Written by: Maggie @ Foresight Ventures

TLDR:

  • FHE fully homomorphic encryption is the next generation of privacy protection technology that is about to rise, and it is worth our layout. FHE has ideal privacy protection capabilities, but there is still a gap in its performance. We believe that with the entry of Crypto capital, the development and maturity of technology will be greatly accelerated, just like the rapid development of ZK in recent years.

  • Fully homomorphic encryption can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy protection coprocessors. I am particularly optimistic about the privacy protection EVM, which is more flexible and more suitable for EVM than the existing ring signature, coin mixing technology, and ZK.

  • We have investigated several outstanding FHE projects, most of which will be launched on the mainnet between this year and the first quarter of next year. Among these projects, ZAMA has the strongest technology but has not yet announced plans to issue a coin. In addition, we believe that Fhenix is ​​the best FHE project among them.

1. FHE is an ideal privacy protection technology

1.1 The role of FHE

Fully homomorphic encryption is a form of encryption that allows people to perform any number of addition and multiplication operations on ciphertext to obtain an encrypted result, and the result obtained by decrypting it is the same as the result of the same operation on the plaintext. This achieves "calculable but invisible" data.

Fully homomorphic is particularly suitable for outsourced computing. You can outsource data to external computing power for calculation without worrying about data leakage.

In layman's terms, for example, if you run a company and your company's data is very valuable, and you want to use a good cloud service to process and calculate this data, but you are worried about data leakage in the cloud. Then you can:

  1. The data is fully homomorphically encrypted and converted into ciphertext before being uploaded to the cloud server. For example, the numbers 5 and 10 in the above picture will be encrypted into ciphertext and expressed as "X" and "YZ".

  2. When you need to perform operations on data, for example, if you want to add two numbers 5 and 10, you only need to let the ciphertext "X" and "YZ" on the cloud server perform a certain operation corresponding to the plaintext + operation specified by the algorithm, and the ciphertext result "PDQ" is obtained.

  3. After the ciphertext result is downloaded from the cloud server, it is decrypted to get the plaintext. You will find that the plaintext result is the result of the operation 5 + 10.

The plain text only appears here, while the cloud server stores and calculates all encrypted data. In this way, you don't have to worry about data leakage. This privacy protection method is very ideal.

  • Semi-homomorphic encryption: Semi-homomorphism is easier and more practical. Semi-homomorphism means that the ciphertext has only one homomorphic property, such as addition homomorphism / multiplication homomorphism.

  • Approximately homomorphic: allows us to compute addition and multiplication on the ciphertext at the same time, but the number of supported operations is very limited.

  • Finite-order fully homomorphic encryption: allows us to perform any combination of addition and multiplication on the ciphertext, with no limit on the number of times. However, there is a new complexity upper limit, which constrains the complexity of the function.

  • Fully homomorphic encryption: It needs to support any number of addition and multiplication operations without any restrictions on complexity and number of times.

Fully homomorphic encryption is the most difficult and ideal here, and is called the "holy grail of cryptography."

1.2 History

Fully homomorphic encryption has a long history

  • 1978: The concept of fully homomorphic encryption was proposed.

  • 2009 (first generation): The first fully homomorphic scheme was proposed.

  • 2011 (Second Generation): A fully homomorphic scheme based on integers was proposed. It is simpler than the previous scheme, but its efficiency is not improved.

  • 2013 (3rd generation): A new technology for constructing FTE solutions, GSW, was proposed, which was more efficient and safer. This technology was further improved to develop FHEW and TFHE, which further improved efficiency.

  • 2016 (Fourth Generation): An approximately homomorphic encryption scheme CKKS was proposed, which is the most effective method for evaluating polynomial approximations and is particularly suitable for privacy-preserving machine learning applications.

Currently, the algorithms supported by the commonly used homomorphic encryption libraries are mainly third-generation and fourth-generation algorithms. Algorithmic innovation, engineering optimization, Blockchain friendliness, and hardware acceleration are likely to emerge with the entry of capital.

1.3 Current Performance and Availability

Commonly used homomorphic encryption libraries:

ZAMA TFHE Performance:

For example, ZAMA TFHE takes about 200ms to perform 256-bit addition and subtraction, while plaintext calculations take tens to hundreds of nanoseconds. FHE calculations are about 10^6 times slower than plaintext calculations. Some optimized operations are about 1000 times slower than plaintext calculations. Of course, it is unfair to compare a ciphertext calculation with a plaintext calculation. Privacy comes at a price, not to mention the ideal privacy protection technology such as full homomorphism.

ZAMA plans to further improve performance by developing FHE hardware.

1.4 Several technical research directions of FHE+Web3

Web3 is decentralized, and there are many technical directions that can be studied in combining full homomorphism with Web3, such as the following.

  • Innovative FHE schemes, compilers, and libraries make FHE better, faster, and more suitable for blockchain.

  • FHE hardware to improve computing performance.

  • FHE + ZKP, while using FHE privacy computing, use ZK to prove that the input and output meet the conditions, or prove that FHE is executed correctly.

  • To prevent malicious operations on computing nodes, EigenLayer restaking can be combined with other methods.

  • The MPC decryption scheme, in which the shared state is encrypted and the keys are often sharded using MPC, requires a secure and high-performance threshold decryption protocol.

  • The data storage DA layer requires a DA layer with higher throughput, and the existing Celestia cannot meet the requirements.

In general, we believe that FHE fully homomorphic encryption is the next generation of privacy protection technology that is about to rise. FHE has ideal privacy protection capabilities, but its performance still has a gap. We believe that with the entry of Crypto capital, the development and maturity of technology will be greatly accelerated, just like the rapid development of ZK in recent years. FHE is a track worth our layout.

2. FHE is used in various privacy protection scenarios in Web3, among which I am most optimistic about the privacy EVM

FHE belongs to the privacy protection track. Simply put, it includes "transaction privacy protection" + "AI privacy protection" + "privacy protection coprocessor".

  • Transaction privacy protection also includes privacy-protected Defi, voting, bidding, MEV protection, etc.

  • AI privacy protection also includes decentralized identity, as well as privacy protection of other AI models and data.

  • The privacy-preserving coprocessor performs fully homomorphic ciphertext operations off-chain and eventually returns the results to the chain. It can be used for Trustless games, etc.

Of course, there are many privacy protection technologies. By comparing them, you will understand the special features of FHE.

  • TEE is very fast. Data is stored and calculated in plain text in trusted hardware, so it is very fast. However, it relies on secure hardware, which actually means trusting the hardware manufacturer rather than the algorithm. This trust model is centralized. In addition, some calculation verifications of TEE require remote verification by connecting to the TEE manufacturer. This is not suitable for integration into the blockchain for on-chain verification. Because we require on-chain verification, it can be completed independently with only the historical data nodes of the blockchain, and should not rely on external centralized institutions.

  • MPC secure multi-party computing is also a privacy-preserving multi-party computing technology. However, this technology often requires multiple parties to be online at the same time and interact frequently, which is usually not suitable for asynchronous scenarios such as blockchain. We use MPC for decentralized key management. In the MPC wallet, the private key is not stored in any one place in its entirety. Instead, the private key is divided into multiple fragments (or parts), which are stored on different devices or nodes. Only when a signature transaction is required, multiple fragments will participate in the calculation through the multi-party computing protocol to generate a signature.

  • ZK zero-knowledge proof is mostly used for computational proof, proving that a certain computational process is executed correctly, and is rarely used for privacy protection. ZK and homomorphic technology are also inseparable, and the privacy protection part also uses homomorphic technology.

  • FHE fully homomorphic encryption does not require data exchange during the ciphertext operation and can be completely calculated on the server/node. Therefore, there is no MPC requirement for the initiator/multiple parties to be online, and it is more suitable for blockchain. And compared to TEE, it is trustless. The only drawback is that the performance is not high.

Therefore, as long as FHE gradually improves its performance, its privacy protection capabilities are more suitable for Web3.

At the same time, in terms of transaction privacy protection, fully homomorphic encryption is more suitable for EVM because:

  • Ring signature and coin mixing technologies cannot support contracts.

  • For ZK privacy protection projects such as Aleo, privacy data is similar to the UTXO model rather than the EVM account model.

  • Fully homomorphic encryption can support both contracts and account models, and can be easily integrated into EVM.

In comparison, the fully homomorphic EVM is indeed very attractive.

AI computing is inherently very computationally intensive, and adding such a complex encryption mode as fully homomorphic encryption may result in too low performance and too high cost at this stage. I believe that AI privacy protection will ultimately be a hybrid solution of TEE/MPC/ZK/semi-homomorphic.

In general, fully homomorphic encryption can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy protection coprocessors. I am particularly optimistic about the privacy protection EVM, which is more flexible and more suitable for EVM than the existing ring signature, coin mixing technology, and ZK.

3. Most FHE projects will be launched on the mainnet from this year to the first quarter of next year. We believe that Fhenix is ​​the best FHE project besides ZAMA.

We have investigated the more outstanding fully homomorphic encryption projects on the market today. Their brief information is as follows:

3.1 ZAMA (Tools)

  • Narrative: Providing Fully Homomorphic Encryption for Blockchain and AI

  • Tool: TFHE-rs, rust implementation of TFHE

  • Tool: Concrete, the compiler for TFHE

  • Product: Concrete ML, privacy-preserving machine learning

  • Products: fhEVM, privacy-preserving smart contracts

  • Team: CTO Pascal Paillier, a famous cryptographer

  • CTO & co-founder: Pascal Paillier Cryptographer. He received his PhD from Telecom ParisTech in 1999 and invented the Paillier cryptographic system in 1999. He started publishing papers on homomorphic encryption in 2013 and is one of the top figures in the field of homomorphic encryption.

  • CEO & co-founder: Rand Hindi, graduated from UCL in 2011 with a PhD in Bioinformatics, worked on data science projects, and served as an advisor for multiple projects while working on ZAMA

  • Financing: 4 years, a total of more than 82 million US dollars, the latest round of A round of financing of 73 million, Multicoin Capital and Protocol Labs led the investment

  • September 26, 2023, Seed Round of $7 million, led by Multicoin Capital, with participation from Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC and Metaplanet

 

3.2 Fhenix (EVM + AI)

  • Narrative: FHE Coprocessor / L2 FHE Rollup (EVM-compatible privacy L2)

  • Product: Rollup that supports FHE is an EVM-compatible confidential smart contract. Developers can use Solidity to develop Dapps while ensuring data privacy.

  • Product: FHE coprocessor, which offloads cryptographic computing tasks from the host chain (whether Ethereum, L2 or L3) to the off-chain. They greatly improve the efficiency of FHE-based operations.

  • Cooperation: Cooperate with Zama, use ZAMA's fhEVM, the forked ZAMA library is on github

  • Cooperation: Cooperate with EigenLayer. Rollup nodes need to re-qualify in EigenLayer.

  • Team: Guy Itzhaki has more than 7 years of work experience at Intel and served as Director of Intel Homomorphic Encryption and Blockchain Business Development.

  • Founder: Guy Zyskind, PhD Candidate of MIT, MSC of MIT in 2016. Participated in the development of MIT Enigma privacy protocol and has strong research and development capabilities.

  • CEO: Guy Itzhaki has 7 years of work experience at Intel and has strong experience in the field of privacy protection. He has served as the director of Intel's homomorphic encryption and blockchain business development.

  • Prof. Chris Peikert is a cryptographer of fully homomorphic encryption. He is the cryptography leader of Algorand.

  • Financing: 1 year, the latest round of A financing was 15 million, led by Hack VC, followed by Foresight Ventures and other institutions.

  • In May 2024, the A round of financing was US$15 million, led by Hack VC, followed by Foresight Ventures and other institutions.

  • On September 26, 2023, Seed Round of 7 million US dollars, led by Multicoin Capital, with participation from Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC and Metaplanet.

  • Roadmap: Testnet will be released in Q2 2024, and mainnet will be launched in Q1 2025

  • In Q2 2024, release threshold network.

  • 2024 年 Q3,FHE Co-processor V0.

  • Mainnet, Q1 2025

  • 2025 年 Q3,FHE Co-processor V1.

 

3.3 Inco (EVM)

  • Narrative: Modular privacy computing layer / support EVM chain

  • Product: Rollup that supports FHE is an EVM-compatible confidential smart contract. Developers can use Solidity to develop Dapps while ensuring data privacy.

  • Cooperation: Cooperate with Zama and use ZAMA's fhEVM

  • Team: Founder Remi Ga, who worked briefly as a software engineer at Microsoft and Google in the early days, worked on the DeFi project of Parallel Finance

  • Founder: Remi Gai, had 6 to 9 months of software engineer experience at Microsoft and Google respectively 22 years ago, and later worked on Parallel Finance and DeFi projects.

  • Tech lead: Amaury A, core developer of Cosmos

  • Financing: The latest Seed round raised 4.5 million, led by 1kx

  • In February 2024, Inco Network completed a $4.5 million seed round of financing, led by 1kx, with participation from Circle Ventures, Robot Ventures, Portal VC, Alliance DAO, Big Brain Holdings, Symbolic, GSR, Polygon Ventures, Daedalus, Matter Labs and Fenbushi

  • Progress: Testnet will be launched in March 2024, mainnet will be launched in Q4 2024

  • In March 2024, the testnet was launched including fhEVM. Currently, it includes several examples such as privacy-protected ERC-20, privacy voting, blind auction, and privacy DID.

  • In Q2-Q3 2024, the test network will be launched including fhEVM

  • Q4 2024, mainnet

  • We plan to use FPGA hardware acceleration in 2025, and hope to achieve TPS of 100-1000.

 

3.4 Mind Network (AI&DePIN)

  • Narrative: Data privacy protection and privacy computing. AI and DePIN data and models.

  • Products: The narrative of 2023 is the privacy data lake, privacy-preserving data storage and computing. This year, the focus has been on privacy protection for AI and DePIN data and models.

  • Cooperation: Cooperate with ZAMA and use ZAMA's fully homomorphic library

  • Cooperation: Cooperate with Fhenix and Inco to use fhEVM for Rollup

  • Collaboration: Collaborate with Arweave to store encrypted data

  • Cooperation: Cooperate with EigenLayer, Babylon, etc., service node restaking reference: https://mindnetwork.medium.com/fhe-secured-restaking-layer-scaling-security-for-ai-depin-networks-73d5c6e5dda3

  • Team: CTO George was a researcher at Cambridge University.

  • Co-founder & CTO: George was a researcher at Cambridge University and worked as a technical director for a multinational bank. He also has many years of experience in Internet financial technology.

  • Financing: 2 years, Seed financing of 2.5 million, incubated by Binance Labs

  • On June 20, 2023, Seed Round of USD 2.5 million, led by Binance Labs, with participation from HashKey, SevenX, etc.

  • RoadMap: Already on the testnet, currently has a restake function. The rest of the roadmap has not been announced

 

3.5 Privasea (AI&DePIN)

  • Narrative: AI and DePIN privacy computing.

  • Product: Use FHE to train ML models. Optimized Boolean gates of TFHE.

  • Product: FaceID, privacy-preserving face recognition. Used for anti-witch and KYC

  • Collaboration: Integrating BNB Greenfield to store encrypted data

  • Team: CTO Zhuan Cheng, a PhD in Mathematics from the University of Chicago, has extensive experience in cryptography technology research and development.

  • CEO: David Jiao, his AI project has raised 20 million yuan, and his blockchain project has raised 4 million yuan.

  • CTO Zhuan Cheng, PhD in Mathematics from the University of Chicago, has extensive experience in cryptography research and development, and previously worked on NuLink’s ZK privacy protection project

  • Financing: 1 year, Seed financing of 5 million, incubated by Binance Labs

  • In March 2024, Seed Round of 5 million USD, incubated by Binance Labs, with participation from MH Ventures, K300, Gate Labs, 1NVST, etc.

  • RoadMap: Release testnet V2 in April 2024, mainnet in Q3 2024

  • January 2024, Testnet V1.

  • April 2024, Testnet V2.

  • 2024 年 Q3,TGE.

 

3.6 Optalysys (Tool)

Narrative: Homomorphic encryption hardware.

From the above information, we can see that ZAMA provides the core open source library of fully homomorphic encryption for these projects, and is the current well-deserved technology pioneer and strongest. However, ZAMA has not yet announced any plans to issue coins, so we focus on Fhinex.

Fhinex will implement a privacy-preserving EVM and a privacy-preserving smart contract. They plan to build a Fhenix L2, which is a fully homomorphic privacy EVM. It provides privacy-preserving transactions and DeFi, etc. This L2 is also equipped with a threshold network for encryption and decryption operations; in addition, Fhenix will also build an FHE co-processor, a fully homomorphic computing network that can serve EVM chains other than Fhenix and provide fully homomorphic computing services.

The Fhinex team has strong technical capabilities. The team members include not only experts in privacy computing at Intel, but also a PhD who participated in the development of the Enigma privacy protocol at MIT, and the lead in cryptography at Algorand.

In short, we believe that fully homomorphic encryption projects such as ZAMA and Fhinex can bring ideal privacy protection tools to the blockchain.