Variant Partner Overview of Cryptographic Privacy Solutions and Representative Projects

Comprehensive Overview of Cryptographic Privacy Solutions and Their Implementation in Real-World Projects with Variant Partners

Author: Derek Walkush, Partner at Variant Fund; Translation: 0xjs@LianGuai

In the long term, most on-chain transactions are likely to be privacy oriented.

The transparency of cryptocurrency has constrained many application developers. The design space for applications that can be built using sensitive user data is much broader, from games to private order books to MEV infrastructure.

From 2015 to 2022, data breaches have more than doubled, and tech consumers are now more concerned about the protection and vulnerability of personal data in Web3 and traditional technologies. While concern for privacy may fluctuate, a larger trend is becoming clear: as the collection of massive amounts of data and monetization based on data grow, online footprints are becoming increasingly traceable to large tech giants and external adversaries targeting these honey pots.

• Not-So-Great Ledger: A Hack That’s No Laughing Matter
• 🍣 Sushi Protocol Warns of Exploit: Hold Your Digital Wallets!
• LianGuaiWeb3.0 Daily | Bitcoin Ordinals was born on this day last year

In mature application categories, some existing applications are facing new privacy-first challengers; the rise of encrypted messaging applications like Telegram and Signal from 2019 to 2021 is an example. In the cryptocurrency space, Brave has achieved impressive growth in the recent bear market, reaching an all-time high of approximately 66 million Monthly Active Users (MAU) in November 2023. In the long term, this accounts for about 15% of Firefox’s 2022 user base. As a result, many cryptocurrency projects are now racing to offer compelling productized tools and solutions to make building privacy-focused applications as easy as possible.

Examples of leveraging privacy technologies in cryptocurrency seem endless. On the consumer side, we have seen exciting experiments with fully on-chain privacy games like poker and fog of war. In the DeFi space, some are building “dark order books,” which are trading environments inaccessible to public market participants. (As a background, in April 2019, dark pool trading was estimated to account for 40% of traditional stock trading volume.) Dark pool liquidity can also drive more efficient market outcomes by reducing MEV. Due to the fully transparent nature of blockchain, many sophisticated trading firms are prohibited from executing complex strategies, so greater privacy may even open the door for more professional financial participants to enter the crypto ecosystem.

The lack of user privacy in cryptocurrency is still a bottleneck for adoption. To accommodate new privacy expectations, builders of crypto applications must prioritize privacy from the start.

So, how should crypto application builders choose among the landscape of privacy solutions?

Methods to Protect User Privacy

The current main methods for building privacy applications are Trusted Execution Environments (TEE), Zero Knowledge (ZK), Multi-Party Computation (MPC), and Fully Homomorphic Encryption (FHE).

Here is a brief overview of each method and representative projects:

The entire field is still in its very early stages, so the following comparisons are only predictions for the development of each technology in the coming years. These methods are not equivalent or interchangeable; generally, they can be roughly divided into dedicated hardware (TEE) and cryptography (ZK, MPC, FHE). Additionally, many of them actually overlap. For example, FHE must be used in combination with ZK and/or MPC. Nevertheless, by researching the development trajectory of each method, we can gain feasible insights into the development of broader privacy categories.

TEE

* Description: Trusted and secure off-chain computing environment

* Projects: ARM TrustZone, AWS Nitro, Intel SGX, Secret Network

ZK

* Description: Applying Zero Knowledge cryptography to verify privacy data and computations

* Projects: Aleo, Aztec, Mina, Nocturne, Privacy Pools

MPC

* Description: Jointly computing separate fragments of privacy data

* Projects: Nillion

FHE

* Description: Computing encrypted data

* Projects: Fhenix, Inco, Sunscreen, Zama

Two key factors in choosing infrastructure are privacy trust assumptions and performance; these are very delicate terms, and the two matrices below unravel these concepts. They show the assumptions about data privacy preservation (which are extremely important for developers considering building privacy applications) and the trade-offs involved in achieving specific performance levels.

Over time, we can expect market forces to bring about more efficient technological advancements for many of these technologies. Hardware acceleration and other catalysts may significantly improve the performance of new technologies, although the time frame for this is still quite unclear. In the long run, each of these methods can control its own market niche.

The following chart compares each key dimension, including: composability, which means the ability for other applications to interact with the privacy state; technical complexity; potential for creating decentralized protocols; current performance level, meaning potential throughput; and the best use cases based on the aforementioned dimensions. This chart can be seen as the trade-offs each method makes for its performance level.

As shown above, each method has its own trade-offs. None is inherently better than the others, but each is best suited for specific categories of applications based on its optimization content. For example, companies building more centralized dark order books can use TEE, while projects building privacy lending protocols may choose FHE or ZK.

Please note that many of these technologies can be combined, and their intersection is often where some of the most interesting methods lie. For example, ZKP can be used to remove operator functionality from TEE-based dark order books, and MPC is often used to distribute encryption keys in FHE. The purpose of these classifications is to distill the highest level technical considerations of each isolated method. Finally, this category has significant regulatory implications for potential illicit activities; compliance is crucial for infrastructure builders.

Pros and Cons of Each Method

TEE

Trusted Execution Environments (TEE) involve off-chain computation in a trusted and secure environment. TEE has been utilized by many crypto institutions for various tasks, with privacy applications being just one small use case. They can be software-based or hardware-based, but hardware-based is the most common. Due to this infrastructure being off-chain and in an isolated environment, the transactions remain hidden to the public market participants.

In fact, it may appear as if traders are placing orders without knowing the full order book and if the other side of the transaction in the pool has liquidity, it gets matched, with neither party revealing their bid or ask.

So far, a notable application for TEE is dark order books, similar infrastructure to what already exists in TradFi: “dark pools,” which are private exchanges outside of public markets and used by some of the largest financial institutions in the world (Sigma X by Goldman Sachs and MS Pool by Morgan Stanley are two examples). Dark pools are used to limit the impact of large trades on the market.

Although TEE performs well, it is the only effective centralized method mentioned in this article, but it comes with various drawbacks. One criticism is that they are only marginal improvements compared to most traditional hardware and carry similar risks. Side-channel attacks are a notable concern and have happened in the past; developers also need a significant reliance on manufacturers. That being said, they are very practical, easy to build, and high performing.

Pros:

* Robust, tested, and built infrastructure

* Excellent performance compared to current alternatives

Cons:

* Typically require sufficient liquidity bootstrapping for applications like dark pools

* Dependency on centralized vendors like AWS, Intel, etc., which can be attacked/disrupted, although less common, and introduce review/deplatforming risks

ZK

Zero-knowledge (ZK) can be used to prove the correctness of computation without revealing any information. ZK is a technology with far-reaching implications, and privacy is just one small use case. So far, ZK has predominantly been applied for scalability – moving intensive computation off-chain and then using ZKP to verify the correctness of the computation. There are various ZK applications in the privacy field, but three main categories (though not fully exhaustive) are generic ZK, ZK L1/L2, and privacy pools.

First, developers of privacy applications using ZK can start from scratch and build their own proof circuits, or use zkVM. zkVM provides an execution environment for arbitrary code and generates ZKP proofs to verify that the code is executing honestly without leaking any data about the actual computation. Importantly, generic zkVM must be combined with decentralized private computing (DPC) schemes like Zexe.

Secondly, ZK L1 and L2 allow users to transact with privacy states within an ecosystem or transfer on-chain operations of privacy to these networks or layers. They effectively build privacy-first zkVMs. Examples include Aleo, Aztec, Mina, and more.

Lastly, privacy pools obfuscate transactions on public chains. They use ZK to verify a user’s deposit address and hide the flow of funds to a new withdrawal address. Privacy pools are not only useful for users but can also integrate with certain applications.

It is important to note that ZK fundamentally verifies privacy states, so there must still be a private execution environment to generate proofs. In many cases, this is done on the client-side and directly on the user’s device (where the actual privacy data is stored in its raw form). ZK is an early example of privacy in decentralized identity, where users can prove sensitive aspects of their identity without publicly revealing actual data on the chain.

Advantages:

* Highly versatile and applicable to many privacy use cases

* Typically very composable, meaning applications can enter passive privacy states

Disadvantages:

* Computationally intensive and still in early stages (though further along than FHE)

* Typically requires knowledge of different programming languages or ZK circuits

MPC

Secure multi-party computation (MPC) allows multiple parties to jointly compute over privacy data, where each party only holds a portion of the private data. With only a piece, no single party can access the privacy data, and different parties cannot access the rest of the data. MPC has many use cases in the field of encryption, such as key management, but privacy applications are beginning to leverage MPC.

There are essentially two ways to construct such MPC: 1) Users are participants in the joint computation, or 2) Users delegate transactions to another party. From a trust assumption standpoint, the first is ideal but logistically more difficult to execute; most projects opt for the second approach. It should also be noted that an obvious risk of MPC is collusion between parties, which could piece together their shares to view the privacy data.

MPC is best suited for privacy computations involving multiple parties (especially in cases where the output is publicly revealed) but not too many. Other technology approaches like FHE often rely on MPC, so if the number of participants is large and appropriately distributed, and the computation is one-time and not very complex, MPC may suffice. Decentralized poker games are a good example use case for MPC.

Advantages:

* Applicable to many privacy use cases involving one-time computation

Disadvantages:

* Does not adapt well to many participants’ situations

* Not suitable for high throughput applications because execution speed is quite slow

FHE

Fully Homomorphic Encryption (FHE) allows calculations on encrypted privacy states. In other words, users can conduct transactions on the chain without revealing any information about the transactions. This could involve exchanging tokens or depositing into lending pools on a DEX, for example, without publicly displaying which tokens are being exchanged or how many tokens are being deposited.

FHE alone is not enough to protect privacy. Most methods involve some combination with MPC to shard the encryption keys so that no centralized party can decrypt all privacy states. ZK is also commonly used to verify transactions, including the validity of outputs and inputs, as all data is encrypted, allowing contracts to interact with privacy states without leaking information.

This technology is still in its very early stages. Just a few years ago, solutions like TFHE were released to achieve precise outputs for all four major mathematical operations, rather than approximate outputs. Additionally, any reasonable performance level requires hardware acceleration. FHE’s scalability in continuous rounds of computation is not particularly good; random noise is added to encrypted data, and as computation increases, the data grows nonlinearly. While FHE is at an earlier stage of development compared to other mentioned methods, it is the best option for computations that require high composability with a small number of participants, such as privacy lending markets and advanced consumer applications.

Advantages:

* The only way to completely share privacy states on-chain

* Applicable to most privacy use cases

Disadvantages:

* Poor performance in the current state

* Relies on other technologies like ZK and MPC, which have their own drawbacks and trust assumptions

Future Outlook

Privacy infrastructure and applications are now crucial for cryptocurrencies and are still in the early stages of development. We expect the prospects of these solutions to continue expanding rapidly.

Each privacy solution presented here has different trade-offs and is best suited for different application suites. The privacy category has emerged so early and at such a large scale that it would be an oversimplification to say that a single method will prevail.

In the long run, many new privacy-related technologies will inevitably emerge. This category is one of the most vibrant and rapidly evolving but opaque categories in the cryptocurrency field. And this stage is clearly only the first era of innovation.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!