THRESHOLD}`);
 }
 
 // 3. Aggregate into single proof
 const avsProof = this.aggregateSignatures(partialSigs);
 
 // 4. Submit to smart contract for on-chain verification
 await this.contract.submitResolution(auctionId, winnerCiphertext, avsProof);
 }
}

3. On-Chain Resolution & Fraud Proof Gate (`submitResolution`)

The smart contract enforces strict cryptographic verification. No state transition occurs without a valid AVS proof.

function submitResolution(
 uint256 auctionId, 
 bytes32 winnerCiphertext, 
 bytes calldata avsProof
) external {
 require(auctions[auctionId].state == AuctionState.RESOLVING, "Invalid state");
 
 // Cryptographic verification of aggregated AVS signature
 // Reverts if proof is invalid, expired, or below threshold
 _verifyAVSProof(auctionId, winnerCiphertext, avsProof);
 
 auctions[auctionId].winnerCiphertext = winnerCiphertext;
 auctions[auctionId].state = AuctionState.FINALIZED;
 
 emit AuctionFinalized(auctionId, winnerCiphertext);
}

4. Local AVS Simulation (`MockEigenLayerAVS.sol`)

Enables deterministic testing of slashing and fraud proof logic without connecting to live EigenLayer infrastructure.

// packages/contracts/test/mocks/MockEigenLayerAVS.sol
contract MockEigenLayerAVS {
 mapping(uint256 => bytes32) public expectedResults;
 uint256 public requiredThreshold = 3;
 uint256 public slashedCount;
 
 function submitMockSignatures(uint256 auctionId, bytes32 result, bytes calldata proof) external {
 require(_validateMockProof(proof, requiredThreshold), "Invalid threshold proof");
 require(expectedResults[auctionId] == result, "Result mismatch with FHEOS output");
 
 // Simulates successful verification locally
 }
 
 function simulateFraud(uint256 auctionId, bytes32 fraudulentResult) external {
 require(expectedResults[auctionId] != fraudulentResult, "No fraud detected");
 slashedCount += 1; // Simulates economic penalty
 }
}

Integration Architecture

️ Security & Economic Guarantees

Zero-Trust Settlement: The contract never accepts off-chain data blindly. submitResolution() is a pure cryptographic verifier. If the AVS proof fails mathematical validation, the transaction reverts and the state remains RESOLVING.
Economic Slashing Alignment: Operators must stake ETH/LSTs via EigenLayer. Submitting fraudulent or mismatched results triggers automated slashing penalties. A portion routes to the SlashedPot for user compensation, making collusion economically irrational.
Plaintext Containment: Throughout the entire async pipeline, only bytes32 ciphertext hashes and cryptographic signatures traverse the network. No bid values are exposed in Keeper logs, FHEOS memory dumps, or AVS consensus messages.
Resilient Queue Management: The cofheDispatcher implements local Redis-backed queues with exponential backoff. If FHEOS endpoints become unreachable, requests persist until timeout, at which point the Dynamic Dead Man's Switch (Phase 2) safely voids the auction.

Phase 3 Audit Gate (P0 Checklist)

Progression to Phase 4 is strictly blocked until all P0 criteria are verified and merged:

[] Zero plaintext bid values broadcast in Events or Storage during async dispatch.
[] submitResolution() rejects any payload lacking valid aggregated AVS operator signatures.
[] Integration test (CoFHEFlow.test.ts) passes 100% in hardhat localcofhe environment.
[] Mock AVS simulation proves that manipulated results trigger immediate rejection/slashing.
[] Keeper batch processing maintains stable latency (≤120s) under 10-auction load.
[] State transition ACTIVE → RESOLVING → FINALIZED executes atomically without reverts.

Timeline & Dependencies

Metric	Value
Estimated Duration	14–18 days
Team Size	3–5 Engineers (Solidity + TypeScript/DevOps)
Dependencies	Phase 2 (Settlement logic, SlashedPot, Dynamic Timeout)
Enables	Phase 4 (Keeper Infrastructure, Docker, CI/CD), Phase 5 (Frontend E2E)

Parallel Development Note: Phase 4 (Docker infrastructure, CI/CD) can begin scaffolding once auctionMonitor.ts and cofheDispatcher.ts interfaces are frozen, but full deployment is blocked until Phase 3 passes its Audit Gate.

Next Steps

Proceed to 4.4. Phase 4: Keeper Network & Infrastructure to implement race condition prevention, Docker orchestration, and automated CI/CD pipelines.

Review Technical Components → avsSubmitter.ts for signature aggregation logic and threshold configuration.

Explore Security Model → Fraud Proofs for detailed slashing mechanics and economic alignment strategies.

Phase 2: Encrypted Security Phase 4: Keeper Network & Infra