Foresight Ventures: In-depth analysis of the FHE (Fully Homomorphic Encryption) track

Author: Maggie @ Foresight Ventures

TLDR:

• FHE fully homomorphic encryption is the next generation of privacy protection technology that is about to rise, and it is worth our layout. FHE has ideal privacy protection capabilities, but its performance still has a gap. We believe that with the entry of Crypto capital, the development and maturity of technology will be greatly accelerated, just like the rapid development of ZK in recent years.

• Fully homomorphic encryption can be used for transaction privacy protection, AI privacy protection and privacy protection coprocessors in Web3. Among them, I am particularly optimistic about privacy protection EVM, which is more flexible and more adaptable to EVM than existing ring signatures, coin mixing technology and ZK.

• We have investigated several outstanding FHE projects at present, and most of the FHE projects will be launched on the mainnet from this year to the first quarter of next year. Among these projects, ZAMA has the strongest technology but has not yet announced plans to issue coins. In addition, we believe that Fhenix is ​​the best FHE project.

1. FHE is an ideal privacy protection technology

1.1 The role of FHE

Fully homomorphic encryption is a form of encryption that allows people to perform any number of addition and multiplication operations on ciphertext to obtain encrypted results. The result of decrypting it is the same as the result of the same operation on the plaintext. Achieve data "calculable but invisible".

Fully homomorphic encryption is particularly suitable for outsourcing computing. You can outsource data to external computing power for computing without worrying about data leakage.

In layman's terms, for example, you run a company whose data is very valuable. You want to use a good cloud service to process and calculate this data, but you are worried about data leakage in the cloud. Then you can:

1. Perform full homomorphic encryption on the data and convert it into ciphertext before uploading it to the cloud server. For example, the numbers 5 and 10 in the figure above will be encrypted into ciphertext, expressed as "X", "YZ".

2. When you need to perform operations on the data, for example, if you want to add the two numbers 5 and 10, you only need to perform a certain operation on the ciphertext "X", "YZ" on the cloud server corresponding to the plaintext + operation specified by the algorithm, and the ciphertext result "PDQ" will be obtained.

3. After the ciphertext result is downloaded from the cloud server, it is decrypted to obtain the plaintext. You will find that this plaintext result is the result of the operation of 5 + 10.

The plaintext only appears here, and the cloud server stores and calculates all ciphertext data. In this way, you don't have to worry about data leakage. This privacy protection method is very ideal.

• Semi-homomorphic encryption: Semi-homomorphism is easy and more practical. Semi-homomorphism means that the ciphertext has only one homomorphic property, such as: additive homomorphism/multiplicative homomorphism.

• Approximate homomorphism: It allows us to calculate addition and multiplication on the ciphertext at the same time, but the number of times supported is very limited.

• Finite series fully homomorphic encryption: It allows us to perform any combination of addition and multiplication on the ciphertext, without any limit on the number of times. But there is a new complexity upper limit, which constrains the complexity of the function.

• Fully homomorphic encryption: It needs to support any number of addition and multiplication operations, without complexity and number of restrictions.

Fully homomorphic encryption is the most difficult and ideal here, and is called the "Holy Grail of Cryptography".

1.2 History

Fully homomorphic encryption has a long history

• 1978: The concept of fully homomorphic encryption was proposed.

• 2009 (first generation): The first fully homomorphic scheme was proposed.

• 2011 (Second Generation): A fully homomorphic scheme based on integers was proposed. It is simpler than the previous scheme, but the efficiency is not improved.

• 2013 (Third Generation): A new technology for constructing FTE schemes, GSW, was proposed, which is more efficient and more secure. This technology was further improved, and FHEW and TFHE were developed, which further improved the efficiency.

• 2016 (Fourth Generation): An approximate homomorphic encryption scheme CKKS was proposed, which is the most effective method for evaluating polynomial approximations and is particularly suitable for privacy-preserving machine learning applications.

The algorithms supported by the commonly used homomorphic encryption libraries are mainly the third and fourth generation algorithms. Algorithmic innovation, engineering optimization, Blockchain friendliness, and hardware acceleration are easy to appear with the entry of capital.

1.3 Current Performance and Availability

Commonly Used Homomorphic Encryption Libraries:

ZAMA TFHE Performance:

For example: ZAMA TFHE's 256-bit addition and subtraction takes about 200ms, plaintext calculations take about tens to hundreds of nanoseconds, and FHE calculations are about 10^6 times slower than plaintext calculations. Some optimized operations are about 1000 times slower than plaintext. Of course, it is unfair to compare a ciphertext calculation with a plaintext calculation. Privacy comes at a price, not to mention the ideal privacy protection technology such as full homomorphism.

ZAMA plans to further improve performance by developing FHE hardware.

1.4 Several technical research directions of FHE+Web3

Web3 is decentralized, and there are many technical directions to study in the combination of full homomorphism and Web3, such as the following.

• Innovative FHE solutions, compilers, and libraries make FHE better, faster, and more suitable for blockchain.

• FHE hardware improves computing performance.

• FHE + ZKP, while using FHE privacy computing, use ZK to prove that the input and output meet the conditions, or prove that FHE is executed correctly.

• Anti-malice of computing nodes can be combined with EigenLayer restaking, etc.

• MPC decryption scheme, the shared state is encrypted, and the key often uses MPC sharding, which requires a secure and high-performance threshold decryption protocol.

• Data storage DA layer, requires a DA layer with higher throughput, and the existing Celestia cannot meet the requirements.

In general, we believe that FHE fully homomorphic encryption is the next generation of privacy protection technology that is about to rise. FHE has ideal privacy protection capabilities, but its performance still has a gap. We believe that with the entry of Crypto capital, the development and maturity of technology will be greatly accelerated, just like the rapid development of ZK in recent years. FHE is a track worth our layout.

Second, FHE is used in various privacy protection scenarios in Web3, among which I am most optimistic about privacy EVM.

FHE belongs to the privacy protection track. Simply put, it includes "transaction privacy protection" + "AI privacy protection" + "privacy protection coprocessor".

• Transaction privacy protection also includes privacy-protected Defi, voting, bidding, anti-MEV, etc.

• AI privacy protection also includes decentralized identity identification, as well as privacy protection of other AI models and data.

• The privacy protection coprocessor puts the fully homomorphic ciphertext operation off-chain and eventually returns the result to the chain, which can be used for Trustless games, etc.

Of course, there are many privacy protection technologies. By comparing them, you will know the particularity of FHE.

• TEE is very fast. Data exists and is calculated in plain text in trusted hardware, so it is very fast. But it relies on secure hardware, and actually trusts the hardware manufacturer rather than the algorithm. This trust model is centralized. And some calculation verifications of TEE need to be connected to the TEE manufacturer for remote verification. This is not suitable for integration into the blockchain for on-chain verification. Because we require on-chain verification, it can be completed independently only with the historical data nodes of the blockchain, and should not rely on external centralized institutions.

• MPC secure multi-party computing is also a multi-party computing technology that protects privacy. However, this technology often requires multiple parties to be online at the same time and interact frequently, which is usually not suitable for asynchronous scenarios such as blockchain. We use MPC for decentralized key management. In the MPC wallet, the private key is not stored in a complete form anywhere. On the contrary, the private key is divided into multiple fragments (or parts), which are stored on different devices or nodes. Only when a signed transaction is required, multiple fragments will participate in the calculation through the multi-party computing protocol to generate a signature.

• ZK zero-knowledge proof is mostly used for calculation proof to prove that a certain calculation process is executed correctly, and is rarely used for privacy protection. ZK and homomorphic technology are also inseparable, and the privacy protection part also uses homomorphic technology.

• FHE fully homomorphic encryption does not require data exchange in the middle of the ciphertext calculation process, and can be calculated completely on the server/node. Therefore, there is no MPC requirement for the initiator/multiple parties to be online, which is more suitable for blockchain. And compared with TEE, it is Trustless. The only drawback is that the performance is not high.

Therefore, as long as FHE gradually improves its performance, its privacy protection capability is more suitable for Web3.

At the same time, in terms of transaction privacy protection, fully homomorphic encryption is more suitable for EVM. Because:

• Ring signatures and coin mixing technology cannot support contracts.

• And ZK privacy protection projects such as Aleo use privacy data similar to the UTXO model, rather than the EVM account model.

• Fully homomorphic encryption can support both contracts and account models, and can be easily connected to EVM.

In comparison, fully homomorphic EVM is indeed very attractive.

AI computing is inherently very computationally intensive, and with the addition of such a complex encryption mode as fully homomorphic encryption, the performance may be too low and the cost too high at this stage. I think AI privacy protection will eventually be a hybrid solution of TEE/MPC/ZK/semi-homomorphic.

In general, fully homomorphic encryption can be used in Web3 for transaction privacy protection, AI privacy protection, and privacy protection coprocessors. Among them, I am particularly optimistic about privacy protection EVM, which is more flexible and more suitable for EVM than existing ring signatures, coin mixing technology, and ZK.

Third, most FHE projects will be launched on the mainnet from this year to the first quarter of next year. We believe that Fhenix is ​​the best FHE project other than ZAMA.

We investigated the more outstanding fully homomorphic encryption projects on the market today, and their brief information is as follows:

3.1 ZAMA (Tool)

• Narrative: Providing fully homomorphic encryption for blockchain and AI

• Tool: TFHE-rs, rust implementation of TFHE

• Tool: Concrete, compiler of TFHE

• Product: Concrete ML, privacy-preserving machine learning

• Product: fhEVM, privacy-preserving smart contracts

• Team: CTO Pascal Paillier, famous cryptographer

• CTO & co-founder: Pascal Paillier cryptographer. He received his PhD from Telecom ParisTech in 1999 and invented the Paillier cryptographic system in 1999. He started publishing papers on homomorphic encryption in 2013 and is one of the top figures in the field of full homomorphism.

• CEO & co-founder: Rand Hindi, graduated from UCL in 2011 with a PhD in Bioinformatics, worked on data science projects, and served as an advisor for multiple projects while working on ZAMA

• Financing: 4 years, a total of more than 82 million US dollars, the latest round of A round of financing was 73 million, led by Multicoin Capital and Protocol Labs

• On September 26, 2023, Seed Round of 7 million US dollars, led by Multicoin Capital, Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC and Metaplanet participated

3.2 Fhenix (EVM + AI)

• Narrative: FHE coprocessor/L2 FHE Rollup (EVM-compatible privacy L2)

• Product: FHE-enabled Rollup, an EVM-compatible confidential smart contract. Developers use Solidity to develop Dapps while ensuring data privacy.

• Product: FHE coprocessor, cryptographic computing tasks are offloaded from the host chain (whether Ethereum, L2 or L3) to the off-chain. They greatly improve the efficiency of FHE-based operations.

• Cooperation: Cooperate with Zama, use ZAMA's fhEVM, github is a forked ZAMA library

• Cooperation: Cooperate with EigenLayer, Rollup nodes need to be re-quality in EigenLayer

• Team: Guy Itzhaki has more than 7 years of work experience at Intel and serves as Intel's homomorphic encryption and blockchain business development director.

• Founder: Guy Zyskind, MIT's PHD Candidate, MIT's MSC in 2016. Participated in the development of MIT Enigma privacy protocol and has strong research and development capabilities.

• CEO: Guy Itzhaki has 7 years of work experience at Intel and has very strong experience in the field of privacy protection. He served as Intel's homomorphic encryption and blockchain business development director.

• Prof. Chris Peikert, cryptographer of fully homomorphic encryption. Cryptography leader of Algorand.

• Funding: 1 year, the latest round of A round of financing was 15 million, led by Hack VC, followed by Foresight Ventures and other institutions.

• In May 2024, the A round of 15 million US dollars, led by Hack VC, followed by Foresight Ventures and other institutions.

• On September 26, 2023, Seed Round of 7 million US dollars, led by Multicoin Capital, with participation from Node Capital, Bankless Ventures, Robot Ventures, Tane Labs, HackVC and Metaplanet.

• Roadmap: Release test network in Q2 of 24, and main network in Q1 of 25

• Release threshold network in Q2 of 2024.

• FHE Co-processor V0 in Q3 of 2024.

• Main network in Q1 of 2025

• FHE Co-processor V1 in Q3 of 2025.

3.3 Inco (EVM)

• Narrative: Modular privacy computing layer/support EVM chain

• Product: Rollup that supports FHE is an EVM-compatible confidential smart contract. Developers use Solidity to develop Dapps while ensuring data privacy.

• Cooperation: Cooperate with Zama and use ZAMA's fhEVM

• Team: Founder Remi Ga, worked briefly as a software engineer at Microsoft and Google in the early days, and worked on Parallel Finance's DeFi project

• Founder: Remi Gai, 22 years ago, had 6 to 9 months of software engineer experience at Microsoft and Google respectively, and later worked on Parallel Finance and DeFi projects.

• Tech lead: Amaury A, core developer of Cosmos

• Financing: The latest Seed round raised 4.5 million, led by 1kx

• In February 2024, Inco Network completed a $4.5 million seed round of financing, led by 1kx, with participation from Circle Ventures, Robot Ventures, Portal VC, Alliance DAO, Big Brain Holdings, Symbolic, GSR, Polygon Ventures, Daedalus, Matter Labs and Fenbushi

• Progress: Testnet will be launched in March 24, and mainnet will be launched in Q4 24

• In March 2024, the test network will be launched including fhEVM. Currently, it includes privacy-protected ERC-20, privacy voting, blind bidding, and privacy DID examples.

• In Q2-Q3 2024, the test network will be launched including fhEVM.

• In Q4 2024, the main network will be launched.

• In 2025, FPGA hardware acceleration is planned, and the TPS is expected to reach 100-1000.

3.4 Mind Network (AI&DePIN)

• Narrative: Data privacy protection and privacy computing. AI and DePIN data and models.

• Product: The narrative of 23 years is the privacy data lake, privacy-protected data storage and computing. This year, we adjusted the privacy protection for AI and DePIN data and models.

• Cooperation: Cooperate with ZAMA and use ZAMA's fully homomorphic library

• Cooperation: Cooperate with Fhenix and Inco and use fhEVM for Rollup

• Cooperation: Cooperate with Arweave to store encrypted data

• Cooperation: Cooperate with EigenLayer, Babylon, etc. to serve node restaking Reference: https://mindnetwork.medium.com/fhe-secured-restaking-layer-scaling-security-for-ai-depin-networks-73d5c6e5dda3

• Team: CTO George was a researcher at Cambridge University.

• Co-founder & CTO: George was a researcher at Cambridge University and worked as a technical director for a multinational bank. He also has many years of experience in Internet financial technology.

• Financing: 2 years, Seed financing of 2.5 million, incubated by Binance Labs

• On June 20, 2023, Seed Round of 2.5 million US dollars, led by Binance Labs, with participation from HashKey, SevenX, etc.

• RoadMap: Already on the testnet, there is currently a restake function. The rest of the roadmap has not been announced

3.5 Privasea (AI&DePIN)

• Narrative: AI and DePIN privacy computing.

• Product: Use FHE to train ML models. Optimized the Boolean gates of TFHE.

• Product: FaceID, privacy-preserving face recognition. Used for anti-witch and KYC

• Cooperation: Integrate BNB Greenfield to store encrypted data

• Team: CTO Zhuan Cheng, PhD in mathematics from the University of Chicago, with rich experience in cryptography technology research and development.

• CEO: David Jiao, AI projects have raised 20 million, and blockchain projects have raised 4 million.

• CTO Zhuan Cheng, PhD in Mathematics from the University of Chicago, has extensive experience in cryptography research and development, and has previously worked on NuLink's ZK privacy protection project

• Financing: 1 year, Seed round of 5 million, incubated by Binance Labs

• In March 2024, Seed Round of 5 million US dollars, incubated by Binance Labs, MH Ventures, K300, Gate Labs, 1NVST and other investors participated.

• RoadMap: Testnet V2 released in April 24, mainnet in Q3 24

• In January 2024, Testnet V1.

• Testnet V2 in April 2024.

• TGE in Q3 2024.

3.6 Optalysys (Tools)

Narrative: Homomorphic encryption hardware.

From the above information, ZAMA provides the core open source library of fully homomorphic encryption for these projects, and is currently the well-deserved technology pioneer and the strongest. However, ZAMA has not yet announced a coin issuance plan, so we focus on Fhinex.

Fhinex will implement privacy-preserving EVM and privacy-preserving smart contracts. They plan to build a Fhenix L2, which is a fully homomorphic privacy EVM. Provide privacy-preserving transactions and DeFi, etc. This L2 is also equipped with a threshold network for some encryption and decryption operations; and Fhenix will also build FHE co-processor, a fully homomorphic computing network that can serve EVM chains other than Fhenix and provide fully homomorphic computing services.

The Fhinex team is very technically strong. The team members include not only experts in privacy computing at Intel, but also PHDs who participated in the development of the Enigma privacy protocol at MIT, as well as the Algorand cryptography lead.

In short, we believe that fully homomorphic encryption projects such as ZAMA and Fhinex can bring ideal privacy protection tools to the blockchain.