# Changelog

## Version Status

***

Deployed and planned FHEVM versions on the Testnet and Mainnet.

| Status  | Version     | Details                      |
| ------- | ----------- | ---------------------------- |
| Testnet | FHEVM v0.11 | [Release note](#fhevm-v0.11) |
| Mainnet | FHEVM v0.11 | [Release note](#fhevm-v0.11) |

See the full version status in the [Zama Protocol Version Dashboard](https://zamablockchain.grafana.net/public-dashboards/4027c482ad1e44ddb1336ec04cc5a1db).

## Protocol Updates

***

{% updates format="full" %}
{% update date="2026-04-22" tags="preview,security" %}

## Security Upgrade

We’re rolling out **breaking changes as part of a security upgrade** to the deployed Confidential Wrapper contracts.

If you don’t directly interact with these contracts, no action is required.

**Which contracts**

All wrappers registered in the onchain registries ([testnet address](https://sepolia.etherscan.io/address/0x2f0750Bbb0A246059d80e94c454586a7F27a128e) and [mainnet address](https://etherscan.io/address/0xeb5015fF021DB115aCe010f23F55C2591059bBA0)). All addresses can be found in [our documentation](https://github.com/zama-ai/protocol-apps/tree/main/docs/addresses).

**When**

* **Testnet**: Tuesday, May 4, 2026 - 2:00 PM UTC (16:00 PM CET)
* **Mainnet**: Tuesday, May 11, 2026 - 2:00 PM UTC (16:00 PM CET)

**Why**

These changes are needed to align the system with updated FHEVM security recommendations to maintain the protocol’s **128-bit security guarantees**.

**Action required**

**If you use the** [**Zama SDK**](https://github.com/zama-ai/sdk)**:** Upgrade to the latest SDK version — install from the `alpha` channel ahead of the testnet upgrade, and from the `latest` (stable) channel ahead of the mainnet upgrade. The SDK will be updated to accommodate these changes.

If you interact with the contracts directly, we recommend:

* **Before the upgrade dates:** Update your ABIs, subgraphs, indexers, and any event filtering logic to support both old and new event signatures. For any code checking `supportsInterface(0xd04584ba)`, also accept `supportsInterface(0x1f1c62b2)`, treating either returning true as a match.
* **After upgrade day:** Update any code directly calling `totalSupply()` to use `inferredTotalSupply()`, and remove support for old interface ID `0xd04584ba` .

Refer to the updated [documentation](https://docs.zama.org/protocol/protocol-apps/confidential-tokens/confidential-wrapper), [implementation on GitHub](https://github.com/zama-ai/protocol-apps/tree/b06eb263d64c788a27b6bc1baf46b7547f7ec594/contracts/confidential-wrapper/contracts) (commit `b06eb263d64c788a27b6bc1baf46b7547f7ec594`) and the summary below. Make sure to test these changes on testnet ahead of the mainnet deployment.

**What's changing:**

1. **Event signature changes:** The `UnwrapRequested` and `UnwrapFinalized` events will include a new `bytes32 indexed unwrapRequestId` parameter ([event signatures](https://github.com/OpenZeppelin/openzeppelin-confidential-contracts/blob/master/contracts/interfaces/IERC7984ERC20Wrapper.sol#L12)):
   * `UnwrapRequested` event becomes `UnwrapRequested(address indexed receiver, bytes32 indexed unwrapRequestId, euint64 amount)`
   * `UnwrapFinalized` event becomes `UnwrapFinalized(address indexed receiver, bytes32 indexed unwrapRequestId, euint64 encryptedAmount, uint64 cleartextAmount)`
   * `unwrapRequestId` should now be considered for `finalizeUnwrap` ’s first input instead of `amount`. This change is backward compatible: `amount` values from old unwrap requests can still be used as input.
2. **Function rename:** `totalSupply()` will be renamed to `inferredTotalSupply()` to better reflect its semantics and align with OpenZeppelin's v0.3.1 contract version ([function signature](https://github.com/zama-ai/protocol-apps/blob/main/contracts/confidential-wrapper/contracts/extensions/ERC7984ERC20WrapperUpgradeable.sol#L199))
3. **Wrapper interfaceId changes**: `supportInterface` will return true for `0x1f1c62b2` instead of previous `0xd04584ba` for identifying `IERC7984ERC20Wrapper` ([interface file](https://github.com/zama-ai/protocol-apps/blob/main/contracts/confidential-wrapper/contracts/extensions/ERC7984ERC20WrapperUpgradeable.sol))

**Impact**

Any integration relying on the current event signatures, the `totalSupply()` function or `supportInterface(0xd04584ba)` calls will need to be updated. This includes subgraph indexers, frontend activity parsing, and any direct contract interactions.

The Zama Team
{% endupdate %}

{% update date="2026-02-01" tags="new-features,improvements,fixes,fhevm" %}

## FHEVM v0.11

This release brings major performance and security improvements to the Zama Protocol.

#### Highlights

* **tfhe-rs v1.5.0 upgrade** across Coprocessor and KMS for improved FHE performance
* **ACL checks on host chain** for direct access control enforcement through the relayer and KMS connector
* **Delegated decryption** with a complete end-to-end flow
* **FHE statistics for TFHE-rs** for better observability into Coprocessor FHE operations

#### New features

* **GPU acceleration:** Optional GPU backends for ZK proof verification, Switch-and-Squash (SnS), and re-randomization. CPU-only deployments remain fully supported.
* **Delegated decryption:** Complete end-to-end support for delegated user decryption, allowing authorized addresses to decrypt on behalf of users.
* **Operator staking system:** New ERC-4626-based staking contracts with UUPS upgradeability, permit support, and Operator Rewarder contracts for fee management.
* **Confidential Tokens Registry:** Added a Confidential Tokens Registry and ERC-7984 upgradeable wrapper contracts for encrypted token assets.
* **CLI tool:** Added a new command-line tool for common FHEVM workflows.
* **BNB chain support:** Added configurations for BNB chain deployments.

#### Improvements

* **tfhe-rs upgrade to v1.5.0:** Updated across the Coprocessor and KMS, while FHE keys and serialized ciphertexts remain generally compatible.
* **ACL checks on host chain:** Decryption ACL checks now run directly on the host chain through the relayer and KMS connector, reducing trust assumptions.
* **FHE statistics:** Added FHE operation statistics and decryption performance metrics in the Coprocessor.
* **Dependence-chain processing:** Improved the Coprocessor scheduler for better parallelism.
* **Host-listener poller mode:** Added an alternative polling mode that replaces WebSocket-based event listening.
* **KMS garbage collection:** Added garbage collection for KMS operations.
* **Database optimizations:** Improved indexing for the `ciphertext_digest` table.

#### Fixes

* Overflow prevention in the `ProtocolStaking` cooldown mechanism
* ERC-4626 inflation attack mitigation using decimal offset
* Better handling of cyclic dependence errors in the Coprocessor
* Improved `eth_getLogs` timeout management in the host-listener

#### Resources

* [GitHub release](https://github.com/zama-ai/fhevm/releases/tag/v0.11.0)
* [Documentation](https://docs.zama.org/protocol/solidity-guides)
  {% endupdate %}

{% update date="2025-10-01" tags="preview,new-features,improvements,fhevm" %}

## FHEVM v0.10

This preview introduces a dedicated payment contract in the Gateway and flexible delegation of decryption rights through smart contracts.

These changes improve fee management, access control, and the usability of encrypted operations.

#### Preview

* **Gateway payment contract** for Coprocessor and KMS fee management
* **Delegation through smart contracts** for controlled decryption access
* **Time-scoped permissions** for temporary or session-based access
* **Contract-scoped permissions** for stricter access control

#### New features

* **Gateway payment contract:** Adds a dedicated payment contract within the Gateway to manage fees for Coprocessor and KMS operations, including input and decryption flows.
* **Delegation via smart contracts:** Users can delegate decryption rights to other addresses with fine-grained control over scope and duration:
  * Explicit authorization for another address to generate EIP-712 signatures and run `userDecrypt` operations
  * Delegation validity defined by timestamp for temporary or session-based access
  * Delegation scoped to specific contract addresses for context-aware access control

#### Improvements

* More flexible encrypted data access through delegation
* More transparent fee management with a dedicated Gateway payment flow

#### Resources

* [GitHub release](https://github.com/zama-ai/fhevm/releases/tag/v0.10.0)
* [Documentation](https://docs.zama.org/protocol/solidity-guides/v0.10)
  {% endupdate %}

{% update date="2025-10-01" tags="new-features,improvements,breaking-changes,fhevm" %}

## FHEVM v0.9

This release adds new key generation capabilities, dynamic coprocessor management, and a redesigned decryption event flow.

These changes improve flexibility, scalability, and consensus handling while deprecating older event formats.

{% hint style="danger" %}

#### Breaking changes

The methods `FHE.requestDecryption` and `FHE.setDecryptionOracle` are now deprecated and must be removed.

Update your contracts to use the new decryption flow through the relayer.
{% endhint %}

#### Highlights

* **On-chain FHE key and CRS generation**
* **Dynamic pauser management**
* **Transaction input re-randomization**
* **Redesigned user decryption events**
* **Gateway API cleanup and renaming**

#### New features

* **Support generation of FHE key and CRS on-chain:**
  * Request FHE key and CRS generation directly through the Gateway.
  * New environment variables for gateway contracts:
    * `KMS_GENERATION_THRESHOLD` — threshold used to validate consensus on FHE key or CRS generation
    * `KMS_NODE_STORAGE_URL_[0-N]` — storage base URL for public materials for each KMS node
  * New environment variable for the coprocessor (`gw-listener`):
    * `KMS_GENERATION_ADDRESS` — address of the `KMSGeneration` gateway contract
  * New environment variable for the connector:
    * `KMS_GENERATION_ADDRESS` — address of the `KMSGeneration` gateway contract

{% hint style="info" %}

#### Obsolete environment variables

These variables are no longer used:

* `FHE_PARAMS_NAME`

* `FHE_PARAMS_DIGEST`
  {% endhint %}

* **New `PauserSet` immutable contract:**
  * Host and Gateway contracts can now be paused by any address added in `PauserSet`.
  * New environment variables for gateway contracts:
    * `NUM_PAUSERS` — number of pauser addresses to add. Set this to `n_kms + n_copro`.
    * `PAUSER_ADDRESS_[0-N]` — pauser addresses
  * New environment variables for host contracts:
    * `NUM_PAUSERS` — number of pauser addresses to add. Set this to `n_kms + n_copro`.
    * `PAUSER_ADDRESS_[0-N]` — pauser addresses

{% hint style="info" %}

#### Obsolete environment variable

This variable is no longer used:

* `PAUSER_ADDRESS`
  {% endhint %}

* **Re-randomization of transaction inputs:**
  * All transaction inputs, including state inputs, are re-encrypted before FHE evaluation.
  * This provides [sIND-CPAD security](https://www.zama.ai/post/drifting-towards-better-error-probabilities-in-fully-homomorphic-encryption).
  * This feature is transparent to users.

#### Improvements

* **User decryption response:**
  * Encrypted shares and signatures are no longer aggregated on-chain in the Gateway.
  * Each KMS response now emits its own event.
  * New events in the `Decryption` contract:
    * `UserDecryptionResponse(uint256 indexed decryptionId, uint256 indexShare, bytes userDecryptedShare, bytes signature, bytes extraData);`
    * `UserDecryptionResponseThresholdReached(uint256 indexed decryptionId);`

{% hint style="danger" %}

#### Breaking changes

This event is deprecated from the Gateway `Decryption` contract:

* `PublicDecryptionResponse(uint256 indexed decryptionId, bytes decryptedResult, bytes[] signatures, bytes extraData)`
  {% endhint %}

* **User decryption request:**
  * User EIP-712 signature verification is simplified in the Gateway `Decryption` contract.

{% hint style="danger" %}

#### Breaking changes

The `uint256 contractsChainId` field is no longer part of the `UserDecryptRequestVerification` struct used for EIP-712 signature verification.
{% endhint %}

* **Gateway contract renaming:**
  * `MultichainAcl` is renamed to `MultichainACL`.
  * `KmsManagement` is renamed to `KMSGeneration`.

{% hint style="danger" %}

#### Breaking changes

These Gateway contracts are renamed:

* `MultichainAcl` → `MultichainACL`
* `KmsManagement` → `KMSGeneration`

These environment variables are renamed:

* `KMS_MANAGEMENT_ADDRESS` → `KMS_GENERATION_ADDRESS`
* `KMS_CONNECTOR_KMS_MANAGEMENT_CONTRACT__ADDRESS` → `KMS_CONNECTOR_KMS_GENERATION_CONTRACT__ADDRESS`

In the KMS Connector Helm chart `values.yaml`, this field is renamed:

* `kmsManagement` → `kmsGeneration`
  {% endhint %}

* **Gateway check functions replaced:**
  * All external `check...` view functions are removed from the Gateway contracts.
  * Associated errors are moved to other contracts or removed.
  * Equivalent `is...` view functions now return a boolean instead of reverting.

{% hint style="danger" %}

#### Breaking changes

All `check...` view functions are removed from the Gateway contracts.

For example:

* `checkPublicDecryptAllowed` is replaced by `isPublicDecryptAllowed`
* `PublicDecryptNotAllowed` is moved to the `Decryption` contract
  {% endhint %}

#### Resources

* [GitHub release](https://github.com/zama-ai/fhevm/releases/tag/v0.9.0)
* [Documentation](https://docs.zama.org/protocol/solidity-guides/v0.9)
  {% endupdate %}

{% update date="2025-09-01" tags="new-features,improvements,breaking-changes,fhevm" %}

## FHEVM v0.8

This release makes FHEVM more scalable, secure, and developer-friendly.

#### Highlights

* **New KMS connector** for modular integration
* **Compressed ciphertexts** for lighter payloads
* **Flexible `extraData` field** for richer apps
* **Post-quantum ML-KEM512** for faster, smaller decrypts
* **Stronger chain resilience and ERC-7995 compliance**

#### New features

* **New KMS connector:** Added a new Key Management System connector to improve modularity and integration.
* **Compressed ciphertext support:** Added support for compressed ciphertexts in both the SnS worker and KMS, reducing payload sizes.
* **Generic `extraData` field:** Gateway functions, events, and signed structs now include a generic `extraData` field for extensibility and custom data support.
* **`SepoliaConfig` update:** Added the `protocolId()` function to support protocol identification.

#### Improvements

* **ERC-7995 compatibility:** Updated the Oracle callback interface for compliance, following [ERC-7995](https://github.com/ethereum/ERCs/pull/1143).
* **Reduced user decrypt payload size:** Migrated to **ML-KEM512** for 128-bit equivalent post-quantum security. This reduces decrypt response sizes and allows more responses per block.
* **Host listener:** Added reorganization handling in the host listener for stronger chain resilience.
* **Library storage layout:** Adjusted the storage layout to align with the standard guidelines.

{% hint style="danger" %}

#### Breaking changes

**Oracle callback function signature** now requires this format:

```solidity
function callbackExample(
  uint256 requestID,
  bytes memory cleartexts,
  bytes memory decryptionProof
) external;
```

{% endhint %}

#### Resources

* [GitHub release](https://github.com/zama-ai/fhevm/releases/tag/v0.8.0)
* [Documentation](https://docs.zama.ai/protocol/solidity-guides/v0.8)
  {% endupdate %}

{% update date="2025-07-01" tags="new-features,breaking-changes,fhevm" %}

## FHEVM v0.7

This release introduces the first iteration of the Zama Protocol.

#### Highlights

* **Gateway** is now a core component for protocol orchestration.
* **Coprocessor input verification** is now enforced on the coprocessor side.
* **Decryption pipeline** now prepares ciphertexts for decryption on coprocessors.
* **Solidity library** is restructured to match the new protocol architecture.

{% hint style="danger" %}

#### Breaking changes

* Renamed the library from `TFHE` to `FHE`
* Introduced `FHE.requestDecryption` with support for `msg.value`, deprecating `GatewayCaller`
* Removed `ebytesXXX` types
* Replaced `einput` with `externalEuintXXX`, `externalEbool`, and `externalEaddress`
* Introduced per-transaction operation limits, replacing the previous per-block limit
  {% endhint %}

#### Resources

* [GitHub release](https://github.com/zama-ai/fhevm/releases/tag/v0.7.0)
* [Documentation](https://docs.zama.ai/protocol/solidity-guides/v0.7)
  {% endupdate %}
  {% endupdates %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zama.org/protocol/changelog/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.