Author | a16z crypto
Translation | Odaily Planet Daily (@OdailyChina)
Translator | Dingdang (@XiaMiPP)
Editor’s Note: In 2025, the surge of Zcash reignited the privacy narrative in the crypto industry. More often than not, what we see is merely a rise in sentiment and an influx of funds; many may internally believe this is just a temporary emotional surge, lacking recognition of the sustainability of this narrative itself. The latest release from a16z crypto, "Privacy trends for 2026," attempts to bring the privacy issue back into the discussion framework of infrastructure and long-term evolutionary logic. By gathering collective observations from several seasoned professionals in the crypto industry, the article elaborates on their judgments about "how privacy will shape the next phase of the crypto system" from multiple perspectives, including decentralized communication, data access control, and security engineering methodologies.
1. Privacy Will Become the Most Important "Moat" in the Crypto Industry This Year
Privacy is one of the key functions for the global financial system to transition onto the blockchain; at the same time, it is also a function that is severely lacking in almost all current blockchains. For most chains, privacy has long been an afterthought. However, now, just the concept of "privacy" itself is enough to create a substantial distinction between one chain and all others.
Privacy also brings about a more important point: the chain-level lock-in effect—if you prefer, it can also be called the "privacy network effect." Especially in a world where purely relying on performance competition is no longer sufficient to win.
Thanks to cross-chain bridge protocols, as long as all data is public, migrating between different chains is almost costless. But once privacy is involved, the situation is completely different: cross-chain token transfers are easy, but cross-chain transfers of "secrets" are extremely difficult. Operating outside the privacy zone always carries the risk of being monitored, with identity inferred through on-chain data, mempool, or network traffic. Whether switching from a privacy chain to a public chain or between two privacy chains, a large amount of metadata will be leaked, such as transaction time, scale correlations, etc., making it easier for users to be tracked.
Compared to new public chains that lack differentiation and where transaction fees are likely to be compressed to near zero in competition (as block space has essentially become homogeneous), blockchains with privacy capabilities can form stronger network effects. The reality is: if a "general-purpose" blockchain has neither a thriving ecosystem, killer applications, nor asymmetric distribution advantages, there is almost no reason for users to use it, let alone build on it and maintain loyalty.
In a public chain environment, users can easily interact with users on other chains—joining any chain is not important. But on a privacy chain, user choice becomes crucial because once they enter a certain privacy chain, they are less willing to migrate and take on the risk of identity exposure. This mechanism will create a winner-takes-all (or at least winner-takes-most) pattern. And since privacy is essential for most real-world application scenarios, ultimately, a few privacy chains may control most of the value activities in the crypto world.
—— Ali Yahya (@alive_eth), General Partner at a16z crypto
2. The Key Issue for Instant Messaging Applications This Year Is Not Just How to Resist Quantum Threats, But How to Decentralize
As the world gradually prepares for the era of quantum computing, many instant messaging applications built on cryptographic technology (such as Apple, Signal, WhatsApp) have taken the lead and are doing quite well. But the problem is, all mainstream communication tools still rely on private servers operated by a single organization. These servers are the easiest targets for governments to shut down, implant backdoors, or force the surrender of private data.
If a country can directly shut down servers; if a company holds the keys to private servers; or even just because a company owns private servers—then what is the point of even the strongest quantum encryption?
Private servers essentially require users to "trust me"; while the absence of private servers means "you don't have to trust me." Communication does not need a single company in the middle. What messaging systems need are open protocols that allow us not to trust anyone.
The way to achieve this goal is to completely decentralize the network: no private servers, no single application, fully open-source code, and employing top-notch encryption technology—including encryption against quantum threats. In an open network, no individual, company, nonprofit organization, or country can deprive us of our ability to communicate. Even if a country or company shuts down an application, 500 new versions will appear the next day. Even if one node is shut down, new nodes will immediately emerge to replace it—mechanisms like blockchain provide clear economic incentives.
When people control their messages just as they control their funds—through private keys—everything will change. Applications can be replaced, but users always retain control over their messages and identities; even if they no longer have the application itself, end users can still own their messages.
This goes beyond the realm of "quantum resistance" and "encryption"; it concerns ownership and decentralization. Without either side, what we build is merely an "uncrackable system that can still be shut down with a single click."
—— Shane Mac (@ShaneMac), Co-founder and CEO of XMTP Labs
3. "Secrets-as-a-Service" Will Become the Core Infrastructure of Privacy
Behind every model, agent, and automated system lies a fundamental dependency: data. However, most current data pipelines—whether the data input to models or the data output from models—are opaque, variable, and un-auditable.
This may be acceptable in some consumer applications, but in industries like finance and healthcare, users and institutions often have strong privacy requirements. This has also become a significant barrier for institutions advancing the tokenization of real-world assets.
So, how can we achieve innovation that is secure, compliant, autonomous, and globally interoperable while protecting privacy?
There are many paths to solutions, but I want to focus on data access control: Who controls sensitive data? How does data flow? And who (or what system) can access this data under what conditions?
In the absence of data access control, any entity wishing to maintain data confidentiality can currently only rely on centralized services or build customized systems themselves—this is not only time-consuming and expensive but also severely hinders traditional financial institutions and others from fully unleashing the potential of on-chain data management. As autonomous intelligent agent systems begin to browse, trade, and make decisions independently, cross-industry users and institutions need cryptographic-level certainty guarantees, rather than "best-effort trust."
This is precisely why I believe we need "secrets-as-a-service": a new technological framework that can provide programmable, native data access rules; client-side encryption; and decentralized key management mechanisms that enforce on-chain "who can decrypt what data under what conditions and for how long."
When these mechanisms are combined with verifiable data systems, "secrets" themselves can become part of the foundational public infrastructure of the internet, rather than an afterthought patched onto the application layer—making privacy truly a core infrastructure.
—— Adeniyi Abiodun (@EmanAbio), Co-founder and Chief Product Officer of Mysten Labs
4. Security Testing Will Shift from "Code is Law" to "Specification is Law"
Last year's multiple DeFi hacking incidents targeted not new projects, but those with mature teams, multiple rounds of audits, and years of operation. These events highlight a disturbing reality: current mainstream security practices still heavily rely on heuristics and case-by-case judgment.
To achieve true maturity this year, DeFi security must shift from "vulnerability pattern recognition" to "design-level property assurance," and from "best-effort" to "principled methodologies":
- In the static/deployment phase (testing, auditing, formal verification), this means no longer just verifying a few selected local properties but systematically proving global invariants. Currently, several teams are building AI-assisted proof tools that can help write specifications, propose invariant hypotheses, and take on the previously extremely costly human proof engineering work.
- In the dynamic/deployment phase (runtime monitoring, runtime constraints, etc.), these invariants can be transformed into real-time guardrails, becoming the last line of defense. These guardrails will be directly encoded as runtime assertions, requiring every transaction to meet them.
In this way, we no longer assume "all vulnerabilities have been discovered," but instead enforce key security properties at the code level, with any transactions violating these properties being automatically rolled back.
This is not just theoretical. In fact, almost all attacks to date have triggered one of these checks during execution, potentially halting the attack directly. Therefore, the once-popular idea of "code is law" is evolving into "specification is law": even new attack methods must satisfy the security properties that maintain system integrity, and the ultimately feasible attack space will be compressed to a very small or extremely difficult-to-execute degree.
—— Daejun Park (@daejunpark), a16z Engineering Team
Related Articles:
"Buying ZEC to Crash BTC? The 4 Major Industry Truths Behind the Surge of Privacy Coins"
"Messari: When BTC is Disciplined, ZEC's Hedging Potential is Beyond Imagination"
"ZEC Rises Against the Trend, Which Privacy Projects Are Worth Watching?"
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
