Homomorphic encryption market landscape analysis: the next frontier of digital privacy

Original title: "The Next Frontier in Digital Privacy", original author: Mads Pedersen

Too long to read:

Zero-knowledge proofs (ZKP) are obviously useful for improving scalability and privacy in web3, but due to Being hampered by relying on third parties to handle unencrypted data.

Fully Homomorphic Encryption (FHE) brings a breakthrough that allows simultaneous sharing and separate private state without third-party trust requirements.

FHE can perform calculations directly on encrypted data, enabling applications such as dark pool AMMs and private lending pools, where global state information is never compromised. Give way.

Benefits include trustless operations and permissionless on-chain state transitions on encrypted data, with challenges focusing on computational latency and integrity.

Major players in the emerging FHE cryptocurrency space are focused on developing private smart contracts and dedicated hardware acceleration for scaling.

Future FHE crypto architecture includes the potential to integrate FHE rollups directly on Ethereum.

"One of the biggest remaining challenges in the Ethereum ecosystem is privacy (…) Using the entire suite of Ethereum applications involves changing a large part of your life A portion of it is public for anyone to see and analyze.” — Vitalik A darling of the field, it has its limitations. They are valuable for privacy, proving knowledge of information without leaking it, and scalability, especially in zk-rollups, however, they currently face at least some major limitations:

(1) Hidden information is typically stored and computed off-chain by a trusted third party, limiting the permissionless composability of other applications that need to access this off-chain data. This server-side attestation is similar to systems like web2 cloud computing.

(2) State transitions must be completed in clear text, which means users must trust third-party provers with unencrypted data.

(3) ZKP is not suitable for applications that require knowledge of shared private state in order to generate proofs about local private state.

However, any multi-person use case (e.g. dark pool AMM, private lending pool) requires private state to be shared on-chain, which means using ZK requires some kind of center ization/off-chain coordinator to achieve shared private state, which makes it cumbersome and introduces trust assumptions.

Enter fully homomorphic encryption

Fully homomorphic encryption (FHE) is a type of encryption Scheme that allows calculations to be performed on data without prior decryption. It allows users to encrypt plaintext into ciphertext and send it to a third party to process it without decryption.

What does this mean? End-to-end encryption. FHE allows private state to be shared.

For example, in an AMM, a decentralized market maker account interacts with every trade but is not owned by any individual user. When someone exchanges Token A for Token B, they must know the existing amounts of both tokens in the shared market maker account to generate valid proof of the exchange details. However, if the global state is hidden via a ZKP scheme, generating this proof is no longer feasible. In contrast, if global state information is publicly accessible, other users can infer details about individual exchanges.

Using FHE, it is theoretically possible to hide shared state and personal state because the proof can be calculated through encrypted data.

In addition to FHE, another key technology to achieve the holy grail of privacy is multi-party computation (MPC), which solves the problem of computing on private inputs and only The results of these calculations are made public while preserving the confidentiality of the inputs. However, we leave that for another discussion. Our focus here is on FHE – its pros and cons, current market and use cases.

It is worth noting that FHE is still in the early stages of development. This is not a matter of tribalism between FHE and ZKP or FHE and MPC, but in combination with currently available technology. Additional features unlocked at the time. For example, a privacy-focused blockchain could use FHE to enable confidential smart contracts, use MPC to distribute shards of decryption keys among validators, and use ZKP to verify the integrity of FHE computations.

Advantages and Disadvantages

At this point: Benefits of FHE include:

< p style="text-align: left;">1. No third-party trust requirements. Data can remain secure and private in an untrusted environment.

2. Composability through shared private state.

3. Data availability while maintaining data privacy.

4. Quantum resistance of (ring) LWE.

5. Ability to perform on-chain state transitions on encrypted data without permission.

6. No need for hardware and centralized supply chains that are vulnerable to side-channel attacks like Intel SGX.

7. In the context of a fully homomorphic EVM (fhEVM), there is no need to learn to perform repeated mathematical multiplications (e.g., multi-scalar multiplication) or use unfamiliar ZK tools.

The disadvantages include:

Lurking. Being computationally intensive means that most schemes are currently not commercially viable for computationally intensive applications. It's worth noting that this is a short-term bottleneck given that hardware acceleration is under active development, and at this point Zama's fhEVM can already achieve ~2 TPS on ~$2000 per month of hardware.

Accuracy issue. FHE schemes require noise management to prevent invalid or corrupted ciphertexts. However, TFHE is more accurate because it does not require approximation (unlike CKKS for some operations).

Early. There are very few production-ready FHE projects launched in the web3 space, which means a lot of battle testing is required.

Market Overview

Current FHE x Cryptocurrency Landscape

Emphasis

Zama provides a range of open source FHE tools for cryptographic and non-cryptographic use cases. Its fhEVM library supports private smart contracts, ensuring on-chain confidentiality and composability.

Fhenix leverages Zama's fhEVM library to implement end-to-end encryption aggregation. Their goal is to simplify the process of integrating FHE into any EVM smart contract with minimal modifications to existing contracts. The founding team consists of the founders of Secret Network and the former head of FHE bizdev at Intel. Fhenix recently raised $7 million in seed funding.

Inco Network is an L1 driven by FHE and compatible with EVM. By integrating Zama's fhEVM encryption technology, the calculation of encrypted data is introduced into the smart contract. Founder Remi Gai was a founding member of Parallel Finance and worked with several Cosmos engineers to realize this vision.

Hardware. Some entities are building hardware acceleration to address latency issues. Notably, Intel, Cornami, Fabric, Optaanalysis, KU Leuven, Niobium, Chain Reaction and some ZK ASIC/FPGA teams. This surge in development was spurred by DARPA's award of an ASIC-based FHE acceleration grant about three years ago. That said, this specialized hardware acceleration may not be necessary for some blockchain applications where GPUs may reach 20+ TPS. FHE ASICs can increase performance to 100+ TPS while significantly reducing validator operating costs.

Notable mention. Google, Intel, OpenFHE have all made significant contributions to the overall advancement of FHE, just to a less specific extent in the crypto space.

Use cases

The key advantage is to achieve shared private state and personal private state. What does it mean?

Private smart contracts: Traditional blockchain architecture exposes user data to web3 applications. Each user's assets and transactions are visible to every other user. This is great for trust and auditability, but is also a major barrier to enterprise adoption. Many companies are unwilling or simply refuse to make this information public. FHE changes that.

In addition to end-to-end encrypted transactions, FHE also supports encrypted memory pools, encrypted blocks, and confidential state transitions.

This unlocks a variety of novel use cases:

DeFi: dark pools, via crypto Mempools, untraceable wallets, and confidential payments (such as employee salaries of on-chain organizations) eliminate malicious MEV.

Game: An encrypted multiplayer strategy game that supports various new game mechanics, such as secret alliances, resource hiding, destruction, espionage, bluffing, etc.

DAO: private voting.

DID: Encrypt credit scores and other identifiers on-chain.

Data: compliant on-chain data management.

So what will the future of FHE encryption architecture look like?

We should elaborate on three core components:

Layer 1: This layer is where developers either (a) launch the application locally on the network or ( b) The basis for interfacing with the existing Ethereum ecosystem (input-output model), including the Ethereum mainnet and its L2s/sidechains.

The flexibility of L1 is key here, as it caters to new projects looking for a native platform with FHE capabilities, while also accommodating those who prefer to remain in Existing applications on the current chain.

Aggregation/Application Chaining: Applications can start their own aggregation or application chaining on top of these FHE-enabled L1s. To this end, Zama is working on fhEVM L1’s optimistic stack and ZK FHE rollup stack to scale privacy-focused solutions.

FHE Rollup on Ethereum: Launching FHE Rollup on Ethereum itself can significantly enhance local privacy on Ethereum, but faces some technical challenges:< /p>

Data storage cost: Even though the plaintext entries are small, the FHE ciphertext data is quite large (more than 8 kb each). Storing such a large amount of data on Ethereum for data availability (DA) purposes would be very expensive in terms of gas fees.

Sequencer Centralization: A centralized sequencer ordering transactions and controlling global FHE keys is a major privacy and security issue, and it violates fhEVM in the first place the goal of. While MPC is a potential solution for decentralized control of global FHE keys, maintaining a multi-party network to perform computations increases operational costs and leads to potential inefficiencies.

Generating valid ZKPs: Generating ZKPs for FHE operations is a complex task that is still under development. While companies like Sunscreen are making progress, it may be several years before this technology is widely available for commercial use.

EVM integration: FHE operations need to be incorporated into the EVM as precompilation, thus requiring consensus on network-wide upgrades involving multiple issues involving computational overhead and security issues vote.

Validator hardware requirements: Ethereum validators require upgraded hardware to run the FHE library, which raises concerns about centralization and cost.

We expect that FHE will initially find its niche in less mobile environments and in specific areas where privacy is critical. Eventually, deeper liquidity may become available on FHE L1 as throughput increases. In the long term, once the above issues are resolved, we may see a FHE rollup on Ethereum that can more smoothly tap into mainnet liquidity and users. The challenge now is to find the killer use case for FHE, maintain compliance, and bring production-ready technology to market.

In the meantime, any developer who wants to get their hands dirty or make money through bounty hunting can try Fherma's FHE challenge and earn several 4-figure bucks bounty.

Acknowledgments: Many thanks to Gurgen Arakelov (Founder of Yasha Labs/Fherma), Rand Hindi (Founder of Zama), Remi Gai (Founder of Inco Network) and Hiroki Article contributed by Kotabe (Head of Research at Inception Capital).