Aura FHE is the encrypted compute layer for the Solana Virtual Machine. It runs Solana programs on data that stays sealed end-to-end using a novel LUT-FHE scheme over Multivariate Quadratic structure. The protocol delivers privacy as a mathematical guarantee — not a policy, access control, or trusted enclave.

What is Fully Homomorphic Encryption (FHE)?

Fully Homomorphic Encryption (FHE) is a form of encryption that allows computations to be performed directly on encrypted data without decrypting it first. The result of the computation remains encrypted and can only be opened by the data owner. This enables truly privacy-preserving computation where sensitive data is never exposed — not at rest, not in transit, and not during processing.

How is Aura FHE different from zero-knowledge proofs?

Zero-knowledge proofs (ZK) prove that a computation happened correctly without revealing the underlying inputs. Aura FHE performs the computation directly on encrypted data and returns an encrypted result. ZK verifies correctness; FHE enables private computation. They solve different problems and are often complementary — every Aura coprocessor output ships with a cryptographic correctness proof that validators verify without decrypting.

How fast is Aura FHE compared to other FHE solutions?

Aura FHE delivers approximately 1000× speedup over TFHE-based alternatives across typical arithmetic workloads. Integer addition executes in roughly 0.04 microseconds, compared with Zama's ~50ms gate evaluation. Verification time is approximately 0.1 seconds. The architecture is bootstrap-free — the scheme is structurally noise-free, so it never needs the expensive ciphertext refresh that defines other production FHE schemes. Independent benchmark verification is in progress.

Does Aura FHE require a new blockchain?

No. Aura FHE operates as a coprocessor and integrates with existing chains at the SDK and wallet level. A Solana program submits an encrypted compute request to the Aura coprocessor network, receives a verifiable ciphertext result, and proceeds with on-chain settlement. The architecture is chain-agnostic by design; Aura ships first on Solana, with cross-chain expansion planned from Q1 2027.

Can Aura FHE support enterprise use cases?

Yes. The same coprocessor that serves a Solana DEX can serve a hospital, hedge fund, government agency, or AI inference pipeline. The cryptography does not care whether a request originates from a smart contract or a REST API. This makes Aura suitable for regulated, compliance-sensitive environments — financial services, healthcare AI, legal applications, defense, and any enterprise requiring privacy-preserving computation.

Is Aura FHE quantum-resistant?

Yes. Security reduces to the Multivariate Quadratic (MQ) problem, proven NP-hard by Garey and Johnson in 1979. Unlike lattice-based FHE schemes whose hardness rests on conjectured assumptions about Learning With Errors (LWE), MQ-hardness has a stronger theoretical foundation and no known efficient quantum attack. Post-quantum security is a structural property of the scheme, not a future upgrade path.

What can Aura FHE be used for?

Aura FHE unlocks application categories that are impossible on transparent blockchains: sealed-bid prediction markets (AuraPoly is live and clearing real flow), encrypted DEXes and dark pools, confidential AI inference on medical, legal, and financial data, private real-world asset tokenization, encrypted DAO governance with sealed voting, and autonomous AI agents with private wallets and encrypted memory. More than $100 trillion in institutional capital is currently blocked from on-chain markets because state is fully visible — Aura is the encryption layer that removes that ceiling.

What is the AURA token used for?

AURA is the unit of account for every encrypted computation processed by the network. It has four primary utilities: (1) per-transaction compute fees for FHE workloads called through the SDK, (2) staking by coprocessor miners and validators, (3) wallet balances held by end users to pay for their own encrypted operations, and (4) governance over protocol parameters. Total supply is fixed at 1,000,000,000 AURA with no protocol-level inflation beyond the published mining emission schedule.

When will Aura FHE launch?

AURA SDK v5 is already in production, and AuraPoly is clearing real flow on the encrypted compute layer today. The Token Generation Event (TGE) is targeted for Q3 2026, coordinated with the AuraPoly token integration and broader dApp launches. The Proof of Encrypted Work mining protocol launches publicly in Q4 2026 with genesis emissions beginning against real workload mix. Chain-agnostic expansion onto a second chain begins Q1 2027. Each milestone is a demoable, announceable event rather than a promise.

How does Aura FHE compare to Zama?

Zama has established itself as Ethereum's encryption layer, validated by $130M+ raised and ERC-7984 ratification. Aura FHE targets Solana, where Zama's CPU-based approach (20+ TPS, GPU acceleration targeting 'hundreds of TPS per chain' by Q3 2026) cannot match Solana's 400ms block time. Aura's bootstrap-free LUT-FHE is fundamentally different mathematics designed for chain-speed finance — integer addition in ~0.04μs versus Zama's ~50ms gate evaluation, with a 3.7MB WASM runtime. The two protocols are optimized for different chain regimes rather than directly competing.

What makes Aura FHE's technology different?

Aura FHE's core innovation is LUT-FHE — a fully homomorphic encryption scheme built on precomputed lookup tables defined over Multivariate Quadratic structure rather than ring-based ciphertext arithmetic. Two structural advantages follow. First, the scheme is bootstrap-free: the algebraic structure does not accumulate noise, so there is no need for the expensive ciphertext refresh that bottlenecks every lattice-based FHE scheme. Second, security reduces to MQ-hardness, proven NP-hard and post-quantum secure. The construction is the product of more than 12 years of cryptographic research and is protected by 9 patents.

The Privacy Trilemma in Crypto — And Why FHE Is the Answer · AFHE

Privacy in crypto has always been a trilemma: you can have two of three — privacy, composability, and performance. But historically, not all three at once.

Privacy without composability: Zcash. You can shield transactions, but shielded funds can't easily interact with other DeFi protocols. Privacy is a dead end.

Composability without privacy: Ethereum/Solana. Perfectly composable DeFi ecosystem. Zero privacy. Every trade visible.

Privacy without performance: Early FHE systems. Mathematically private, but 100-1000x slower than plaintext — not viable for real-time DeFi.

This trilemma has been the core technical reason privacy DeFi hasn't worked.

ZK proofs: partial solution

Zero-knowledge proofs solve the problem partially. Tornado Cash proved you could hide transaction origin. Aztec proved you could hide amounts.

But ZK has a ceiling: it proves statements about data without revealing the data, but the data must still be revealed at some point to execute the computation. ZK hides the "who" but struggles to hide the "what" continuously across multiple operations.

FHE: the clean solution

FHE doesn't hide who did something. It hides the data throughout computation. You can:

Run a DeFi protocol on encrypted inputs
The protocol computes the correct output
The output reveals only what the user wants revealed

This is fundamentally different from ZK. FHE enables computation privacy, not just proof privacy.

The performance breakthrough

The reason FHE couldn't solve the trilemma until now was speed. The 2009 Gentry construction was correct but impractical.

TFHE (Torus FHE), developed by researchers at ENS Lyon, changed the picture. Combined with hardware acceleration (AVX-512, GPU acceleration) and protocol-specific optimizations, FHE operations that took minutes now take milliseconds.

Aura benchmarks:

Single encrypted swap: <100ms end-to-end
Throughput: compatible with Solana's TPS targets
Ciphertext expansion: manageable for on-chain storage

The composability question

This is FHE's remaining hard problem: two encrypted values computed by different parties can't easily interact without a coordination mechanism.

Aura's approach is pragmatic: build the encrypted execution layer first, then build the composability bridges. Shield Swap is the proof of concept. The SDK will enable developers to build composable encrypted applications on Aura's runtime.

The full composability picture is a research problem being solved in parallel by the broader FHE community. We expect workable solutions within 18-24 months.

Where we are today

The trilemma is cracking. FHE now delivers:

Privacy: Full computation privacy, mathematically guaranteed
Performance: Fast enough for real DeFi applications
Composability: Limited but growing, with clear research roadmap

Shield.afhe.io is the first DeFi application where all three properties are simultaneously present — even if composability is today limited to the shield ecosystem.

The trilemma isn't solved. But for the first time, you can see the solution clearly.

Live demo: shield.afhe.io | Whitepaper: docs.afhe.io/whitepaper | @AfheLabs