We’re Joining The Zama Network

We’re excited to share that Dfns has been selected as one of the first MPC network operators helping run the Zama Confidential Blockchain Protocol (“Zama Protocol”). This work aligns with our mission to make cryptographic security and programmable privacy the default for real-world finance. Together with our fellow operators, we’ll help “turn HTTPZ on” and bring end-to-end FHE-based encryption to public chains so developers can build privacy-preserving apps without leaving the ecosystems they love.

Alongside Figment, InfStones, LayerZero, Omakase, and Stake Capital, Dfns will bring Zama’s confidentiality layer to public chains and help operate the threshold decryption infrastructure that makes onchain data usable without ever exposing the underlying secrets.

Zama is making public blockchains confidential by default

Public blockchains deliver integrity by making state transitions verifiable by anyone. But that same transparency exposes sensitive data (balances, transfers, identity attributes, etc.), which has held back institutional adoption across payments, markets, and banking. Zama tackles this head-on with a cross-chain protocol that enables confidential smart contracts without changing those chains. Applications remain composable and publicly verifiable, yet inputs and state stay encrypted end-to-end.

At the core lies the Zama FHEVM stack. Developers write Solidity as usual, but FHE (Fully Homomorphic Encryption) operations run symbolically on the host chain while offchain coprocessors handle the real encrypted computation. A Gateway coordinates everything and enforces consensus, while an MPC-based KMS (Key Management Service) generates keys and performs decryptions so no single party ever holds the full decryption key. The result is end-to-end encryption for blockchain state and transactions that remains composable and publicly verifiable.

Key properties you should care about:

• End-to-end encryption by default: Data remains encrypted both in transit and in use, offering the same usability as HTTP with the confidentiality of HTTPS, extended to onchain apps via HTTPZ.
• Composability without compromise: Confidential and non-confidential contracts can interact seamlessly. A global FHE key enables onchain composability, while programmable access controls define who can decrypt what.
• Publicly verifiable: Coprocessors publish ciphertext digests onchain, allowing anyone to recompute and verify FHE operations. Zero-knowledge proofs guarantee that encrypted inputs are valid.
• Built for developers: A Solidity library introduces encrypted types (like euint64 or ebool) and familiar operators for arithmetic, logic, and branching. No cryptography PhD required.

Consider the simple act of sending USDC on Ethereum

Imagine Alice sends 100 USDC to Bob on Ethereum using a confidential payment app built on the Zama Protocol. In a standard ERC-20 transfer, that transaction would appear onchain with sender, recipient, and amount visible to everyone. With Zama, in combination with OpenZeppelin’s confidential token standard (ERC-7984) for instance, it looks entirely different:

1. Encryption at the source: Alice’s wallet encrypts the amount (100) and recipient address using Zama’s public FHE key.
2. Proof of validity: The wallet generates a compact zero-knowledge proof confirming that the encrypted amount is valid and non-negative, without revealing it.
3. Symbolic execution onchain: The Ethereum contract executes a symbolic transfer() call. Instead of processing plaintext values, it emits a reference to the encrypted inputs.
4. Coprocessor computation: Zama coprocessors pick up the event, perform the encrypted arithmetic (Alice_balance − 100, Bob_balance + 100), and return ciphertexts representing the new balances.
5. Consensus and verification: The Gateway ensures multiple coprocessors agree on the result, commits the ciphertext digests onchain, and allows authorized parties (Alice and Bob) to decrypt their updated balances.

To an external observer, the transaction is just a valid Zama-encrypted transfer. No visible amounts, no readable addresses, yet every step remains cryptographically verifiable. Alice’s and Bob’s wallets show their correct balances, while the public ledger confirms the integrity of the transfer. This mechanism means stablecoin transactions, payrolls, and settlements can occur on public chains with the same confidentiality guarantees as private ledgers, but without losing composability or transparency at the protocol level.

The role of the operators network in the Zama scheme

Operators in Zama’s network run two critical offchain systems:

• MPC KMS Nodes (i.e., Dfns’ role): Operators run MPC nodes that generate the global FHE keys and execute threshold decryptions when a contract or user is authorized to see plaintext (e.g., a wallet rendering a private balance). Keys are never reconstructed, decryption happens via robust MPC with honest-majority assumptions, and nodes return signed results so contracts and clients can verify the provenance. The KMS is orchestrated by the Gateway and designed for guaranteed output delivery and resilience to partial failures.
• FHE Coprocessors (later onboarding): A separate operator set runs coprocessors that actually compute on ciphertexts and verify encrypted inputs (ZKPoKs). Host-chain contracts emit events for FHE operations, coprocessors fetch inputs, perform the computation using TFHE, store results, and commit ciphertext digests to the Gateway for verifiability and majority consensus.

As a genesis MPC node operator, Dfns will run the KMS connector and core in AWS Nitro Enclaves, with hardware-backed attestation gates on access to any sensitive material. We maintain:

• Isolated runtime and attested access: Nitro Enclaves ensure keys never leave attested memory, and policies tie decryption to measured software builds.
• Public/private artifact separation: Public FHE keys, verification keys, and certificates live in world-readable storage; private shares and PRSS materials are sealed and only accessible to the enclave-bound service account.
• Resilience and upgrades: We operate A/B infrastructure for zero-downtime upgrades so the MPC committee remains robust and slash-safe during rollouts.

Pre-mainnet, Zama is onboarding MPC nodes first. Coprocessors will follow later on. That means the immediate focus is the reliability, integrity, and availability of the threshold decryption layer.

Why Dfns decided to actively contribute to Zama

Blockchain technology is entering a new phase, one defined by privacy and compliance at scale. From permissioned networks like Canton, Tempo, Arc and Rayls, it’s clear that the next generation of onchain systems will need to handle sensitive data without sacrificing composability or transparency.

In this context, Zama’s Confidential Blockchain Protocol represents a turning point. Instead of creating yet another private or semi-permissioned chain, Zama recycles the existing public infrastructure (i.e., Ethereum, Solana, etc.) and gives them confidentiality by design. It makes public blockchains fit for real-world, regulated use, while preserving what made them powerful in the first place: open participation and verifiable execution.

For Dfns, whose mission has always been to accelerate institutional adoption of public blockchains, this is an inflection point worth supporting. We see Zama as one of the most credible opportunities to bridge today’s gap between public transparency and financial privacy, unlocking a path for mainstream adoption that is both compliant and decentralized.

Financial institutions need confidentiality with auditability. Zama’s approach offers both: end-to-end encrypted transactions that remain publicly verifiable. Developers can build tokenization, settlement, payments, or banking applications that preserve user and counterparty privacy without losing the interoperability of open, decentralized finance.

Just as the internet moved from plaintext HTTP to HTTPS by default, Zama pushes for the next leap, HTTPZ, where data remains encrypted end-to-end, including during execution. With FHE for computation, MPC for decentralized key storage, and ZK proofs for input validation, confidentiality becomes a native protocol feature rather than an afterthought.

Flipping this switch could define the next era of onchain finance and digital infrastructure:

• Private payroll and settlement rails that don’t reveal counterparties.
• Tokenized assets and funds tradable on public L1/L2s without exposing investor activity.
• Sealed-bid auctions and private governance, where transparency applies to outcomes, not individuals.

What Dfns will bring to the Zama network

Dfns builds wallet infrastructure for financial institutions, fintechs, and digital asset platforms serving over 300 enterprise clients and securing billions of dollars in digital assets every month. Our platform specializes in multi-party computation (MPC) and key orchestration across hardened environments such as HSMs and Trusted Execution Environments (TEEs).

Running Zama’s MPC-based Key Management Service (KMS) is a natural extension of our expertise. It mirrors the same principles that define our custody and signing stack: isolate, attest, split, and orchestrate key material under strict cryptographic policy. Zama’s design, combining threshold MPC with attested TEEs like AWS Nitro Enclaves, aligns perfectly with our defense-in-depth philosophy, ensuring resilience against key exfiltration and selective-failure attacks.

Beyond technical alignment, Dfns contributes a foundation of trust and operational credibility. We are the official blockchain infrastructure technology provider for IBM, a recognition that underscores our reliability and enterprise readiness. Our infrastructure is independently audited and certified under SOC 2 Type II, ISO 27001, ISO 27017, and ISO 27018, and our internal security management system is built to comply with NIST cybersecurity frameworks. This combination of certifications and real-world scale positions Dfns as one of the most rigorously verified custodial infrastructures in the industry.

Our participation in Zama’s network extends this trust to a new domain: privacy-preserving computation on public blockchains.

• Operational rigor. Dfns will operate high-uptime MPC nodes with strict enclave attestation, continuous key lifecycle monitoring, and auditable logs, maintained with the same reliability and observability standards used in our institutional signing infrastructure.
• Security depth. We bring a layered security model spanning enclaves, segregated networks, and artifact provenance, ensuring that even insiders or compromised environments cannot exfiltrate usable key shares.
• Ecosystem enablement. We will support developer-ready paths for confidential ERC-20s, AMMs, tokenized assets, and decentralized ID flows, making it simple for teams to integrate confidentiality without learning new languages or cryptographic frameworks.

By combining Zama’s cryptographic innovation with Dfns’ proven security operations and compliance discipline, we aim to help build the most trustworthy confidentiality layer ever deployed on public blockchains, one capable of meeting the standards of both open finance and institutional regulation.

The public testnet is live. Ethereum mainnet and TGE are targeted for 2025, with additional EVM chains and then Solana support to follow. As the network further decentralizes, more operators will join and Coprocessors will be onboarded for scale.

Join the Zama ecosystem: zama.org/ecosystemStart building onchain today: app.dfns.io/get-started