Cryptographic Foundations of Enygma

Enygma is built on a stack of well-established cryptographic primitives, each chosen to address a specific requirement of confidential, institutional-grade settlement. Together, these components allow the network to enforce correctness, preserve privacy, and remain resilient against both classical and quantum adversaries, without relying on trusted intermediaries.

At the heart of the system are Zero-Knowledge Proofs (ZK-SNARKs, using the Groth16 proving system), which mathematically prove that a statement is true without revealing any of the underlying data. This allows a bank, for example, to demonstrate it holds sufficient balance to settle a payment without disclosing that balance to anyone on the network. Transaction validity is enforced cryptographically rather than through a trusted third party, and Enygma uses ZKPs to validate every transaction on the network. Amounts, sender, and receiver are never exposed, yet correctness is always provable.

Token balances themselves are concealed using Pedersen Commitments, a cryptographic commitment scheme that hides a value while binding the committer to it so that it cannot be changed after the fact. Balances remain hidden from the network, but the token holder retains full sovereign control: only they (or their designated auditor) can read the balance. The scheme also supports privacy-preserving arithmetic, meaning the network can verify that inputs equal outputs in a transaction without seeing any of the underlying numbers. Crucially, this preserves token sovereignty, as the issuer cannot freeze, inflate, or inspect balances without the holder's keys. Pedersen Commitments are the foundation of confidential token ownership in Enygma and are used to represent shielded balances throughout the system.

To enable computation over confidential data, Enygma incorporates Homomorphic Encryption, which allows operations to be performed directly on encrypted values such that the decrypted result matches what would have been produced on the plaintext. Smart contracts can therefore process, validate, and update encrypted balances without ever seeing the actual values. This is what makes confidential delivery-versus-payment possible: the system can verify both legs of a DvP transaction atomically, without either party exposing their position. In practice, HE is what enables programmable operations on confidential balances in Enygma, delivering privacy without sacrificing smart contract composability.

Recipients identify their incoming transactions through Private Tags, cryptographic identifiers based on SHA-256 that allow a recipient to detect and claim incoming transactions without scanning the entire chain publicly. Institutions can receive confidential payments without broadcasting their address or revealing monitoring activity to the wider network, preserving anonymity at the receiving end so that no external observer can link an incoming transfer to a specific institution. Private Tags power Enygma's transaction detection model, in which recipients scan privately rather than publicly.

Enygma further separates authority over funds through a **Separated Spending Key / Viewing Key **architecture. Two distinct cryptographic keys govern any account: one authorises spending (moving funds), and the other authorises reading (inspecting balances and history). The two are mathematically independent and cannot be derived from each other. A regulator or auditor granted only the viewing key can inspect transaction history but cannot move, freeze, or interfere with funds under any circumstances. This is a cryptographic separation of duties that, unlike a policy-based control, cannot be overridden by an administrator, platform operator, or compromised internal party. It enables selective regulatory disclosure: a bank can grant its central bank auditor a time-scoped or account-scoped view key without exposing the rest of its operations. This design is core to Enygma's audit model and underpins the Auditor View capability described in the academic papers.

Looking ahead to the post-quantum era, Enygma uses ML-KEM, the lattice-based key encapsulation mechanism standardised by NIST in 2024 as the post-quantum replacement for ECDH-based key exchange. Shared secrets generated during participant registration are protected against future quantum computers, defeating "harvest now, decrypt later" attacks that would otherwise retroactively expose who transacted with whom. Adopting ML-KEM also aligns Enygma with the same post-quantum standard now being deployed across TLS and global communications infrastructure. ML-KEM has replaced CSIDH for auditor key exchange (QS-01, completed) and represents the most critical quantum upgrade in the Enygma stack.

Finally, Enygma adopts a UTXO-based transaction model, tracking individual token units rather than account balances. Each transaction consumes previous outputs and creates new ones, with no persistent account balance for an observer to monitor, making it significantly harder to trace value flows across the network. This model also enables atomic multi-party settlement: DvP and PvP flows can be constructed so that both legs either settle together or neither does, with no partial exposure. The UTXO model underpins Enygma's anonymity guarantees and is central to how confidential DvP is structured.