_iant: Build in the dark and map the current crypto privacy landscape

Original author: Derek Walkush, Venture Partner, iant Fund

Original compilation: Luffy, Foresight News

In the future, most on-chain transactions are likely to be private.

The transparency of cryptocurrencies binds many app developers. There’s a lot of design space for developers to build applications with sensitive user data, from games to private order books to MEV infrastructure.

Data breaches more than doubled from 2015 to 2022, and tech consumers are now more concerned about the protection of personal data. While privacy concerns may ebb and wane, a larger trend is becoming clear: as massive data collection and data commercialization grow, online footprints are increasingly being traced back to big tech giants and external adversaries targeting these honeypots.

Within the mature app category, some existing apps are facing new privacy-first challengers, just look at the rise of encrypted messaging apps such as Telegram and Signal from 2019 to 2021. In the crypto space, Brave has seen impressive growth in the recent bear market, climbing to 66 million ATH MAUs in November 2023. In the long run, that’s about 15% of Firefox’s 2022 user base. As a result, many crypto projects are now racing to offer compelling productized tools and solutions that make building privacy applications as simple as possible.

There are countless examples of privacy technologies being leveraged in cryptocurrency. On the consumer side, we’re seeing exciting experiments with full-chain privacy games like poker and fog of war. In the DeFi space, some are building “dark order books,” which are trading environments that are inaccessible to public market participants. (To add a bit of background, in April 2019, dark pools executed about 40% of traditional stock trading volumes) Dark pool liquidity can also drive more efficient market outcomes by reducing MEV. Due to the fully public nature of blockchain, many established trading firms are prohibited from executing complex strategies, so private transactions can open the door for more specialized financial players to enter the crypto ecosystem.

The lack of user privacy in cryptocurrencies remains a bottleneck to expanding adoption. To adapt to new privacy expectations, crypto app builders must prioritize privacy from the start.

So, how should crypto app builders navigate privacy solutions?

Ways to protect user privacy

Currently, the main common methods for building private applications are Trusted Execution Environment (TEE), Zero-Knowledge (ZK), Multi-Party Computation (MPC), and Fully Homomorphic Encryption (FHE). Here’s a brief overview of each approach, as well as representative projects.

The field as a whole is still in its very early stages, so the following comparisons are just predictions of how each technology will evolve in the coming years. These methods are also not equivalent or interchangeable; in general, they can be broadly divided into specialized hardware (TEE) and cryptography (ZK, MPC, FHE). In addition, many of them actually overlap. For example, FHE must be used in conjunction with ZK or MPC. That being said, by looking at the trajectory of each approach, we can draw insights into how privacy is evolving more broadly.

TEE

Description: A trusted, secure off-chain computing environment

Projects: ARM TrustZone, AWS Nitro, Intel SGX, Secret Network

ZK

Description: Applies zero-knowledge cryptography to verify private data and computations

Project: Aleo, Aztec, Mina, Nocturne, Privacy Pools

MPC

Description: Joint computation of separate fragments of private data

Item: Nillion

FHE

Description: Computation of encrypted data

Projects: Fhenix, Inco, Sunscreen, Zama

The two key factors in choosing an infrastructure are privacy, trust, assumptions, and performance. These are very subtle terms, and the chart below explains both concepts. They demonstrate the assumptions that data remains private, which is extremely important for developers considering building private applications, and the trade-offs involved in achieving a particular level of performance.

Over time, we can expect market forces to lead to more efficient outcomes for many of these technologies. Hardware acceleration and other catalysts may significantly improve the performance of new technologies, although the time frame is still fairly unclear. Each of these methods can have a foothold in the market in the long run.

The diagram below compares each of the key dimensions, including: composability, which means the ability of other applications to interact with the privacy state, technical complexity, the potential to create a decentralized protocol, current performance level, which means potential throughput, and the best use cases based on the previously mentioned dimensions. The chart can be thought of as a trade-off that each method makes for its performance level.

As shown above, each approach has different trade-offs. None of them will outright the others, but each has a specific category of applications that suit. For example, a company building a more centralized dark order book can use a TEE, while a project building a privacy lending protocol can choose either FHE or ZK.

Note that many techniques can be combined, and their intersection is often some of the most interesting approaches. For example, ZKP can be used to remove the operator function of TEE-based dark order books, while MPC is commonly used to distribute encryption keys in FHE. The purpose of these classifications is to distill the highest-level technical considerations for each independent approach. Finally, this category has clear regulatory implications for potentially illegal activities, and compliance is critical for infrastructure builders.

Pros and cons of each method

TEE

A Trusted Execution Environment (TEE) involves off-chain computation in a trusted, secure environment. TEEs are already being used by many crypto organizations for a variety of tasks, and privacy applications are just one of the small use cases. They can be software or hardware-based, but hardware is the most prevalent. Since this infrastructure is off-chain and in an isolated environment, trading remains hidden from public market participants.

In practice, this could look like a trader placing an order without knowing the full order book and matching if the other side of that trade in the pool has liquidity, without any party revealing their bid or ask price.

So far, a notable application of TEE has been dark order books, and similar infrastructure already exists in TradFi: “dark pools”, which are private trading venues outside the open market and operated by some of the world’s largest financial institutions: Goldman Sachs’ Sigma X and Morgan Stanley’s MS Pool are two examples. Dark pools are used to limit the impact of large transactions on the market.

While the TEE performance is high, and it is the only effective centralized method mentioned in this article, it has various drawbacks. One criticism is that they are only minor improvements compared to most traditional hardware and come with similar risks. Side-channel attacks are a notable problem and have happened in the past, and developers need to rely heavily on the manufacturer’s representatives. That being said, they’re very useful, easy to build, and performant.

Advantages:

• The infrastructure is powerful, tested, and operational
• Excellent performance compared to current alternatives

Disadvantages:

• It is often necessary to channel sufficient liquidity for applications such as dark pools
• Rely on centralized vendors such as AWS, Intel, etc., which are occasionally attacked and introduce censorship/deplatforming risks

ZK

Zero-knowledge (ZK) can be used to prove the correctness of a computation without revealing any information. ZK is an extremely far-reaching technology, and privacy is only a small use case. To date, ZK has been primarily used for blockchain scaling – moving intensive computation off-chain and then using ZKP to verify the correctness of the computation. There are a variety of ZK applications in the privacy space, which can be broadly divided into three categories: generic ZKs, ZK L1/L2, and privacy pools.

First, developers who leverage ZK for privacy applications can build their own proof circuits from scratch or use zkVM. zkVM provides an execution environment for arbitrary code and generates ZKP receipts that verify that the code is executed honestly without revealing any data about the actual calculations. Importantly, generalizable zkVMs must be combined with decentralized privacy-preserving computing (DPC) schemes such as Zexe.

Second, ZK L1 and L2 allow users to transact with privacy state in an ecosystem, or transfer privacy on-chain operations to these networks. They effectively built a privacy-first zkVM. For example, Aleo, Aztec, Mina, etc.

Finally, private mining pools mask transactions on public chains. They use ZK to verify users’ deposit addresses, hiding the flow of funds to new withdrawal addresses. Privacy pools are not only for users to use, but can also be integrated with certain applications.

Importantly, ZKs are essentially verifying the privacy state, so there must still be a privacy enforcement environment to generate proofs. In many cases, this is the client and directly on the user’s device (where the actual private data in its raw form is stored). An early example of ZK in terms of privacy is decentralized identity, where users can prove sensitive aspects of their identity without having to expose the actual data on-chain.

Advantages:

• Highly versatile and suitable for many privacy use cases
• Composability, which means that applications can enter a passive privacy state

Disadvantages:

• Computationally intensive, the technology is still in its early stages (albeit further than FHE)
• Knowledge of different programming languages or ZK circuits is often required

MPC

Secure Multi-Party Computation (MPC) enables multiple parties to jointly perform computations on private data, where each party holds only a portion of the private data. One party doesn’t have access to private data, and different parties don’t have access to the rest of the data. MPC has a lot of use cases in the cryptographic space (key management is a noteworthy example), but privacy applications are just starting to emerge.

There are actually two ways to build such an MPC: 1) the user is a participant in the federated computation, or 2) the user delegates the transaction to another party. The first is ideal from the point of view of the trust assumption, but it is logically more difficult to execute; It should also be mentioned that an obvious risk of MPC is collusion between parties, who may combine their shards to view private data.

MPC is best used for privacy-preserving computing that involves multiple parties. Other technical approaches such as FHE often rely on MPC, so if the number of parties involved is large and appropriately distributed, and the computation is one-time and not very complex, then MPC may be sufficient. Decentralized poker games are a great use case for MPC.

Advantages:

• Can be applied to many privacy use cases involving one-time computing

Disadvantages:

• Does not adapt well to the number of participants
• Cannot be used for high-throughput applications because execution is quite slow

FHE

Fully homomorphic encryption (FHE) allows computation to be performed on an encrypted privacy state. In other words, users can make transactions on-chain without revealing any information about the transaction. When a user swaps tokens or deposits a loan pool on a DEX, information on which tokens are swapped or how many tokens are deposited is not revealed.

But relying on FHE alone is not enough to protect privacy. Most methods use some combination with MPC to shard encryption keys, so no single centralized party is able to decrypt all privacy states. ZKs are also frequently used to verify transactions, including the validity of outputs and inputs, so contracts can interact with a private state without revealing information.

The technology is still in its very early stages, with schemes such as TFHE being released only a few years ago to achieve exact and approximate outputs for all four major mathematical operations. In addition, hardware acceleration is necessary for any reasonable level of performance. FHE is also not particularly scalable in successive rounds of computation, there is random noise in the encrypted data, and the data grows nonlinearly as the computation increases. While FHE is in an earlier stage of development than the other mentioned methods, it is optimal for computations that require high composability of a small number of participants, such as private lending marketplaces and high-value consumer applications.

Advantages:

• The only way to share privacy state on-chain
• Can be applied to most privacy use cases

Disadvantages:

• Poor performance in the current state
• Relies on other technologies such as ZK and MPC, all of which have their own shortcomings and trust assumptions

Expectation

Privacy infrastructure and apps are now a necessity for cryptocurrencies and are still in the initial stages of development. We expect these solutions to evolve rapidly and promisingly.

Each of the privacy solutions presented here has different trade-offs and is suitable for different application scenarios. The privacy category emerged so early and on such a scale that it would be premature to say that a single approach would win.

In the long run, many new privacy-related technologies will inevitably emerge. This category is one of the most dynamic and fast-moving, yet opaque, in the cryptocurrency space. It is clear that this is only the first era of innovation.

Special thanks to Ravital Solomon (Sunscreen), Sam Trautwein (Tristero), Shumo Chu (Nebra), Weiking, Nicola Greco (Protocol Labs) and Aztec, Aleo team. The views expressed in this article do not necessarily represent theirs.