BlocPaie

Payroll on-chain has an obvious problem: salary is public. You wouldn't accept a paper paycheck that announces your wage to everyone in the building. The same is true for on-chain payments — every contractor can see what everyone else earns, every competitor can analyze your headcount costs, every regulator can map your entire org chart. The naive fix (off-chain computation) just recreates a trusted intermediary. FHE is the real answer: computations on the encrypted values themselves.

ZAMA's FHE library allows arithmetic on encrypted integers without decryption. The payroll contract computes on euint256 values — the employer deposits encrypted USDC, the contract computes disbursements, and contractors receive their share without the amounts ever being revealed in plaintext on-chain. The EIP-7702 adapter (Porto SDK + Ithaca Relay) lets contractors authenticate with passkeys instead of seed phrases — they interact via ERC-4337 account abstraction with gas sponsorship.

The FHE adapter pattern is the interesting piece: it sits between the invoice-generation flow and the on-chain settlement. The employer approves an encrypted payroll run; the adapter handles the FHE computation and forwards only the encrypted result to the disbursement contract. This separation keeps the FHE complexity isolated from the payment logic. Gas sponsorship via Ithaca Relay means contractors never need to hold native tokens to receive payment.

FHE is still expensive and slow. The current ZAMA implementation has significant gas overhead compared to plaintext computation — the tradeoff is only worthwhile when confidentiality is a hard requirement. EIP-7702 + passkeys is a genuinely good UX improvement for non-crypto-native users; the account abstraction layer is invisible to the end user.