Patent pending TRACE — PCT/IB2026/056793 AKAC — PCT/IB2026/056904 CKKS / BGV / BFV / TFHE

OFC: Oracle-Free FHE Conformance Certification

Prove your FHE engine computes correctly — without ever decrypting customer data.

When you deploy an FHE chip or cloud FHE engine, how do you demonstrate it is correct? Random testing cannot catch fabrication errors or consistently-wrong-engine bugs. OFC is the industry-first conformance certification that answers this — using the algebraic structure of FHE ciphertexts themselves, no oracle or decryption required.

Tier 1TRACE — algebraic self-consistency
Tier 2AKAC — hardware-rooted attestation
SchemesCKKS, BGV/BFV, TFHE/FHEW
CertificateEd25519-signed, independently verifiable
IPTwo PCT applications filed

The problem OFC solves

FHE engines — chips, FPGAs, cloud accelerators — can produce plausible but wrong ciphertexts. A fabrication defect, a subtle implementation error, or a rounding-regime mismatch in the NTT can cause results that decrypt to incorrect values. The catch: you cannot verify correctness by decrypting customer data, and golden-vector testing only catches deviations from the specific test vectors, not systematic failure modes across the full operational domain.

Fabrication errors

A chip that computes slightly wrong arithmetic across all operations — not detectable by random sampling, because the error is consistent and systematic.

Consistently-wrong-engine bugs

An FHE library that applies a wrong parameter during key-switch always produces a plausible ciphertext — one that decrypts to a wrong answer — and no test vector catches it without the secret key.

Vendor lock-in without assurance

Cloud FHE providers currently operate on a trust-the-vendor model. Regulated deployments (GDPR, EU AI Act, healthcare) cannot accept unverifiable correctness claims.

Cross-vendor interoperability

Without a shared conformance layer, ciphertexts produced on one FHE engine are not guaranteed to be compatible with another — even when both claim to implement the same scheme.

Two certification tiers

OFC defines two independent protocol tiers, each targeting a different assurance level. Both are patent-pending with international PCT applications filed. Both produce independently verifiable Ed25519-signed certificates.

Tier 1
TRACE
PCT/IB2026/056793 — filed 1 Jul 2026

Algebraic ψ-fingerprint self-consistency certification. TRACE derives a set of algebraic invariants from the ciphertext ring structure itself — relationships that hold in any correct FHE computation, regardless of the plaintext values. The engine under test evaluates a signed challenge; TRACE verifies that the ciphertext output satisfies the expected invariants. No oracle. No decryption. Works black-box against any engine that exposes a ciphertext output.

  • No decryption access required
  • Works with any black-box FHE engine
  • CKKS bits-of-agreement floor, BGV/BFV exact equality fraction, TFHE/FHEW zero Hamming distance
  • Session transcript digest in certificate
  • Suitable for: library maintainers, cloud provider audits, rapid pre-certification

How AKAC works

The AKAC protocol runs a seeded challenge-response across five steps. The CA never receives plaintext; the device proves correctness by re-deriving from the same seed.

1

CA issues seed

VaultBytes CA generates a fresh, cryptographically random seed and issues it to the device under test. The seed determines all challenge probes for this session.

2

Device derives and evaluates

The device derives probe inputs from the seed, encrypts them under AKAC parameters, evaluates the required FHE operations, and decrypts results. The secret key never leaves the device.

3

CA re-derives and scores

The CA re-derives the expected answers independently from the same seed and scores each operation — bits of agreement, equality fraction, or Hamming distance depending on scheme.

4

Hardware attestation bound

The device signs the session transcript with its TPM attestation key or HSM-bound device key. This binds the correctness result to the specific physical device.

5

Certificate issued

VaultBytes CA issues an Ed25519-signed certificate containing the per-operation scores, session transcript digest, device pubkey fingerprint, attestation mode, and validity period.

What the certificate contains

Each OFC certificate is a signed JSON document verifiable by any party holding the VaultBytes CA public key. Certificates are scheme-agnostic and reference the specific protocol version and operation set evaluated.

algorithm: Ed25519
protocol_version: ofc/1.0
tier: akac | trace
attestation_mode: hardware_rooted | measured_execution | software_identity_bound
scheme: ckks | bgv | bfv | tfhe | fhew
device_pubkey_fp: <SHA-256 of device attestation key>
session_digest: <SHA-256 of session transcript>
scores: { keysw: 52.1 bits, add: PASS, mul: PASS, ... }
issued_at: 2026-07-03T00:00:00Z
expires_at: 2027-07-03T00:00:00Z
issuer: VaultBytes OFC CA v1
signature: <Ed25519 over canonical JSON>

CKKS score = bits of agreement above floor. BGV/BFV score = exact equality fraction. TFHE/FHEW score = zero Hamming distance fraction.

Scheme and operation coverage

OFC covers all major production FHE schemes. Per-scheme scoring reflects the correct notion of correctness for each: approximate arithmetic for CKKS, exact arithmetic for BGV/BFV, and Boolean correctness for TFHE/FHEW.

SchemeCorrectness metricOperations evaluatedNotes
CKKSbits of agreementKeySwitch, Add, Mul, Rescale, Bootstrap (EvalMod)Minimum floor enforced; precision collapse flagged
BGV / BFVexact equality fractionAdd, Mul, Relinearisation, ModSwitch, RotateAny deviation from exact equality is a FAIL
TFHE / FHEWzero Hamming distanceBootstrap, AND, OR, XOR, NOT, MUXSingle-bit correctness; gate-level accuracy required

Who needs OFC

Any organisation that deploys or procures an FHE engine and cannot verify correctness by decrypting customer data.

FHE chip vendorsCertify silicon before customer shipment. Demonstrate correctness without requiring customers to hold or share secret keys. Differentiate on an independently verified conformance certificate.
Cloud FHE providersMove beyond trust-the-vendor assurances. Provide tenants with a third-party certificate they can pass to their own auditors. Annual renewal certificates support continuous assurance.
Regulated AI deploymentsGDPR Article 25 (data protection by design), EU AI Act Article 9 (risk management), and sector-specific regulations increasingly require evidence that private computation infrastructure operates correctly. OFC certificates are audit-ready artifacts.
FHE library maintainersContinuous TRACE certification across scheme versions and parameter sets catches regressions that unit tests miss. Suitable for OpenFHE, Microsoft SEAL, Concrete ML, TenSEAL, and custom implementations.
Enterprise NRE / custom ASICBespoke integration of OFC into a proprietary chip verification flow, with custom scheme support, tapeout-ready test vectors, and sign-off documentation.

Licensable products

OFC is offered as a service and a licensable SDK. All tiers produce independently verifiable Ed25519-signed certificates. Pricing is on application; contact us for a quote.

Per-engine certification

One-time TRACE or AKAC certification run for a single FHE engine instance. Produces a signed certificate valid for 12 months. Suitable for product launches, vendor audits, and customer-facing assurance.

Annual renewal

Recurring annual re-certification covering updated firmware, parameter changes, or new scheme versions. Maintains a continuous certificate chain for compliance reporting.

CA service subscription

Hosted AKAC challenge authority. The VaultBytes CA issues seeds, scores returned answers, and signs certificates on a subscription basis. Suitable for cloud providers running repeated engine certifications.

TRACE SDK licence

Embed algebraic self-consistency checks directly in your FHE engine or test harness. Licence the TRACE protocol implementation for continuous integration and pre-shipment testing.

Enterprise NRE

Custom scheme support, ASIC-integration guidance, tapeout-ready test vectors, and bespoke sign-off documentation. Engagement under NDA with dedicated engineering support.

Frequently asked questions

Common questions about how OFC works, what it covers, and how it differs from existing testing approaches.

How is OFC different from running a test suite?
A conventional test suite checks a finite set of known inputs against known outputs. It can only detect deviations from the specific test vectors — it cannot catch systematic failures that affect all operations uniformly. TRACE checks algebraic invariants that hold across the entire ciphertext ring, so a consistently-wrong engine fails even when it passes every individual test vector. AKAC adds hardware binding so the passing result cannot be attributed to a different (correct) device.
Does OFC require access to the engine's secret key?
TRACE requires no decryption access at all — it operates entirely on ciphertexts. AKAC does require the device under test to perform decryption as part of the protocol, but decryption happens inside the device; the VaultBytes CA never receives the secret key or any plaintext. The CA re-derives expected answers from the same seed it issued.
What is "attestation_mode" in the certificate?
The attestation_mode field describes how strongly the result is bound to the specific device:
  • hardware_rooted — result signed by a TPM attestation key or HSM device key; strongest binding
  • measured_execution — result accompanied by a measured boot / TEE attestation report
  • software_identity_bound — result signed by a software identity key; weakest binding, suitable for library certification
Which FHE libraries does OFC support?
OFC is scheme-agnostic by design. TRACE and AKAC both support CKKS (including RNS-CKKS), BGV, BFV, TFHE, and FHEW. Current tested adapters cover OpenFHE, Microsoft SEAL, Concrete ML, and TenSEAL. Custom ASIC integration is available under the Enterprise NRE tier.
Are the patents granted?
Both are PCT applications filed in 2026 — TRACE (PCT/IB2026/056793, filed 1 Jul 2026) and AKAC (PCT/IB2026/056904, filed 3 Jul 2026). These are pending applications, not granted patents. National-phase prosecution is in progress.
How does OFC help with EU AI Act compliance?
The EU AI Act Article 9 requires high-risk AI systems to implement risk management systems, which includes maintaining evidence that computational infrastructure operates correctly. OFC certificates are independently verifiable signed artifacts that can be attached to a technical file, passed to a notified body, or used in a post-market monitoring log. They provide documented evidence that the FHE layer executed correctly during a certified window.

Request certification or licensing

Tell us about your engine, the scheme, and the assurance level you need. We reply within one business day. All inquiries are treated in confidence; we are happy to sign an NDA before the first call.

IP notice: TRACE and AKAC are patent-pending (PCT applications filed). The OFC protocol specifications and test vectors are proprietary. SDK licences and NRE engagements are available under commercial agreement.