The superposition of technology applications is still a field worth exploring in depth.

Author: Duncan Nevada

Translation: Deep Tide TechFlow

The transparent ledger of encryption technology fundamentally changes our understanding of trusted systems. As the ancient saying goes, "Don't trust, verify," transparency is the key that allows us to achieve this. If all information is public, any fraudulent behavior can be promptly identified. However, this transparency also reveals its limitations in terms of usability. Indeed, some information should be public, such as settlements, reserves, reputation (and even identity), but we never want everyone's financial and health records to be made public along with personal information.

The need for privacy in blockchain

Privacy is a fundamental human right. Without privacy, there can be no freedom and democracy.

Just as early internet required encryption technology (such as SSL) to enable secure e-commerce and protect user data, blockchain also requires strong privacy technology to fully realize its potential. SSL allows websites to encrypt data during transmission, ensuring that sensitive information such as credit card numbers is not intercepted by malicious actors. Similarly, blockchain needs privacy to protect transaction details and interactions while maintaining the integrity and verifiability of the underlying system.

Privacy on the blockchain is not only about protecting individual users, but also crucial for enterprise adoption, compliance with data protection regulations, and opening up new design space. No company wants every employee to see other employees' salaries, or for competitors to rank and poach their most valuable customers. In addition, industries such as healthcare and finance have strict regulatory requirements for data privacy, and blockchain solutions must meet these requirements to become viable tools.

Framework for Privacy-Enhancing Technologies (PETs)

With the development of the blockchain ecosystem, several key Privacy-Enhancing Technologies (PETs) have emerged, each with its unique advantages and trade-offs. These technologies include Zero-Knowledge Proofs (ZK), Multi-Party Computation (MPC), Fully Homomorphic Encryption (FHE), and Trusted Execution Environment (TEE), covering six key axioms.

1. Universality: The applicability of the solution in a wide range of use cases and computations.

2. Composability: The ease of combining this technology with other technologies to mitigate drawbacks or open up new design space.

3. Computational efficiency: The efficiency of system execution of computations.

4. Network efficiency: The scalability of the system as the number of participants or data scales increase.

5. Decentralization: The degree of distribution of the security model.

6. Cost: The actual cost of privacy.

Just as blockchain faces the trilemma of scalability, security, and decentralization, achieving all six attributes simultaneously is a challenge. However, recent advancements and hybrid approaches are pushing the boundaries of possibility, bringing us closer to comprehensive, economical, and efficient privacy solutions.

Now that we have a framework, we will briefly survey this field and discuss the future prospects of these privacy-enhancing technologies.

Overview of Privacy-Enhancing Technologies

Here, I would like to provide you with some definitions. Note: I assume you are also actively reading "Dune" and viewing everything through the perspective of Melange!

Zero-Knowledge (ZK) is a technology that allows verification of a computation having occurred and obtaining a result without revealing what the input was.

• Universality: Medium. Circuits are highly specific to applications, but are being improved through hardware abstraction layers (such as Ulvatana and Irreducible) and general interpreters (Nil's zkLLVM).

• Composability: Medium. It works in isolation from the trusted prover, but in network settings, the prover must see all raw data.

• Computational efficiency: Medium. With real ZK applications like Leo Wallet coming online, proofs are gaining exponential improvements through novel implementations. We expect further progress as adoption increases.

• Network efficiency: High. Recent folding advancements introduce huge potential for parallelization. Folding is essentially a more efficient way of constructing iterative proofs, so it can be built upon previous work. Nexus is a project worth watching.

• Decentralization: Medium. In theory, proofs can be generated on any hardware, although in practice, GPUs are prioritized here. While hardware becomes more uniform, further decentralization can be achieved economically through AVS like Aligned Layer. Inputs are only private when combined with other technologies (see below).

• Cost: Medium.

  • Initial implementation costs for circuit design and optimization are high.

  • Operational costs are moderate, with high proof generation costs but efficient verification. A significant cost factor is proof storage on Ethereum, but this can be mitigated through the use of data availability layers (such as EigenDA) or AVS.

• Analogy from "Dune": Imagine Stilgar needing to prove to Duke Leto that he knows the location of the spice field without revealing its actual location. Stilgar takes a blindfolded Leto on a ornithopter, circling above the spice field until the cabin is filled with the sweet scent of cinnamon, then brings him back to Arrakeen. Leto now knows that Stilgar can find the spice, but he doesn't know how to find it himself.

Multi-Party Computation (MPC) is a technology that allows multiple participants to jointly compute a result without revealing their respective inputs to each other.

• Universality: High, considering the various specialized variants of MPC (such as secret sharing, etc.).

• Composability: Medium. While MPC is secure, as computational complexity increases, composability decreases due to the introduction of more network overhead. However, MPC can handle private inputs from multiple users, which is a relatively common use case.

• Computational efficiency: Medium.

• Network efficiency: Low. The increase in the number of participants leads to a quadratic growth in the required network communication. Companies like Nillion are working to address this issue. Erasure coding or Reed-Solomon codes (i.e., splitting data into fragments and storing these fragments) can be used to reduce errors, although this is not traditional MPC technology.

• Decentralization: High. While collusion among participants is possible, it may compromise security.

• Cost: High.

  • Moderate to high implementation costs.

  • High operational costs due to communication overhead and computational requirements.

• Analogy from "Dune": Imagine the great houses of the Landsraad ensuring they have enough spice reserves to help each other when needed, but they don't want to reveal their respective reserve levels. The first house can send a message to the second house, adding a large random number to their actual reserve. The second house then adds their actual reserve amount, and so on. When the first house receives the final total, they only need to subtract that large random number to determine the actual total spice reserve.

Fully Homomorphic Encryption (FHE) allows computation on encrypted data without first decrypting it.

• Universality: High.

• Composability: High for single-user inputs. Must be combined with other technologies for multi-user private inputs.

• Computational efficiency: Low. Although progress in mathematics and hardware is synchronously optimizing, this will be a huge breakthrough. Zama and Fhenix have done a lot of excellent work in this regard.

• Network efficiency: High.

• Decentralization: Low. Partly due to computational requirements and complexity, but with technological advancements, decentralization of FHE may approach that of ZK.

• Cost: Very high.

  • High implementation costs due to complex encryption and strict hardware requirements.

  • High operational costs due to intensive computations.

• Analogy from "Dune": Imagine a device similar to Holtzman shields, but for digital use. You can input digital data into this shield, activate it, and then hand it over to a Mentat. The Mentat can perform computations on the data without seeing the numbers. When they are done, they return the shield to you. Only you can deactivate the shield and view the computed results.

Trusted Execution Environment (TEE) is a secure area within a computer processor that allows sensitive operations to be performed within it, isolated from the rest of the system. The uniqueness of TEE is that it relies on silicon and metal, rather than polynomials and curves. Therefore, while they may be a powerful technology today, their improvement speed may be slower in theory due to the limitations of expensive hardware.

• Universality: Medium.

• Composability: High. Although its security is lower due to potential side-channel attacks.

• Computational efficiency: High. Approaching server-side efficiency, to the extent that NVIDIA's new H100 chip series is equipped with TEE.

• Network efficiency: High.

• Decentralization: Low. Limited to specific chipsets (such as Intel's SGX), which means it may be threatened by side-channel attacks.

• Cost: Low.

  • Low implementation costs if using existing TEE hardware.

  • Low operational costs due to near-local performance.

• Analogy from "Dune": Imagine the navigation chamber of a Spacing Guild Heighliner. Even the Guild's own navigator cannot see or interfere with what happens inside. The navigator enters the chamber, performs the complex calculations required for folding space, and the chamber itself ensures that all operations remain private and secure. The Guild provides and maintains this chamber, ensuring its security, but they cannot see or interfere with the work of the navigator inside.

Practical Use Cases

Perhaps it's best not to struggle with the Spice Cartels, but to ensure sensitive data (such as key materials) remains private. To bring it back to reality, here are some practical use cases for each technology.

Zero-Knowledge Proofs (ZK) are suitable for verifying whether a process has produced the correct result. When combined with other technologies, it is an excellent privacy protection technology, but when used alone, it sacrifices trustlessness and is more like data compression. We typically use it to verify if two states are the same, such as comparing the "uncompressed" second-layer state with the block header published to the first layer, or proving that a user is over 18 years old without revealing the user's actual personally identifiable information.

Multi-Party Computation (MPC) is commonly used for key management, including private keys or decryption keys, which can be combined with other technologies. Additionally, MPC is also used for distributed random number generation, small-scale confidential computation operations, and oracle aggregation. Overall, any scenario that requires lightweight aggregation computations involving multiple participants who should not collude is very suitable for MPC.

Fully Homomorphic Encryption (FHE) is suitable for performing simple, general computations on data that the computer cannot see, such as credit scoring, Mafia in smart contract games, or sorting transactions without revealing their contents.

Finally, Trusted Execution Environment (TEE) is suitable for more complex operations, provided you are willing to trust the hardware. For example, it is the only feasible solution for private base models (large language models existing within enterprises or in financial, medical, and national security institutions). Since TEE is the only hardware-based solution, its mitigation of drawbacks theoretically should be slower and more costly than other technologies.

In Between

Clearly, there is no perfect solution, and it's unlikely that one technology will be the perfect solution. Hybrid approaches are exciting because they may leverage the strengths of one technology to compensate for the weaknesses of another. The table below shows some design space that can be unlocked by combining different methods. The actual method differences are significant; for example, combining ZK and FHE may require finding suitable curve parameters, while combining MPC and ZK may require finding a certain type of parameter setting to reduce the final round-trip times. If you are building and want to discuss, hopefully this can provide you with some inspiration.

In short, superior and scalable privacy technologies can unlock countless applications, including games (a great tribute to Baz's Tonk), governance, fairer transaction lifecycles (Flashbots), identity (Lit), non-financial services (Oasis), collaboration, and coordination. This is also one of the reasons we are excited about Nillion, Lit Protocol, and Zama.

Conclusion

In conclusion, we see that the application potential of Privacy-Enhancing Technologies (PETs) is enormous, but still in the early stages of exploring possibilities. While the various related technologies may gradually mature, the superposition of technology applications is still a field worth exploring in depth. The application of these technologies will be tailored to specific domains, and as an industry, we still have a lot of work to do.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。