A History of Privacy Development in the Crypto Space

Written by: milian

Translated by: AididiaoJP, Foresight News

Every major technological wave begins with a dedicated or single group, and only later develops into a general-purpose or multi-group technology.

Early computers could only do one thing at a time: crack codes, process census data, or calculate ballistic trajectories. It was much later that they became shareable, programmable machines.

The internet was initially a small peer-to-peer research network (ARPANET), and only later evolved into a global platform that allowed millions to collaborate in a shared state.

Artificial intelligence has followed the same path: early systems were narrow expert models built for a single domain (chess engines, recommendation systems, spam filters), and only later evolved into general-purpose models capable of cross-domain work, fine-tuning for new tasks, and serving as a shared foundation for others to build applications.

Technology always starts in a narrow or single-user mode, designed for one use or one person, and only later expands to multi-user modes.

This is exactly where privacy technology stands today. Privacy technology in the crypto world has never truly broken out of the "narrow" and "single-user" framework.

Until now.

Summary:

• Privacy technology follows the same trajectory as computing, the internet, and artificial intelligence: systems start as specialized, single-user, then become general-purpose and multi-user.

• Crypto privacy has long been stuck in a narrow single-user mode because early tools could not support shared state.

• Privacy 1.0 is single-user privacy with limited expressiveness: no shared state, mainly relying on zero-knowledge proofs, proofs generated on the client side, developers must write custom circuits, and the experience is difficult.

• Early privacy began with Bitcoin's CoinJoin in 2013, followed by Monero in 2014, Zcash in 2016, and later Ethereum tools like Tornado Cash (2019) and Railgun (2021).

• Most Privacy 1.0 tools rely on client-side zero-knowledge proofs, leading to confusion between "zero-knowledge proofs for privacy" and "zero-knowledge proofs for verification," even though many "zero-knowledge" systems today are designed for verification, not privacy.

• Privacy 2.0 is encrypted shared state multi-user privacy based on multi-party computation or fully homomorphic encryption, allowing users to collaborate privately just as they do on the public shared state of Ethereum and Solana.

• Encrypted shared state means the crypto world finally has a general-purpose encrypted computer, opening up a whole new design space: dark pools, private liquidity pools, private lending, blind auctions, confidential tokens, and new types of creative markets, even on existing transparent chains.

• Bitcoin brought public isolated state; Ethereum brought public shared state; Zcash brought encrypted isolated state; Privacy 2.0 fills the last piece of the puzzle: encrypted shared state.

• Arcium is building such an encrypted computer, with an architecture similar to proof networks like Succinct, but using multi-party computation instead of zero-knowledge proofs. Its Arcis tool compiles Rust into multi-party computation programs, enabling multi-user encrypted computation.

• Emerging applications based on Privacy 2.0 include: Umbra using Arcium to implement privacy pools with confidential balances and swaps, Pythia's private opportunity markets, and Melee's upcoming opinion markets with private odds and adjudication.

To understand how we got here, and why encrypted shared state is so important, we need to start with the origins of privacy technology.

Privacy 1.0

The first storm of crypto privacy began here.

Users finally gained transactional privacy through mixers, privacy pools, and privacy cryptocurrencies. Later, some applications faced legal issues, sparking debates about whether and how privacy tools should handle illegal activities.

Privacy 1.0 initiated the single-user privacy mode. People could coordinate, but could not dynamically collaborate as on programmable blockchains, and the expressiveness of privacy was limited.

Main features of Privacy 1.0:

• No shared state, privacy is in "single-user mode," application scope is limited

• Mainly relies on zero-knowledge proof technology

• Client-side zero-knowledge proofs offer the highest privacy, but complex applications are slow

• Developer experience is difficult, requiring custom circuits to build privacy applications

Crypto privacy actually first appeared on Bitcoin, years before advanced cryptographic technologies like zero-knowledge proofs entered the crypto space. Early Bitcoin privacy was not true "cryptographic privacy," but rather clever coordination techniques aimed at breaking deterministic associations on the public ledger.

The earliest was CoinJoin in 2013, where users combined transaction inputs and outputs to obfuscate payment relationships. It used almost no cryptography but introduced privacy at the transaction layer.

Later came CoinShuffle (2014), JoinMarket (2015), TumbleBit (2016), Wasabi (2018), Whirlpool (2018), and other applications, all based on mixing processes to make Bitcoin harder to trace. Some added incentives, some added layered encryption or improved user experience.

None of these provided strong cryptographic privacy. They blurred associations but did not provide the mathematical guarantees and trustless privacy that later zero-knowledge proof systems brought. They relied on coordination, heuristics, and mixing randomness, not formal anonymity proofs.

Privacy Cryptocurrencies

Monero was launched in 2014, the first serious attempt to build a fully private blockchain for private transfers, rather than as an add-on privacy tool for transparent blockchains. Its model is based on probabilistic privacy via ring signatures, with each transaction by default mixing the real input among 16 decoy signatures. In practice, this setup can be weakened by statistical attacks like MAP decoders or network-level attacks, reducing effective anonymity. Future upgrades like FCMP aim to expand the anonymity set to the entire chain.

Zcash was launched in 2016, taking a completely different path from Monero. It does not rely on probabilistic privacy but was designed from the outset as a zero-knowledge proof token. It introduced a privacy pool powered by zk-SNARKs, providing users with cryptographic privacy rather than hiding among decoy signatures. When used correctly, Zcash transactions do not leak sender, receiver, or amount information, and anonymity increases with each transaction in the privacy pool.

The Emergence of Programmable Privacy on Ethereum

Tornado Cash (2019)

Tornado Cash was launched in 2019, bringing programmable privacy to Ethereum for the first time. Although limited to private transfers, users could, for the first time, deposit assets into a smart contract mixer and later withdraw using zero-knowledge proofs, achieving real privacy on a transparent ledger. Tornado was widely used legally but became embroiled in serious legal disputes after large-scale DPRK money laundering activities were conducted through it. This highlighted the necessity of excluding illegal actors to maintain the integrity of privacy pools, a measure now implemented by most modern privacy applications.

Railgun (2021)

Railgun appeared a bit later in 2021, aiming to push Ethereum privacy beyond simple mixing to private DeFi interactions. It not only mixes deposits and withdrawals but also allows users to interact privately with smart contracts using zero-knowledge proofs, hiding balances, transfers, and on-chain operations, while still settling on Ethereum. This was a big step forward from the Tornado model, providing persistent private state within smart contracts rather than just a simple mix-withdraw cycle. Railgun remains active today and has been adopted in some DeFi circles. It is still one of the most ambitious programmable privacy attempts on Ethereum, although user experience remains a major barrier.

Before continuing, it is necessary to clarify a common misconception that persists to this day. As zero-knowledge proof systems have become popular, many people believe that anything labeled "zero-knowledge" implies privacy. But this is not correct. Most technologies labeled "zero-knowledge" today are actually validity proofs, which are powerful for scaling and verification but provide no privacy at all.

The disconnect between marketing and reality has led to years of confusion, with "zero-knowledge proofs for privacy" and "zero-knowledge proofs for verification" being conflated, even though they solve completely different problems.

Privacy 2.0

Privacy 2.0 is multi-user mode privacy. Users no longer act alone but can collaborate privately just as they do on programmable blockchains.

Main features of Privacy 2.0:

• Encrypted shared state, privacy enters "multi-user mode"

• Based on multi-party computation and fully homomorphic encryption

• The trust assumptions for privacy depend on multi-party computation. Fully homomorphic encryption shares the same assumption, as threshold decryption of encrypted shared state requires multi-party computation

• Circuits are abstracted, developers do not need to write custom circuits (unless desired)

This is achieved through encrypted computers, allowing multiple people to collaborate on encrypted state. Multi-party computation and fully homomorphic encryption are the core foundational technologies—both support computation on encrypted data.

What Does This Mean?

The shared state model that powers Ethereum and Solana can now exist under privacy conditions. This is not a one-off private transaction, nor a tool that can only privately prove something, but a general-purpose encrypted computer.

It unlocks a whole new design space for the crypto field. To understand why, we need to review the evolution of state in the crypto world:

• Bitcoin brought public isolated state

• Ethereum brought public shared state

• Zcash brought encrypted isolated state

What has always been missing is encrypted shared state.

Privacy 2.0 fills this gap. It gives rise to new economies, new applications, and unprecedented new fields. In my view, this is the most significant breakthrough in crypto since smart contracts and oracles.

Arcium is building this kind of technology.

Its architecture is similar to proof networks like Succinct or Boundless, but instead of using zero-knowledge proofs to verify execution, it uses multi-party computation to compute on encrypted data.

Unlike SP1 or RISC Zero, which compile Rust into zero-knowledge proof programs, Arcium's Arcis compiles Rust into multi-party computation programs. Simply put, it's an encrypted computer.

Another analogy is "the Chainlink of privacy."

Privacy Independent of Chains and Assets

Arcium is designed to be blockchain-agnostic, able to connect to any existing blockchain and implement encrypted shared state on transparent chains like Ethereum and Solana. Users can obtain privacy without leaving their familiar ecosystems. It will launch first on Solana, with the mainnet Alpha version releasing this month.

Zcash and Monero embed privacy into their own currencies. This is effective but also creates a world of currencies with independent volatility. Arcium takes an asset-agnostic approach, adding privacy to assets users already own. The solutions and trade-offs are different, but flexibility is important for users.

Given this, almost any use case that requires privacy can run on encrypted computation.

Arcium's impact goes beyond crypto. It is not a blockchain, but an encrypted computer. The same engine is clearly applicable to traditional industries as well.

Zero to One Applications and Features

Encrypted shared state brings unprecedented design space to the crypto world. As a result, the following applications have emerged:

@UmbraPrivacy: Solana privacy pool. Umbra uses Arcium to achieve features that Railgun cannot, supporting confidential balances and private swaps, while handling transfers with zero-knowledge proofs. It provides far more than simple private transfers under minimal trust assumptions and offers a unified privacy pool SDK that any project can integrate to achieve Solana transaction privacy.

@PythiaMarkets: Opportunity markets with private windows for sponsors. A new type of information market where scouts bet on underdeveloped opportunities, and sponsors discover information without leaking alpha.

@MeleeMarkets: Prediction markets with bonding curves. Similar to Pumpfun, but for prediction markets. The earlier you enter, the better the price. Will develop opinion markets where users can express real views, odds remain private, and adjudication is private, solving group collapse and oracle manipulation issues. Arcium will provide the privacy needed for opinion markets and private adjudication.

Dark pools: Projects like @EllisiumLabs, @deepmatch_enc, and Arcium's dark pool demo use encrypted shared state to enable private trading, avoiding front-running and quote disappearance, and achieving best execution prices.

On-chain games: Arcium restores secrecy and fair randomness by running hidden states and CSPRNG randomness within encrypted shared state. Strategy games, card games, fog of war, RPGs, and bluffing games can finally run on-chain. Several games are already live on Arcium.

Private perpetual contracts, private lending, blind auctions, encrypted machine learning predictions, and collaborative AI training are also exciting future use cases.

Beyond these examples, almost any product requiring privacy can be built. Arcium provides developers with full customization capabilities through a general-purpose encrypted execution engine, and Umbra now also offers an SDK for Solana transfers and swaps. The combination makes implementing privacy on Solana straightforward for both complex systems and simple integrations.

Confidential SPL: Solana's New Privacy Token Standard

Arcium is also building C-SPL, the Solana confidential token standard. It addresses the pain points of previous Solana "Privacy 1.0" token privacy standards: difficult integration, limited functionality, and unusable by on-chain programs. C-SPL improves on this, eliminating the friction that hindered privacy token adoption.

This makes it easy to integrate privacy tokens into any application without adding user burden.

By integrating SPL Token, Token-2022, privacy transfer extensions, and Arcium encrypted computation, C-SPL provides a practical and fully composable standard for Solana confidential tokens.

Conclusion

We are still in the early stages of this wave of development, and the field is broader than any single approach. Zcash and Monero continue to solve important problems in their respective domains, and early privacy tools have demonstrated what is possible. Encrypted shared state solves a completely different dimension by allowing multiple users to operate privately in the same state without leaving existing ecosystems. It fills a gap rather than replacing the past.

Privacy is gradually shifting from an optional specialist feature to a core element of application building. It no longer requires new currencies, new chains, or new economic systems, but simply extends the range of capabilities available to developers. The previous era established public shared state as the foundation; the next era will expand this foundation through encrypted shared state, adding the previously missing layer.