Messari | Privacy Layer: Understanding the Inner Workings of Decentralized Confidential Computing

DeCC Core Insights

DeCC introduces the ability to protect data privacy on an inherently transparent public blockchain, achieving confidential computing and state without sacrificing decentralization.
DeCC ensures the security of data during its use by implementing encrypted computation without exposing plaintext, addressing a critical vulnerability in traditional systems and blockchain systems.
By combining cryptographic tools (such as ZKP, MPC, GC, FHE) and proof-enabled TEE, it achieves trustless confidentiality, with each technology offering different trade-offs in performance and trust that can be combined for stronger guarantees.
Over $1 billion has been invested in the DeCC project, reflecting the growing momentum in this field, with the team focused on practical integration and developer-oriented infrastructure.

Introduction: The Evolution of Data Computation and Security

Blockchain technology introduces a new paradigm of decentralization and transparency but also brings trade-offs. In the first wave of crypto privacy, often referred to as "Privacy 1.0," tools like mixers, tumblers, and privacy coins (e.g., Zcash, Monero, and Beam.mw) provided a degree of anonymity for users' financial transactions. These solutions were specialized, primarily limited to hiding the identities of senders and receivers, and were disconnected from broader application infrastructure.

A second wave is forming. Privacy is no longer just about hiding transactions; it extends to complete computation. This shift marks the emergence of Decentralized Confidential Computing (DeCC), also known as Privacy 2.0. DeCC introduces confidential computing as a core feature of decentralized systems, allowing data to be processed securely without leaking underlying inputs to other users or the network.

Unlike typical smart contract environments where all state changes and inputs are publicly visible, DeCC keeps data encrypted throughout the computation process, revealing only what is necessary for correctness and verification. This enables applications to maintain private states on top of public blockchain infrastructure. For example, by using Multi-Party Computation (MPC), a group of hospitals can analyze their combined datasets without any institution seeing the original patient data of others. Once limited by transparency, blockchain can now unlock a whole new category of use cases that require confidentiality.

DeCC is implemented through a series of technologies designed for secure data processing. These technologies include Zero-Knowledge Proofs (ZKP), Multi-Party Computation (MPC), Garbled Circuits (GC), and Fully Homomorphic Encryption (FHE), all relying on cryptography to enforce privacy and correctness. Trusted Execution Environments (TEE) complement these tools by providing hardware-based isolation for secure off-chain execution. Together, these technologies form the foundation of the DeCC tech stack.

The potential applications are vast: decentralized finance systems that keep trading strategies confidential, public health platforms that extract insights from private data, or AI models trained on distributed datasets without exposing underlying inputs. All of these require building privacy-preserving computation into the infrastructure layer of blockchain systems.

This report explores the current state of DeCC and its broader implications. We first compare how data is handled in traditional systems versus the DeCC framework, and why transparency alone is insufficient to meet the needs of many decentralized applications. We then examine the core technologies that underpin DeCC, how they differ, and how they can be combined to balance trade-offs in performance, trust, and flexibility. Finally, we outline the ecosystem, highlighting the capital flowing into the space, the teams building in production environments, and the implications of this momentum for the future of decentralized computing.

Traditional Data Processing vs. Decentralized Confidential Computing (DeCC)

To understand the necessity of DeCC, it helps to grasp how data is processed in traditional computing environments and where the weak points lie. In classic computing architectures, data typically exists in three states: static (stored on disk/database), in transit (moving over a network), and in use (processed in memory or CPU). Thanks to decades of security advancements, the confidential computing industry has reliable solutions for two of these states.

Static data: Encrypted using disk-level or database-level encryption (e.g., AES). Common in enterprise systems, mobile devices, and cloud storage.
Data in transit: Protected through secure transport protocols like TLS/SSL. Ensures data is encrypted while moving between systems or across networks.
Data in use: Traditionally, encrypted data received from storage or the network is decrypted before processing. This means workloads run in plaintext, leaving data in use unprotected and exposed to potential threats. DeCC aims to address this vulnerability by enabling computation without revealing underlying data.

While the first two states are well protected, ensuring the security of data in use remains a challenge. Whether it's a bank server calculating interest payments or a cloud platform running machine learning models, data often must be decrypted in memory. At that moment, it is vulnerable: malicious system administrators, malware infections, or compromised operating systems can potentially spy on or alter sensitive data. Traditional systems mitigate this through access controls and isolation infrastructure, but fundamentally, there exists a period where the "crown jewel" is present in plaintext within the machine.

Now consider blockchain-based projects. They elevate transparency to a higher level: data may not only be decrypted on a single server but is often replicated in plaintext across thousands of nodes globally. Public blockchains like Ethereum and Bitcoin intentionally broadcast all transaction data to achieve consensus. If your data is merely intended to be public (or pseudonymous) financial information, this is fine. But if you want to use blockchain for any use case involving sensitive or personal information, this becomes completely unworkable. For example, in Bitcoin, the amount and address of each transaction are visible to everyone—great for auditability but terrible for privacy. For smart contract platforms, any data you put into a contract (your age, your DNA sequence, your company's supply chain information) is exposed to every network participant. No bank wants all its transactions to be public, no hospital can place patient records on a public ledger, and no gaming company would disclose players' secret states to everyone.

Data Lifecycle and Its Vulnerabilities

In the traditional data processing lifecycle, users typically send data to a server, which decrypts and processes it, then stores the results (possibly encrypting them on disk) and sends back a response (encrypted via TLS). The points of vulnerability are clear: during use, the server holds the raw data. If you trust the server and its security, that's fine—but history shows that servers can be hacked or insiders may abuse access. Enterprises address this issue through strict security practices, but they remain cautious about handing over extremely sensitive data to others.

In contrast, the goal of the DeCC approach is that no single entity can publicly see sensitive data at any time, even during processing. Data may be split across multiple nodes, processed within encrypted envelopes, or proven through cryptographic means without revealing it. Thus, the entire lifecycle from input to output can maintain confidentiality. For example, users can send an encrypted version or their secret shares to a network of nodes instead of sending the raw data to a server. These nodes perform computations in a way that they cannot learn the underlying data, and the user receives an encrypted result that only they (or authorized parties) can decrypt.

Why Transparency Alone Is Not Enough in Crypto

While public blockchains solve the trust issue (we no longer need to trust a central operator; the rules are transparent and enforced through consensus), they do so at the expense of privacy. The mantra is: "Don't put anything on-chain that you don't want to make public." This may be fine for simple cryptocurrency transfers in some cases; for complex applications, it can become quite complicated. As the Penumbra team (building a private DeFi chain) states, in today's DeFi, "when users interact on-chain, information leakage becomes value leakage," leading to front-running and other vulnerabilities. If we want decentralized exchanges, lending markets, or auctions to operate fairly, participants' data (bids, positions, strategies) often needs to be hidden; otherwise, outsiders can exploit this knowledge in real-time. Transparency makes every user's actions public, which is different from how traditional markets operate, and there are good reasons for that.

Moreover, many valuable blockchain use cases outside of finance involve personal or regulated data that cannot be publicly disclosed. Consider decentralized identity or credit scoring—users may want to prove attributes about themselves ("I am over 18" or "My credit score is 700") without revealing their entire identity or financial history. In a fully transparent model, this is impossible; any proof you put on-chain will leak data. DeCC technologies like Zero-Knowledge Proofs are designed to address this issue, allowing for selective disclosure (proving X without revealing Y). Another example is a company that may want to use blockchain for supply chain tracking but does not want competitors to see its raw inventory logs or sales data. DeCC can submit encrypted data on-chain and only share decrypted information with authorized partners, or use ZK proofs to demonstrate compliance with certain standards without revealing trade secrets.

How DeCC Achieves Trustless Confidential Computing

Addressing the limitations of transparency in decentralized systems requires infrastructure capable of maintaining confidentiality during active computation. Decentralized confidential computing provides such infrastructure by introducing a set of technologies that apply cryptography and hardware-based methods to protect data throughout its lifecycle. These technologies are designed to ensure that sensitive inputs are not leaked even during processing, eliminating the need to trust any single operator or intermediary.

The DeCC tech stack includes Zero-Knowledge Proofs (ZKP), which allow one party to prove that a computation has been correctly executed without revealing the input; Multi-Party Computation (MPC), which allows multiple parties to jointly compute a function without exposing their respective data; Garbled Circuits (GC) and Fully Homomorphic Encryption (FHE), which allow computations to be performed directly on encrypted data; and Trusted Execution Environments (TEE), which provide hardware-based isolation for secure execution. Each of these technologies has unique operational characteristics, trust models, and performance profiles. In practice, they are often integrated to address different security, scalability, and deployment constraints in applications. The following sections outline the technical foundations of each technology and how they enable trustless, privacy-preserving computation in decentralized networks.

1. Zero-Knowledge Proofs (ZKP)

Zero-Knowledge Proofs are one of the most impactful cryptographic innovations applied in blockchain systems. ZKP allows one party (the prover) to prove to another party (the verifier) that a given statement is true without revealing any information other than the validity of that statement itself. In other words, it enables a person to prove they know something, such as a password, private key, or solution to a problem, without disclosing the knowledge itself.

Using the example of the "Where's Willy" puzzle. Suppose someone claims they found Willy in a crowded image but does not want to reveal his exact location. Instead of sharing the full image, they take a close-up photo of Willy's face, timestamp it, and enlarge the photo so that the rest of the image does not appear. The verifier can confirm that Willy has been found without knowing his location in the image. This proves the claim is correct while revealing no additional information.

More formally, Zero-Knowledge Proofs (ZKP) allow the prover to demonstrate that a specific statement is true (e.g., "I know a key that hashes to this public value" or "This transaction is valid according to the protocol rules") without revealing the inputs or internal logic behind the computation. The verifier is convinced by the proof but gains no other information. One of the earliest and most widely used examples in blockchain is zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge). Zcash uses zk-SNARKs to allow users to prove they own a private key and are sending a valid transaction without revealing the sender's address, recipient, or amount. The network only sees a short cryptographic proof that the transaction is legitimate.

How ZKP Enables Confidential Computing: In a DeCC environment, when you want to prove that a computation has been correctly performed on hidden data, ZKP shines. The prover can perform the computation privately and then publish a proof, rather than requiring everyone to re-execute the computation (as in traditional blockchain verification). Others can use this small proof to verify that the computation result is correct without seeing the underlying inputs. This can protect privacy and significantly improve scalability (as verifying a succinct proof is much faster than re-running the entire computation). Projects like Aleo have built a complete platform around this idea: users run programs offline on their private data and generate a proof; the network verifies the proof and accepts the transaction. The network does not know the data or what specifically happened, but it knows that whatever it was, it followed the rules of the smart contract. This effectively creates private smart contracts, which would be impossible on Ethereum's public virtual machine without ZKP. Another emerging application is privacy-focused zk-rollups: they batch transactions not only for scalability but also use ZK to hide the details of each transaction (unlike regular rollups, where the data is usually still public).

The power of ZK proofs lies in their security being purely mathematical, often relying on the honesty of participants in a "ceremony" (a multi-party cryptographic protocol that generates secret/random information) as a setup phase. If the cryptographic assumptions hold (e.g., certain problems remain hard to solve), the proof cannot be forged, nor can it be faked to assert false statements. Thus, by design, it does not leak any additional information. This means you do not have to trust the prover at all; the proof either passes or it does not.

Limitations: Historically, the trade-off has been between performance and complexity. Generating ZK proofs can be computationally intensive (several orders of magnitude higher than normal computations). In early constructions, even proving simple statements could take minutes or longer, and the cryptography was complex and required special setups (trusted setup ceremonies)—although newer proof systems like STARKs have avoided some of these issues. There are also functional limitations: most ZK schemes involve a single prover proving something to many verifiers. They cannot solve the problem of privately shared states (private data "belonging to" or being combined by multiple users, as in auctions and AMMs). In other words, ZK can prove that a user correctly computed Y from my secret X, but it does not itself allow two people to jointly compute a function of their two secrets. To address the private shared state problem, ZK-based solutions often use other technologies like MPC, GC, and FHE. Additionally, pure ZKPs typically assume that the prover actually knows or possesses the data being proven.

There are also size issues: early zk-SNARKs produced very short proofs (only a few hundred bytes), but some newer zero-knowledge proofs (especially those without trusted setups, like bulletproofs or STARKs) can be larger (tens of KB) and verify more slowly. However, ongoing innovations (Halo, Plonk, etc.) are rapidly improving efficiency. Ethereum and other institutions are heavily investing in ZK as a scaling and privacy solution.

2. Multi-Party Computation (MPC)

ZK proofs allow one party to prove certain things about its own private data, while secure multi-party computation (primarily referring to secret sharing (SS)-based techniques) addresses another related but different challenge: how to collaboratively compute something truly without leaking inputs. In an MPC protocol, multiple independent parties (or nodes) jointly compute a function based on all their inputs, such that each party learns only the result and knows nothing about the inputs of other parties. The foundation of secret-sharing-based MPC was laid by Ivan Damgard and his co-authors in a paper from the late 1980s published by the Partisia Blockchain Foundation. Since then, various techniques have been created.

A simple example is a group of companies wanting to calculate the industry-wide average salary for a position, but they do not want to disclose their internal data. Using MPC, each company inputs its data into a joint computation. The protocol ensures that no company can see any other participant's raw data, but all participants receive the final average. The computation is executed through cryptographic protocols across the group, eliminating the need for a central authority. In this setup, the process itself acts as a trusted intermediary.

How does MPC work? Each participant's input is mathematically split into several shares and distributed to all participants. For example, if my secret is 42, I might generate some random numbers that sum to 42 and give each participant a share (a seemingly random part). No single share reveals any information, but together they hold the information. Participants then compute on these shares, passing messages back and forth, so that in the end, they receive output shares that can be combined to reveal the result. Throughout the process, no one can see the original inputs; they can only see encoded or obscured data.

Why is MPC important? Because it is inherently decentralized, it does not rely on a single secure box (like TEE) or a single prover (like ZK). It eliminates the need to trust any single participant. A common definition describes it this way: when computation is distributed among participants, there is no need to rely on any one party to protect privacy or ensure correctness. This makes it a cornerstone of privacy-preserving technology. If you have 10 nodes performing MPC computation, typically, you would need a large portion of those nodes to collude or be compromised to leak a secret. This aligns very well with the distributed trust model of blockchain.

Challenges of MPC: Privacy does not come without cost. MPC protocols typically incur overhead, primarily in terms of communication. To jointly compute, parties must exchange multiple rounds of encrypted messages. The number of communication rounds (sequential back-and-forth messages) and their bandwidth requirements grow with the complexity of the function and the number of participants. Ensuring that the computation remains efficient becomes tricky as more parties are involved. There is also the issue of honest participants versus malicious participants. Basic MPC protocols assume that participants follow the protocol (possibly curious but not deviating). More robust protocols can handle malicious actors (who may send incorrect information to try to compromise privacy or correctness), but this adds more overhead to detect and mitigate cheating. Interestingly, blockchain can help by providing a framework to penalize misconduct. For example, if a node deviates from the protocol, staking and penalty mechanisms can be used, making MPC and blockchain a complementary pair.

Significant progress has been made in terms of performance. Preprocessing techniques can perform heavy cryptographic computations before the actual inputs are known. For example, generating related random data (called Beaver triples) can be done in advance to speed up multiplication operations later. This way, when it is time to compute on the real inputs (the online phase), the speed can be much faster. Some modern MPC frameworks can compute relatively complex functions among a few participants in seconds or less. There is also research on scaling MPC to many participants by organizing it into networks or committees.

MPC is particularly important for applications such as private multi-user dApps (e.g., auctions with bid confidentiality executed via MPC), privacy-preserving machine learning (multiple entities jointly training models without sharing data—a vibrant area known as federated learning with MPC), and distributed secret management (like threshold key examples). A specific cryptographic example is Partisia Blockchain, which integrates MPC into its core to achieve enterprise-grade privacy on a public blockchain. Partisia uses a network of MPC nodes to handle private smart contract logic and then publishes commitments or encrypted results on-chain.

3. Garbled Circuits (GC)

Garbled Circuits are a fundamental concept in modern cryptography and one of the earliest proposed solutions for computing on encrypted data. In addition to supporting encrypted computation, GC methods are also used in various privacy-preserving protocols, including zero-knowledge proofs and anonymous/unlinkable tokens.

What is a circuit? A circuit is a universal computational model that can represent any function, from simple arithmetic to complex neural networks. Although the term is often associated with hardware, circuits are widely used in various DeCC technologies, including ZK, MPC, GC, and FHE. A circuit consists of input wires, intermediate gates, and output wires. When values (boolean or arithmetic) are provided to the input wires, the gates process these values and produce corresponding outputs. The layout of the gates defines the function being computed. Functions or programs are converted into circuit representations using compilers like VHDL or domain-specific cryptographic compilers.

What are garbled circuits? Standard circuits leak all data during execution, such as the values on input and output wires and the outputs of intermediate gates, all in plaintext. In contrast, garbled circuits encrypt all these components. Inputs, outputs, and intermediate values are transformed into encrypted values (garbled text), and the gates are referred to as garbled gates. The design of the garbled circuit algorithm ensures that evaluating the circuit does not leak any information about the original plaintext values. The process of converting plaintext into garbled text and then decoding it is referred to as encoding and decoding.

How do GC solve the problem of computing on encrypted data? Garbled circuits were first proposed by Andrew Yao in 1982 as the first general solution for computing on encrypted data. His original example, known as the millionaire problem, involved a group of people wanting to know who is the richest without revealing their actual wealth to each other. Using garbled circuits, each participant encrypts their input (their wealth) and shares the encrypted version with others. The group then uses encrypted gates to incrementally evaluate a circuit designed to compute the maximum value. The final output (e.g., the identity of the richest person) is decrypted, but no one knows the exact input of any other participant. While this example uses a simple maximum function, the same approach can be applied to more complex tasks, including statistical analysis and neural network inference.

Breakthroughs in making GC applicable to DeCC. Recent research led by Soda Labs has applied garbled circuit technology to decentralized environments. These advancements focus primarily on three key areas: decentralization, composability, and public auditability. In a decentralized setup, the computation is separated between two independent groups: the garbler (responsible for generating and distributing the garbled circuits) and the evaluator (responsible for executing the garbled circuits). The garbler provides the circuits to the evaluator network, which runs these circuits on demand according to the instructions of the smart contract logic.

This separation enables composability, which is the ability to build complex computations from smaller atomic operations. Soda Labs achieves this by generating a continuous stream of garbled circuits that correspond to low-level virtual machine instructions (e.g., for EVM). These building blocks can be dynamically assembled at runtime to perform more complex tasks.

For public auditability, Soda Labs proposes a mechanism that allows external parties (regardless of their participation in the computation) to verify whether the results have been correctly computed. This verification can be done without exposing the underlying data, thereby increasing trust and transparency.

Importance of GC to DeCC: Garbled circuits provide low-latency, high-throughput computation on encrypted inputs. As demonstrated on the COTI Network mainnet, the initial implementation supports approximately 50 to 80 confidential ERC20 transactions per second (ctps), with future versions expected to achieve higher throughput. The GC protocol relies on widely adopted cryptographic standards (such as AES) and libraries like OpenSSL, which are extensively used in healthcare, finance, and government sectors. AES also provides quantum-resistant variants, supporting future compatibility with post-quantum security requirements.

GC-based systems are compatible with client environments and do not require specialized hardware or GPUs, unlike some TEE or FHE deployments. This reduces infrastructure costs and enables deployment on a wider range of devices, including those with lower capacities.

Challenges of GC: The main limitation of garbled circuits is the communication overhead. Current implementations require sending approximately 1MB of data to the evaluator for each confidential ERC20 transaction. However, this data can be preloaded well before execution, so it does not introduce latency during real-time use. Ongoing improvements in bandwidth availability, including the trend described by Nielsen's Law (which predicts bandwidth doubles every 21 months), along with active research into garbled circuit compression, help reduce this overhead.

4. Fully Homomorphic Encryption (FHE)

Fully homomorphic encryption is often regarded as a cryptographic magic. It allows people to perform arbitrary computations on data while it remains encrypted, and then decrypt the results to obtain the correct answers, as if they were computed on plaintext. In other words, using FHE, you can outsource computations on private data to an untrusted server, which operates only on ciphertext and still generates a ciphertext that you can decrypt to obtain the correct answer, all without the server seeing your data or plaintext results.

For a long time, FHE was purely theoretical. The concept has been known since the 1970s, but a practical scheme was not discovered until 2009. Since then, steady progress has been made in reducing the speed of FHE. Even so, it remains computationally intensive. Operations on encrypted data can be thousands or millions of times slower than operations on plaintext data. However, what was once astronomically slow is now merely quite slow, and optimizations and dedicated FHE accelerators are rapidly improving the situation.

Why is FHE revolutionary for privacy? With FHE, you can have a single server or blockchain node perform computations for you, and as long as the encryption remains strong, that node learns nothing. This is a very pure form of confidential computing, where data is always encrypted everywhere. For decentralization, you can also have multiple nodes each perform FHE computations for redundancy or consensus, but they have no secret information. They are all just operating on ciphertext.

In the context of blockchain, FHE opens up the possibility of fully encrypted transactions and smart contracts. Imagine a network similar to Ethereum, where you send encrypted transactions to miners, who execute smart contract logic on the encrypted data and include an encrypted result in the chain. You or an authorized party can later decrypt the result. For others, it is a pile of incomprehensible gibberish, but they may have a proof that the computation was valid. This is where FHE could work in conjunction with ZK, proving that encrypted transactions followed the rules. This is essentially the goal of the Fhenix project: an EVM-compatible Layer-2 where all computations themselves support FHE.

Practical use cases enabled by FHE: Beyond blockchain, FHE is already attractive for cloud computing. For example, it allows you to send encrypted database queries to the cloud and receive encrypted answers, which only you can decrypt. In the blockchain context, a compelling scenario is privacy-preserving machine learning. FHE enables decentralized networks to run AI model inference on encrypted data provided by users, so the network does not learn your inputs or results; only you will know when you decrypt. Another use case is in public sector or health data collaboration. Different hospitals can use a common key or a federated key setup to encrypt their patient data, and a network of nodes can compute aggregate statistics on all hospitals' encrypted data and deliver the results for researchers to decrypt. This is similar to what MPC can do, but FHE may achieve it with a simpler architecture, requiring only an untrusted cloud or miner network to handle the numbers, at the cost of greater computational load for each operation.

Challenges of FHE: The biggest challenge is performance. Despite progress, FHE is often still one thousand to one million times slower than plaintext operations, depending on the computation and scheme. This means it is currently only suitable for limited tasks, such as simple functions or batch processing many operations at once in certain schemes, but it is not yet a technology you can use to run complex virtual machines executing millions of steps, at least not without powerful hardware support. There is also the issue of ciphertext size. Fully homomorphic operations tend to bloat data. Some optimizations, such as bootstrapping, which refreshes ciphertext that begins to accumulate noise as operations are performed, are necessary for arbitrary-length computations and increase overhead. However, many applications do not require fully arbitrary depth. They can use leveled HE, which performs a fixed number of multiplications before decryption and can avoid bootstrapping.

Integrating FHE into blockchain is complex. If each node must perform FHE operations for every transaction, it could be very slow with current technology. This is why projects like Fhenix start from L2 or sidechains, where a powerful coordinator or subset of nodes may handle the heavy FHE computations, while L2 batches the results. Over time, as FHE becomes more efficient or as dedicated FHE accelerator ASICs or GPUs emerge, it may see broader adoption. Notably, some companies and academia are actively researching hardware to accelerate FHE, recognizing its importance for the future of data privacy in Web2 and Web3 use cases.

Combining FHE with other technologies: Generally, FHE may be used in conjunction with MPC or ZK to address its weaknesses. For example, multiple parties could hold shares of the FHE key, so no single party can decrypt alone, effectively creating a threshold FHE scheme. This combines MPC with FHE to avoid single-point decryption failures. Alternatively, zero-knowledge proofs can be used to prove the format correctness of FHE-encrypted transactions without decrypting them, allowing blockchain nodes to verify their validity before processing. This is what some refer to as the ZK-FHE hybrid model. In fact, a composable DeCC approach might involve using FHE for heavy data processing, as it is one of the few methods capable of performing computations while always keeping data encrypted, and using ZK proofs to ensure that the computations do not do anything invalid or allow others to verify results without seeing them.

5. Trusted Execution Environment (TEE)

Trusted Execution Environments are foundational components of decentralized confidential computing. A TEE is a secure area within a processor that isolates code and data from the rest of the system, ensuring that its contents are protected even if the operating system is compromised. TEEs provide confidentiality and integrity during computation with minimal performance overhead. This makes them one of the most practical technologies available for secure general-purpose computing.

Think of a TEE as a locked room where only you can read a confidential document, and no one else can enter or peek inside. You can freely consult and process the document, but once you leave the room, you take the results with you and lock everything else behind. Outsiders will never see the document directly; they can only see the final results you choose to disclose.

Modern TEEs have made significant advancements. Intel's TDX and AMD SEV support secure execution of entire virtual machines, while NVIDIA's high-performance GPUs (including H100 and H200) now also feature TEE capabilities. These upgrades make it possible to run arbitrary applications in confidential environments, including machine learning models, backend services, and user-facing software. For example, Intel TDX combined with NVIDIA H100 can run inference on models with over 70 billion parameters with minimal performance loss. Unlike cryptographic methods that require custom tools or constrained environments, modern TEEs can run containerized applications without modification. This allows developers to write applications using standard languages like Python, Node.js, or others while maintaining data confidentiality.

A typical example is Secret Network, which is the first blockchain to implement general-purpose smart contracts with private state by leveraging TEEs (specifically Intel SGX). Each Secret node runs the smart contract execution runtime within an enclave (secure area). Transactions sent to the smart contract are encrypted, so only the enclave can decrypt them, execute the smart contract, and produce encrypted outputs. The network uses remote attestation to ensure that nodes are running genuine SGX and approved enclave code. This way, smart contracts on Secret Network can handle private data, such as encrypted inputs, which even node operators cannot read. Only the enclave can, and it only releases what it is supposed to release, typically just a hash or encrypted result. Phala Network and Marlin use similar but different models. Their architecture is built around TEE-driven worker nodes that perform secure off-chain computations and return verified results to the blockchain. This setup allows Phala to protect data confidentiality and execution integrity without leaking raw data to any external parties. The network is designed for scalability and interoperability, supporting privacy-preserving workloads across decentralized applications, cross-chain systems, and AI-related services. Like Secret Network, Phala demonstrates how to use TEE to extend confidential computing into decentralized environments by isolating sensitive logic within verifiable hardware enclaves.

Modern Deployments of TEE in DeCC Include Several Best Practices:

Remote attestation and open-source runtimes: Projects release code that runs within enclaves (typically modified WASM interpreters or specialized runtimes) and provide programs to prove it. For example, each Secret Network node generates a proof report demonstrating that it is running the Secret enclave code on genuine SGX. Other nodes and users can verify this proof before trusting the node to handle encrypted queries. By using open-source runtime code, the community can audit what the enclave is supposed to do, although they still have to trust that the hardware only performs those actions.
Redundancy and consensus: Some systems allow multiple nodes or enclaves to perform the same task and then compare results, rather than relying on a single enclave to execute the task. This is similar to MPC methods but at a higher level. If one enclave deviates or is compromised and produces different results, it can be detected through majority voting, provided not all enclaves are compromised. This was the approach of the early Enigma project (which evolved into Secret). They planned to have multiple SGX enclaves perform computations and cross-check results. In practice, some networks currently trust a single enclave for each contract for performance reasons, but designs can scale to multi-enclave consensus for greater security.
Ephemeral keys and frequent resets: To reduce the risk of key leakage, TEEs can generate new encryption keys for each session or task, avoiding the storage of long-term secrets. For example, if a DeCC service is processing confidential data, it might use temporary session keys that are frequently discarded. This means that even if a leak occurs later, past data may not be exposed. Key rotation and forward secrecy are recommended, so that even if an enclave is compromised at time T, data prior to T remains secure.
For privacy, not consensus integrity: As mentioned earlier, TEEs are best used to protect privacy rather than core consensus integrity. Therefore, a blockchain may use TEEs to keep data confidential but not for validating blocks or protecting the state transitions of the ledger, which are better left to consensus protocols. In this setup, a compromised enclave may leak some private information but cannot, for example, forge token transfers on the ledger. This design relies on cryptographic consensus for integrity and on enclaves for confidentiality. This is a separation of concerns that limits the impact of TEE failures.
Confidential virtual machine deployments: Some networks have begun deploying complete confidential virtual machines (CVM) using modern TEE infrastructure. Examples include Phala's cloud platform, Marlin Oyster Cloud, and SecretVM. These CVMs can run containerized workloads in secure environments, enabling general privacy-preserving applications in decentralized systems.

TEEs can also be combined with other technologies. One promising idea is to run MPC inside a TEE. For example, multiple enclaves on different nodes, each holding a part of secret data, can collaboratively compute using MPC while each enclave keeps its share secure. This hybrid provides deep defense: an attacker would need to compromise enclaves and corrupt enough participants to access all secret shares. Another combination is using ZK proofs to demonstrate what an enclave has done. For instance, an enclave can output a short zk-SNARK proving that it correctly followed a protocol on certain encrypted inputs. This can reduce the trust required in the enclave. Even if the enclave is malicious, if it deviates from the prescribed computation, it cannot produce a valid proof unless it also compromises the ZK cryptography. These ideas are still in the research phase but are being actively explored.

In current practice, projects like TEN (a cryptographic network, an Ethereum Layer-2 solution) use secure enclaves to implement confidential rollups. TEN's approach uses enclaves to encrypt transaction data and privately execute smart contracts while still producing an optimistically verified rollup block. They emphasize that secure enclaves provide a high level of confidence in the code being executed, meaning users can be assured of how their data is handled, as the code is known and proven, even if they cannot see the data itself. This highlights a key advantage of TEE: deterministic, verifiable execution. Everyone can agree on the hash of the code that should run, and the enclave ensures that only that code executes while keeping inputs hidden.

Composable DeCC Technology Stack (Hybrid Approaches)

One exciting aspect of Privacy 2.0 is that these technologies are not isolated (although they can and do get used independently); they can be combined. Just as traditional cloud security employs layered defenses like firewalls, encryption, and access control, DeCC confidential computing can layer technologies to leverage their respective strengths.

Several combinations are being explored: MPC with TEE, ZK with TEE, GC with ZK, FHE with ZK, and so on. The ultimate goal is clear: no single technology is perfect. Combining these methods can compensate for their respective limitations.

Here are some patterns currently under development:

MPC with TEE (MPC inside enclaves): In this approach, an MPC network operates where each node's computation occurs within a TEE. For example, consider a network of ten nodes using MPC to jointly analyze encrypted data. If an attacker compromises one node, they can only access the enclave holding a single share of the secret, which does not leak any information by itself. Even if the SGX on that node is compromised, only a small portion of data is exposed. To compromise the entire computation, a certain number of enclaves would need to be breached. This greatly enhances security, provided the integrity of the enclaves remains intact. Trade-offs include the higher overhead introduced by MPC and reliance on TEE, but for high-assurance scenarios, this hybrid is reasonable. This model effectively layers cryptographic and hardware trust guarantees.
ZK proofs with MPC or FHE: ZK proofs can serve as an auditing layer. For example, an MPC network can compute a result and then jointly generate a zk-SNARK to prove that the computation followed the defined protocol without exposing inputs. This adds verification confidence for external consumers (e.g., the blockchain receiving the results). Similarly, in an FHE environment, since the data remains encrypted, ZK proofs can be used to demonstrate that computations were correctly executed on ciphertext inputs. Projects like Aleo adopt this strategy. The computation is done privately, but verifiable proofs can attest to its correctness. The complexity should not be underestimated, but the potential for composability is immense.
ZK proofs with GC: Zero-knowledge proofs are often used with garbled circuits to prevent potential malicious garblers. In more complex GC-based systems involving multiple garblers and evaluators, ZK proofs also help verify whether individual garbled circuits have been correctly assembled into larger computational tasks.
TEE with ZK (proof-enabled shielded execution): TEEs can produce proofs of correct execution. For example, in a sealed-bid auction, an enclave can compute the winner and output a ZK proof confirming that the computation was correctly executed on encrypted bids without revealing any bid details. This approach allows anyone to verify the results even with limited trust in the enclave. While still largely experimental, early research prototypes are exploring these confidential knowledge proofs to combine the performance of TEE with the verifiability of ZK.
FHE with MPC (threshold FHE): A known challenge of FHE is that the decryption step can leak results to entities holding the key. To decentralize this, MPC or secret sharing can be used to split the FHE private key among multiple participants. Once the computation is complete, a collective decryption protocol is executed, ensuring that no single participant can independently decrypt the result. This structure eliminates centralized key custody, making FHE suitable for threshold use cases like private voting, encrypted mempool, or collaborative analysis. Threshold FHE is an active research area closely related to blockchain.
Secure hardware and cryptography for performance isolation: Future architectures may allocate different workloads to different privacy-preserving technologies. For example, compute-intensive AI tasks could run in secure enclaves, while logic that emphasizes security (like key management) could be handled by cryptographic protocols such as MPC, GC, or FHE. Conversely, enclaves could be used for performance-critical but low-consequence lightweight tasks. By breaking down the privacy needs of applications, developers can assign each component to the most appropriate trust layer, similar to how traditional systems layer encryption, access control, and HSMs.

The composable DeCC technology stack model emphasizes that applications do not need to choose a single privacy method. They can integrate multiple DeCC technologies, customizing according to the needs of specific components. For instance, many emerging privacy networks are being built in a modular fashion, supporting ZK and MPC, or providing configurable confidentiality layers based on use cases.

Admittedly, combining technologies increases engineering and computational complexity, and in some cases, performance costs may be too high. However, for high-value workflows, especially in finance, AI, or governance, this layered security model is reasonable. Early examples are already in operation. Oasis Labs has prototyped a TEE MPC hybrid solution for private data markets. Academic projects have demonstrated MPC and GC computations verified by zk-SNARKs, highlighting the growing interest in cross-model verification.

Future dApps may run encrypted storage via AES or FHE, perform computations using a mix of MPC, GC, and TEE, and publish verifiable ZK proofs on-chain. Although users may not see it, this privacy technology stack will enforce robust protections against data leakage and unauthorized inferences. The ultimate goal is to make this level of privacy infrastructure the default and transparent, providing applications that feel familiar but operate under fundamentally different trust assumptions.

Venture Capital and Developer Momentum

Privacy-preserving computing has become a significant area of capital allocation in the crypto space, with investment activity continuing to rise. Investors and builders are increasingly convinced that decentralized confidential computing (DeCC) will unlock new market opportunities by enabling private applications that would otherwise be infeasible on public blockchain infrastructure.

The cumulative venture capital funding for leading DeCC projects has exceeded hundreds of millions of dollars. Notable examples include:

Aleo, a Layer-1 network built using zero-knowledge proofs for private applications, has raised approximately $228 million. This includes a $28 million Series A funding round led by a16z in 2021, and a $200 million Series B funding round completed in 2022 at a valuation of $1.45 billion. Aleo is investing in developer tools and its broader ecosystem of privacy-preserving applications.
Partisia Blockchain, which combines secure multi-party computation (MPC) with blockchain infrastructure, raised $50 million in 2021 to expand its privacy-preserving Layer-1 and Layer-2 platforms. Its funding comes from strategic and institutional supporters focused on confidential data use cases.
Fhenix, an Ethereum Layer-2 implementing fully homomorphic encryption (FHE), raised $15 million in a Series A funding round in June 2024, bringing its total funding to $22 million. Early investors include a16z and Hack VC, reflecting confidence in the feasibility of executing cryptographic smart contracts.
Mind Network, focused on building an FHE-based data processing privacy layer, raised $10 million in a Pre-A funding round in September 2024, bringing its total funding to $12.5 million. The project targets applications such as secure voting, private data sharing, and confidential AI execution.
Arcium, a confidential computing network on Solana, raised $5.5 million from Greenfield Capital in early 2025, with a total funding amount of $9 million to date. Arcium positions itself as a cryptographic computing layer for high-throughput chains.
COTI partnered with Soda Labs to commit $25 million from its ecosystem fund for the development of an MPC-based privacy Layer-2. This collaboration focuses on advancing obfuscation circuit technology for privacy-preserving payments.
TEN, an Ethereum-based Layer-2 using trusted execution environments (TEE), raised $9 million in a funding round led by the R3 consortium at the end of 2023, bringing its total funding to $16 million. The team includes engineers with experience in building permissioned blockchain infrastructure.
Penumbra, a Cosmos-based privacy zone for DeFi, raised $4.75 million in a seed funding round led by Dragonfly Capital in 2021. The project aims to support privacy swaps and anti-MEV transactions.
Aleph Zero, a privacy-supporting Layer-1 using DAG consensus and zero-knowledge technology, raised approximately $21 million through public and private token sales. It positions itself as a foundational layer with built-in confidentiality features.
Traditional projects also continue to contribute to this momentum. The Secret Network, which evolved from the Enigma project, raised $45 million through a token sale in 2017 to launch the first TEE-based smart contract platform, with total investments reaching $400 million. iExec, a decentralized cloud platform supporting TEE, raised approximately $12 million and subsequently received funding to advance confidential data tools.

If token allocations, ecosystem funds, and public fundraising revenues are included, total investments in the DeCC space could approach $1 billion. This is comparable to funding levels in areas such as Layer-2 scaling or modular infrastructure.

The DeCC ecosystem is also continuously expanding through partnerships and open-source collaboration. Organizations like the Confidential Computing Consortium have welcomed blockchain-based members such as iExec and Secret Network to explore standards across private computing. Academic initiatives, developer hackathons, and privacy-focused conferences are nurturing technical talent and community engagement.

Projects are also enhancing accessibility through SDKs, languages, and APIs that abstract the complexities of cryptography. For example, tools like Circom, ZoKrates, and Noir simplify zero-knowledge development, while platforms like Arcium's Arcis lower the barrier to entry for building with MPC. Developers can now integrate privacy into decentralized applications without requiring advanced cryptographic expertise.

Collaborations with enterprises and government agencies further validate the field. Partisia has partnered with the Okinawa Institute of Science and Technology (OIST) on a joint cryptography research project, while Secret Network collaborates with Eliza Labs to develop confidential AI solutions.

With ongoing growth in funding and ecosystem activity, DeCC is becoming one of the most capital-rich and rapidly developing areas in crypto infrastructure, attracting significant interest from builders and institutional stakeholders. That said, like any emerging technology cycle, many projects in this field may not realize their visions or achieve meaningful adoption. However, a small subset may persist, setting technical and economic standards for privacy-preserving computing across decentralized systems.

DeCC Ecosystem

The decentralized confidential computing (DeCC) ecosystem consists of technologies and frameworks that support secure computation across distributed systems. These tools enable sensitive data to be processed, stored, and transmitted without exposing it to any single party. By combining cryptographic techniques, hardware-enforced isolation, and decentralized network infrastructure, DeCC addresses critical privacy limitations in public blockchain environments. This includes challenges related to transparent smart contract execution, unprotected off-chain data usage, and the difficulty of protecting confidentiality in systems designed for openness.

DeCC infrastructure can be broadly categorized into six major technological pillars:

Zero-knowledge proofs (ZKP) for verifiable private computation.
Multi-party computation (MPC) for collaborative computing without data sharing.
Garbled circuits (GC) for computing on standard encrypted data.
Fully homomorphic encryption (FHE) for direct computation on encrypted inputs.
Trusted execution environments (TEE) for hardware-based confidential processing.
Decentralized privacy networks for routing and infrastructure-level metadata protection.

These components are not mutually exclusive and are often combined to meet specific performance, security, and trust requirements. The following sections highlight projects implementing these technologies and how they fit into the broader DeCC landscape.

FHE-Based Projects

Many DeCC projects utilize fully homomorphic encryption (FHE) as their primary mechanism for implementing encrypted computation. These teams focus on applying FHE to areas such as private smart contracts, secure data processing, and confidential infrastructure. While FHE is computationally intensive compared to other methods, its ability to compute on encrypted data without decryption provides strong security guarantees. Key projects in this category include Octra, Mind Network, and Fhenix, each experimenting with different architectures and use cases to bring FHE closer to practical deployment.

Fhenix

Fhenix is an FHE R&D company dedicated to building scalable, real-world fully homomorphic encryption applications. Fhenix's FHE co-processor (CoFHE) is an off-chain computing layer designed to securely process encrypted data. It offloads heavy cryptographic operations from the main blockchain (such as Ethereum or L2 solutions) to enhance efficiency, scalability, and privacy without compromising decentralization, while providing an easy integration method. This architecture allows computations on encrypted data without decryption, ensuring end-to-end privacy for decentralized applications. Fhenix is fully compatible with EVM, allowing developers to quickly and easily build FHE-based applications using Solidity and existing Ethereum tools like Hardhat and Remix. Its modular design includes components like FheOS and Fhenix's threshold network, which manage FHE operations and FHE decryption requests, providing a flexible and adaptive platform for privacy-preserving applications.

Key Innovations and Features

Seamless integration with EVM chains: Fhenix enables any EVM chain to access encryption capabilities with minimal modifications. Developers can integrate FHE-based encryption into their smart contracts with a single line of Solidity code, simplifying the adoption of confidential computing across various blockchain networks.
Fhenix co-processor: Fhenix offers a co-processor solution that can connect locally to any EVM chain, providing FHE-based encryption services. This approach allows existing blockchain platforms to enhance their privacy features without overhauling their infrastructure.
Institutional adoption and collaboration: FHE-based confidentiality is crucial for institutional adoption of Web3 technologies. A proof-of-concept project in collaboration with JPMorgan demonstrated the platform's potential to meet stringent privacy requirements in the financial services sector.
Enhanced decryption solutions: The Fhenix team has developed a high-performance threshold network for decrypting FHE operations in conjunction with MPC and FHE. Advances in the Fhenix TSN network have reduced decryption latency and computational overhead, enhancing the user experience for privacy-preserving applications.
Various use cases in development: Fhenix focuses on bringing encrypted computation to developers within existing ecosystems (such as EVM chains). Current developments include confidential lending platforms, dark pools for private trading, and confidential stablecoins, all benefiting from FHE's ability to maintain data privacy during computation.

Mind Network

Mind Network is a decentralized platform that pioneeringly integrates FHE to establish a fully encrypted Web3 ecosystem. Mind Network serves as an infrastructure layer, enhancing security across data, consensus mechanisms, and transactions by performing computations on encrypted data without decryption.

Key Innovations and Features

The first project to implement FHE on the mainnet: Mind Network has achieved quantum-resistant, fully encrypted data computation by introducing its FHE to the mainnet, marking a significant milestone. This advancement ensures that data remains secure throughout its lifecycle—during storage, transmission, and processing—addressing the inherent vulnerabilities of traditional encryption methods.
Introduction of HTTPZ: Building on the standard HTTPS protocol, Mind Network is committed to realizing the vision of HTTPZ proposed by Zama, a next-generation framework that maintains continuous data encryption for a fully encrypted network. This innovation ensures that data remains encrypted during storage, transmission, and computation, eliminating reliance on centralized entities and enhancing security across various applications, including AI, DeFi, DePIN, RWA, and gaming.
Agentic World: Mind Network's FHE computing network is utilized for AI agents in Agentic World, which is built on three pillars:
Consensus Security: AI agents in distributed systems must reach reliable decisions without manipulation or conflict.
Data Privacy: AI agents can process encrypted data without exposing it.
Value Alignment: Ethical constraints are embedded in AI agents to ensure their decisions align with human values.
FHE Bridge for Cross-Chain Interoperability: Mind Network provides an FHE bridge to facilitate a seamless decentralized ecosystem. This bridge promotes secure interoperability between different blockchain networks, allowing encrypted data to be processed and transmitted across chains without exposing sensitive information, supporting the development of complex multi-chain applications. Chainlink is currently integrating it with CCIP.
DeepSeek Integration: Mind Network becomes the first FHE project integrated with DeepSeek, a platform known for its advanced AI models. This integration leverages Mind Network's FHE Rust SDK to protect encrypted AI consensus.

Octra

Octra is a universal, chain-agnostic network founded by former VK (Telegram) and NSO team members who have a decade of experience in the cryptography field. Since 2021, Octra has been developing a proprietary fully homomorphic encryption (FHE) solution based on hypergraphs (HFHE), allowing for near-instant computation on encrypted data. Unlike other FHE projects, Octra operates completely independently, without relying on third-party technologies or licenses.

Key Innovations and Features

Proprietary HFHE Solution: Octra's unique HFHE utilizes hypergraphs to achieve efficient binary operations, supporting parallel computation where different nodes and hyperedges are processed independently.
Isolated Execution Environment: The network supports isolated execution environments, enhancing the security and privacy of decentralized applications.
Diverse Codebase: Primarily developed in OCaml and C++, with support for Rust for contracts and interoperability solutions, Octra offers flexibility and robustness in its infrastructure.

Current Developments

HFHE Sandbox: Octra's HFHE demonstration is available in its sandbox environment, showcasing practical applications of its cryptographic technology.
Testnet Progress: The first validators have connected to the testnet, marking a significant step toward network stability and reliability.
Academic Contributions: A paper set to be published at the International Association for Cryptologic Research (IACR) will detail Octra's HFHE advancements, reflecting their commitment to contributing to the broader cryptographic community.
Mainnet and Rollup Builder: Octra plans to launch its mainnet for key management and storage in 2025, with an EVM/SVM rollup builder expected in 2026, aimed at enhancing scalability and interoperability across blockchain platforms.

Funding and Community Engagement

In September 2024, Octra secured $4 million in pre-seed funding led by Finality Capital Partners, with participation from investors such as Big Brain Holdings, Karatage, Presto Labs, and Builder Capital. In January 2025, Octra further raised $1.25 million through Cobie's angel syndicate investment platform Echo, which sold out in less than a minute. These investments highlight confidence in Octra's potential to revolutionize data privacy and security. The project maintains active engagement with the developer community through platforms like GitHub and recently released a public WASM sandbox, providing an experimental version of its HFHE library for testing and feedback.

By combining proprietary HFHE technology with a robust and flexible infrastructure, Octra aims to set new standards for secure, efficient, and decentralized data processing across various applications.

GC-Based Projects

Garbled Circuits (GC) is a specialized form of encrypted data computation that allows two or more parties to jointly evaluate a function without revealing their respective inputs. While GC is primarily used to address encrypted data computation issues, it can also solve various privacy and security challenges, such as zero-knowledge proofs and anonymous token-based internet authentication.

Projects like COTI and Soda Labs are applying GC-based technology to enable confidential messaging, private payment protocols, and scalable privacy layers.

COTI

COTI is a fast, lightweight L2 privacy solution built on Ethereum, providing on-demand privacy services for over 70 chains. COTI implements low-cost, scalable confidentiality to protect financial transactions and sensitive data. Individuals can participate in Web3 without disclosing personal information, businesses can protect proprietary data, and AI agents can operate as sovereign entities. COTI was initially launched in 2017, and its cross-chain capabilities bring permissioned privacy to dApps across all major blockchains without compromising speed, cost, or composability.

At the core of COTI's privacy technology stack is its garbled circuit developed in collaboration with Soda Labs. This cryptographic technology allows for private computation on encrypted data, achieving privacy with significantly higher efficiency compared to FHE. COTI supports a wide range of practical use cases, from consumer payments to enterprise integrations and government-level digital currency pilots. For highly regulated environments, COTI's proprietary Data Privacy Framework (DPF) allows for regulatory audits of encrypted data without compromising user privacy, making it ideal for regulated industries such as banking, lending, and government.

Key Innovations and Features

On-Chain Garbled Circuits: COTI is the first Ethereum L2 to implement garbled circuits on-chain, enabling encrypted computation without revealing inputs. This provides strong privacy guarantees and minimal overhead across over 70 networks.
Performance and Efficiency: COTI's privacy technology stack delivers exceptional performance, with its garbled circuit implementation being 1000 times faster and 250 times more storage-efficient than FHE-based alternatives.
EVM Compatibility: Fully compatible with Solidity and existing Ethereum tools, allowing developers to easily integrate privacy-preserving logic without new languages or infrastructure.
Major Partnerships: COTI has established integrations with platforms such as MyEtherWallet, Bancor, Hacken, and AnChain.ai, showcasing adoption across the ecosystem.

Enterprise Blockchain Participation

COTI is a member of the Enterprise Ethereum Alliance and has collaborated with central banks on CBDC pilot projects, including the European Central Bank's digital euro and the Bank of Israel's digital shekel project.

Soda Labs is a cryptographic infrastructure company focused on garbled circuits, which can compute directly on encrypted data without decryption. This approach ensures data privacy and security, which is crucial for sensitive applications in blockchain, AI, finance, and healthcare.

Through its flagship innovation gcEVM—a unique adaptation of garbled circuit technology for blockchain environments—Soda Labs enables dApps to accept and process encrypted data on-chain. The platform emphasizes efficiency, compatibility with existing developer tools, and adherence to established cryptographic standards like AES. This innovation unlocks practical, privacy-sensitive use cases that meet the stringent requirements of individuals, businesses, and regulated financial institutions. Key applications include confidential stablecoins and payments, private decentralized exchanges (DEX) and over-the-counter (OTC) trading, secure tokenization of real-world assets (RWA), private identity management systems, and robust governance solutions.

Technical Overview

Soda Labs leverages the powerful cryptographic technology of garbled circuits (GC) to securely compute directly on encrypted data. GC primarily utilizes widely adopted standardized symmetric key encryption schemes, such as AES. This avoids the need for heavy computations on the client side, such as generating complex zero-knowledge proofs (as required by ZK or FHE-based solutions). Instead, users of Soda Labs' decentralized secure computing platform interact with a lightweight SDK driven solely by standard Open-SSL (similar to what is used in modern browsers), which can run seamlessly on almost any device.

Its architecture supports user-specific encryption keys and contract-defined decryption logic. This allows for the enforcement of data confidentiality at multiple levels, ranging from value transfers and bids to user identities and application logic, spanning native chains and existing EVM networks through a modular co-processor model.

Key Innovations and Features

From Yao's Circuits to Multi-Party DeCC: Soda Labs' innovative GC-based computation separates the obfuscation and evaluation phases, allowing many (potentially thousands) of evaluators to participate in protecting encrypted data without compromising performance.
High performance even under peak demand: Soda Labs invented an offline welding technique that allows for preprocessing for peak computational demands, even without knowing in real-time what computations (contract functions) will be requested.
Strong security guarantees for users: One of the main concerns of DeCC is the collusion of network nodes, whether to compromise privacy or steal user funds. Soda Labs developed a protocol to ensure complete verifiability, meaning that even in the catastrophic event of all nodes colluding, users are financially protected.
gcEVM – Confidential Virtual Machine: A modified Ethereum-compatible virtual machine that introduces new instructions for processing encrypted data. Developers use Solidity-like syntax to build dApps that can compute and selectively decrypt data.

Two deployment modes:

gcEVM Chain (Integrated Privacy): Fully integrated into the blockchain's node software for native confidential computing.
gcCo-Processor (Asynchronous Privacy): An overlay network for existing chains (L1, L2, and oracles) that offloads confidential computing and returns decrypted outputs to the chain.
Enterprise and network adoption: Adopted and put into production by major blockchain COTI V2 network, and currently being evaluated by significant entities such as the European Central Bank's digital euro program and Chainlink Labs. Soda Labs has partnered with the Nvidia Inception Program to further optimize its performance by leveraging Nvidia's hardware.
Performance: Current benchmarks show that confidential transactions for ERC-20 operations achieve speeds of 80-100 transactions per second (ctps), with upcoming optimizations expected to reach around 1000 ctps.

Soda Labs' infrastructure provides a practical, cryptographically secure alternative for computation-intensive cryptographic models, enabling scalable, programmable privacy for both decentralized and traditional applications.

MPC-Based Projects

Multi-Party Computation (MPC) allows multiple parties to jointly compute a function about their combined input values without revealing their respective data. MPC is one of the most mature technologies in the field of confidential computing, known for its strong security guarantees and flexible deployment models. In the DeCC ecosystem, projects like Arcium and Partisia are leveraging MPC to support private computing across use cases, including cross-organizational data collaboration, secure key management, and decentralized identity systems.

Arcium

Arcium, known as the "cryptographic supercomputer," is a decentralized confidential computing network designed for secure, verifiable computation on fully encrypted data. Arcium operates not as a traditional Layer-2 but as an independent decentralized execution layer integrated with high-performance blockchains like Solana. Its architecture utilizes MPC protocols to ensure that no single participant can access sensitive data during processing while maintaining auditability and performance.

Key Innovations and Features

Multi-Party Execution Environment (MXE): Arcium's architecture employs MXE, allowing independent clusters of nodes to process encrypted computations in parallel. This design enhances speed and scalability, requiring only one honest participant to ensure privacy, supported by cryptographic proofs and economic incentives such as staking and penalties.
arxOS: The core of the Arcium network is arxOS, a distributed operating system that coordinates decentralized nodes called Arx. This system manages resources and securely executes programs across the network, enabling efficient and confidential computation.
Arcis Developer Framework: To facilitate the development of privacy-preserving applications, Arcium provides Arcis, a Rust-based framework. Arcis allows developers to seamlessly integrate encrypted computation into their applications, promoting the creation of secure and private solutions.
Inpher Integration: Arcium acquired the core technology and team of leading Web2 confidential computing company Inpher. This acquisition will bring advanced MPC solutions for confidential machine learning into Arcium's ecosystem, accelerating its mainnet launch and expanding its confidential computing capabilities.

Vision and Impact

Arcium aims to redefine digital interactions by enabling secure computation on fully encrypted data, eliminating the need to expose information during processing. This approach addresses a fundamental flaw in traditional data usage, where data must be exposed to be utilized, leading to privacy erosion and potential exploitation. By protecting privacy, Arcium unlocks novel on-chain and off-chain use cases while enhancing existing ones, empowering industries such as AI, DeFi, and decentralized physical infrastructure networks (DePIN).

Funding and Support

With over $10 million in funding from investors including Coinbase Ventures, LongHash, Greenfield, Jump, Anatoly (Solana), Keone (Monad), Santiago R Santos, Mert (Helius), and Balaji Srinivasan, Arcium is leading a significant technological revolution in the field of confidential computing.

By providing a trustless, verifiable, and high-performance framework for cryptographic computation, Arcium is poised to transform the digital landscape, ensuring that data can be fully utilized without being exposed, marking a paradigm shift in the digital world.

Partisia Blockchain

Partisia Blockchain is an L1 public blockchain that uniquely combines secure multi-party computation (MPC) with blockchain technology to provide privacy-preserving and scalable solutions. This integration allows computations to be executed directly on encrypted data without exposing it to participating nodes, ensuring confidentiality and data integrity.

Key Innovations and Features

Extensive MPC Research and Expertise: With over 35 years of research and more than 1000 published research papers, Partisia Blockchain's foundation is built on extensive expertise in the field of MPC. The founders are renowned cryptographers who have made significant contributions to the field, bringing unparalleled knowledge to the platform's development.
Customizable MPC Smart Contract Language: Partisia Blockchain offers a customizable MPC smart contract language that can be called from any blockchain as a service. This feature allows Partisia to provide its MPC technology as a service to other chains, enhancing privacy and security across various blockchain ecosystems.
Sharding for Scalability: The platform supports sharding at both the protocol and smart contract layers, improving scalability and transaction throughput. This design ensures that the network can efficiently handle a large volume of transactions, addressing the scalability challenges typically faced by blockchain networks.
Bring Your Own Coin (BYOC) Model: Partisia Blockchain's BYOC model allows users to utilize tokens from other blockchains within its ecosystem, promoting interoperability and flexibility. This approach enables seamless integration of various digital assets, enhancing the platform's utility and accessibility.

Founding Leadership

The leadership team consists of pioneers in the fields of cryptography and blockchain technology:

Ivan Damgård: Co-founder and Chief Cryptographer, Ivan is a professor at Aarhus University and head of the cryptography research group. He co-founded Cryptomathic, Partisia Blockchain, and Sepior, and is recognized as one of the most cited researchers in the field of cryptography.
Kurt Nielsen: Co-founder and Chairman of the Foundation Council, Kurt holds a PhD in economics and co-founded Partisia, Sepior, and Partisia Blockchain. He has over 15 years of experience in transforming advanced cryptographic solutions into innovative high-tech businesses.
Peter F. Frandsen: Co-founder and member of the Foundation Council, Peter has a strong background in software building and project management, focusing on blockchain and MPC for the past 10 years. Peter managed the construction of the Partisia Blockchain platform, demonstrating practical applications of MPC and blockchain integration.

Vision and Impact

Partisia Blockchain aims to set new standards for secure solutions for managing confidential data across users and platforms. By combining MPC with blockchain technology, it addresses challenges related to privacy, interoperability, and scalability, promoting transparency and accountability across various fields.

Through its innovative approach, Partisia Blockchain is expanding the possibilities for Web3 applications, enabling developers to build decentralized applications that require secure and private data processing. This advancement is crucial for the development of the Web3 ecosystem and attracting new users by addressing real-world problems.

TEE-Based Projects

Trusted Execution Environments (TEE) provide hardware-based isolation for secure computation and remain a core component of many DeCC architectures. TEEs are particularly effective for executing general-purpose applications with low performance overhead, making them well-suited for use cases such as confidential smart contracts, secure data processing, and private AI workloads. Projects including iExec, Marlin, TEN, Phala Network, and Secret Network are actively deploying TEE infrastructure to bring confidential execution into decentralized systems.

iExec

iExec is a decentralized confidential computing platform that utilizes TEE-based CPU and GPU infrastructure to achieve trusted off-chain execution. It provides developers with the tools and resources to build and monetize privacy-preserving applications across AI, DeFi, RWA, and data-driven use cases.

The iExec ecosystem allows participants to control, protect, and monetize digital assets such as computing power, personal data, code, and AI models. The RLC token is an ERC-20 utility token that supports the platform's operations by providing access to infrastructure, developer tools, and rewards for contributors.

Key Innovations and Features

Confidential Computing Infrastructure: Supports secure execution environments powered by Intel SGX, with upcoming support for Intel TDX and NVIDIA CCA GPUs, allowing the deployment of any confidential services, including AI agents and model training.
Digital Asset Monetization: Users can directly monetize digital assets, such as AI models or datasets, using RLC tokens through the protocol.
Token Economics Initiative: iExec has launched a new token economics mechanism aimed at incentivizing builders, holders, and end-users to enhance participation and ensure a sustainable circular token economy.
AI Framework: Provides tools for AI developers, including templates based on TensorFlow and PyTorch, which simplify the development and deployment of AI agents and inference workloads.
Confidential Service Support: New features support hosting verifiable and secure services in TEE for AI, analytics, and other sensitive workloads, advancing the concept of confidential AI.

Developer Ecosystem and Tools

Developer SDK: Provides seamless access to confidential infrastructure, with built-in monetization and encryption protection.
iApp Generator: Capable of quickly packaging and deploying applications into TEE with minimal configuration.
iExec Vouchers: Fixed-price options for accessing infrastructure and tools, supporting predictable development costs.

Ecosystem Growth and Recent Developments

iExec continues to expand its ecosystem through strategic partnerships, infrastructure enhancements, and product innovations. In 2024, it launched a $1 million RLC ecosystem fund to accelerate leading Web3 projects through investments, technical guidance, and developer support. To expand its computing capabilities, iExec is onboarding GPU and CPU providers, collaborating with attractive Layer 2 networks, and integrating decentralized storage solutions for secure, scalable data processing.

As part of its broader vision for confidential AI, it joined AI Unbundled, a cross-industry alliance that unites decentralized computing, storage, and blockchain infrastructure. In the same year, iExec launched DataProtector, a tool that integrates confidential workflows into dApps, and was included in Intel's 2024 AI inference catalog for achieving private data processing in medical diagnostics. iExec remains an active member of the DeCC Alliance, which is dedicated to advancing standards for decentralized confidential computing.

Marlin

Marlin is a verifiable computing protocol that leverages TEE and ZK-based co-processors to delegate complex workloads on decentralized cloud infrastructure. Unlike traditional L1 blockchains, Marlin acts as a decentralized cloud platform, providing secure and private computing without relying on a single underlying blockchain.

The protocol offers two main services:

Oyster: This subnet specializes in providing TEE-based serverless co-processors that can scale on demand. Oyster allows instances to be rented individually for any duration or tasks to be delegated to a pool of nodes in a serverless manner, ensuring users only pay for execution time. Smart contracts and Web2 APIs can be used to rent nodes and delegate tasks, enhancing flexibility and integration capabilities.
Kalypso: As a permissionless ZK proof marketplace for any circuit, Kalypso facilitates the generation and verification of zero-knowledge proofs. It operates in a transparent and trustless manner, allowing services to be registered, tracked, and verified securely and publicly. Kalypso's architecture integrates contracts and the Marlin Oyster enclave, providing users with hardware-level integrity and confidentiality guarantees.

Key Innovations and Features

Serverless Functionality: In addition to renting confidential virtual machines, Marlin uniquely offers serverless functionality, allowing users to pay per request and benefit from on-demand scalability.
Simplified Enclave Deployment: Developers can easily build and deploy enclaves using Docker images, simplifying the process of creating secure environments for application execution.
Flexible Key Management Service (KMS): Marlin provides a universal KMS where code running in the enclave can securely retrieve persistent private keys through remote attestation-based authentication. These keys can be used for encrypting, storing, and decrypting content, allowing TEE-based applications to recover state in case of enclave failure or shutdown.
Reproducible Builds: Utilizing Nix, Marlin ensures fully reproducible builds, enabling users to verify that the applications they interact with are built from a specific codebase through remote attestation.
Custom TLS Protocol (Scallop): Marlin introduces Scallop, a custom TLS protocol that allows enclaves to establish secure encrypted channels with other enclaves or users, using remote attestation instead of traditional SSL certificates.

Marlin has also pioneered several innovations:

Decentralized Frontend: By leveraging TEE, Marlin can issue SSL certificates to enclaves, facilitating the development of verifiable decentralized frontends.
Confidential ZK Proof Generation: Marlin supports the generation of zero-knowledge proofs within TEE, protecting the confidentiality of private inputs during proof generation.

Phala Network

Phala Network is the next-generation cloud platform that provides a low-cost, user-friendly, trustless environment, making zero-trust computing accessible to a wide range of developers. By leveraging a hybrid infrastructure that includes Trusted Execution Environments (TEE), blockchain, Multi-Party Computation (MPC), and Zero-Knowledge Proofs (ZKP), Phala offers flexible, open-source, and cost-effective verification solutions for any developer and any type of program.

Key Innovations and Features:

TEE Abstraction through Decentralized Key Management: Phala's architecture abstracts different TEE hardware (Intel SGX/TDX, AMD SEV, NVIDIA CC) into a unified, virtualized computing layer. This is achieved through a decentralized key management system (KMS), eliminating central trust points and enabling seamless, secure workload execution across various hardware environments.
Dstack: Developer Stack for Trusted Applications: A lightweight open-source SDK that allows developers to deploy Dockerized TEE applications in minutes. Dstack is completely vendor-agnostic and is designed for quick integration into existing Web2 and Web3 workflows without rewriting or hassle.
AI-Native Verifiable Cloud: Optimized for AI workloads, Phala supports GPU-based TEE and verifiable computing execution, ensuring outputs are auditable, tamper-proof, and privacy-protected. Ideal for AI agents, MEV protection, and ML inference engines.
T16Z Concept: Composable Cryptographic Stack: Phala introduces the T16Z framework, a layered architecture that combines Trusted Execution (TEE), ZKP, MPC, and blockchain game theory. This stack supports composable trust models for applications requiring dynamic security and privacy guarantees.
DePIN: Decentralized Physical Infrastructure Network: Phala operates one of the world's largest TEE-based DePINs, with over 25,000 secure nodes. It provides a community-owned computing layer for AI and Web3, supported by real economic security (ensuring over $5 million in computing value).

Developer Ecosystem and Tools

Phala offers a robust developer environment, including:

Dstack (Developer Stack): One-click deployment of TEE containers. Supports Intel TDX, AMD SEV, and NVIDIA confidential computing.
TEE as a Service: Confidential and auditable computing environments. GPU/CPU abstraction across hardware vendors.
Phala Cloud (DePIN): Decentralized infrastructure for AI-native and Web3 applications. Runs inference engines, secure MEV relays, and confidential dApps.
RA Explorer: View and verify remote attestation.

Network Security and Decentralization

Phala addresses the core limitations of traditional TEE, such as centralized attestation and vendor lock-in, through:

Blockchain-based Attestation: Eliminating reliance on Intel or AMD attestation authorities.
Decentralized Key Management: Secure, autonomous key control across nodes.
Open Enclave Updates: Hardware abstraction across SGX, TDX, SEV, and NVIDIA CC for resilience and flexibility.
Large-Scale Verifiability: All computations are supported by cryptographic proofs and can be traced on-chain.

Secret Network

Secret Network is an L1 network that integrates advanced cryptographic techniques and TEE to ensure data privacy in dApps. It is built using the Cosmos SDK and Tendermint consensus, providing scalability and interoperability within the blockchain ecosystem.

Key Innovations and Features

Secret Contracts: These smart contracts handle encrypted inputs and outputs, maintaining data confidentiality throughout the computation process. This enables developers to create dApps with enhanced privacy features, catering to use cases that require secure data processing.
Confidential Computing: By leveraging TEE, Secret Network ensures that data is stored, processed, and protected in a trusted environment, even nodes executing the computations cannot access it.
Interoperability: As part of the Cosmos ecosystem, Secret Network utilizes the Inter-Blockchain Communication (IBC) protocol, enabling seamless interaction with over 110 interconnected blockchains.

Recent Developments

Secret AI: Secret Network has expanded its capabilities with the launch of Secret AI, a decentralized confidential computing solution that brings trustworthy AI to privacy-conscious users. Secret AI is built on Secret Network and utilizes NVIDIA confidential computing with TEE capabilities to provide fully confidential AI interactions.
Verifiable Agent Infrastructure: As announced in the 2025 roadmap, Secret is launching infrastructure for running arbitrary workloads (such as AI agents, MCP servers, etc.) inside confidential virtual machines.
End-to-End Confidential Solutions: Secret's AI and verifiable agent infrastructure leverage the project's battle-tested confidential computing blockchain to provide end-to-end confidential solutions. Secret's blockchain is used for payments and to provide confidential AI and confidential VM services, protecting sensitive metadata related to user activities and finances.
Partnerships: Secret Network has established strategic partnerships to advance privacy-preserving AI agents. Key partners include Aethir, Eliza OS, Zekret, and Kuvi.ai. For example, through collaboration with Project Zero, they aim to combine confidential computing infrastructure with advanced data solutions to lay the foundation for a secure, customizable, and private AI-driven economy.

Ecosystem and Community

Since the mainnet launch in September 2020, Secret Network has processed millions of transactions and nurtured a vibrant dApp ecosystem, including the Shade DeFi suite, Stashh NFT marketplace, and more. The platform's native token SCRT is used for transaction fees, staking, and governance, playing a crucial role in network security and decision-making processes.

TEN

TEN is an L2 rollup on Ethereum that utilizes TEE to provide confidential and scalable smart contract execution. By leveraging TEE, TEN enables encrypted transactions and confidential computing, allowing developers to create dApps with enhanced privacy features. The platform is fully compatible with the Ethereum Virtual Machine (EVM), enabling seamless migration of existing Ethereum dApps without modification. Additionally, TEN addresses issues related to Maximum Extractable Value (MEV) by encrypting transaction data, mitigating front-running and other exploitative behaviors.

Background and Expertise

The team behind TEN has a strong track record in blockchain development, having previously built the Corda blockchain, which currently handles over $10 billion in on-chain assets. With this experience, the founders integrated Corda's TEE encryption technology into Ethereum, bringing decentralized confidential computing to one of the largest communities in Web3.

Key Innovations and Features

TEN introduces several novel features to the Ethereum ecosystem:

Programmable Cryptography: As the first Ethereum L2 with programmable cryptography, TEN allows any Web2 application to seamlessly transition into the Web3 space, expanding the potential for decentralized applications.
TEE Rollups: By utilizing TEE rollups, TEN significantly broadens the design space for Web3 applications, enabling more complex and secure functionalities.
Incentivized Validator Network: TEN is the first L2 to share sequencer profits with users through an incentivized validator network, promoting greater decentralization and community participation.
Gamified User Rewards: The platform introduces novel, proactive, gamified rewards to incentivize user participation, enhancing the overall ecosystem's vitality.

Use Cases and Applications

TEN's unique features facilitate a wide range of applications:

Autonomous AI Agents: TEN's infrastructure supports the deployment of autonomous AI agents in a decentralized environment, enabling innovative interactions and functionalities.
Smart Transparency: The platform introduces smart transparency, allowing complex access control mechanisms to be implemented in smart contracts, enhancing privacy and security.
On-Chain Gaming: TEN enables complex gaming scenarios, such as poker, to be fully conducted on-chain, ensuring fairness and transparency.
Secure Token Issuance: The platform facilitates the creation of irrevocable launchpads, providing a secure environment for token issuance and protecting investors from potential scams.

Zero-Knowledge Proof (ZKP) Projects

Zero-Knowledge Proofs (ZKP) allow one party to prove the validity of a statement without revealing the underlying data. This makes ZKP a foundational technology for privacy-preserving verification in decentralized systems. In the DeCC ecosystem, projects like Penumbra, Aleph Zero, and Aleo are applying ZKP to achieve private transactions, encrypted state machines, and scalable confidential smart contracts.

Aleph Zero & Common

Aleph Zero is an L1 network that combines Directed Acyclic Graph (DAG) architecture with its novel AlephBFT consensus protocol, achieving high scalability and near-instant transaction finality, along with an EVM-compatible L2. Common is a multi-chain privacy layer built on Aleph Zero, allowing users to hold, transfer, and earn yields on crypto assets without exposing their on-chain activities. It is built on ZKP, enabling private interactions across EVM chains through a unified privacy pool architecture. Users access Common via a web application or mobile wallet, both designed to provide a seamless fintech-style experience while keeping assets private by default. Unlike many privacy-first platforms that require entirely new ecosystems, Common aims to integrate privacy directly into existing DeFi tech stacks. By abstracting the complexity of ZKP, it allows users to easily utilize and combine privacy features within the tools and applications they already rely on.

Key Innovations and Features

Aleph Zero Shielder Network: A privacy-preserving asset layer across multiple EVM chains, based on ZKP, enabling private balances and transfers through shared anonymous sets.
Optimized ZK Performance: Through highly optimized zk circuits, Common achieves state-of-the-art efficiency in client proof generation. This makes it the first platform to offer private asset management without compromising user experience. Proof speeds are fast enough to maintain smooth and responsive interactions.
Web Application Interface: A browser-based interface compatible with most existing EVM wallets, allowing users to easily start using the privacy pool without switching wallets or changing habits. It serves as a privacy gateway with minimal onboarding friction.
Common Mobile: A dedicated mobile wallet designed for maximum usability, providing a seamless neobank-like experience while handling all privacy pool interactions in the background. Assets are private by default, and the technical complexities of ZK and cross-chain privacy are completely abstracted from the user.
Privacy Yields: Private assets can earn yields through integrated DeFi strategies without relinquishing privacy or compromising confidentiality.
Private dApp Interactions: Temporary accounts allow users to interact with applications like Uniswap or Aave without linking their activities to their main wallet.
Anonymity Revocation: A TEE-managed mechanism for revoking privacy in extreme cases, built with compliance in mind, without compromising everyday user privacy, but aimed at preventing various malicious actors from abusing the space.

Common introduces a practical, composable privacy layer for DeFi, enabling confidential asset management, yield generation, and cross-chain interactions without sacrificing usability. By integrating optimized ZKP infrastructure with existing EVM tools, it brings scalable privacy to mainstream crypto workflows without the need for new ecosystems or fragmented user experiences.

Aleo

Aleo is a privacy-centric L1 blockchain designed for building private and scalable decentralized applications using ZKP. Unlike traditional blockchains that prioritize transparency, Aleo enables fully private computation, allowing developers to build applications that keep sensitive user data and logic confidential. It achieves this through a combination of its proprietary Coinbase Puzzle, AleoBFT consensus, and advanced ZK infrastructure, allowing validators to confirm transaction validity without revealing the sender, receiver, or transaction value. Aleo is fully programmable on a default private basis, enabling developers to set which data is disclosed to whom.

Key Innovations and Features

ZK-Priority Execution Model: Aleo implements programmable privacy using its Leo programming language, which can be compiled into ZK circuits. Developers can build private applications while maintaining verifiability.
Private Transactions: In Q4 2024, approximately 6.1% of all transactions were private transactions, indicating a genuine demand for confidentiality in public blockchain environments.
Resilient Network Growth: Despite a significant drop in token prices in Q4, Aleo's daily active addresses increased by 10.6%, and new addresses grew by 34.4%, demonstrating strong potential user adoption.
Decentralized Application Ecosystem: Aleo supports a growing suite of financial and non-financial applications, including Arcane Finance, Pondo, Puzzle, Verulink Bridge, and zPass.

Ecosystem and Developer Tools

Infrastructure Support: Tools such as Amareleo (an open-source toolkit for Leo developers), Monadic.us’s snarkOps (a set of tools for maintaining the Aleo zero-knowledge decentralized operating system snarkOS), and V23’s DokoJS (a dedicated library providing a simplified CLI for interacting with the Aleo blockchain) provide developers with everything they need to build privacy-focused applications.
Community-Led Governance: Aleo's governance process includes ARC-721 (NFT standard), ARC-101 (validator standard), and ARC-0042 (block rewards), all of which have passed with high community approval rates.

Validator and Staking Landscape

Staking Participation: As of the end of Q4 2024, over 1.2 billion ALEO have been staked, with an average value of $1.7 billion throughout the quarter.
Validator Incentives: The protocol rewards both validators and ZK provers, creating a bilateral incentive model that supports privacy and security.

Penumbra

Penumbra is an L1 blockchain in the Cosmos ecosystem that enables fully private, end-to-end encrypted transactions and DEX trading. All activities, including transfers, staking, and swaps, are protected and kept confidential using zero-knowledge proofs. Penumbra's wallet, Prax, runs an embedded light node that locally generates these proofs on the user's device, thereby protecting user data privacy.

Key Innovations and Features

Fully Private Proof-of-Stake Network and DEX: Penumbra combines privacy with proof-of-stake through a novel private delegation mechanism that offers staking derivatives, tax-efficient staking, and on-chain governance with private voting.
Inter-Blockchain Communication (IBC) Integration: By leveraging IBC, Penumbra connects to over 110 chains in the Cosmos ecosystem, acting as a privacy pool across the ecosystem and allowing private transactions in any IBC-compatible asset or any EVM asset via IBC v2 (Eureka).
End-to-End Encrypted Transactions: All transactions and DEX operations are end-to-end encrypted, enabling users to trade, stake, swap, or provide liquidity without disclosing any personal information.
Anonymous Governance: Network governance is anonymous, with delegators' votes being private and untraceable, while validators' votes remain public to ensure accountability.
Default Privacy: Privacy is the default state of the network, rather than an optional feature, ensuring comprehensive confidentiality for all users.
Privacy Pool for the IBC Ecosystem: Penumbra serves as a privacy pool for the entire IBC ecosystem, enhancing privacy across multiple chains.
Advanced Trading Features: The platform offers centralized liquidity, competitive fees for liquidity providers, and optimal pricing for users.

Technical Developments

Light Nodes: Penumbra's light nodes locally generate zero-knowledge proofs on user devices, ensuring privacy starts and ends on the user's device.
Batch Execution: Penumbra DEX implements an order book-style AMM for efficient on-chain routing and batch execution.
Centralized Liquidity: Liquidity positions are anonymously created on the DEX, allowing traders to approximate their desired trading functions without disclosing their personal price views.

Decentralized Privacy Network (DePIN + Private Data Routing) Projects

Decentralized privacy networks focus on protecting metadata and network-level information through private routing, relay networks, and infrastructure designed for confidentiality. These systems complement on-chain privacy by addressing off-chain communication and interaction layers. Projects like SilentSwap and Anyone Protocol are building network-level privacy solutions for anonymous transactions, censorship resistance, and private peer-to-peer communication.

Anyone Protocol

Anyone Protocol is a decentralized privacy network designed to provide secure and anonymous internet access for any user or application by routing traffic through a globally distributed network of community-operated relays using multi-hop encryption. This approach ensures that no single relay can track user activity or access complete data, thereby enhancing privacy.

Key Innovations and Features

Network-Level Privacy: Anyone focuses on protecting network metadata, including IP addresses and locations, by routing traffic through its decentralized network. This ensures that applications can effectively safeguard user information.
Developer Tools: The protocol provides developers with tools such as the Anyone Software Development Kit (SDK), enabling seamless integration of privacy features into applications. This promotes the adoption of decentralized confidential computing solutions.
Interoperability: Anyone is highly compatible with projects utilizing Trusted Execution Environments (TEE), Fully Homomorphic Encryption (FHE), and Multi-Party Computation (MPC). By protecting transaction and remote procedure call (RPC) data, it creates comprehensive anonymity both on-chain and off-chain.
AI Privacy: As AI evolves, Anyone enhances the privacy of AI-powered applications, preventing any single entity from analyzing users based on requests from users or their AI agents.

Incentive Mechanism

The protocol incentivizes participants to operate relays by rewarding them with ANYONE tokens, thereby promoting network growth and resilience. This token drives the economic security of the network, staked to relays to protect them from single adversary attacks.

Through these features, Anyone Protocol aims to establish a decentralized, high-performance, privacy-centric internet infrastructure that empowers users and developers.

SilentSwap

SilentSwap is a privacy-preserving exchange aggregation service designed for permissionless, non-custodial asset transfers across chains. It integrates advanced cryptographic techniques and a novel routing architecture that leverages existing DeFi infrastructure to enhance user privacy without compromising usability, compatibility, or security.

Key Innovations and Features:

Using Existing Infrastructure

SilentSwap does not deploy its own smart contracts or bridges. Instead, it routes exchanges through established decentralized infrastructure, including well-known bridges and liquidity aggregators. This architecture allows:

Minimization of its attack surface by avoiding custom on-chain infrastructure and preventing the creation of new failure points.
Non-custodial asset control.
Inheritance of decentralization and security from underlying protocols.
Enhanced privacy by embedding user activity within standard DeFi transaction flows.

Cross-Chain Compatibility

SilentSwap supports all major EVM-compatible chains and is expanding to include Solana, SUI, TRON, and native Bitcoin. The system allows:

Initiating an exchange on one chain and receiving outputs on one or more different chains.
Cross-chain output splitting to increase obfuscation and unlinkability of transactions.

Minimal On-Chain Footprint

All exchanges are conducted through standard token transfers and bridge transactions, making them indistinguishable from typical DeFi activities. This obfuscation method ensures:

Lower traceability.
Achieving plausible deniability by remaining consistent with daily on-chain transaction volumes.
Enhanced privacy through the underlying characteristics of each integrated chain.

SilentSwap's privacy model is built around default obfuscation while maintaining compliance with regulatory standards, including OFAC compliance. It does not rely on peer-to-peer mechanisms but instead uses stealth addresses, cryptographic routing, and standard transaction paths to provide practical privacy without custom infrastructure. This makes SilentSwap particularly useful for a range of privacy-focused workflows, such as discreet corporate payroll operations, whale, fund, and DAO private position management, anonymous on-chain portfolio rebalancing, anti-front-running arbitrage or market-making strategies, and transaction obfuscation for funds or entities operating under sensitive regulatory conditions.

Summary

Decentralized Confidential Computing (DeCC) represents a fundamental shift in how sensitive data is handled within decentralized systems. While early blockchain infrastructures prioritized transparency and auditability, this came at the expense of privacy, limiting the range of applications that could be built. DeCC addresses this limitation by enabling encrypted computation, allowing private logic, inputs, and data to be protected even in untrusted public environments.

The technologies that achieve this include zero-knowledge proofs, multi-party computation, obfuscation circuits, fully homomorphic encryption, and trusted execution environments. Each technology offers unique trade-offs in terms of performance, trust, scalability, and composability. In practice, these tools are not used in isolation. They are increasingly being combined to provide privacy-preserving applications that meet the needs of decentralized finance, decentralized identity, AI model training, and cross-domain collaboration.

With over $1 billion in capital allocated to projects in this space, the momentum behind DeCC is no longer speculative. Teams are transitioning from theoretical capabilities to practical deployments in cryptographic primitives, secure hardware, and protocol infrastructure. As adoption rates grow, DeCC is poised to become a standard layer in the decentralized tech stack, enabling a broader category of secure, trust-minimized applications that were previously unattainable on public infrastructure.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。

DeCC Core Insights

Introduction: The Evolution of Data Computation and Security

Traditional Data Processing vs. Decentralized Confidential Computing (DeCC)

Data Lifecycle and Its Vulnerabilities

Why Transparency Alone Is Not Enough in Crypto

How DeCC Achieves Trustless Confidential Computing

1. Zero-Knowledge Proofs (ZKP)

2. Multi-Party Computation (MPC)

3. Garbled Circuits (GC)

4. Fully Homomorphic Encryption (FHE)

5. Trusted Execution Environment (TEE)

Composable DeCC Technology Stack (Hybrid Approaches)

Venture Capital and Developer Momentum

DeCC Ecosystem

FHE-Based Projects

Fhenix

Mind Network

Octra

GC-Based Projects

COTI

MPC-Based Projects

Arcium

Partisia Blockchain

TEE-Based Projects

iExec

Marlin

Phala Network

Secret Network

TEN

Zero-Knowledge Proof (ZKP) Projects

Aleph Zero & Common

Aleo

Penumbra

Decentralized Privacy Network (DePIN + Private Data Routing) Projects

Anyone Protocol

SilentSwap

Summary

Selected Articles by Odaily星球日报

Table of Contents

Related Articles