NoirPerp is a privacy-preserving perpetual futures DEX on Zama’s fhEVM. Order size, collateral, limit price, P&L, and vault balance are all encrypted on-chain. The contract matches and settles trades without ever decrypting them. KYC is enforced via on-chain Merkle proofs — gated, but identity-blind. Live on Sepolia.
The Problem
Every position on a public DEX is an open book. Whales get front-run. Retail gets liquidation-hunted. Institutional desks can’t trade — revealing your hand defeats the trade. GMX, dYdX, Hyperliquid all make the same trade-off: full transparency for full decentralization.
What NoirPerp Does Differently
We encrypt before the chain ever sees anything. The smart contract operates on ciphertexts — comparing them, multiplying them, opening positions from them — without ever branching on a plaintext value. No node, validator, indexer, or block explorer sees the numbers.
Compliance is the third corner: anonymous DEXes are politically un-launchable, public DEXes leak everything, NoirPerp threads the needle with Merkle-proof KYC. The contract knows you’re approved without learning who you are.
Under the Hood
Browser encrypts. TFHE WebAssembly turns size, collateral, and limit into euint64 ciphertexts before the tx is signed.
Contract is blind. Engines run FHE arithmetic on encrypted values — open, close, liquidate, match. State stays as ciphertext.
3-bool darkpool match. Pair-matching two encrypted orders decrypts exactly three FHE booleans (intersects, buy-residual-zero, sell-residual-zero) in one Gateway request. Sizes and prices never leave FHE.
Threshold-decrypt settlement. When plaintext is unavoidable (e.g. a liquidation), a KMS quorum signs the cleartext; a relayer bot submits it as a callback. Decrypt rights are per-handle — nobody else can replay them.
Logs reveal nothing. Events emit ciphertext handles and request IDs. You see that something happened, not what.
Checkout: https://noirperp.vercel.app