Skip to main content

Overview

The old decryption pattern used FHE.decrypt(ctHash) to trigger an asynchronous decryption, followed by FHE.getDecryptResultSafe(ctHash) to read the result once available. The new pattern replaces FHE.decrypt with an off-chain decryption step using the Client SDK, and uses FHE.publishDecryptResult to submit the result on-chain with a cryptographic proof. This guide walks through concrete before/after Solidity examples.

What changed

Old patternNew pattern
Trigger decryptFHE.decrypt(ctHash) (on-chain)FHE.allowPublic(ctHash) (on-chain) + client.decryptForTx(ctHash) (off-chain)
Submit resultAutomatic (async, no proof)FHE.publishDecryptResult(ctHash, plaintext, signature)
Verify onlyN/AFHE.verifyDecryptResult(ctHash, plaintext, signature)
Read resultFHE.getDecryptResultSafe(ctHash)FHE.getDecryptResultSafe(ctHash) (same)
The key difference: FHE.decrypt triggered decryption without any proof. The new flow requires a Threshold Network signature, ensuring the plaintext is cryptographically verified before being used on-chain.

The New Decryption Flow

1

Grant decryption permission (on-chain)

Instead of calling FHE.decrypt(), mark the value as decryptable:
2

Decrypt off-chain (client-side)

The client requests decryption from the Threshold Network, which returns the plaintext and a signature:
3

Submit result on-chain with proof

The decrypted value and signature are submitted to your contract:

Example 1: Simple counter

A minimal example showing how the reveal pattern changes.
Client-side flow (new):

Example 2: Token unshield (FHERC20Wrapper)

The unshield flow is where FHE.decrypt was most commonly used. It already followed a two-step pattern (unshield + claim), which maps naturally to the new flow.
Key differences:
  • FHE.decrypt(burned)FHE.allowPublic(burned) — no on-chain decryption is triggered, just a permission grant
  • claimUnshielded(bytes32 ctHash)claimUnshielded(bytes32 ctHash, uint64 decryptedAmount, bytes signature) — the caller now provides the decrypted value + proof
  • FHE.getDecryptResultSafeFHE.publishDecryptResult — the contract verifies the Threshold Network signature instead of polling for a result
Client-side flow (new):

Example 3: Revealing a vote result

A simple pattern: revealing a single encrypted vote count after a deadline.

publishDecryptResult vs verifyDecryptResult

MethodStores result on-chainOthers can read itUse case
publishDecryptResultYesYes, via getDecryptResultSafeRevealing results publicly (auctions, votes, counters)
verifyDecryptResultNoNoOne-time verification (transfers, burns)
Use verifyDecryptResult when you only need to confirm the plaintext is authentic and don’t need other contracts or future calls to read it:

Migration checklist

1

Find all FHE.decrypt calls

Search your contracts for FHE.decrypt(. Each call needs to be replaced.
2

Replace FHE.decrypt with FHE.allowPublic

In the function that previously called FHE.decrypt(ctHash), replace it with FHE.allowPublic(ctHash).
3

Add a finalize function

Create a new function that accepts (plaintext, signature) parameters and calls FHE.publishDecryptResult or FHE.verifyDecryptResult.
4

Update client code

Add the off-chain decryption step using client.decryptForTx() between the two on-chain calls.

Next Steps