Author: Kyle Samani, Managing Partner of Multicoin Capital; Translation: Jinse Caijing xiaozou
Recently, discussions on on-chain privacy have continued to heat up, primarily led by Helius CEO Mert. We have invested significant time and capital in privacy technology.
Here are some of our thoughts:
The asset itself is more important than privacy attributes
This means that users don't need random assets that "happen to have privacy features"; rather, they want to add privacy options to assets they already like or hold. For 99% of people, the risk of asset volatility far outweighs the benefits of privacy. There are three main technical approaches to achieving on-chain privacy: Trusted Execution Environment (TEE), Zero-Knowledge Proofs (ZK), and Fully Homomorphic Encryption (FHE). When evaluating the optimal solution, we first need to clearly define our optimization goals. I believe there are three key variables: 1. Whether it can operate in a permissionless environment. 2. The ability to execute arbitrary DeFi operations and reason about them as if they were transparent transactions. 3. Scalability that synergizes algorithms and hardware (in other words, not being constrained by latency… which naturally conflicts with the first point above). While the first variable is obvious, it deserves special attention due to the ongoing market debate about Trusted Execution Environments (TEEs). While TEEs offer excellent privacy in permissioned scenarios, they are inadequate for permissionless environments. Their protection mechanisms have been repeatedly proven to be vulnerable, with recent examples such as the following: The second variable is the most subtle and difficult to understand. This is precisely where zero-knowledge proof technology falls short. To understand why, let's take the simplest privacy application, Zcash (not related to DeFi): When you submit a shielded transaction, the generated proof essentially states, "My balance remains positive after this transfer." But if you aggregate 1,000 such transactions, what information can an outside observer glean about the chain's state? Nothing. Now imagine building a DeFi ecosystem on top of this. How can DeFi function when transactions cannot perceive or interact with other people's assets? Over the past decade, numerous teams, including Aztec and Aleo (and probably many others I can't recall right now), have been working on this problem. Each of these teams faced the fundamental challenge of designing a zero-knowledge proof system that allows selective access to information (such as the amount of collateral backed by a loan). Imagine being a DeFi developer: not only do you have to design a protocol, but you must also: 1) build within a limited set of capabilities; and 2) master the principles of zero-knowledge proofs. Who would be willing to take on the added risk of developing a DeFi system that manages nine or ten figures of capital? It's truly daunting. While many zero-knowledge DeFi teams are working to make their systems easier to use, the underlying technical complexity remains insurmountable. More importantly, this would require rebuilding all of DeFi's foundational components from scratch. The fundamental challenge facing DeFi today is that its operation relies on the ability to reason logically about a global shared state. It might be possible to restructure DeFi through selective logic, but I'm deeply skeptical. Given the technical risks involved with dozens of custom zero-knowledge circuits, proving this concept globally would likely take a decade. So what is fully homomorphic encryption? FHE allows computation on encrypted data, considered the holy grail of cryptography for decades. Conceiving private DeFi with FHE as its core cryptographic architecture is surprisingly simple—the logic operates in exactly the same way as in a transparent environment! The difference is that while all data is no longer transparent, arbitrary computations can still be performed. Yes, that's practically magic. Finally, a thought on the third variable: scalability: The advantage of FHE's scalability is that it's completely constrained by hardware computing power, with zero network overhead. This means that its performance will naturally improve with the evolution of algorithms, CPUs, GPUs, FPGAs, and even ASIC chips. Many existing privacy solutions rely heavily on secure multi-party computation or obfuscated circuit technology, but these are limited by network bandwidth—computational performance actually decreases as the number of validating nodes increases. (This performance loss is more detrimental than the loss caused by the consensus mechanism. The performance loss incurred by permissionless consensus is roughly constant in terms of CPU and latency.) Empirical evidence shows that Ethereum's experience with one million validating nodes is the best example. This is consistent with our intuition: in any secure multi-party computation configuration, the computation is effectively distributed across multiple computers. The more data is transferred between computers, the slower the computation. Electrons moving through a 6-inch chip will always be a million times faster than through a 6-mile cable. Fully homomorphic encryption is the only solution that can be scaled through hardware upgrades. Given the massive investments currently being made by major AI labs, future hardware computing power is poised for dramatic increases. (ASICs are typically 100-1000 times more powerful than GPUs.) Against this backdrop, Multicoin Capital, along with Protocol Labs, co-led a $73 million funding round in Zama, a privacy-focused computing company, in mid-2023. I joined the Zama board of directors alongside the legendary Juan Benet. Since then, co-founder and CEO Rand has led the team to remarkable success: assembling a research team of over 30 PhDs, significantly improving the performance of fully homomorphic encryption, and successfully commercializing it. Zama has since completed multiple rounds of funding and currently has a robust capital reserve. Zama launched its public testnet several months ago, with the mainnet and token launch imminent. You can learn more about the Zama development ecosystem through the following channels:
Currently only supports EVM, and will be compatible with SVM in 2026. Adapt to all existing EVM chains.
No new public chain will be issued!
Finally, given that most people are skeptical about the performance of Zama's fully homomorphic encryption, I would like to conclude with this: Breakthrough has arrived!
Anais
Weatherly