Fully Homomorphic Encryption (FHE) has long been regarded as a crown jewel of cryptography. On July 20, 2020, Vitalik Buterin highlighted its significance in a blog post. Recently, on May 5, 2023, Vitalik reignited interest in FHE by sharing the article "Exploring Fully Homomorphic Encryption" on X, noting that "many people are interested in FHE."

This growing interest is evident in the crypto venture capital space. In March 2023, Zama, an FHE company, announced a $73 million Series A funding round led by Multicoin and Protocol Labs, drawing significant market attention.

What is FHE

Fully Homomorphic Encryption (FHE) was first discussed in the 1970s and has been a challenging concept to implement. The basic idea is to encrypt data and perform computations on the encrypted data without decrypting it. Initially, simple operations like addition or multiplication could be performed on encrypted data, known as partially homomorphic encryption. The breakthrough came in 2009 when Craig Gentry demonstrated that any computation could be performed on encrypted data, leading to the development of FHE.

FHE is an advanced form of encryption that allows computations to be performed on encrypted data without needing to decrypt it first. This means that you can operate on ciphertexts (encrypted data) to produce an encrypted result, which, when decrypted, matches the result of operations performed on the plaintext (unencrypted data).

Key Features of FHE

• Homomorphism:

  • Addition: Performing addition on ciphertexts corresponds to addition on the plaintexts.

    $$$
    E(a+b)=E(a) + E(b)
    $$$

  • Multiplication: Performing multiplication on ciphertexts corresponds to multiplication on the plaintexts.

    $$$
    E( a\times b )=E(a)\times E(b)
    $$$

• Noise Management: When data is encrypted using FHE, noise is added to the ciphertext to ensure security. However, this noise increases with each operation performed. Managing and minimizing this noise is crucial because if it becomes too large, the computations can become inaccurate or fail.

• Unlimited Operations: Unlike partially homomorphic encryption, which supports a limited set of operations, or somewhat homomorphic encryption, which allows a limited number of operations, FHE supports an unlimited number of both additions and multiplications. This allows for any kind of computation to be performed on encrypted data.

Let's differentiate between homomorphic encryption and fully homomorphic encryption. Strictly speaking, fully homomorphic encryption is a special case of the former. Homomorphic encryption means that operations like addition or multiplication on ciphertexts are equivalent to the same operations on plaintexts, i.e.,

$$$
E(a+b) = E(a) + E(b)
$$$

$$$
E(a\times b) = E(a)\times E(b)
$$$

In this context, a and E(a), b and E(b) can be considered equivalent. However, there are two significant challenges to note here:

1. The equivalence between plaintext and ciphertext involves adding some noise to the plaintext before performing operations to obtain the ciphertext. If the noise leads to a large deviation, the computation may fail. Therefore, controlling the noise is crucial for various algorithms.

2. The overhead for addition and multiplication is enormous. Ciphertext computations can be 10,000 to 1,000,000 times more expensive than plaintext computations. Fully homomorphic encryption is achieved only when unlimited additions and multiplications can be performed on ciphertexts. Different types of homomorphic encryption have unique values in their respective fields, which can be categorized as follows based on their implementation degree:

Types of Homomorphic Encryption

• Partially Homomorphic Encryption (PHE): Supports only one type of operation (either addition or multiplication) an unlimited number of times. For example, RSA is partially homomorphic with respect to multiplication.

• Somewhat Homomorphic Encryption (SHE): Supports both addition and multiplication but only a limited number of times. It’s useful for specific applications where only a few operations are needed.

• Fully Homomorphic Encryption (FHE): Supports both addition and multiplication an unlimited number of times, enabling arbitrary computations on encrypted data. This makes FHE incredibly powerful but also computationally intensive.

The main advantage of FHE is its ability to perform any type of computation on encrypted data, ensuring privacy and security throughout the computation process.

Applications of FHE in Blockchain

Vitalik has suggested that FHE could become a key technology for blockchain scalability and privacy protection. Current blockchains are transparent by default, where every transaction and smart contract variable is public. FHE can transform a completely transparent blockchain into a partially encrypted form while still being controlled by smart contracts.

For example, Zama is developing an FHE virtual machine that allows programmers to write Solidity code to manipulate FHE primitives. This approach could address privacy issues on today’s blockchains, enabling use cases like encrypted payments, slot machines, and casinos, which retain transaction graphs while hiding amounts, making it more regulatory-friendly compared to solutions like Tornado Cash.

Another critical application of FHE is in improving privacy project usability. Projects like Zcash, Aztec, and Tornado Cash have significant usability issues, such as long retrieval times for balance information and synchronization delays. FHE offers a solution to these problems through oblivious message retrieval (OMR), allowing wallet clients to synchronize without revealing what they are accessing.

However, FHE does not directly solve blockchain scalability issues like Rollup technologies. Combining FHE with zero-knowledge proofs (ZKPs) might address some scalability challenges. Verifiable FHE can ensure computations are correctly executed, similar to ZK Rollups, providing a trusted computation mechanism that is critical for blockchain environments.

Relationship Between FHE and Zero-Knowledge Proofs (ZKPs)

FHE and ZKPs are complementary technologies but serve different purposes. ZKPs allow verifiable computation and zero-knowledge properties, enabling privacy for private states. However, ZKPs do not provide privacy on shared states, which is essential for permissionless smart contracts on platforms like Uniswap. This is where FHE and Multi-Party Computation (MPC) come in, allowing computations on encrypted data without revealing the data itself.

Combining ZKPs and FHE increases computational complexity significantly, making it impractical unless specific use cases demand it.

Current Stage and Future Prospects of FHE

FHE is approximately three to four years behind ZKPs in terms of development but is catching up quickly. The first-generation FHE projects are launching testnets, with mainnets expected later this year. Although FHE still has a higher computational overhead than ZKPs, its potential for large-scale adoption is imminent. Once FHE enters production and scales, it is expected to grow exponentially, similar to the rapid adoption of ZK Rollups.

Challenges and Bottlenecks

Several challenges remain for FHE adoption, including computational efficiency and key management. Bootstrapping in FHE is computationally intensive but is improving with algorithm advancements and engineering optimizations. Alternative schemes without bootstrapping might be more efficient for specific use cases like machine learning (ML).

Key management also presents challenges. Projects like Zama’s fhEVM, Inco, or Phoenix require threshold key management, involving a group of validators with decryption capabilities. This approach needs further development to overcome single points of failure.

What are the Use Cases

What Does the FHE Market Look Like

Crypto venture firms like 1kx have been actively investing in the FHE space, recognizing its potential. 1kx led the investment in Inco, a project built on Zama, focusing on fhEVM use cases. Inco is collaborating with partners to develop applications like slot machines, casinos, commercial payments, and gaming.

Threshold FHE (TFHE), combining FHE with MPC and blockchain, is a particularly promising area, opening up new use cases. The developer-friendly nature of FHE, allowing programming with Solidity, makes it accessible and practical for application development.

Competitive Landscape

Arcium (formerly Elusiv)

Arcium is a DePIN network on Solana for parallel confidential computing. Founded by Yannik Schrade, Julian Deschler, Nicolas Schapeler, and Lukas Steiner, it rebranded from Elusiv, a zk-based compliant privacy protocol, to Arcium on May 8, 2024.

Arcium supports DeFi, DePIN, AI, and other developers and applications with flexible access to trustless, verifiable, and high-performance confidential computing capabilities. Arcium is not a blockchain but calls the DA layer and consensus layer of the underlying blockchain, allowing developers to deploy confidential smart contracts across different blockchains. It also offers non-blockchain users the ability to configure blockchain layer trust models as needed.

In May 2024, Arcium completed a $5.5 million strategic funding round led by Greenfield Capital, with participation from Coinbase Ventures, Heartcore Capital, Longhash VC, L2 Iterative Ventures, Stake Facilities, Smape Capital, Everstake, Solana co-founder Anatoly Yakovenko, and Monad co-founder Keone Han.

Cysic

Cysic is a hardware acceleration company focused on real-time generation and verification of Zero-Knowledge (ZK) proofs. They offer ZK computation as a service (ZK-CaaS) based on their proprietary ASIC, FPGA, and GPU chips. Cysic has developed FPGA hardware and plans to launch ZK DePIN chips/devices called ZK Air and ZK Pro, which will form the Prover Network for DePIN.

In February 2023, Cysic raised $6 million in a seed funding round led by Polychain Capital, with participation from HashKey, SNZ Holding, ABCDE, A&T Capital, and Web3.com Foundation.

Zama

Zama is an open-source cryptography company developing FHE solutions for blockchain and AI. Co-founded in early 2020 by Hindi and renowned cryptographer Pascal Paillier, one of the inventors of FHE, Zama offers FHE solutions for Web3 projects, such as the TFHE-re library, the TFHE compiler Concrete, privacy-preserving machine learning Concrete ML, and confidential smart contracts fhEVM.

Zama focuses on TFHE (Threshold Fully Homomorphic Encryption), with TFHE-re implemented in pure Rust for encrypted Boolean and integer computations, allowing developers and researchers fine-grained control over TFHE for advanced features. The fhEVM integrates TFHE-re into the EVM, enabling homomorphic operations as precompiled contracts without modifying compilation tools.

On March 7, 2024, Zama completed a $73 million Series A funding round led by Multicoin Capital and Protocol Labs, with participation from Metaplanet, Blockchange Ventures, Vsquared Ventures, Stake Capital, Filecoin founder Juan Benet, Solana co-founder Anatoly Yakovenko, and Ethereum co-founder Gavin Wood. The funds will be used to continue researching and developing their FHE tools.

Sunscreen

Sunscreen is a privacy startup enabling engineers to build and deploy private applications using cryptographic techniques like FHE. They have open-sourced their FHE compiler, a Web3-native compiler that converts standard Rust functions into private FHE-equivalent functions, offering optimal performance for arithmetic operations without hardware acceleration. The compiler also supports the BFV FHE scheme and is developing a ZKP-compatible compiler to ensure computational integrity when combined with FHE.

In July 2022, Sunscreen completed a $4.65 million seed funding round led by Polychain Capital, with participation from Northzone, Coinbase Ventures, dao5, and notable individuals like Naval Ravikan and Tux Pacific.

Octra

Octra is an FHE blockchain network supporting isolated execution environments, proposing a new type of FHE called HFHE (Homomorphic Fully Homomorphic Encryption) on Hypergraphs. According to official documentation, HFHE can be compatible with any project and run independently. Most of Octra's codebase is developed in languages like OCaml, AST, ReasonML (for smart contracts and applications interacting with Octra), and C++. This method is relatively new with limited academic discussion. The security of the solution remains unverified and requires validation.

Fhenix

Fhenix is an Ethereum Layer 2 (L2) supported by FHE Rollups and FHE Coprocessors, fully compatible with EVM and Solidity, enabling on-chain confidential smart contracts with FHE-based privacy. Fhenix does not use zkFHE but employs Optimistic Rollup and Zama's FHE via fhEVM for on-chain confidentiality, focusing on TFHE (Threshold FHE).

In September 2023, Fhenix raised $7 million in seed funding, led by Sora Ventures, Multicoin Capital, and Collider Ventures, with participation from Node Capital, Bankless, HackVC, TaneLabs, and Metaplanet. The public testnet will be released in early 2024, supporting ecosystem application development.

Mind Network

Mind Network is an FHE re-staking layer for DePIN and AI, supported by Zama, aiming to achieve "HTTPZ" (end-to-end encrypted internet). Products include FHE re-staking scheme MindLayer, FHE-authorized invisible address protocol MindSAP, and FHE DataLake MindLake built on the FHE verifier network through MindLayer. Users can re-stake BTC and ETH LST tokens into Mind Network, introducing FHE-enhanced verifiers to ensure end-to-end encryption for AI and DePIN network verification and computing processes. A smart Proof of Intelligence (PoI) consensus mechanism for AI machine learning tasks ensures fair and secure distribution among FHE verifiers. FHE computation can be hardware accelerated. MindLake is a data storage Rollup for computing on-chain encrypted data.

In June 2023, Mind Network completed a $2.5 million seed funding round with participation from Binance Labs, Comma3 Ventures, SevenX Ventures, HashKey Capital, Big Brain Holdings, Arweave SCP Ventures, Mandala Capital, and others.

Inco

Inco Network is a modular confidential computing Layer 1 blockchain and Web3 universal privacy layer, providing privacy protection for on-chain applications. It combines Ethereum EVM with FHE, protected by EigenLayer, allowing programs to operate and compute on encrypted data without decryption, using on-chain native randomness. Inco launched the Gentry testnet to address Web3 privacy protection challenges and supports applications like games, DeFi (including dark pools, private lending, and blind auctions), enterprise solutions (such as confidential stablecoins, private RWA, and private voting).

In February 2024, Inco Network raised $4.5 million in seed funding, led by 1kx, with participation from Circle Ventures, Robot Ventures, Portal VC, Alliance DAO, Big Brain Holdings, Symbolic, GSR, Polygon Ventures, Daedalus, Matter Labs, and Fenbushi.

Regulatory Environment

The regulatory environment for privacy technologies like FHE varies across regions. While data privacy is widely supported, financial privacy remains a gray area. FHE has the potential to enhance data privacy, allowing users to retain data ownership and potentially monetize it while maintaining societal benefits like targeted advertising.

Looking ahead, gradual improvements in theory, software, hardware, and algorithms are expected, making FHE increasingly practical. The development of FHE is currently transitioning from theoretical research to practical applications, with significant progress expected in the next three to five years.

Conclusion

Fully Homomorphic Encryption (FHE) is on the brink of revolutionizing the crypto space by providing advanced privacy and security solutions. With ongoing advancements and increasing interest from venture capital, FHE is poised for large-scale adoption, addressing critical issues in blockchain scalability and privacy protection. As the technology matures, it promises to unlock new possibilities and drive innovation across various applications in the crypto ecosystem.

Disclaimer: This post is for general informational purposes only and does not constitute investment advice, recommendations, or a solicitation to buy or sell any securities. It should not be used as the basis for making any investment decision and should not be relied upon for accounting, legal, tax advice, or investment recommendations. You are encouraged to consult your own advisers regarding legal, business, tax, or other related matters concerning any investment decisions. Certain information included here may have been obtained from third-party sources, including portfolio companies of funds managed by Aquarius. The opinions expressed in this post are those of the authors and do not necessarily reflect the views of Aquarius or its affiliates. These opinions are subject to change without notice and may not be updated.