Flare
Private DeFi on Flare
One deposit. Then everything is private. Swaps, lending, staking, bridging, governance. Your wallet never shows up on-chain again.
Encrypted Finance is a privacy layer built on Flare using FCC (Flare Confidential Compute). You deposit once, and after that your wallet never appears on-chain again. All your DeFi activity happens privately inside secure hardware that no one, not even us, can peek into.
The Problem
Every transaction on a public blockchain is visible. Your wallet, your balances, your trades, your strategies. Anyone can see everything. MEV bots front-run you. Competitors track your moves. Your financial life is an open book.
How It Works
You deposit once
Your tokens go into the EncryptedVault smart contract. This is your only on-chain transaction. After this, you are invisible.
You sign instructions off-chain
Zero gas. You sign an encrypted instruction from your wallet. Nothing hits the chain yet.
FCC executes privately
Your instruction runs inside Flare's secure hardware from a shared execution wallet. SparkDEX, Kinetic, Firelight see our contract address. No link back to you.
You receive encrypted notes
Your balance lives on-chain as encrypted data. Only your key can read it. To everyone else it is unreadable noise.
FCC (Flare Confidential Compute)
All private execution on Flare runs inside FCC. TEE-based secure hardware built natively into the Flare network. No one, including Encrypted Finance, can see what happens inside. Your transactions are signed off-chain and executed from a shared wallet, breaking any on-chain link to your identity.
Encryption
ECIES
Authorization
EIP-712 Signatures
Trust
TEE Attestation
Price Feeds
FTSO Oracle
How the Cryptography Actually Works
This section is for people who want to understand exactly what is happening under the hood. If you are not technical, skip to the next section.
Note encryption
When you deposit, your balance is stored as an encrypted note on-chain. Each note is encrypted using secp256k1 ECDH. A fresh ephemeral keypair is generated for every single note. The KDF is SHA-256 over the x-coordinate of the ECDH shared point. The symmetric cipher is AES-256-GCM with a random 12-byte IV and a 16-byte authentication tag. The on-chain format is: ephemeralPub (65 bytes) + iv (12 bytes) + ciphertext (128 bytes) + tag (16 bytes). Total: 221 bytes per note.
No public key is stored on-chain
The ephemeral public key in each note header is generated fresh for that note and has no connection to your wallet address or your long-term key. An attacker scraping the chain gets a pile of one-time ephemeral keys that are cryptographically useless. There is no public key registry. There is no ownership mapping.
Note commitments
The vault stores a commitment for each note: keccak256(noteId, amount, token, salt). This is a hash. It contains no identifying information. It is used to verify that a spend is valid without the vault knowing who is spending.
Ownership is determined off-chain
You own a note if you can decrypt it. When your SDK scans for your notes, it tries to decrypt every NoteCreated event with your spending key. Success means the note is yours. Failure means it belongs to someone else. The chain has no idea who owns what.
Your spending key never touches the chain
It is derived deterministically from a signature you make during onboarding. It never leaves your device. It is backed up as a BIP-39 mnemonic. The vault never sees it. The TEE never sees it. Only you have it.
User to TEE payloads
Instructions you send to the TEE are encrypted using eciesjs: secp256k1 + HKDF-SHA256 + AES-256-GCM. The TEE's public key is hardware-sealed inside the enclave. Only the enclave can decrypt your instructions.
Authorization
Every instruction you send is covered by an EIP-712 typed signature. The TEE verifies your signature before doing anything. The vault verifies it again on-chain. Even if the TEE were fully compromised, an attacker cannot spend your notes without forging your EIP-712 signatures.
Recovery without the TEE
If the TEE goes down permanently, you do not need it to recover. You have your spending key. You scan NoteCreated events on-chain. You decrypt each blob locally. Your funds are there. No contract interaction required. No permission from anyone.
Built on Flare's Native Infrastructure
We are not bolting privacy onto Flare as an afterthought. We are built directly on Flare's core protocols.
FCC (Flare Confidential Compute)
The execution engine. Your instructions run inside tamper-proof hardware. Nobody can peek into the enclave, not us, not validators, not anyone. The TEE's private key is hardware-sealed and cannot be extracted by the operator.
FTSO (Flare Time Series Oracle)
Real-time price feeds. Your swaps and limit orders use live oracle prices without revealing your trading strategy.
FDC (Flare Data Connector)
Cross-chain verification. Prove things happened on Bitcoin or XRP Ledger without exposing who is asking.
What's Private
Swaps Through SparkDEX and Kinetic. Any token pair. No front-running. No sandwich attacks. No one copying your trades.
Lending Positions, liquidation levels, and leverage stay hidden.
Staking Earn rewards without broadcasting your holdings. Delegate to FTSO providers privately.
Transfers Send to any address on Flare. The recipient does not need to have used Encrypted Finance before.
FAssets FXRP, FBTC, FDOGE, FXLM. Mint, redeem, use Firelight vaults, Upshift vaults, bridge via LayerZero. All private.
Governance Vote without revealing your position. No social pressure. No vote buying.
Messaging Wallet-to-wallet, end-to-end encrypted. Only the recipient can read it.
Limit Orders Oracle-protected. No one sees your levels until execution.
Dark Pools and Sealed Auctions Place large trades without moving the market. Bid without revealing your price until reveal.
Delegation Wrap FLR, delegate, claim rewards. No public trace.
Selective Disclosure
Privacy does not mean hiding everything forever. You choose what to reveal, when, and to whom.
The TEE generates scoped, time-bound attestations on demand. You specify exactly what to prove. The TEE reads your encrypted notes internally, computes the proof, signs the attestation with its hardware-sealed key, and posts it on-chain. Nothing beyond what you requested leaves the enclave. Every proof has an expiry you set. You can revoke any proof at any time.
Compliance proofs Prove you meet regulatory requirements without exposing your full history.
Solvency attestation Prove your balance exceeds a threshold without revealing the exact amount.
Audit trails Generate verifiable records for a specific counterparty covering a specific time window.
Identity verification Prove KYC level, country, or accredited investor status without linking to your on-chain activity.
Trade history Share specific trades with an auditor without revealing your full portfolio.
Tax export Export only what is needed for a specific tax year and jurisdiction, nothing more.
Security
This is not custodial. We never hold your keys.
Your spending key stays on your device It is derived from your wallet signature and backed up as a BIP-39 mnemonic. The vault never sees it. The TEE never sees it.
The vault enforces rules independently of the TEE Every spend requires a valid EIP-712 user signature plus a note commitment hash match. Even if the TEE were fully compromised, an attacker cannot drain the vault without forging your signatures.
Four layers of double-spend prevention On-chain isSpent mapping, TEE pre-validation, instruction replay tracking, and per-user EIP-712 nonces.
Multi-TEE consensus Multiple FCC machines must agree on an instruction before the vault accepts it. One compromised machine cannot act alone.
If we go down, you do not lose anything Your spending key plus on-chain encrypted notes equals full recovery. No permission needed from anyone.
Gas
You pay gas once on your deposit. After that, the execution wallet covers all gas costs. A small relay fee of 0.2 to 0.5 percent per transaction covers it. You never need to hold FLR for gas again.
FAQ
How does it work in simple terms?
You deposit tokens once. After that, all your activity happens privately inside FCC, secure hardware that no one can peek into. Your wallet never appears on-chain again.
Can anyone see what I am doing?
Only your initial deposit is visible. After that, everything runs through a shared execution wallet. There is no link back to you.
Is a public key stored on-chain?
No. The ephemeral key in each note header is generated fresh per note and has no connection to your wallet. There is no public key registry. Ownership is determined entirely by who can decrypt, off-chain.
Can I send to someone who has never used Encrypted Finance?
Yes. The recipient does not need to have used Encrypted Finance before. The TEE holds the note in escrow until they register.
What if the service goes down?
Your funds are always safe. Your spending key plus on-chain encrypted notes equals full recovery. We can never lock you out.
Why Flare?
Flare has native Confidential Compute built into the network. Hardware-level privacy that other chains do not offer natively yet.
Can the TEE steal my funds?
No. The FCC cannot move funds without your EIP-712 signature. Your keys, your funds.
Is this a mixer?
No. Mixers just shuffle tokens between wallets. Encrypted Finance is a full private DeFi execution layer. Swap, lend, stake, bridge, vote, and message without ever leaving privacy.
Who executes the trades?
A shared execution wallet. Protocols like SparkDEX see that wallet, not you. There is no way to link a trade back to your address.
2026 Encrypted Finance.
