- May 6, 2026

OpenZeppelin

OpenZeppelin

OpenZeppelin

OpenZeppelin

The OpenZeppelin Relayer now supports Zama FHEVM, bringing transaction infrastructure to confidential smart contract applications.

OpenZeppelin and Zama have been building privacy-preserving standards together since the launch of the Confidential Contracts Library: audited Solidity contracts built on Zama's FHEVM, including a confidential ERC20 implementation, vesting, and voting contracts, designed to serve use cases across confidential DeFi and institutional finance. That work extended to the Confidential Token Association, co-founded by Zama, OpenZeppelin and Inco, to develop the Confidential Token Standard: a framework for bringing confidentiality to token standards like ERC20.

With Relayer support, developers can now manage transactions with encrypted inputs without building the backend themselves.

Transaction Infrastructure for FHEVM Applications

Zama FHEVM lets EVM smart contracts store and operate on encrypted data, giving developers private onchain state without a new chain or execution environment. FHEVM contracts behave like any other EVM contract. And like any other EVM contract, running one in production requires backend infrastructure for signing, transaction submission, and key security.

Specifically, the Zama SDK requires a signing service that can submit transactions with encrypted inputs and sign EIP-712 typed-data payloads to authorize user decryption requests. Around that, the backend has to manage gas, nonces, retries, and the security of the keys themselves.

OpenZeppelin Relayer Brings Production Infrastructure to Zama FHEVM

Because FHEVM contracts live on standard EVM networks, the OpenZeppelin Relayer supports them out of the box, configured exactly like any other EVM relayer, with no FHEVM-specific setup. It covers the two things FHEVM apps need from a backend:

  • Transaction submission with encrypted inputs: signs and submits encrypted calldata onchain via sendTransaction, with gas estimation, nonce management, and EIP-1559 fee pricing handled automatically
  • EIP-712 signing: signs typed-data payloads via signTypedData to authorize user decryption requests, without ever touching plaintext or FHE primitives

Plus the operational layer FHEVM applications need in production:

  • Secure key management: supports AWS KMS, Google Cloud KMS, Turnkey, Vault, and more, so private keys never exist in plaintext on an application server
  • Transaction lifecycle management: tracks every transaction through submission, confirmation, and failure, with automatic retries and webhook callbacks on resolution

FHE stays in Zama's SDK while the OpenZeppelin Relayer executes.

End-to-End Zama FHEVM Integration with the OpenZeppelin Relayer

The OpenZeppelin Relayer SDK ships a working example built on Zama's fhevm-hardhat-template. It’s a simple counter contract whose state is held in encrypted form. The example walks through a complete integration flow with a deployed FHEVM contract:

  1. Read the encrypted counter state from the contract.
  2. Decrypt the value, using public decryption when the contract permits it, and falling back to user decryption (authorized with an EIP-712 signature) otherwise.
  3. Submit an encrypted increment() call through the Relayer, polling until the transaction is mined and confirmed.
  4. Read the updated encrypted state.
  5. Decrypt the updated value.

Beyond the core flow, the example also includes environment-driven configuration with Sepolia as the default and mainnet documented for production, along with a reusable keypair utility. It is the shortest path to understanding how the OpenZeppelin Relayer fits into an FHEVM application.

Start Building with Zama FHEVM and OpenZeppelin Relayer

The signing infrastructure FHEVM applications need is now available out of the box. Point the Zama SDK at the OpenZeppelin Relayer and get production-grade transaction signing infrastructure without assembling it yourself.


See the end-to-end example to get started, or read the full documentation.

FAQs

What is Zama FHEVM?

Zama FHEVM is a coprocessor architecture that allows EVM smart contracts to store and compute over encrypted data using Fully Homomorphic Encryption. FHEVM contracts behave like any other EVM contract, with values remaining encrypted throughout execution to keep the onchain state private.

What does the OpenZeppelin Relayer do in a Zama FHEVM flow?

It handles two things the Zama SDK requires from a backend: submitting transactions with encrypted inputs via sendTransaction, and signing EIP-712 typed-data payloads via signTypedData to authorize user decryption requests. Gas, nonces, retries, and transaction tracking are all handled automatically.

Does the OpenZeppelin Relayer handle encryption or decryption?

No, all FHE-specific work, including encryption, decryption, and key handling, stays in the Zama SDK running in your application. The OpenZeppelin Relayer only deals with transaction submission with encrypted inputs and EIP-712 signing.

Do I need special configuration to use the OpenZeppelin Relayer with Zama FHEVM?

No. Because FHEVM contracts live on standard EVM networks, the OpenZeppelin Relayer is configured exactly like any other EVM relayer. There is no FHEVM-specific network setup required.