As Ethereum and other blockchain platforms evolve, the demand for privacy-preserving computation will become more urgent. Many applications, from decentralized finance (DeFi) to on-chain auctions, require sensitive data to remain confidential while still being processed transparently. Achieving this balance is challenging, but advanced cryptographic primitives like Fully Homomorphic Encryption (FHE) and Multi-Party Computation (MPC) offer potential solutions. These methods allow computations on data while preserving their privacy and thereby shape a vision of truly private on-chain computation, a kind of 'holy grail' for blockchain privacy. However, these techniques have limitations. This post explores the most promising cryptographic approaches for blockchain privacy and their trade-offs, which often require trust in a distributed committee, like the Keypers that operate the Shutter Network.
Most Promising Approaches with Distributed Committees
Threshold Fully Homomorphic Encryption (Threshold FHE)
FHE allows arbitrary computation to be performed directly on encrypted data, i.e., without the need to decrypt it. However, the result must eventually be decrypted, requiring a secret key. If one party controls the key, the system becomes centralized, compromising confidentiality of the data.
Threshold encryption solves this by distributing the decryption key across a committee. Only if a predetermined number of committee members collaborate can the result be decrypted. This strengthens security but it introduces a new trust assumption. Users must trust that a certain number of committee members, typically a majority, will not act maliciously. If enough members act maliciously, they could prematurely decrypt sensitive data. Another limitation of FHE is that even with recent optimizations, FHE remains computationally heavy (see, for instance, a post by the Flashbots team analyzing the efficiency of FHE for backrunning use cases).
Multi-Party Computation (MPC)
MPC enables multiple parties to compute a function over their inputs while keeping their input data private. Unlike FHE, which allows computation on encrypted data, MPC distributes the computation among a set of participants who interact to obtain the result while preserving input privacy.
Although technically distinct, MPC like threshold FHE, relies on a committee to collaborate on computation. It typically assumes that most committee members will behave honestly. However, MPC often involves significant interaction among the committee members, which increases communication overhead. This can make it less suitable for blockchain environments where minimizing interaction is crucial.
Indistinguishability Obfuscation (iO)
iO allows programs to be obfuscated so that two functionally equivalent programs cannot be distinguished. This seemingly modest guarantee has profound implications, as numerous cryptographic primitives - including functional encryption and witness encryption - can be built using iO. In the context of Ethereum, iO is actively discussed and has been proposed as a means of enabling privacy-preserving computation (e.g., see Vitalik’s post on ethresearch).
In a recent blog post, we looked at the state of iO and its usability for Web3 privacy. We found that despite its promise, iO remains far from practical. Even if iO becomes more efficient, its applicability to Web3 remains uncertain. One of the main challenges lies in its setup phase, where a program is obfuscated. This process must be executed by either a trusted entity or a committee in a distributed setting. While the latter can prevent the necessity to trust a single party, it still introduces a trust assumption in the committee similar to those of threshold FHE and MPC.
The Role of Trusted Execution Environments (TEEs)
TEEs are hardware-based modules that provide secure enclaves for confidential computation. They ensure data integrity and confidentiality even if the host machine is compromised. Unlike the above cryptographic techniques, TEEs rely on a centralized hardware chip and their manufacturers. Unfortunately, several attacks on TEEs, particularly Intel SGX, have raised doubts on their reliability as a sole solution for confidential computation.
Key Takeaway: Trust in Distributed Committees for Blockchain Privacy
All cryptographic techniques, whether MPC, threshold FHE, or iO, require to trust a committee of parties to ensure secure, private computation. This is similar to the committee of Keypers in the Shutter Network.
In this regard, Shutter has made a significant stride towards the vision of true on-chain privacy. It clearly demonstrates how distributed trust and collaboration can empower secure, private transactions.
In contrast, TEEs rely on centralized hardware, but past attacks have repeatedly demonstrated their vulnerabilities.
Hybrid solutions, like ShutterTEE, combine cryptographic techniques with TEEs. This effectively reduces the trust assumptions by ensuring that neither the cryptographic committee nor the TEE provider can compromise confidentiality alone.
The Future of Privacy-Preserving Computation in Web3: Committees, TEEs, or a Hybrid Approach?
As Ethereum’s confidential computing landscape evolves, the central question remains: Would you rather trust a committee, or do TEEs provide a better path forward? Or perhaps the best option is a combination of both? The decision will shape the future of privacy-preserving applications in Web3, determining how we balance security, efficiency, and trust in decentralized systems.