Privacy protection is extremely critical in the Web3 field, and we believe that fully homomorphic encryption is the best solution to most privacy protection problems.

By Maggie, Foresight Ventures

Good afternoon, everyone! Thank you for joining us. I’m Maggie, Head of Research at Foresight Ventures. Over the next 20 minutes, we’re going to dive into Fully Homomorphic Encryption (FHE) from a venture capital perspective and explore why we think it’s a transformative investment.

So why should we invest in fully homomorphic encryption? This starts with the privacy needs of Web3.

Privacy is extremely important in Web3. Without good privacy measures, there will be a lot of fraud and attacks.

For example, in the MEV problem, sandwich attacks could cause users to suffer losses. There are also vampire attacks, where competitors can steal your customers because they know your customer addresses. In addition, privacy leakage is also a big problem. If your wallet address is leaked, it is like all your spending records are exposed in real life. You have no privacy and are likely to become a target of fraud and phishing attacks. On the blockchain, although transparency is a good thing in some aspects, it also makes wealthy users and protocols targets for hackers.

So we need effective privacy protection methods.

It is necessary to clarify that privacy protection is not the same as anonymity. Moreover, Confidential transactions are also different from Private transactions. (In this article, Confidential transactions can be understood as concealed transactions or content privacy transactions, and Private transactions can be understood as fully private transactions. In this article, "private transactions" are used to refer to these two types of transactions.)

  • Confidential transaction aims to protect the privacy of transaction content.

  • Private transactions should not only protect the privacy of transaction content and the identities of participants, but also ensure that transactions are untraceable and difficult to link.

According to this definition, transfers on Bitcoin (BTC) and Ethereum (ETH) are neither Confidential nor Private transactions.

Let’s take a look at the history of private transaction technology so you can understand why fully homomorphic encryption can make a difference.

In 2013, coin mixing technology emerged. Coin mixing services mix coins from multiple users and send them to multiple destination accounts, making transactions more difficult to track and link. However, some tools can still detect links between transactions.

Subsequently, privacy coins such as Monero emerged, which use ring signatures and one-time keys to hide senders and receivers. Monero's privacy function is generally considered to be very effective.

In 2015, Ethereum was launched and smart contracts became very popular. However, users realized that all these privacy protection methods were based on the UTXO model similar to BTC. However, for blockchains based on account models like ETH, there is no way to achieve privacy protection.

Since 2016, zero-knowledge proofs have been used in privacy-preserving protocols.

Tornado Cash is a zero-knowledge coin mixing protocol on Ethereum that uses zero-knowledge proof to cut off the connection between deposit addresses and withdrawal addresses, providing a non-complete privacy guarantee.

Zcash offers optional privacy features, allowing users to choose between regular transparent addresses and shielded addresses for anonymity. Zcash is built on an extended UTXO model that only supports transfers.

At that time, we still did not have private smart contracts.

Finally, as we move into 2022, we begin to see the application of zero-knowledge proofs (ZK) and fully homomorphic encryption (FHE) in implementing private smart contracts.

Zero-knowledge proof-based projects like Aztec and Aleo have taken the privacy approach pioneered by Zcash and improved upon it, and now support privacy smart contracts. However, they are also based on a similar extended unspent transaction output (UTXO) model. And their privacy-first nature is fundamentally incompatible with the Ethereum Virtual Machine (EVM) architecture and the semantics of the Solidity language. And because they cannot support encrypted shared states, privacy smart contracts have limitations in contract logic and application.

Eventually, projects like ZAMA, Fhenix, and Inco decided to use fully homomorphic encryption to achieve on-chain privacy. ZAMA implemented the fully homomorphic Ethereum Virtual Machine (fhEVM). fhEVM is compatible with EVM and fully supports the Solidity language. It also supports encrypted shared state, allowing global state to be encrypted while still available, and supports arbitrary computation. This flexibility enables fully homomorphic encryption to handle a wider range of business logic and meet diverse needs.

Privacy smart contracts based on fully homomorphic encryption are an incredible breakthrough, and we believe that fully homomorphic encryption will reshape on-chain privacy.

Why does fully homomorphic encryption have such good flexibility?

Fully homomorphic encryption allows us to perform any type of operation on encrypted data. When we decrypt the result of these operations, it is the same as the result of the corresponding operation we performed on the plaintext.

This is a super desirable privacy feature. But it's extremely difficult to achieve. That's why fully homomorphic encryption is called the holy grail of cryptography.

With privacy smart contracts, we can do a lot of things that we couldn’t do before. Here are the use cases mentioned by Fhenix.

Fhenix is ​​leading the application of fully homomorphic encryption on the chain. Their team consists of many top experts in the field of encryption. CEO Guy Itzhaki has decades of experience in privacy computing and network security. In the past few years, he has led Intel's fully homomorphic encryption business development team.

Fhenix launched a private development network (Devnet) last July. This Devnet is like a cool playground for interested developers. Developers can easily port their existing Ethereum Virtual Machine (EVM) code to Fhenix. With just a few tweaks, they can make their code native fully homomorphic encryption code. We are very excited to support the Fhenix team as they are building the future of on-chain privacy using fully homomorphic encryption.

The applications they mentioned can be divided into two main categories.

  • One group is use cases related to the fully homomorphic encryption Ethereum Virtual Machine (fhEVM). It unlocks more flexible privacy transactions and privacy DeFi. With privacy DeFi, users can conduct operations such as trading, lending, and providing liquidity in secret. It minimizes the chances of fraud and hacking, and protects users from front-running and MEV robots. We are also excited about use cases related to governance and the autonomous world. Fully homomorphic encryption enables on-chain private voting, which helps prevent voter bias and group thinking that often occur in public voting. For the autonomous world, many on-chain games can leverage fully homomorphic encryption to protect business strategies and users' sensitive data, such as location information.

  • The other group is about AI, such as decentralized identity (DID) and privacy-focused decentralized AI. Decentralized AI requires privacy protection in two aspects. One is to protect the model. When someone uses a lot of computing power and data costs to train a model and provide services, it is important to keep the model private. The second is to protect input and output. When sensitive data, such as medical data or facial images, are used for input/output during reasoning, people want to keep their privacy. With fully homomorphic encryption, you can train and reason on encrypted data without decrypting it.

There are also some innovative uses for cross-chain bridges and on-chain compliance. With fully homomorphic encryption, one can store the private key of chain B on chain A and vice versa. This enables the most convenient cross-chain information transmission and significantly reduces the complexity of the cross-chain process. By decentralizing identity and account abstraction, we can implement some on-chain compliance methods.

So why should we invest in fully homomorphic encryption?

  • First of all, privacy protection is extremely critical in the Web3 field.

  • Secondly, we believe that fully homomorphic encryption is the best solution to most privacy protection problems. Fully homomorphic encryption has excellent privacy protection capabilities and supports privacy smart contracts that can perform arbitrary calculations on encrypted global states. As the next generation of privacy technology, it will not only reshape on-chain privacy, but also change the way all calculations are done in Web2 and Web3.

  • Finally, fully homomorphic encryption has a wide range of potential use cases in Web3. Private transactions, decentralized finance, and artificial intelligence are all very promising scenarios. We are also excited about the opportunities for innovation in cross-chain bridges, governance, autonomous worlds, and on-chain compliance. We believe that fully homomorphic encryption is likely to develop better than zero-knowledge proofs. Zero-knowledge proofs are mainly used in Web3, while fully homomorphic encryption will be widely used in Web2 and Web3.

Of course, we also have some concerns about fully homomorphic encryption.

Performance and scalability of fully homomorphic encryption remain major challenges.

Currently, while fully homomorphic encryption is available, it is still very limited, with the fully homomorphic Ethereum Virtual Machine (fhEVM) being able to process around 5 transactions per second (TPS), similar to Bitcoin, which is only capable of 7 TPS.

Currently, many teams are working hard to improve the performance of fully homomorphic encryption through hardware acceleration, software optimization, and algorithm improvement.

When we look at how the performance of zero-knowledge proofs has improved, we see that zero-knowledge proof technology has been growing at a Moore’s Law-like pace over the past few years.

  • The new algorithm improves performance by dozens of times in terms of proof time, proof size, and verification time.

  • Zero-knowledge proof application-specific integrated circuit (ZK ASIC) chips can reduce the computational overhead of zero-knowledge proofs by 100 times.

  • Zero-knowledge proof applications are also racing to get faster. Risk Zero’s proof system is faster than Plonky3, so the corresponding zero-knowledge proof virtual machine (ZKVM) is several times faster.

Therefore, we believe that with the support of Web3, the performance of FHE can be greatly and exponentially improved, just like what we have seen in zero-knowledge proof technology.

In terms of cost, both fully homomorphic encryption and zero-knowledge proofs are relatively computationally expensive and require a certain amount of resources. High gas fees will affect how many people use the blockchain and what kind of applications we can have.

Therefore, making fully homomorphic encryption faster and more cost-effective is a key long-term goal for the future development of this technology.

The second concern is about users' willingness to pay for privacy protection.

  • We need to find a balance between providing strong privacy protections and keeping costs reasonable for users.

  • Furthermore, we need to identify the most valuable use cases for fully homomorphic encryption and focus our efforts on those use cases. Let’s develop some groundbreaking applications beyond private transactions.

Finally, there are challenges with regulatory compliance and listing on exchanges.

Projects with strong privacy will face stricter regulatory and legal issues. For example, the United States blacklisted Tornado Cash.

In terms of exchange listings, pure privacy coins like Monero have been delisted from major centralized exchanges, while projects with optional privacy features like Zcash are still listed.

To address these challenges, we recommend:

  • Fully homomorphic encryption projects provide optional privacy rather than complete privacy.

  • Additionally, projects may need to consider establishing mechanisms to allow the government to access some private information in a controlled manner, either through relevant entities or certain privacy-compliant technologies, when required by law, such as pursuant to a court order.

Looking ahead, we see several key areas where fully homomorphic encryption could benefit from further efforts in the future.

  • First, it is crucial to improve the performance and reduce the cost of fully homomorphic encryption.

  • Second, it is important to identify valuable privacy use cases beyond private transactions. Find use cases where users are likely to pay for privacy, where the market is large, and where it is difficult to achieve without fully homomorphic encryption. Develop groundbreaking applications.

  • Finally, we recommend providing optional privacy rather than full privacy and developing compliance-friendly privacy technologies to meet regulatory requirements.