Back to blog

ERC-7984: The Confidential Token Standard Explained

February 17, 2026
The Zama Team

While ERC-7984 is designed to be a technology-agnostic standard, this article focuses on the implementation from Zama and OpenZeppelin.

The Next Step for Blockchain

Blockchain delivered something remarkable: programmable, permissionless, global finance. But it came with a tradeoff that's held back mainstream adoption: complete transparency.

Every token transfer on Ethereum is visible to anyone. Balances, transaction amounts, counterparties, all public. For many use cases, this works fine. But for others, payroll, institutional settlement, private DeFi strategies, regulated finance, this transparency is a dealbreaker.

What if tokens could offer the best of both worlds? The programmability and auditability of blockchain, with the financial privacy people expect from traditional banking? That's what ERC-7984 delivers.

What Is ERC-7984?

ERC-7984 is a new token standard, think of it as "confidential ERC-20". While traditional tokens store your balance as a readable number that anyone can see, ERC-7984 tokens keep it encrypted, so your balance, transfer amounts, and transaction details remain private by default.

The key innovation is that it stays encrypted at all times. Even while the blockchain is processing your transaction, adding, subtracting, checking if you have enough funds, the actual data stay encrypted. The smart contract itself doesn't know your balance. Only you can decrypt it.

This isn't hiding information from the blockchain. It's a fundamental redesign where privacy is built into the token's DNA.

The Tech Behind Zama’s Implementation of the ERC-7984 is Fully Homomorphic Encryption

While ERC-7984 is a technology agnostic standard, and can be implemented using various cryptographic techniques, Zama’s implementation is powered by Fully Homomorphic Encryption (FHE). If that sounds intimidating, here's a simple analogy:

Imagine you have a locked safe with special gloves attached. You can put items inside, close it, and then, using the gloves, rearrange, combine, or manipulate everything inside without ever opening the safe. When you're done, you unlock it and find the correct result, even though you (and everyone watching) never saw what was inside during the process.

That's FHE. It allows mathematical operations on encrypted data without decryption.

When you transfer confidential tokens, the same steps happen as with regular tokens, just on encrypted data:

  1. The network checks if your encrypted balance has enough funds
  2. It subtracts the encrypted amount from your balance
  3. It adds that encrypted amount to the recipient's balance

All the usual logic runs. The difference? At no point does anyone, not even the smart contract, see the actual numbers.

Traditional encryption protects data when it's stored or sent. FHE protects data while it's being computed on. That's the breakthrough.

How Zama’s Implementation of the ERC-7984 Differs from ERC-20

If you're familiar with the standard ERC-20 token, here's what changes:

The Difference in Code

Here's a side-by-side comparison of basic operations for an ERC-20 and ERC-7984, respectively USDT (USDT) and Confidential USDT (cUSDT) tokens.

Mint.

// USD
_mint(account, amount);

// cUSDT
_mint(account, FHE.asEuint64(amount));

Transfer.

// USDT
transfer(to, amount);

// cUSDT
confidentialTransfer(to, encryptedAmount);

Check Balance.

// USDT
balanceOf(account); 
// returns uint256 (visible to everyone)

// cUSDT
confidentialBalanceOf(account);  
// returns euint64 (encrypted handle)

The pattern is consistent: same operations, but with encrypted data types (euint64 instead of uint256). The blockchain performs the same logic; it just never sees the actual numbers.

The Architecture: A Quick Tour of The Zama Protocol

ERC-7984 doesn't work alone. It's a key part of the Zama Protocol, a cross-chain confidentiality layer that brings encrypted computation to existing blockchains.

On the blockchain, you have the ERC-7984 contract. It stores encrypted "handles", think of these as pointers to encrypted values rather than the values themselves.

Offchain, a network of coprocessors performs the actual encrypted math. When your transfer executes, the blockchain doesn't crunch the numbers, it sends a request to these specialized nodes that compute on encrypted data.

For decryption, there's a threshold key management system (KMS). No single party can decrypt your data; it requires multiple independent nodes to cooperate. This prevents any one actor from compromising privacy.

The Gateway orchestrates everything, coordinating coprocessors, managing access control, and handling decryption requests.

The beauty is that existing blockchains don't need to change. Ethereum, Layer 2s, and other EVM chains can support confidential tokens without any protocol upgrades.

You can also read the complete Zama Protocol Litepaper.

Real-World Use Cases

Confidential Stablecoins.

Banks won't put client transactions on a public ledger, it would violate every financial privacy regulation. But with ERC-7984, stablecoin transfers can be confidential while still allowing regulators to have "observer" access when legally required. Privacy by default, transparency when mandated, and compliance at all times.

Private DeFi.

Today, sophisticated traders avoid onchain DeFi because their strategies become visible. Large trades get front-run. Positions get copied. With confidential tokens, you can participate in lending, trading, and yield farming without broadcasting your playbook to competitors.

Corporate Payroll.

Companies can pay employees in crypto without exposing salary information to the entire internet. The payment is onchain, auditable when needed, but private to everyone else.

Institutional Settlement.

When banks settle large transfers, they don't want every hedge fund in the world watching their activity. Confidential tokens enable the efficiency of blockchain settlement with the privacy institutions require.

Access Control and Selective Disclosure

Isn’t privacy and compliance an impossible match on the blockchain? Not at all.

The Zama Protocol addresses compliance through access control and selective disclosure. Privacy is the default, but users can grant specific parties the ability to view their activity:

  • Observers: You can designate addresses (like auditors or regulators) who can decrypt your balance and transfer amounts
  • Compliance extensions: The standard includes optional modules for KYC/AML restrictions, freezing capabilities, and real-world asset compliance

Think of it like banking privacy: your transactions are private by default, but your bank reports to regulators, and courts can subpoena records when justified. ERC-7984 brings this familiar model to blockchain.

Current Challenges and Progress

Confidential tokens are still early, but the ecosystem is moving fast:

Performance: FHE operations are computationally intensive, meaning higher gas costs than standard ERC-20 transfers. Zama reports 100x performance improvements in recent years and is targeting another 100x, bringing costs down significantly.

Infrastructure: Decryption requires off-chain coordination through coprocessors and threshold key management. This infrastructure is now live on Mainnet.

Tooling: Developers are the ones who will bring this new paradigm to blockchain applications, so making their experience seamless is critical. OpenZeppelin's audited contracts and Zama's developer tools are making integration increasingly straightforward. 

Coming soon: an ERC-7984 OpenZeppelin Wizard that will let developers generate confidential token contracts in just a few clicks.

How It Works in Practice

Without diving into code, here's the user experience:

Sending tokens: You encrypt the amount on your device before submitting the transaction. The blockchain sees an encrypted blob, not a number. After confirmation, only the recipient can decrypt their new balance.

Receiving tokens: Your wallet holds the decryption key. When you check your balance, your wallet decrypts it locally, the blockchain never sees the plaintext.

Swapping between token types: Moving from regular ERC-20 to confidential ERC-7984 is straightforward (the amount is visible entering, then becomes encrypted). Going the other direction requires an explicit decryption step, you're choosing to make that amount public.

DeFi interactions: Smart contracts can perform operations on your encrypted balances (checking if you have enough, transferring amounts) without knowing the actual values. The math happens in encrypted form.

The Bigger Picture

ERC-7984 is part of a broader movement to make privacy a default rather than an afterthought. OpenZeppelin, Zama and Inco co-founded the Confidential Token Association, working with protocols like Stellar, Fhenix, and Predicate to establish industry standards.

The vision is that confidential tokens become as normal as regular tokens, used for payments, DeFi, real-world assets, and governance, with privacy built in from the start.

We've spent a decade building transparent, permissionless financial infrastructure on Ethereum. ERC-7984 represents the next chapter: keeping those properties while adding the privacy that mainstream adoption requires.

Conclusion

Blockchain promised to revolutionize finance, but it came with a tradeoff: unprecedented transparency at the cost of financial privacy. ERC-7984 breaks that tradeoff.

By encrypting token balances and transfer amounts, and keeping them encrypted even during computation, ERC-7984 delivers genuine confidentiality without sacrificing the auditability and programmability that make blockchain useful.

It's not a privacy coin hiding in the shadows. It's a new foundation for tokens that respects both transparency (when chosen) and privacy (by default). For the first time, blockchain can offer the same financial privacy we expect from traditional banking, while keeping all the benefits of decentralization.

The transparent blockchain era may turn out to be a transitional phase. With ERC-7984, privacy becomes the standard.

Getting Started

For developers interested in building with ERC-7984:

Additional Resources

Latest Blog Posts

ERC-7984: The Confidential Token Standard Explained

Confidential Blockchain

This blog post is an overview of Zama and OpenZeppelin implementation of the ERC-7984 Confidential Token Standard.

Read more →

Zama Developer Program Mainnet Season 1: Building For The Long Game

Announcements

Zama developer program is designed to support builders at every stage. The infrastructure is live, now we build.

Read more →

$ZAMA Token Launch

Announcements

The $ZAMA token is officially launching, marking another foundational step toward bringing confidentiality to public blockchains.

Read more →

Back to blog
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one's identity with assurance when the default is anonymity requires the cryptographic signature.We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor's younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can't get privacy unless we all do, we're going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one's fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.Onward.Eric Hughes9 March 1993
PROTOCOL
Buy $ZAMAStake $ZAMA ↗ Bridge $ZAMA ↗ EcosystemLitepaper ↗Technical whitepaper ↗
LIBRARIES
TFHE-rs ↗Concrete ↗Concrete ML ↗FHEVM ↗Threshold FHE ↗
DEVELOPER
DevhubDocumentation ↗GitHub ↗Developer  ProgramCommunity SupportStatus.zama.ai ↗
COMMUNITY
X ↗Telegram ↗Community ChannelsEvents
COMPANY
AboutTalk to usBlogResearch Papers ↗Careers ↗Press and MediaBrand kit