> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/guides/confidential-workflows.md). # Confidential workflows A confidential workflow makes an Ika signature conditional on logic that ran over **encrypted** inputs. The FHE engine evaluates a graph, the result becomes a decision, the decision is signed by a key held in a KMS, and the on-chain [`fhe-gated`](/hub/andromeda/guides/deploy-policy/fhe-gated.md) policy validates that signed decision before releasing the Ika signature. {% hint style="warning" %} Both the FHE network and the Ika network are pre-alpha. There is no real confidentiality or MPC guarantee yet. Do not present these flows as private or production-grade to end users. {% endhint %} ## The pipeline ``` Encrypted inputs -> FHE graph evaluation (Encrypt surface; see "The Encrypt FHE surface") -> decision (approve / reject + computed context) -> decision signed by a KMS-held ed25519 key -> fhe-gated policy validates the signed decision on-chain -> Ika signature released ``` ## Step by step 1. **Submit encrypted inputs and run the graph.** Use the [Encrypt FHE surface](/hub/andromeda/guides/encrypt-fhe.md): create ciphertexts, execute (or execute a registered) graph, get the result. 2. **Form the decision.** Turn the graph result into a decision the policy understands (an approval plus whatever context the graph computed). 3. **Sign the decision.** The decision is signed by an ed25519 key held in a KMS. Andromeda never sees the private material; it only uses the KMS's sign operation. See [Key management](/hub/andromeda/security/key-management.md). 4. **Include the signed decision in the signing request.** When you ask Ika to sign for the gated dWallet, attach the signed decision. 5. **The `fhe-gated` program checks it.** It verifies the decision's signature against its authority allowlist, and checks the decision's age against a non-zero window (a zero window, meaning "always valid", is rejected). If both hold, the Ika signature is released. ## Why it is trustworthy * The decision signature is validated **on-chain**, against an allowlist the policy holds. A forged decision does not pass. See [Zero attestor](/hub/andromeda/concepts/zero-attestor.md). * The age check uses the **Solana clock**. A stale decision does not pass. * The signing key lives in a **KMS** with a sign-only policy. A compromise of the API does not yield the key. * Changes to the policy (the allowlist, the age window) are themselves replay-nonced and init-authority-hash protected. See [RulesPolicy](/hub/andromeda/on-chain-programs/rules-policy.md). ## When to use it * Compliance gates over data you do not want exposed (KYC scoring, sanctions checks). * Sealed-bid auctions: compute the winner over encrypted bids, then sign the settlement. * Private treasury rules: spend conditions evaluated without revealing balances or limits. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/guides/confidential-workflows.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.