The Evolution of Crypto Privacy Technologies

Written by: milian

Translated by: AididiaoJP, Foresight News

Original Title: A History of Privacy Development in the Crypto Space

Every major technological wave begins with specialized or single-user groups, and only later develops into general-purpose or multi-user systems.

Early computers could only do one thing at a time: crack codes, process census data, or calculate ballistic trajectories. It took a long time before they became shareable, programmable machines.

The internet started as a small peer-to-peer research network (ARPANET), and only later evolved into a global platform that allowed millions to collaborate in a shared state.

Artificial intelligence follows the same path: early systems were narrow expert models built for single domains (chess engines, recommendation systems, spam filters), and only later evolved into general models capable of cross-domain work, fine-tuned for new tasks, and serving as shared foundations for others to build applications.

Technology always starts in a narrow or single-user mode, designed for one use or one person, and only later expands to multi-user modes.

This is exactly where privacy technology stands today. Privacy technology in the crypto world has never truly broken out of the "narrow" and "single-user" framework.

Until now.

Summary:

• Privacy technology follows the same trajectory as computing, the internet, and AI: systems start as specialized, single-user, then become general-purpose, multi-user.

• Crypto privacy has long been stuck in a narrow single-user mode because early tools could not support shared state.

• Privacy 1.0 is single-user privacy with limited expressiveness: no shared state, mainly relying on zero-knowledge proofs, proofs generated client-side, developers must write custom circuits, and the experience is difficult.

• Early privacy began with CoinJoin on Bitcoin in 2013, followed by Monero in 2014, Zcash in 2016, and later Ethereum tools like Tornado Cash (2019) and Railgun (2021).

• Most Privacy 1.0 tools rely on client-side zero-knowledge proofs, leading to confusion between "zero-knowledge proofs for privacy" and "zero-knowledge proofs for verification," even though many "zero-knowledge" systems today are designed for verification, not privacy.

• Privacy 2.0 is encrypted shared-state multi-user privacy based on multi-party computation or fully homomorphic encryption, allowing users to collaborate privately just as they do on Ethereum and Solana's public shared states.

• Encrypted shared state means the crypto world finally has a general-purpose encrypted computer, opening up a whole new design space: dark pools, private liquidity pools, private lending, blind auctions, confidential tokens, and new types of creative markets, even on existing transparent chains.

• Bitcoin brought public isolated state; Ethereum brought public shared state; Zcash brought encrypted isolated state; Privacy 2.0 fills the last piece of the puzzle: encrypted shared state.

• Arcium is building such an encrypted computer, with an architecture similar to proof networks like Succinct, but using multi-party computation instead of zero-knowledge proofs. Its Arcis tool compiles Rust into multi-party computation programs, enabling multi-user encrypted computation.

• Emerging applications based on Privacy 2.0 include: Umbra using Arcium to create privacy pools with confidential balances and swaps, Pythia's private opportunity markets, and Melee's upcoming opinion markets with private odds and adjudication.

To understand how we got here, and why encrypted shared state is so important, we need to start from the origins of privacy technology.

Privacy 1.0

The first storm of crypto privacy began here.

Users finally gained transactional privacy through mixers, privacy pools, and privacy cryptocurrencies. Later, some applications faced legal issues, sparking debates about whether and how privacy tools should handle illegal activities.

Privacy 1.0 launched the single-user privacy mode. People could coordinate, but could not dynamically collaborate as on programmable blockchains, and the expressiveness of privacy was limited.

Main features of Privacy 1.0:

• No shared state, privacy is in "single-user mode," with limited application scope

• Mainly relies on zero-knowledge proof technology

• Client-side zero-knowledge proofs provide the highest privacy, but complex applications are slow

• Developer experience is difficult, requiring custom circuits to build privacy applications

Crypto privacy actually first appeared on Bitcoin, years before advanced cryptographic technologies like zero-knowledge proofs entered the crypto space. Early Bitcoin privacy was not true "cryptographic privacy," but rather clever coordination techniques aimed at breaking the deterministic associations of the public ledger.

The earliest was CoinJoin in 2013, where users merged transaction inputs and outputs to obfuscate payment relationships. It used almost no cryptography but introduced privacy at the transaction layer.

Later came CoinShuffle (2014), JoinMarket (2015), TumbleBit (2016), Wasabi (2018), Whirlpool (2018), and other applications, all based on mixing processes to make Bitcoin harder to trace. Some added incentives, some added layered encryption or improved user experience.

None of these provided strong cryptographic privacy. They blurred associations but did not provide the mathematical guarantees and trustless privacy that later zero-knowledge proof systems brought. They relied on coordination, heuristics, and mixing randomness, not formal anonymity proofs.

Privacy Cryptocurrencies

Monero was launched in 2014, the first serious attempt to build a fully private blockchain for private transfers, rather than as an add-on privacy tool for transparent blockchains. Its model is based on probabilistic privacy via ring signatures, with each transaction by default mixing the real input among 16 decoy signatures. In practice, this setup can be weakened by statistical attacks such as MAP decoders or network-layer attacks, reducing effective anonymity. Future upgrades like FCMP aim to expand the anonymity set to the entire chain.

Zcash launched in 2016, taking a completely different path from Monero. It does not rely on probabilistic privacy but was designed from the start as a zero-knowledge proof token. It introduced a privacy pool powered by zk-SNARKs, providing users with cryptographic privacy rather than hiding among decoy signatures. When used correctly, Zcash transactions do not leak sender, receiver, or amount information, and anonymity increases with each transaction in the privacy pool.

The Emergence of Programmable Privacy on Ethereum

Tornado Cash (2019)

Tornado Cash was launched in 2019, bringing programmable privacy to Ethereum for the first time. Although limited to private transfers, users could, for the first time, deposit assets into a smart contract mixer and later withdraw them using zero-knowledge proofs, achieving real privacy on a transparent ledger. Tornado was widely used legally, but after large-scale DPRK money laundering activities, it became embroiled in serious legal disputes. This highlighted the necessity of excluding illegal actors to maintain the integrity of privacy pools, a measure now implemented by most modern privacy applications.

Railgun (2021)

Railgun appeared a bit later in 2021, aiming to push Ethereum privacy beyond simple mixing to private DeFi interactions. It not only mixes deposits and withdrawals but also allows users to interact privately with smart contracts using zero-knowledge proofs, hiding balances, transfers, and on-chain operations, while still settling on Ethereum. This was a major step forward from the Tornado model, providing persistent private state within smart contracts, rather than just a mix-withdraw cycle. Railgun remains active and has been adopted in some DeFi circles. It is still one of the most ambitious programmable privacy attempts on Ethereum, though user experience remains a major barrier.

Before continuing, it is necessary to clarify a widespread misunderstanding that persists to this day. As zero-knowledge proof systems have become popular, many people believe that anything labeled "zero-knowledge" implies privacy. But this is not correct. Most technologies touted as "zero-knowledge" today are actually validity proofs, which are great for scaling and verification, but provide no privacy at all.

The disconnect between marketing and reality has led to years of misunderstanding, with "zero-knowledge proofs for privacy" and "zero-knowledge proofs for verification" being conflated, even though they solve completely different problems.

Privacy 2.0

Privacy 2.0 is multi-user mode privacy. Users no longer act alone but can collaborate privately just as they do on programmable blockchains.

Main features of Privacy 2.0:

• Encrypted shared state, privacy enters "multi-user mode"

• Based on multi-party computation and fully homomorphic encryption

• The trust assumptions for privacy depend on multi-party computation. Fully homomorphic encryption shares the same assumptions, as threshold decryption of encrypted shared state requires multi-party computation

• Circuits are abstracted, developers do not need to write custom circuits (unless desired)

This is achieved through encrypted computers, allowing multiple people to collaborate on encrypted state. Multi-party computation and fully homomorphic encryption are the core foundational technologies—both support computation on encrypted data.

What does this mean?

The shared state model that powers Ethereum and Solana can now exist under privacy conditions. This is not a one-off private transaction, nor a tool that can only privately prove something, but a general-purpose encrypted computer.

It unlocks a whole new design space in crypto. To understand why, we need to review the evolution of state in the crypto world:

• Bitcoin brought public isolated state

• Ethereum brought public shared state

• Zcash brought encrypted isolated state

What has always been missing is encrypted shared state.

Privacy 2.0 fills this gap. It gives rise to new economies, new applications, and unprecedented new fields. In my view, this is the most significant breakthrough in crypto since smart contracts and oracles.

Arcium is building this kind of technology.

Its architecture is similar to proof networks like Succinct or Boundless, but instead of using zero-knowledge proofs to verify execution, it uses multi-party computation to compute on encrypted data.

Unlike SP1 or RISC Zero, which compile Rust into zero-knowledge proof programs, Arcium's Arcis compiles Rust into multi-party computation programs. Simply put, it's an encrypted computer.

Another analogy is "Chainlink for privacy."

Privacy Independent of Chains and Assets

Arcium is designed to be blockchain-agnostic, able to connect to any existing blockchain and achieve encrypted shared state on transparent chains like Ethereum and Solana. Users can gain privacy without leaving their familiar ecosystems. It will launch first on Solana, with the mainnet Alpha version releasing this month.

Zcash and Monero embed privacy into their own currencies. This is effective but also creates a monetary world with independent volatility. Arcium takes an asset-agnostic path, adding privacy to assets users already own. The approach and trade-offs are different, but flexibility is important for users.

Given this, almost any use case requiring privacy can run on encrypted computation.

Arcium's impact goes beyond crypto. It is not a blockchain, but an encrypted computer. The same engine is clearly applicable to traditional industries as well.

Zero-to-One Applications and Features

Encrypted shared state brings unprecedented design space to the crypto world. As a result, the following applications have emerged:

@UmbraPrivacy: Solana privacy pool. Umbra uses Arcium to achieve functions that Railgun cannot, supporting confidential balances and private swaps, while handling transfers with zero-knowledge proofs. It provides far more than simple private transfers under minimal trust assumptions and offers a unified privacy pool SDK that any project can integrate to achieve Solana transaction privacy.

@PythiaMarkets: Opportunity markets with private windows for sponsors. A new type of information market where scouts bet on underdeveloped opportunities and sponsors discover information without leaking alpha.

@MeleeMarkets: Prediction markets with bonding curves. Similar to Pumpfun, but for prediction markets. The earlier you enter, the better the price. Will develop opinion markets where users can express real views, odds remain private, and adjudication is private, solving group collapse and oracle manipulation issues. Arcium will provide the privacy needed for opinion markets and private adjudication.

Dark pools: Projects like @EllisiumLabs, @deepmatch_enc, and Arcium's dark pool demo use encrypted shared state to enable private trading, avoiding front-running and quote disappearance, and achieving best execution prices.

On-chain games: Arcium restores secrecy and fair randomness by running hidden state and CSPRNG randomness inside encrypted shared state. Strategy games, card games, fog of war, RPGs, and bluffing games can finally run on-chain. Several games are already live on Arcium.

Private perpetual contracts, private lending, blind auctions, encrypted machine learning predictions, and collaborative AI training are also exciting future use cases.

Beyond these examples, almost any product requiring privacy can be built. Arcium provides developers with complete customization capabilities through a general-purpose encrypted execution engine, and Umbra now also provides an SDK for Solana transfers and swaps. The combination makes privacy on Solana straightforward for both complex systems and simple integrations.

Confidential SPL: Solana's New Privacy Token Standard

Arcium is also building C-SPL, the Solana confidential token standard. It addresses the pain points of previous Solana "Privacy 1.0" token privacy standards: difficult integration, limited functionality, and unusable by on-chain programs. C-SPL improves on this, eliminating the friction that hindered privacy token adoption.

This makes privacy tokens easy to integrate into any application without adding user burden.

By integrating SPL Token, Token-2022, privacy transfer extensions, and Arcium encrypted computation, C-SPL provides a practical, fully composable standard for Solana confidential tokens.

Conclusion

We are still in the early stages of this wave of development, and the field is broader than any single approach. Zcash and Monero continue to solve important problems in their respective domains, and early privacy tools have demonstrated what is possible. Encrypted shared state solves a completely different dimension by allowing multi-user private operations on the same state without leaving existing ecosystems. It fills a gap, not replaces the past.

Privacy is gradually shifting from an optional specialized feature to a core element of application building. It no longer requires new currencies, new chains, or new economic systems, but simply expands the developer's range of capabilities. The last era established public shared state as the foundation; the next era will expand this foundation with encrypted shared state, adding the previously missing layer.