Great work on ERC-7984. The pointer-based, technology-agnostic design is the right approach for standardizing confidential tokens.
One area I’d like to discuss: concurrency under the account-based model.
confidentialBalanceOf(address) -> bytes32 stores one encrypted balance per account. Every confidentialTransfer reads and writes the sender’s balance. If Alice submits two transfers in the same block, both read the same initial balance — only one can succeed. This becomes a bottleneck for payroll, AMM pools, market makers, and batch settlement scenarios.
We ran into this problem while building VOSA (Virtual One-time Sub-Account), a privacy token protocol using a UTXO-like model where each balance is an independent one-time address. The tradeoff is more wallet/SDK complexity, but it gives full parallelism — multiple transfers from the same user in a single block, no state contention. More details in our VOSA-20 and pERC-20 proposals.
Curious whether the team has considered this, and whether FHE-based implementations might have techniques that naturally handle parallel balance updates (e.g., commutative homomorphic operations)?