create-fhevm-example 1.3.1 → 1.4.0

package/contracts/basic/decryption/UserDecryptSingleValue.sol

@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, euint32} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Demonstrates the FHE decryption mechanism and highlights common pitfalls
+ *
+ * @dev This trivial example shows correct vs incorrect permission granting patterns.
+ *      Emphasizes that BOTH FHE.allowThis() and FHE.allow(user) are required for user decryption.
+ */
+contract UserDecryptSingleValue is ZamaEthereumConfig {
+    euint32 private _trivialEuint32;
+
+    // solhint-disable-next-line no-empty-blocks
+    constructor() {}
+
+    /// @notice Initialize with a trivial formula (value + 1)
+    /// @dev Demonstrates correct permission granting
+    function initializeUint32(uint32 value) external {
+        // Compute a trivial FHE formula _trivialEuint32 = value + 1
+        _trivialEuint32 = FHE.add(FHE.asEuint32(value), FHE.asEuint32(1));
+
+        // Grant FHE permissions to:
+        // ✅ The contract caller (`msg.sender`): allows them to decrypt `_trivialEuint32`.
+        // ✅ The contract itself (`address(this)`): allows it to operate on `_trivialEuint32` and
+        //    also enables the caller to perform user decryption.
+        //
+        // Note: If you forget to call `FHE.allowThis(_trivialEuint32)`, the user will NOT be able
+        //       to user decrypt the value! Both the contract and the caller must have FHE permissions
+        //       for user decryption to succeed.
+        FHE.allowThis(_trivialEuint32);
+        FHE.allow(_trivialEuint32, msg.sender);
+    }
+
+    /// @notice Demonstrate INCORRECT permission granting (Anti-pattern)
+    /// @dev Missing FHE.allowThis() causes user decryption to fail
+    function initializeUint32Wrong(uint32 value) external {
+        // Compute a trivial FHE formula _trivialEuint32 = value + 1
+        _trivialEuint32 = FHE.add(FHE.asEuint32(value), FHE.asEuint32(1));
+
+        // ❌ Common FHE permission mistake:
+        // ================================================================
+        // We grant FHE permissions to the contract caller (`msg.sender`),
+        // expecting they will be able to user decrypt the encrypted value later.
+        //
+        // However, this will fail! 💥
+        // The contract itself (`address(this)`) also needs FHE permissions to allow user decryption.
+        // Without granting the contract access using `FHE.allowThis(...)`,
+        // the user decryption attempt by the user will not succeed.
+        FHE.allow(_trivialEuint32, msg.sender);
+    }
+
+    /// @notice Returns the encrypted uint32 value
+    function encryptedUint32() public view returns (euint32) {
+        return _trivialEuint32;
+    }
+}

package/contracts/basic/encryption/EncryptMultipleValues.sol

@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {
+    FHE,
+    externalEbool,
+    externalEuint32,
+    externalEaddress,
+    ebool,
+    euint32,
+    eaddress
+} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Encrypting and handling multiple values in a single transaction efficiently.
+ *
+ * @dev Supported encrypted types:
+ *   - euint8/16/32/64/128/256: encrypted integers
+ *   - ebool: encrypted boolean
+ *   - eaddress: encrypted address
+ *   - ebytes64/128/256: encrypted bytes
+ */
+contract EncryptMultipleValues is ZamaEthereumConfig {
+    // 🔐 Three different encrypted types stored together
+    ebool private _encryptedEbool; // e.g., vote, permission flag
+    euint32 private _encryptedEuint32; // e.g., amount, balance
+    eaddress private _encryptedEaddress; // e.g., hidden recipient
+
+    constructor() {}
+
+    /// @notice Store multiple encrypted values from a single batched input
+    /// @dev Client-side batching example:
+    ///   const input = await fhevm.createEncryptedInput(contractAddr, userAddr)
+    ///     .addBool(true).add32(123).addAddress(addr).encrypt();
+    ///   // This creates ONE proof for ALL values - more gas efficient!
+    function initialize(
+        externalEbool inputEbool,
+        externalEuint32 inputEuint32,
+        externalEaddress inputEaddress,
+        bytes calldata inputProof // Single proof covers all values
+    ) external {
+        // Convert each external input to internal handle
+        _encryptedEbool = FHE.fromExternal(inputEbool, inputProof);
+        _encryptedEuint32 = FHE.fromExternal(inputEuint32, inputProof);
+        _encryptedEaddress = FHE.fromExternal(inputEaddress, inputProof);
+
+        // ⚠️ IMPORTANT: Each value needs its own permission grants!
+        // You cannot batch permission grants
+
+        FHE.allowThis(_encryptedEbool);
+        FHE.allow(_encryptedEbool, msg.sender);
+
+        FHE.allowThis(_encryptedEuint32);
+        FHE.allow(_encryptedEuint32, msg.sender);
+
+        FHE.allowThis(_encryptedEaddress);
+        FHE.allow(_encryptedEaddress, msg.sender);
+    }
+
+    function encryptedBool() public view returns (ebool) {
+        return _encryptedEbool;
+    }
+
+    function encryptedUint32() public view returns (euint32) {
+        return _encryptedEuint32;
+    }
+
+    function encryptedAddress() public view returns (eaddress) {
+        return _encryptedEaddress;
+    }
+}

package/contracts/basic/encryption/EncryptSingleValue.sol

@@ -0,0 +1,44 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, externalEuint32, euint32} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice FHE encryption mechanism with single values, including common pitfalls and best practices for developers.
+ *
+ * @dev Shows the complete flow: receiving encrypted input from user, validating proof,
+ *      storing the encrypted value, and granting permissions for decryption.
+ */
+contract EncryptSingleValue is ZamaEthereumConfig {
+    // 🔐 Stored encrypted - only authorized users can decrypt
+    euint32 private _encryptedEuint32;
+
+    constructor() {}
+
+    /// @notice Store an encrypted value submitted by the user
+    /// @dev inputEuint32: Encrypted value (created client-side with fhevm.createEncryptedInput())
+    ///      inputProof: Zero-knowledge proof that the encryption is valid
+    function initialize(
+        externalEuint32 inputEuint32,
+        bytes calldata inputProof
+    ) external {
+        // Convert external input to internal handle
+        // 📋 The proof ensures:
+        //    - Value was encrypted for THIS contract address
+        //    - Value was encrypted by THIS user (msg.sender)
+        //    - Prevents replay attacks from other contracts/users
+        _encryptedEuint32 = FHE.fromExternal(inputEuint32, inputProof);
+
+        // ⚠️ CRITICAL: Grant permissions for future decryption
+        // Without BOTH of these, user decryption will fail!
+        FHE.allowThis(_encryptedEuint32); // Contract can operate on it
+        FHE.allow(_encryptedEuint32, msg.sender); // User can decrypt it
+    }
+
+    /// @notice Returns the encrypted handle (not the actual value!)
+    /// @dev To decrypt, use fhevm.userDecryptEuint() on the client side
+    function encryptedUint32() public view returns (euint32) {
+        return _encryptedEuint32;
+    }
+}

package/contracts/basic/encryption/FHECounter.sol

@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Confidential counter implementation using FHEVM, compared with a standard counter to highlight encryption benefits.
+ *
+ * @dev Demonstrates basic FHE operations: encryption, computation, and permission management.
+ *      Shows how to work with encrypted values without ever revealing the underlying data.
+ */
+contract FHECounter is ZamaEthereumConfig {
+    // 🔐 The count is always encrypted - no one can see the actual value
+    euint32 private _count;
+
+    /// @notice Returns the encrypted count handle (not the actual value!)
+    function getCount() external view returns (euint32) {
+        return _count;
+    }
+
+    /// @notice Increments the counter by an encrypted value
+    function increment(
+        externalEuint32 inputEuint32,
+        bytes calldata inputProof
+    ) external {
+        // Convert external encrypted input to internal handle
+        // The proof is verified automatically
+        euint32 encryptedValue = FHE.fromExternal(inputEuint32, inputProof);
+
+        // Add encrypted values - computation happens on ciphertexts
+        // Neither the contract nor anyone else sees the actual numbers
+        _count = FHE.add(_count, encryptedValue);
+
+        // ⚠️ CRITICAL: Both permissions required for user decryption!
+        FHE.allowThis(_count); // Contract can continue using this value
+        FHE.allow(_count, msg.sender); // Caller can decrypt it
+    }
+
+    /// @notice Decrements the counter by an encrypted value
+    function decrement(
+        externalEuint32 inputEuint32,
+        bytes calldata inputProof
+    ) external {
+        euint32 encryptedValue = FHE.fromExternal(inputEuint32, inputProof);
+
+        // Subtract encrypted values
+        // ⚠️ No underflow protection here - add checks in production!
+        _count = FHE.sub(_count, encryptedValue);
+
+        FHE.allowThis(_count);
+        FHE.allow(_count, msg.sender);
+    }
+}

package/contracts/basic/fhe-operations/FHEAdd.sol

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, euint8, externalEuint8} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Simple example: adding two encrypted values (a + b)
+ *
+ * @dev Demonstrates the most basic FHE operation and permission flow.
+ */
+contract FHEAdd is ZamaEthereumConfig {
+    euint8 private _a;
+    euint8 private _b;
+    euint8 private _result;
+
+    constructor() {}
+
+    /// @notice Set the first operand (encrypted)
+    function setA(externalEuint8 inputA, bytes calldata inputProof) external {
+        _a = FHE.fromExternal(inputA, inputProof);
+        // Only contract needs permission to use this for computation
+        FHE.allowThis(_a);
+    }
+
+    /// @notice Set the second operand (encrypted)
+    function setB(externalEuint8 inputB, bytes calldata inputProof) external {
+        _b = FHE.fromExternal(inputB, inputProof);
+        FHE.allowThis(_b);
+    }
+
+    /// @notice Compute a + b on encrypted values
+    /// @dev The contract computes on ciphertexts - it never sees actual values!
+    function computeAPlusB() external {
+        // 🔐 Addition on encrypted values
+        // Neither the contract nor anyone else knows what a, b, or result are
+        _result = FHE.add(_a, _b);
+
+        // 📋 PERMISSION FLOW:
+        // During this function, contract has "ephemeral" permission on _result
+        // When function ends, ephemeral permission is revoked
+        // We need PERMANENT permissions for future access:
+        FHE.allowThis(_result); // Contract can use result later
+        FHE.allow(_result, msg.sender); // Caller can decrypt result
+    }
+
+    /// @notice Returns the encrypted result
+    function result() public view returns (euint8) {
+        return _result;
+    }
+}

package/contracts/basic/fhe-operations/FHEArithmetic.sol

@@ -0,0 +1,99 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Demonstrates all FHE arithmetic operations on encrypted integers
+ *
+ * @dev This contract shows how to perform mathematical operations on encrypted values
+ *      without ever revealing the underlying data.
+ *
+ * Available operations:
+ * - FHE.add(a, b)  : Addition
+ * - FHE.sub(a, b)  : Subtraction
+ * - FHE.mul(a, b)  : Multiplication
+ * - FHE.div(a, b)  : Division (integer)
+ * - FHE.rem(a, b)  : Remainder (modulo)
+ * - FHE.min(a, b)  : Minimum of two values
+ * - FHE.max(a, b)  : Maximum of two values
+ */
+contract FHEArithmetic is ZamaEthereumConfig {
+    euint32 private _a;
+    euint32 private _b;
+    euint32 private _result;
+
+    // solhint-disable-next-line no-empty-blocks
+    constructor() {}
+
+    /// @notice Sets the first operand (encrypted)
+    function setA(externalEuint32 inputA, bytes calldata inputProof) external {
+        _a = FHE.fromExternal(inputA, inputProof);
+        FHE.allowThis(_a);
+    }
+
+    /// @notice Sets the second operand (encrypted)
+    function setB(externalEuint32 inputB, bytes calldata inputProof) external {
+        _b = FHE.fromExternal(inputB, inputProof);
+        FHE.allowThis(_b);
+    }
+
+    /// @notice Computes encrypted addition: result = a + b
+    function computeAdd() external {
+        _result = FHE.add(_a, _b);
+        _grantPermissions();
+    }
+
+    /// @notice Computes encrypted subtraction: result = a - b
+    /// @dev No underflow protection - in production, add range checks
+    function computeSub() external {
+        _result = FHE.sub(_a, _b);
+        _grantPermissions();
+    }
+
+    /// @notice Computes encrypted multiplication: result = a * b
+    /// @dev No overflow protection - in production, add range checks
+    function computeMul() external {
+        _result = FHE.mul(_a, _b);
+        _grantPermissions();
+    }
+
+    /// @notice Computes encrypted division: result = a / b (scalar)
+    /// @dev Divisor must be a scalar (plaintext) because FHE division by encrypted value is not supported.
+    function computeDiv(uint32 divisor) external {
+        _result = FHE.div(_a, divisor);
+        _grantPermissions();
+    }
+
+    /// @notice Computes encrypted remainder: result = a % b (scalar)
+    /// @dev Divisor must be a scalar (plaintext).
+    function computeRem(uint32 modulus) external {
+        _result = FHE.rem(_a, modulus);
+        _grantPermissions();
+    }
+
+    /// @notice Computes encrypted minimum: result = min(a, b)
+    function computeMin() external {
+        _result = FHE.min(_a, _b);
+        _grantPermissions();
+    }
+
+    /// @notice Computes encrypted maximum: result = max(a, b)
+    function computeMax() external {
+        _result = FHE.max(_a, _b);
+        _grantPermissions();
+    }
+
+    /// @notice Returns the encrypted result
+    /// @dev Caller must have FHE permissions to decrypt
+    function getResult() public view returns (euint32) {
+        return _result;
+    }
+
+    /// @dev Grants FHE permissions to contract and caller for decryption
+    function _grantPermissions() internal {
+        FHE.allowThis(_result);
+        FHE.allow(_result, msg.sender);
+    }
+}

package/contracts/basic/fhe-operations/FHEComparison.sol

@@ -0,0 +1,116 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {
+    FHE,
+    ebool,
+    euint32,
+    externalEuint32
+} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Demonstrates all FHE comparison operations on encrypted integers
+ *
+ * @dev This contract shows how to compare encrypted values without decrypting them.
+ *      Comparison results are returned as encrypted booleans (ebool).
+ *
+ * Available operations:
+ * - FHE.eq(a, b)   : Equal (a == b)
+ * - FHE.ne(a, b)   : Not equal (a != b)
+ * - FHE.gt(a, b)   : Greater than (a > b)
+ * - FHE.lt(a, b)   : Less than (a < b)
+ * - FHE.ge(a, b)   : Greater or equal (a >= b)
+ * - FHE.le(a, b)   : Less or equal (a <= b)
+ * - FHE.select(cond, a, b) : Conditional selection (cond ? a : b)
+ */
+contract FHEComparison is ZamaEthereumConfig {
+    euint32 private _a;
+    euint32 private _b;
+    ebool private _boolResult;
+    euint32 private _selectedResult;
+
+    // solhint-disable-next-line no-empty-blocks
+    constructor() {}
+
+    /// @notice Sets the first operand (encrypted)
+    function setA(externalEuint32 inputA, bytes calldata inputProof) external {
+        _a = FHE.fromExternal(inputA, inputProof);
+        FHE.allowThis(_a);
+    }
+
+    /// @notice Sets the second operand (encrypted)
+    function setB(externalEuint32 inputB, bytes calldata inputProof) external {
+        _b = FHE.fromExternal(inputB, inputProof);
+        FHE.allowThis(_b);
+    }
+
+    /// @notice Computes encrypted equality: result = (a == b)
+    function computeEq() external {
+        _boolResult = FHE.eq(_a, _b);
+        _grantBoolPermissions();
+    }
+
+    /// @notice Computes encrypted inequality: result = (a != b)
+    function computeNe() external {
+        _boolResult = FHE.ne(_a, _b);
+        _grantBoolPermissions();
+    }
+
+    /// @notice Computes encrypted greater than: result = (a > b)
+    function computeGt() external {
+        _boolResult = FHE.gt(_a, _b);
+        _grantBoolPermissions();
+    }
+
+    /// @notice Computes encrypted less than: result = (a < b)
+    function computeLt() external {
+        _boolResult = FHE.lt(_a, _b);
+        _grantBoolPermissions();
+    }
+
+    /// @notice Computes encrypted greater or equal: result = (a >= b)
+    function computeGe() external {
+        _boolResult = FHE.ge(_a, _b);
+        _grantBoolPermissions();
+    }
+
+    /// @notice Computes encrypted less or equal: result = (a <= b)
+    function computeLe() external {
+        _boolResult = FHE.le(_a, _b);
+        _grantBoolPermissions();
+    }
+
+    /// @notice Computes encrypted maximum using select: result = (a > b) ? a : b
+    /// @dev Demonstrates FHE.select for conditional logic on encrypted values
+    function computeMaxViaSelect() external {
+        ebool aGtB = FHE.gt(_a, _b);
+        _selectedResult = FHE.select(aGtB, _a, _b);
+        FHE.allowThis(_selectedResult);
+        FHE.allow(_selectedResult, msg.sender);
+    }
+
+    /// @notice Computes encrypted minimum using select: result = (a < b) ? a : b
+    function computeMinViaSelect() external {
+        ebool aLtB = FHE.lt(_a, _b);
+        _selectedResult = FHE.select(aLtB, _a, _b);
+        FHE.allowThis(_selectedResult);
+        FHE.allow(_selectedResult, msg.sender);
+    }
+
+    /// @notice Returns the encrypted boolean result
+    function getBoolResult() public view returns (ebool) {
+        return _boolResult;
+    }
+
+    /// @notice Returns the encrypted selected result
+    function getSelectedResult() public view returns (euint32) {
+        return _selectedResult;
+    }
+
+    /// @dev Grants FHE permissions for boolean result
+    function _grantBoolPermissions() internal {
+        FHE.allowThis(_boolResult);
+        FHE.allow(_boolResult, msg.sender);
+    }
+}

package/contracts/basic/fhe-operations/FHEIfThenElse.sol

@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, ebool, euint8, externalEuint8} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Demonstrates conditional logic: max(a, b) using encrypted comparison
+ *
+ * @dev Shows how to use FHE.select() for encrypted if-then-else logic.
+ */
+contract FHEIfThenElse is ZamaEthereumConfig {
+    euint8 private _a;
+    euint8 private _b;
+    euint8 private _max;
+
+    constructor() {}
+
+    /// @notice Sets the first operand (encrypted)
+    function setA(externalEuint8 inputA, bytes calldata inputProof) external {
+        _a = FHE.fromExternal(inputA, inputProof);
+        FHE.allowThis(_a);
+    }
+
+    /// @notice Sets the second operand (encrypted)
+    function setB(externalEuint8 inputB, bytes calldata inputProof) external {
+        _b = FHE.fromExternal(inputB, inputProof);
+        FHE.allowThis(_b);
+    }
+
+    /// @notice Compute max(a, b) without revealing which is larger
+    /// @dev Uses FHE.select() - the encrypted "if-then-else"
+    function computeMax() external {
+        // 🔍 Compare encrypted values - result is encrypted boolean!
+        // We don't know if a >= b, only the encrypted result
+        ebool aIsGreaterOrEqual = FHE.ge(_a, _b);
+
+        // 🔀 FHE.select(condition, ifTrue, ifFalse)
+        // - BOTH branches are evaluated (no short-circuit)
+        // - Result is encrypted - no one knows which was selected
+        // - This is how you do "if-else" on encrypted values!
+        _max = FHE.select(aIsGreaterOrEqual, _a, _b);
+
+        // Grant permissions for decryption
+        FHE.allowThis(_max);
+        FHE.allow(_max, msg.sender);
+    }
+
+    /// @notice Returns the encrypted result
+    function result() public view returns (euint8) {
+        return _max;
+    }
+}

package/contracts/concepts/FHEAccessControl.sol

@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+pragma solidity ^0.8.24;
+
+import {FHE, euint32, externalEuint32} from "@fhevm/solidity/lib/FHE.sol";
+import {ZamaEthereumConfig} from "@fhevm/solidity/config/ZamaConfig.sol";
+
+/**
+ * @notice Critical access control patterns in FHEVM: FHE.allow, FHE.allowThis, FHE.allowTransient. Includes common mistakes and correct implementations.
+ *
+ * @dev Key functions:
+ *      FHE.allow(handle, address) - permanent permission
+ *      FHE.allowThis(handle)      - permission for contract itself
+ *      FHE.allowTransient(handle, address) - temporary, expires at tx end
+ */
+contract FHEAccessControl is ZamaEthereumConfig {
+    euint32 private _secretValue;
+    mapping(address => bool) public hasAccess;
+
+    constructor() {}
+
+    // ==================== CORRECT PATTERN ====================
+
+    /// @notice ✅ CORRECT: Full access pattern for user decryption
+    function storeWithFullAccess(
+        externalEuint32 input,
+        bytes calldata inputProof
+    ) external {
+        _secretValue = FHE.fromExternal(input, inputProof);
+
+        // ⚠️ CRITICAL: BOTH are required for user decryption!
+        FHE.allowThis(_secretValue); // Contract can operate on it
+        FHE.allow(_secretValue, msg.sender); // User can decrypt it
+
+        // ❓ Why allowThis is needed for user decryption?
+        // User decryption = re-encryption for user's key
+        // This requires contract's permission to "release" the value
+
+        hasAccess[msg.sender] = true;
+    }
+
+    /// @notice Grant access to additional users
+    function grantAccess(address user) external {
+        require(hasAccess[msg.sender], "Caller has no access to grant");
+
+        // ✅ Works because contract has allowThis permission
+        FHE.allow(_secretValue, user);
+        hasAccess[user] = true;
+    }
+
+    function getSecretValue() external view returns (euint32) {
+        return _secretValue;
+    }
+
+    // ==================== WRONG PATTERNS (EDUCATIONAL) ====================
+
+    /// @notice ❌ WRONG: Missing allowThis → user decryption FAILS
+    function storeWithoutAllowThis(
+        externalEuint32 input,
+        bytes calldata inputProof
+    ) external {
+        _secretValue = FHE.fromExternal(input, inputProof);
+
+        // ❌ Missing: FHE.allowThis(_secretValue)
+        // User has permission, but decryption will FAIL!
+        FHE.allow(_secretValue, msg.sender);
+    }
+
+    /// @notice ❌ WRONG: Missing allow(user) → no one can decrypt
+    function storeWithoutUserAllow(
+        externalEuint32 input,
+        bytes calldata inputProof
+    ) external {
+        _secretValue = FHE.fromExternal(input, inputProof);
+
+        FHE.allowThis(_secretValue);
+        // ❌ Missing: FHE.allow(_secretValue, msg.sender)
+        // Contract can operate, but no one can decrypt!
+    }
+
+    // ==================== TRANSIENT ACCESS ====================
+
+    /// @notice Temporary access - expires at end of transaction
+    /// @dev Use for: passing values between contracts in same tx
+    function computeAndShareTransient(
+        address recipient
+    ) external returns (euint32) {
+        euint32 computed = FHE.add(_secretValue, FHE.asEuint32(1));
+
+        // 💨 Transient = cheaper than permanent, auto-expires
+        FHE.allowTransient(computed, recipient);
+
+        return computed;
+    }
+}