> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy/fhe-gated.md). # fhe-gated This policy makes a signature conditional on the outcome of a confidential computation. An FHE evaluation runs over encrypted inputs, produces a decision, the decision is signed by a key held in a KMS, and this on-chain program validates that signed decision before releasing the Ika signature. Program address (Solana devnet): `6NhfKThEydSHH6R7gBm94reo3simopRJmb4nDzkKU7np`. See the end-to-end walkthrough in [Confidential workflows](/hub/andromeda/guides/confidential-workflows.md). ## What it enforces For a signing request to be approved, the program requires a recent, validly signed decision from an authorised decision key: * the decision must be signed by a key on the program's **authority allowlist**; * the decision must be **recent**: its age (measured against the Solana clock) must be within a configured, non-zero window. A zero-age window is rejected, so a decision cannot be "always valid". If both hold, the signature goes through. Otherwise it does not. ## Configuration * **Authority allowlist**: the set of decision keys whose signed decisions the program accepts. * **Decision-age window**: how long a signed decision stays valid after it is produced. Must be non-zero. Changes follow the [policy lifecycle](/hub/andromeda/guides/deploy-policy.md). ## The decision pipeline 1. Your application submits ciphertext inputs and runs an FHE graph on the Encrypt surface (see [The Encrypt FHE surface](/hub/andromeda/guides/encrypt-fhe.md)). 2. The result is turned into a decision (approve / reject, plus whatever context the graph computed). 3. The decision is signed by an ed25519 key held in a KMS (Andromeda never sees the private material). 4. The signed decision is included in the signing request. 5. The `fhe-gated` program validates the signature against its authority allowlist and checks the age. If it passes, the Ika signature is released. ## On-chain guarantees * The decision signature is validated on-chain against the allowlist; a forged decision is rejected. * The age check uses the Solana clock; a stale decision is rejected. * Init-authority-hash seeded PDA (no front-running). * Replay-nonced configuration changes. ## When to use it * Compliance checks that must run over data you do not want exposed. * Sealed-bid auctions: the winner is computed over encrypted bids, and only then is a settlement signed. * Private treasury rules: spend conditions evaluated without revealing balances or thresholds. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy/fhe-gated.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.