iExec RLC

The Confidential Vault: A Technical Overview
Active strategy vaults are a proven category in on-chain asset management. ERC-7540 standardized the asynchronous vault model that institutional managers require: request-based deposits and redemptions, settlement cycles aligned with off-chain operations, and the lifecycle hooks needed for KYC and regulated workflows.
What the category lacks is confidential execution. Every position, rebalancing decision, and routing choice is written to the public state on execution. Competitors observe it. MEV bots front-run it. Institutional LPs cannot meet mandate conditions that require position privacy. Regulators cannot be granted scoped access when the data is already public to everyone.
iExec unlocked a new use case on Nox that addresses this directly: the Confidential Vault. It combines ERC-7540 with ERC-7984, the confidential token standard, into Confidential ERC-7540. 
Encrypted state transitions execute inside Intel TDX-based Trusted Execution Environments (TEE), with on-chain attestation. Vault structure stays public. Position data stays encrypted. Disclosure is selective, scoped, and revocable.
The Standards
ERC-7540 is the asynchronous tokenized vault standard. A depositor submits a request deposit, the operator processes it during a settlement cycle, and the depositor calls deposit to claim shares once fulfilled. The same applies in reverse for redemptions. This is the model active strategy vaults and RWA vehicles already operate under.
ERC-7984 is the confidential token standard. Balances are stored on-chain as ciphertext, encrypted data that appears as a meaningless string to anyone reading the chain, and can only be decrypted by parties holding the right access permissions.
Transfers execute through encrypted operations, with no plaintext amount written to the public state.
Holders read their own balance through a permissioned decryption path.
Third parties observe ciphertext.
Confidential ERC-7540 is one example of what Nox enables. It is ERC-7540 with a confidentiality layer applied through Nox. The vault follows the standard ERC-7540 lifecycle, and the ERC-7540 interface remains intact, so existing integrations continue to function without modification. The share token and accounting layer use ERC-7984 primitives, so balances and amounts stay encrypted on-chain.
Public vs. Encrypted State? 
Public: vault address and configuration, asset and share token references, fee parameters, the permission registry, request and settlement events, and the attestations from each TEE execution.
Encrypted: per-LP balances, deposit and redemption amounts, position composition, intermediate strategy values, and reward computations prior to distribution.
The vault remains structurally auditable. The amounts, positions, and strategy data behind each transition remain confidential.
Execution Under Nox
Confidential operations execute inside a Trusted Execution Environment provisioned by Nox. Intel TDX isolates the environment at the hardware level. Inputs are decrypted only inside the enclave, strategy logic executes on plaintext data within it, and encrypted outputs are returned to the chain alongside a cryptographic attestation. The vault contract verifies the attestation on-chain before any state update.
The chain never sees plaintext. The chain has cryptographic evidence that the declared logic ran correctly on the committed inputs. No party, including iExec, has access to the enclave state.
Confidential Primitives
Vault developers do not implement cryptography. Nox ships the primitives directly:
Encrypted balance accounting for share issuance, redemption, and transfer.Encrypted transfers that execute without exposing amounts on-chain.Access control on encrypted fields, enforced at the protocol layer per field and per address.Attested computation, verified on-chain before any state update.
Builders integrate these as protocol calls.
Vault Creator deploys the vault, registers the strategy logic measurement, sets fees, and manages the permission registry. Has no default visibility into LP positions; access requires an explicit permission entry.
Liquidity Provider submits encrypted deposit and redemption requests. Can decrypt their own position and grant scoped read access to custodians, prime brokers, or counterparties. Permissions are revocable.
Auditor / Regulator receives selective read access scoped to specific fields required by their mandate. Access is enforced cryptographically rather than by policy. Read access to one field does not extend to any other. Access is revocable.
Selective disclosure is implemented at the protocol layer. The permission registry is an on-chain mapping from (address, field) to a decryption capability. Granting access writes an entry; revoking removes it. Reads against encrypted state are gated by the registry.
This matches the disclosure model regulated funds already operate under: scoped access for auditors and counterparties on demand, without exposing the same data to the broader market. Compliance is configurable rather than structural.
Two properties hold simultaneously after every execution. The chain has cryptographic evidence that the declared strategy logic was executed correctly, via the Intel TDX attestation. The chain does not have visibility into the plaintext inputs, intermediate values, or per-LP data. Counterparties verify behavior without observing the underlying data.
This is the property that distinguishes the Confidential Vault from off-chain execution or off-chain custody. Confidentiality and on-chain verifiability are preserved together.
What This Enables
For active strategy managers, vault transparency stays in place to preserve trust, while strategy intelligence stays private.
For RWA issuers and tokenized fund managers, position-level privacy and selective disclosure become available without operating outside the on-chain stack.
For vault protocol builders, confidentiality plugs into existing ERC-7540 infrastructure as a capability rather than a rebuild.

The Confidential Vault is a use case on Nox that resolves the structural constraint blocking confidential strategy execution on-chain. It is built on Confidential ERC-7540, combining the asynchronous vault standard with the confidential token standard. Disclosure is permissioned, scoped, and revocable.
Vault structure stays public. Positions, amounts, and strategy logic stay encrypted. Regulators get the access they need. The market does not.
Confidentiality is the missing primitive in on-chain finance. Powered by Nox, iExec is shipping it as a use case partners can build on today.
Start here: https://cvault.demo.noxprotocol.io/
Let’s Chat: https://www.iex.ec/contact-us 
$RLC

Il Nuovo Standard per la Privacy nei Vault di Asset Gestiti
Il mondo della Finanza Decentralizzata (DeFi) ha tradizionalmente operato su un principio di assoluta trasparenza. Anche se questa apertura è un pilastro fondamentale della blockchain, crea anche un ostacolo importante per gli investitori professionisti e i gestori di fondi che necessitano di privacy per operare in modo efficace.
Nel DeFi, un vault è un contratto intelligente che gestisce asset per più utenti. I vault passivi funzionano come semplici conti di risparmio, dove gli asset vengono depositati e il rendimento viene generato automaticamente. I vault a strategia attiva sono diversi. Si basano su manager professionisti che prendono decisioni, allocano capitale, riequilibrano i portafogli ed eseguono strategie.