Author: Maggie @ Foresight Ventures
Summary:
Fully Homomorphic Encryption (FHE) is the upcoming next-generation privacy protection technology that is worth our attention. While FHE possesses ideal privacy protection capabilities, there is still a performance gap. We believe that with the entry of Crypto capital, the development and maturation of the technology will be greatly accelerated, similar to the rapid development of Zero-Knowledge Proofs (ZK) in recent years.
FHE can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy protection coprocessors. I am particularly optimistic about the privacy protection of EVM, as it is more flexible and compatible with EVM compared to existing technologies such as ring signatures, coin mixing, and ZK.
We have conducted research on several prominent FHE projects, and most of these projects are expected to launch on the mainnet between this year and the first quarter of next year. Among these projects, ZAMA technology stands out as the strongest, although there is currently no announcement of a coin issuance plan. Additionally, we consider Fhenix to be the most outstanding FHE project.
1. FHE is an ideal privacy protection technology
1.1 The role of FHE
Fully Homomorphic Encryption is a form of encryption that allows people to perform an unlimited number of addition and multiplication operations on ciphertexts to obtain encrypted results, which are decrypted to yield the same results as performing the same operations on plaintext. This achieves the concept of “computing on encrypted data”.
Fully Homomorphic Encryption is particularly suitable for outsourcing computations, allowing data to be outsourced to external computing power for processing without the risk of data leakage.
In simple terms, if you are running a company with valuable data that you want to process and compute using efficient cloud services but are concerned about data leaks in the cloud, you can:
Encrypt the data using fully homomorphic encryption into ciphertext before uploading it to the cloud server. For example, the numbers 5 and 10 in the image will be encrypted into ciphertext, represented as “X” and “YZ”.
When you need to perform operations on the data, such as adding two numbers 5 and 10, you simply instruct the cloud server to apply a specific operation corresponding to plaintext + on the ciphertexts “X” and “YZ” to obtain the ciphertext result “PDQ”.
After downloading this ciphertext result from the cloud server, decrypt it to obtain the plaintext. You will find that the plaintext result is the same as the result of adding 5 and 10.
The plaintext only appears on your end, while the data stored and computed on the cloud server are all ciphertexts. This method of privacy protection is highly ideal.
Semi-homomorphic encryption: Semi-homomorphic is easier and more practical. Semi-homomorphic refers to ciphertext having only one homomorphic property, such as addition homomorphism or multiplication homomorphism.
Approximate homomorphic encryption: Allows simultaneous addition and multiplication computations on ciphertexts, but with very limited support.
Limited series fully homomorphic encryption: Allows arbitrary combinations of addition and multiplication operations on ciphertexts without limitations on the number of operations. However, there is a new complexity limit that constrains the complexity of functions.
Fully Homomorphic Encryption: Requires support for an unlimited number of addition and multiplication operations without limitations on complexity or number of operations.
Fully Homomorphic Encryption is the most challenging and ideal form, often referred to as the “Holy Grail of Cryptography”.
1.2 History
Fully Homomorphic Encryption has a long history.
– 1978: Concept of fully homomorphic encryption was proposed.
– 2009 (First generation): First fully homomorphic scheme was proposed.
– 2011 (Second generation): A fully homomorphic scheme based on integers was proposed, which was simpler but did not improve efficiency.
– 2013 (Third generation): A new technology GSW for constructing FTE schemes was proposed, offering higher efficiency and stronger security. This technology was further improved, leading to the development of FHEW and TFHE, further enhancing efficiency.
– 2016 (Fourth generation): An approximate homomorphic encryption scheme CKKS was proposed, which is the most effective method for evaluating polynomial approximations, especially suitable for privacy protection in machine learning applications.
The commonly used homomorphic encryption libraries mainly support third and fourth-generation algorithms. Innovations in algorithms, engineering optimizations, blockchain friendliness, and hardware acceleration are likely to occur with the entry of capital.
1.3 Current Performance and Availability
Commonly used homomorphic encryption libraries:
ZAMA TFHE Performance:
For example, ZAMA TFHE takes approximately 200ms for 256-bit addition and subtraction, while plaintext calculations take around tens to hundreds of nanoseconds. The speed of FHE calculations is approximately 10^6 times slower than plaintext calculations, with optimized operations being around 1000 times slower. Of course, comparing ciphertext calculations with plaintext calculations is inherently unfair. Privacy comes at a cost, especially with fully homomorphic encryption, an ideal privacy protection technology.
ZAMA plans to further enhance performance by developing hardware for FHE.
1.4 Several Research Directions of FHE + Web3
Web3 is decentralized, and there are many technological directions for the integration of fully homomorphic encryption and Web3, including the following:
– Innovative FHE solutions, compilers, and libraries to make FHE more user-friendly, faster, and more suitable for blockchain.
– FHE hardware to improve computational performance.
– FHE + ZKP, combining FHE privacy computing with Zero-Knowledge Proofs (ZK) to prove that inputs and outputs meet certain conditions or to prove that FHE is executing correctly.
– Prevention of malicious calculation nodes, which can be combined with EigenLayer restaking, and others.
– MPC decryption solutions, where shared states are encrypted, and keys often use MPC shards, requiring a secure and high-performance threshold decryption protocol.
– Data storage DA layer, requiring a higher throughput DA layer, as existing solutions like Celestia may not meet the requirements.
In conclusion, we believe that Fully Homomorphic Encryption is the upcoming next-generation privacy protection technology that is worth investing in. While FHE possesses ideal privacy protection capabilities, there is still a performance gap. We believe that with the entry of Crypto capital, the development and maturation of the technology will be greatly accelerated, similar to the rapid development of ZK in recent years. Investing in FHE is a strategic move.
2. FHE in Web3 for various privacy protection scenarios, with a focus on privacy EVM.
FHE belongs to the privacy protection track, encompassing transaction privacy protection, AI privacy protection, and privacy protection coprocessors.
– Transaction privacy protection includes privacy protection for DeFi, voting, bidding, anti-MEV, and more.
– AI privacy protection includes decentralized identity, as well as privacy protection for AI models and data.
– Privacy protection coprocessors involve performing fully homomorphic operations on ciphertexts off-chain and returning the results to the chain, which can be used for trustless games and more.
Of course, there are various privacy protection technologies, and comparing them will highlight the uniqueness of FHE.
TEE is fast, as data is processed in plaintext within trusted hardware, resulting in high speeds. However, it relies on secure hardware, placing trust in hardware manufacturers rather than algorithms, making it a centralized trust model. Some TEE calculations require remote verification by TEE manufacturers, which is not suitable for integration into blockchain for on-chain verification. We require on-chain verification, which should be independently achievable by historical data nodes on the blockchain without relying on external centralized institutions.
MPC secure multiparty computation is another privacy-preserving multiparty computation technology. However, this technology often requires multiple parties to be online simultaneously, with frequent interactions, making it unsuitable for asynchronous blockchain scenarios. MPC is commonly used for decentralized key management, where private keys are not stored in complete form in any single location. Instead, private keys are divided into multiple fragments stored on different devices or nodes. When signing transactions, multiple fragments participate in the computation through a multiparty computation protocol to generate signatures.
ZK Zero-Knowledge Proofs are mainly used for computation proofs to demonstrate the correct execution of a process and are rarely used for privacy protection. ZK and homomorphic technologies are closely intertwined, with privacy protection utilizing homomorphic techniques.
Fully Homomorphic Encryption allows for computations on ciphertexts without exchanging data midway, enabling complete computation on servers/nodes. Therefore, there is no need for MPC’s requirement for initiator/multi-party online presence, making it more suitable for blockchain. Additionally, compared to TEE, it is Trustless. The only drawback is its lower performance.
Therefore, as long as FHE gradually improves its performance, its privacy protection capabilities will be more suitable for Web3.
When it comes to transaction privacy protection, fully homomorphic encryption is more suitable for EVM. This is because ring signatures and coin mixing technologies do not support contracts. On the other hand, privacy projects like Aleo and ZK use a UTXO model for privacy data, which is not compatible with EVM’s account model. Fully homomorphic encryption, on the other hand, supports contracts and account models, making it easy to integrate with EVM. Overall, fully homomorphic EVM is indeed very appealing.
AI computations are inherently resource-intensive, and adding the complexity of fully homomorphic encryption may currently result in low performance and high costs. I believe that the ultimate solution for AI privacy protection will likely be a hybrid approach involving TEE/MPC/ZK/semi-homomorphic encryption.
In general, fully homomorphic encryption can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy-preserving co-processors. I am particularly optimistic about privacy-protected EVM, as it is more flexible and compatible with EVM compared to existing ring signatures, coin mixing technologies, and ZK protocols.
Most FHE projects are expected to launch on the mainnet between this year and the first quarter of next year. We consider Fhenix to be the most outstanding FHE project outside of ZAMA.
After researching the prominent fully homomorphic encryption projects currently available, we have summarized their key details as follows:
ZAMA (Tool)
Narrative: Provides fully homomorphic encryption for blockchain and AI
Tools: TFHE-rs, Rust implementation of TFHE
Tools: Concrete, TFHE compiler
Products: Concrete ML, privacy-preserving machine learning
Products: fhEVM, privacy-protected smart contracts
Team: CTO Pascal Paillier, renowned cryptographer
CEO & co-founder: Pascal Paillier, a cryptographer who invented the Paillier cryptosystem in 1999 and has been publishing papers on homomorphic encryption since 2013.
Fhenix (EVM + AI)
Narrative: FHE co-processor/L2 FHE Rollup (EVM-compatible privacy L2)
Products: Supports FHE Rollup, EVM-compatible confidential smart contracts
Products: FHE coprocessor, offloads encrypted computation tasks from the main chain to improve efficiency
Team: Founder Guy Zyskind, a PHD candidate at MIT, with experience in privacy protection and cryptography
Inco (EVM)
Narrative: Modular privacy computing layer/supports EVM chains
Products: Supports FHE Rollup, EVM-compatible confidential smart contracts
Team: Founder Remi Gai, with experience in software engineering and DeFi projects
Mind Network (AI & DePIN)
Narrative: Privacy protection and privacy computing for data, AI, and DePIN
Products: Privacy Data Lake, privacy-protected data storage and computing
Privasea (AI & DePIN)
Narrative: Privacy computing for AI and DePIN
Products: Using FHE to train ML models, optimized Boolean gates with TFHE
Optalysys (Tool)
Narrative: Homomorphic encryption hardware
Overall, ZAMA and projects like Fhenix are leading the way in providing ideal privacy protection tools for blockchain. Fhenix’s strong technical team and innovative approach to privacy protection make it a project worth watching in the fully homomorphic encryption space.