Documentation

Overview

Trusted PayGram is a confidential, trust-gated payroll system built on Zama's Fully Homomorphic Encryption (FHE) virtual machine. It enables employers to pay their teams using encrypted stablecoins while trust scores determine the payment routing for each employee.

Salaries are encrypted on-chain using FHE -- only the employee and employer can decrypt their own values. Trust scores, computed using the EigenTrust algorithm, gate every payment flow. High-trust employees receive instant transfers, medium-trust employees face a 24-hour delay, and low-trust employees go through milestone-based escrow.

The system is deployed on both Ethereum Mainnet and Sepolia testnet, with the FHE coprocessor active on Sepolia for full encrypted computation.

Architecture

Trusted PayGram consists of three smart contracts that work together:

The contracts follow a clear separation of concerns: TrustScoring handles reputation, PayGramCore handles payroll logic, and PayGramToken handles the confidential token standard.

Trust Scoring

Trust scores are computed using the EigenTrust algorithm (Kamvar et al.), an iterative convergence algorithm originally designed for peer-to-peer reputation systems. Scores range from 0 to 100 and are encrypted on-chain using FHE.

Trust Tiers

How Scores Work

An oracle (the contract owner) submits trust scores for employees. Scores are encrypted using FHE before storage. The TrustScoring contract provides two interfaces: a plaintext tier lookup for frontend display (getTrustTierPlaintext) and encrypted tier comparisons for on-chain payroll routing.

Scores include an expiry mechanism -- stale scores can be invalidated. The FHE ACL system ensures only authorized callers can access encrypted values, using allowTransient for cross-contract calls.

Payroll Flow

The payroll process follows four steps:

Oblivious Routing

Payment routing uses FHE.select for oblivious computation. For each scored employee, three payment records are created (one per tier), and FHE.select determines which one is "real" based on the encrypted trust score. This ensures the routing decision itself remains encrypted -- nobody learns which tier an employee falls into from on-chain data alone.

Unscored employees bypass FHE routing entirely and go directly to escrow via a plain boolean check.

Contracts

Sepolia Testnet

0x195dc8309F1b26BF6f5c568024E4060029233596

0x18572E79806bc3caAEeE52d81c0A7A4D86faeD6f

0x370B4F9917b65f36CAe01754c14829408bfAf7fd

Ethereum Mainnet

0xaa3ae25ebac250ff67f4d9e3195c4c7610055067

0x41fa55cefd625e50fa1ae08baea87ac5c8be0ad7

0xDC41FF140129846f7a2e63A5CcE73e9d767CB4e1

All contracts are verified on Etherscan. The Sepolia deployment has the Zama FHE coprocessor active, enabling full encrypted computation. The Mainnet deployment has FHE coprocessor unavailable, so PayGramToken was deployed with supply=0.

Getting Started

Prerequisites

• MetaMask or any EIP-1193 compatible wallet
• ETH on Sepolia testnet (for gas fees)
• Connected to either Ethereum Mainnet (chain ID: 1) or Sepolia (chain ID: 11155111)

Connect Your Wallet

1. Click "Connect Wallet" in the top-right corner of the navbar
2. Approve the connection in MetaMask
3. If on the wrong network, use the network switcher to switch to Sepolia or Mainnet
4. Once connected, you will see your address and network badge in the navbar

Employer vs Employee

The app has two views. The Employer Dashboard is accessible to the contract owner and provides full management capabilities. The Employee Portal is accessible to any connected wallet and shows employment details specific to that address. Non-owner wallets can still view the employer dashboard in read-only mode.

Employer Guide

Adding Employees

1. Navigate to the Employer Dashboard and select the "Employees" tab
2. Click "Add Employee" to open the registration form
3. Enter the employee's wallet address, monthly salary (in cUSDC), and role
4. Submit the transaction -- the salary is encrypted on-chain via FHE

Setting Trust Scores

Trust scores are set by the oracle (contract owner) through the TrustScoring contract. Scores are submitted as plaintext values (0-100) and encrypted on-chain. The score determines which payment tier each employee falls into during payroll execution.

Executing Payroll

1. Go to the "Run Payroll" tab
2. Review the payroll summary showing active employees and trust tier routing
3. Click "Execute Payroll" and confirm the transaction
4. Payments are routed automatically: high-trust gets instant, medium-trust gets 24h delay, low-trust goes to escrow

Payment History

The "Payment History" tab shows all payment records with their status (Instant, Delayed, Escrowed, Released, Completed), employee address, creation date, and release time.

Employee Guide

Viewing Your Salary

Navigate to the Employee Portal and click "Load My Info" to fetch your employment data. Your salary is encrypted on-chain -- click "Decrypt Salary" to reveal your monthly amount. Only you can decrypt your own salary.

Trust Score

Your trust score is displayed on the right sidebar with a visual meter showing the three tiers. The score determines how quickly you receive payments. Higher trust means faster access to your salary.

Payment History

The payment history section shows all your payment records, including status, type (instant/delayed/escrowed), and timestamps. Payment amounts remain encrypted -- only the metadata is visible.

Quick Actions

• View on Explorer -- Opens your address on Etherscan
• Contact Employer -- Reach out to the contract owner
• Request Score Update -- Ask for a trust score refresh

Technology

Zama fhEVM

The Fully Homomorphic Encryption Virtual Machine (fhEVM) by Zama enables computation on encrypted data directly within smart contracts. Operations like addition, comparison, and conditional selection happen on ciphertexts without decrypting them. This powers the confidential salary storage and oblivious payment routing.

ERC-7984 Confidential Tokens

PayGramToken implements the ERC-7984 standard for confidential tokens. Token balances are encrypted, transfers happen between ciphertexts, and an observer-based access control system (one observer per account) manages who can view balance information.

EigenTrust Algorithm

Trust scores are computed using EigenTrust, an iterative convergence algorithm designed for distributed reputation systems. It handles pre-trusted peers, sybil resistance, and converges to a global trust vector through iterative multiplication with a normalized trust matrix.