threshold FHE · live on devnet

compute on
ciphertext.

NOCTRA is a confidential compute chain. Smart contracts run on encrypted state — the network adds, subtracts and tallies your data without ever decrypting it. Reveal happens only when a committee agrees.

read the quickstart how it works
3-of-5
threshold reveal
0
plaintext on-chain
48
tests passing
EVM
Solidity · on Base
how it works

encrypt → compute → reveal

Three honest steps. The middle one is the whole point: the chain does real arithmetic on data it cannot read.

01 / client

encrypt

Values are encrypted under the network's public key, in the browser. The chain only ever sees ciphertext handles like euint.

02 / chain

compute on ciphertext

Additively-homomorphic Paillier means enc(a)·enc(b)=enc(a+b). Balances move, tallies add up — no key, no decryption, ever.

03 / committee

reveal by quorum

No single party holds the key. A t-of-n committee jointly decrypts only when a quorum agrees. Fewer than t learn nothing.

live demo

try it on the live devnet

This isn't a mock. Your two numbers are encrypted, sent to the running NOCTRA coprocessor, added together while encrypted, and only the final sum is revealed. The chain never sees your inputs.

01 · encrypt
ciphertext a
— not encrypted yet —
ciphertext b
02 · compute on ciphertext
chain computes
enc(a) ⊗ enc(b)
= enc(a + b)
resulting ciphertext
03 · reveal by quorum
·
awaiting reveal
checking coprocessor…

↳ calls the live coprocessor at 43.156.80.164.sslip.io over HTTPS — /encrypt, /add (homomorphic), /handle (raw ciphertext), /decrypt. Single-key devnet for demo speed; production uses the t-of-n committee shown above. Nothing here is for real value.

positioning

not another zk privacy chain

ZK privacy hides transfers — you prove a statement without revealing inputs. NOCTRA keeps state encrypted while it is used. Different tool, different problem.

ZK / shielded pools

  • hides who sent what to whom
  • prove validity without revealing inputs
  • state is public once revealed
  • great for private payments

NOCTRA / FHE

  • state stays encrypted during computation
  • contracts run on data they can't read
  • sealed-bid auctions, private balances, blind voting
  • reveal is a deliberate, quorum-gated act
quickstart

run it in two minutes

No Docker required. The whole stack runs locally: crypto core, coprocessor, contracts, and the dApp.

bash
# install + build
pnpm install
pnpm -r --filter ./packages/* build

# run the full test gate (48 tests)
pnpm -r test

# boot the threshold coprocessor
KEY_BITS=2048 node packages/coprocessor/dist/server.js

# deploy contracts to a local chain
cd packages/contracts
pnpm exec hardhat node &
pnpm exec hardhat run scripts/deploy.ts --network localhost
documentation

read the design

Every claim is backed by code and a passing test. The crypto is a real threshold Paillier implementation, not a diagram.

docs/architecture.md

Architecture

The coprocessor precompile, the contracts on Base, and how ciphertext flows through a transaction.
docs/fhe-design.md

FHE Design

Paillier, the homomorphic operations, and the t-of-n threshold decryption scheme.
docs/threat-model.md

Threat Model

What NOCTRA protects, what it doesn't, and the trust assumptions behind every layer.
docs/workflow.md

Build Workflow

The phased roadmap with a verification gate on every phase. No phase is done until its test passes.
why it's real

built in the open, proven by code

NOCTRA isn't a whitepaper or a promise. It's a working confidential-compute stack you can run today — and every claim on this page is backed by a passing test.

↳ what's already shipped

  • Real threshold FHE. A t-of-n committee holds the key — no single party can ever decrypt your data. Not a diagram; a working implementation.
  • 48/48 tests green. Crypto core, SDK, coprocessor and contracts all verified in CI on every commit. No phase ships until its test passes.
  • Compute on ciphertext, end to end. The coprocessor adds, subtracts and tallies encrypted state without ever seeing the plaintext — running live on devnet, try it in the demo above.
  • Fully open source. The cryptography, the contracts, the coprocessor — all public on GitHub. Read it, run it, break it.

Design and trust assumptions are documented in full: SECURITY.md, the threat model, and the FHE design — built transparently, the way real cryptography should be.