What innovations can fhEVM bring to on-chain privacy?

Author: Mohamed Fouda, Partner, Volt Capital, translated by Golden Finance 0xjs

The lack of on-chain privacy is one of the biggest problems in cryptocurrency.

While zk solutions, such as Aztec, enable private transactions and compute from private data, they have one major problem: handling a shared private state.

This is where FHE and startups like Inco Network and the like shine.

First of all, why do we need to share a private state?

The shared private state can be the count of votes on the private chain, the state of a poker game, or the state of an AMM dark pool. Shared private state enables use cases that are not possible in cryptocurrency.

Why can’t Aztec handle private sharing status?**

To maintain data privacy, encryption is required, but ZK cannot handle encrypted data, the data must be decrypted, the computation is performed on the client side, and the result must be re-encrypted.

When the data is personal, such as age, wealth data, etc., it is feasible to do client-side calculations.

When private data is shared, i.e. multiple people can change it, you need to share the decryption key, which will either compromise privacy or use FHE.

How does FHE solve this problem?

Fully homomorphic encryption (FHE) allows you to encrypt data and run computations on that data without decrypting it.

For example, in a private poll, each new vote changes the result of the vote count without revealing it

Similarly, the state of an AMM pool or lending protocol can be changed through a valid transaction without revealing the status of the protocol before or after the transaction. This can provide protection against extractive MEVs, such as sandwich attacks

Overall, FHE has some major advantages: the private state can be changed by many users, which improves composability, the user experience is improved by not requiring users to store data or generate ZKPs, and complete privacy through private addresses.

But FHE still has its own challenges

First, FHE is computationally expensive, and even with an optimized library like the TFHE-rs library from ZAMA, FHE computation can be a million times slower than transparent computation.

Here’s an example of using FHE calculations in AI:

Despite the complexity, innovations such as fhEVM (EVM with FHE) bring us closer to real-world applications.

In fhEVM, when Inco Network is used for L1, FHE operations are implemented as EVM precompilation to speed up computation and reduce gas consumption.

Using fhEVM, developers can create any array of encrypted variables that share a private state as an array of encrypted variables that Solidify SC can read and modify without decryption. In other words, many existing apps can be modified to enable privacy.

Developers began to use this architecture to implement hidden information games such as Werewolf and Mafia.

Much remains to be done to achieve this progress. In order to achieve full EVM compatibility, fhEVM needs to support larger cryptographic variables (up to 256 bits), support more mathematical operations, and cooperate with MPC to encrypt/decrypt private state.

Advancing this technology also requires educating developers on how to build proper mental models around dealing with private states.

Remi Gai has been working closely with developers in this regard to build the next generation of private applications on the Icno Network.

This is an interesting discussion about private state encryption.

All in all, any shared state requires an encryption/decryption key. The key must be sharded between network validators (MPCs). Validators decrypt data, such as the final voting results, when needed.

As far as I know, existing fhEVM implementations don’t have this MPC component yet. In addition, this MPC should be dynamic and the key can be changed over time to avoid 1 key controlling the privacy of all historical states.