REFHE is the encrypted-computation boundary for confidential payroll, bonus, and grant batches inside PrivateDAO.
It does not pretend to perform fully homomorphic execution on-chain. Instead, it binds an off-chain encrypted evaluation process to a proposal-bound on-chain envelope that must be settled before the confidential payout can execute.
- a proposal-bound
RefheEnvelopePDA - immutable links between:
- DAO
- proposal
- confidential payout plan
- encrypted input ciphertext hash
- evaluation policy hash
- evaluation key hash
- result ciphertext hash
- result commitment hash
- proof bundle hash
- verifier program binding
- execution gating:
- if a REFHE envelope exists for a confidential payout proposal, execution is blocked until the envelope is settled
Confidential payout plans already protect the employee-level manifest by keeping only hashes and aggregate settlement metadata on-chain.
REFHE upgrades that model by adding an authority-settled encrypted-evaluation step:
- a confidential payout plan is configured on-chain
- a REFHE envelope is configured against that payout plan
- encrypted evaluation runs off-chain
- the result bundle is settled on-chain by the DAO authority
- the payout becomes executable only after the REFHE boundary is satisfied
Current on-chain enforcement is honest and strict:
- no REFHE envelope:
- confidential payout executes normally after proposal pass + timelock
- REFHE envelope exists but is not settled:
- execution is rejected
- REFHE envelope is settled without a verifier program:
- execution is rejected
- REFHE envelope is settled by the DAO authority with a verifier program:
- execution may proceed once the proposal is executable
This makes REFHE a real execution gate, not a UI-only tag. It does not claim that the PrivateDAO program re-executes or cryptographically verifies the REFHE computation on-chain.
ConfidentialPayoutPlan- encrypted manifest hash
- ciphertext hash
- settlement recipient
- aggregate amount
RefheEnvelope- model URI
- policy hash
- input ciphertext hash
- evaluation key hash
- result ciphertext hash
- result commitment hash
- proof bundle hash
- verifier program
- status:
ConfiguredorSettled
Configure the payout batch:
DAO_PDA="$DAO_PDA"
PROPOSAL_PDA="$PROPOSAL_PDA"
SETTLEMENT_WALLET="$SETTLEMENT_WALLET"
MANIFEST_HASH="$MANIFEST_HASH"
CIPHERTEXT_HASH="$CIPHERTEXT_HASH"
npm run configure:confidential-payout -- \
--dao "$DAO_PDA" \
--proposal "$PROPOSAL_PDA" \
--confidential-type salary \
--settlement-recipient "$SETTLEMENT_WALLET" \
--payout-asset sol \
--payout-total 2.5 \
--recipient-count 6 \
--manifest-uri "box://privatedao/payroll/epoch-7" \
--manifest-hash "$MANIFEST_HASH" \
--ciphertext-hash "$CIPHERTEXT_HASH"Configure REFHE:
DAO_PDA="$DAO_PDA"
PROPOSAL_PDA="$PROPOSAL_PDA"
REFHE_POLICY_HASH="$REFHE_POLICY_HASH"
REFHE_INPUT_HASH="$REFHE_INPUT_HASH"
REFHE_EVALUATION_KEY_HASH="$REFHE_EVALUATION_KEY_HASH"
npm run configure:refhe -- \
--dao "$DAO_PDA" \
--proposal "$PROPOSAL_PDA" \
--model-uri "box://privatedao/refhe/payroll-eval-epoch-7" \
--policy-hash "$REFHE_POLICY_HASH" \
--input-ciphertext-hash "$REFHE_INPUT_HASH" \
--evaluation-key-hash "$REFHE_EVALUATION_KEY_HASH"Settle REFHE:
DAO_PDA="$DAO_PDA"
PROPOSAL_PDA="$PROPOSAL_PDA"
REFHE_RESULT_CIPHERTEXT_HASH="$REFHE_RESULT_CIPHERTEXT_HASH"
REFHE_RESULT_COMMITMENT_HASH="$REFHE_RESULT_COMMITMENT_HASH"
REFHE_PROOF_BUNDLE_HASH="$REFHE_PROOF_BUNDLE_HASH"
REFHE_VERIFIER_PROGRAM="$REFHE_VERIFIER_PROGRAM"
npm run settle:refhe -- \
--dao "$DAO_PDA" \
--proposal "$PROPOSAL_PDA" \
--result-ciphertext-hash "$REFHE_RESULT_CIPHERTEXT_HASH" \
--result-commitment-hash "$REFHE_RESULT_COMMITMENT_HASH" \
--proof-bundle-hash "$REFHE_PROOF_BUNDLE_HASH" \
--verifier-program "$REFHE_VERIFIER_PROGRAM"Inspect:
PROPOSAL_PDA="$PROPOSAL_PDA" npm run inspect:refhe -- --proposal "$PROPOSAL_PDA"