Author: Maggie @ Foresight Ventures
Summary:
Fully Homomorphic Encryption (FHE) is the upcoming next-generation privacy protection technology that is worth exploring. While FHE offers ideal privacy protection capabilities, there are still performance gaps. We believe that with the entry of Crypto capital, the development and maturity of the technology will be greatly accelerated, much like the rapid development of Zero-Knowledge Proofs (ZK) in recent years.
FHE can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy protection co-processors. I am particularly optimistic about Privacy Protection EVM, as it is more flexible and compatible with EVM compared to existing ring signature, coin mixing, and ZK technologies.
We have researched several prominent FHE projects, and most of them are expected to launch on the mainnet this year or in the first quarter of next year. Among these projects, ZAMA has the strongest technology but has not yet announced plans for token issuance. Additionally, we believe Fhenix is the most outstanding FHE project among them.
1. FHE is an ideal privacy protection technology
1.1 Role of FHE
Fully Homomorphic Encryption is a form of encryption that allows people to perform any number of addition and multiplication operations on ciphertext to get encrypted results that can be decrypted to produce the same result as if the operations were performed on plaintext. This achieves the concept of “computation on encrypted data.”
Fully Homomorphic Encryption is particularly suitable for outsourcing computation. You can outsource data to external computing power for processing without worrying about data leaks.
In simple terms, if you are running a company with valuable data and want to use efficient cloud services to process and compute this data but are concerned about data leaks in the cloud, you can encrypt the data using FHE into ciphertext before uploading it to the cloud server. For example, the numbers 5 and 10 in the image would be encrypted into ciphertext represented by “X” and “YZ.”
When you need to perform operations on the data, such as adding two numbers 5 and 10, you just need to instruct the cloud server to perform a certain operation corresponding to plaintext addition on the ciphertext “X” and “YZ” to get an encrypted result “PDQ.” After decrypting this ciphertext result downloaded from the cloud server, you will find that it is the result of the operation 5 + 10.
Plaintext only appears on your end, while the data stored and processed on the cloud server are all ciphertext. This method of privacy protection is very ideal.
Partially Homomorphic Encryption: Partially homomorphic encryption is easier and more practical. It refers to ciphertext having only one homomorphic property, such as addition homomorphism or multiplication homomorphism.
Somewhat Homomorphic: Allows us to perform addition and multiplication on ciphertext simultaneously, but the supported number of operations is very limited.
Limited Level Fully Homomorphic Encryption: Allows us to perform arbitrary combinations of addition and multiplication on ciphertext without a limit on the number of operations. However, there is a new complexity constraint that limits the complexity of functions.
Fully Homomorphic Encryption: Requires support for an arbitrary number of addition and multiplication operations without complexity and number restrictions.
Fully Homomorphic Encryption is the most difficult and ideal in this context, often referred to as the “Holy Grail of Cryptography.”
1.2 History
Fully Homomorphic Encryption has a long history:
1978: The concept of Fully Homomorphic Encryption was proposed.
2009 (First Generation): The first fully homomorphic scheme was introduced.
2011 (Second Generation): A fully homomorphic scheme based on integers was proposed, which was simpler but did not improve efficiency.
2013 (Third Generation): A new technology GSW for constructing FTE schemes was proposed, offering higher efficiency and stronger security. This technology was further improved, leading to the development of FHEW and TFHE, further enhancing efficiency.
2016 (Fourth Generation): An approximate fully homomorphic encryption scheme CKKS was introduced, which is the most effective method for evaluating polynomial approximations, particularly suitable for privacy-preserving machine learning applications.
Current widely used homomorphic encryption libraries primarily support third and fourth-generation algorithms. Innovations in algorithms, optimizations in engineering, blockchain friendliness, and hardware acceleration are likely to appear with the entry of capital.
1.3 Current Performance and Availability
Common homomorphic encryption libraries:
ZAMA TFHE Performance:
For example, ZAMA TFHE takes about 200ms for addition and subtraction of 256 bits, plaintext calculations take approximately tens to hundreds of nanoseconds, and FHE calculations are about 10^6 times slower than plaintext calculations. Some optimized operations are about 1000 times slower than plaintext. Comparing a ciphertext calculation with a plaintext calculation is inherently unfair. Privacy comes at a cost, especially with fully homomorphic encryption, an ideal privacy protection technology.
ZAMA plans to further improve performance by developing FHE hardware.
1.4 Several Research Directions of FHE+Web3
Web3 is decentralized, and the combination of fully homomorphic encryption and Web3 has many research directions, including the following:
Innovative FHE solutions, compilers, and libraries to make FHE more user-friendly, faster, and more suitable for blockchain.
FHE hardware to improve computational performance.
FHE + Zero-Knowledge Proof (ZKP) to use FHE privacy computation while proving that inputs and outputs satisfy certain conditions or proving that FHE is correctly executed.
Prevention of malicious computation nodes, which can be combined with EigenLayer restaking, and others.
MPC decryption solutions for sharing encrypted states, where keys are often managed using MPC shards, requiring a secure and high-performance threshold decryption protocol.
Data storage DA layer, requiring a higher throughput DA layer, as the existing Celestia cannot meet the requirements.
In conclusion, we believe that Fully Homomorphic Encryption is the upcoming next-generation privacy protection technology that is worth exploring. While FHE offers ideal privacy protection capabilities, there are still performance gaps. We believe that with the entry of Crypto capital, the development and maturity of the technology will be greatly accelerated, much like the rapid development of ZK in recent years.When it comes to transaction privacy protection, fully homomorphic encryption is more suitable for EVM. This is because ring signatures and coin mixing technologies do not support contracts. Projects like Aleo and other ZK privacy protection initiatives handle privacy data similar to the UTXO model, rather than EVM’s account model. Fully homomorphic encryption, on the other hand, can support contracts and account models, making it easy to integrate into EVM. Comparatively, fully homomorphic EVM is indeed appealing.
The computational requirements for AI are already high, and adding the complexity of fully homomorphic encryption may result in low performance and high costs at this stage. In my opinion, the ultimate solution for AI privacy protection will likely be a hybrid approach involving TEE/MPC/ZK/semi-homomorphic encryption.
Overall, fully homomorphic encryption can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy-enhancing coprocessors. I am particularly optimistic about privacy-protected EVM, as it is more flexible and adaptable to EVM compared to existing ring signatures, coin mixing technologies, and ZK.
Most FHE projects are expected to launch on the mainnet between this year and the first quarter of next year. We believe that, apart from ZAMA, Fhenix is the most outstanding FHE project.
We have researched some prominent fully homomorphic encryption projects currently available on the market, and here is a brief overview of their information:
3.1 ZAMA (Tool)
Narrative: Provides fully homomorphic encryption for blockchain and AI
Tools: TFHE-rs, a Rust implementation of TFHE
Tools: Concrete, a compiler for TFHE
Products: Concrete ML, privacy-protected machine learning
Products: fhEVM, privacy-protected smart contracts
Team: CTO Pascal Paillier, a renowned cryptographer
CTO & co-founder: Pascal Paillier, a cryptographer who invented the Paillier cryptosystem in 1999 while obtaining his PhD from Telecom ParisTech. He started publishing papers related to homomorphic encryption in 2013 and is considered one of the leading figures in the field of fully homomorphic encryption.
CEO & co-founder: Rand Hindi, a Bioinformatics PhD graduate from UCL in 2011, with experience in data science projects and advisory roles for multiple projects while working on ZAMA.
Funding: Over 4 years, a total of over $82 million has been raised, with the recent Series A round raising $73 million led by Multicoin Capital and Protocol Labs.
On September 26, 2023, a Seed Round of $7 million was raised, led by Multicoin Capital, with participation from Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC, and Metaplanet.
(Continued in the next message due to character limit)
