With the ARX TGE done, we're shifting into a higher gear.
Arcium already has the most used privacy ecosystem in crypto, all powered by encrypted compute, and there's a lineup of new applications ready to launch.
We're also broadening what encrypted compute can do:
- Arcium Blackthorn (Encrypted AI)
- C-SPL (confidential transfers on Solana)
If you want to use encrypted compute to unlock entirely new mechanisms for your application, or you want to bring privacy to users and businesses who demand it, reach out to me.
We'll help you build some of the most exciting products crypto hasn't seen yet.
Welcome to the zero-to-one ecosystem.
soo uhhh ... basically we take an endemically secure batched base ROT, run it through a programmable-once pseudorandom function, extend it with SoftSpokenOT and a Fiat-Shamir'd consistency check (bit-level hashing via the tweakable Matyas–Meyer–Oseas construction for that sweet circular correlation robustness, BLAKE3 doing the rest), expand the LPN seeds into pseudorandom correlation generators, bootstrap subfield VOLEs via COPEe over a degree-d field extension, fold in GGM-tree single-point sVOLEs, stack the whole lot into n-party VOLEs to mint singlets, sacrifice a few for good luck, authenticate everything with pairwise BDOZ MACs over F_{p^k}, bucket-cut-and-choose the daBits to bridge F₂ and F_{2²⁵⁵₋₁₉}, clear the curve25519 cofactor (obviously), then evaluate the arithmetic circuit at one round of communication per gate
Arcium network stats on @solana mainnet over the last 24h:
- Over 50,000 <encrypted> computations
- 144,000 transactions
- 18,000,000 MPC rounds
(all of this before full mainnet launch even!)
@luhelminger@EliBenSasson Always was my impression that STARKs weren't going to be practical in the multiparty setting due to their reliance on hashes, curious whether there's been progress in closing the gap with algebraic SNARKs in the last couple years?
1. I do recall us having this discussion about target cluster size both on twitter and in person before, and given you plan on starting off with fewer nodes as well I’m not sure why this keeps coming up, as you say the proof will be in the pudding
2. i mentioned both solutions in my previous reply, either you invoke both the token and target program in the same tx, or you use the zkp trick (which you can because token balances are always encrypted to a user’s key)
3. yes, 3 and 10 is a big difference, but since 3 is a bootstrapping number I don’t see how that’s relevant. my point was that you can’t compare raw numbers of nodes without being explicit about stronger assumptions and diminishing returns
4. 5% is not an unfair consideration for mature networks that secure large TVLs, but it’s explicitly not the case for an app that’s been out for a few weeks on a network that's been out barely longer. the first months of going live are always update-heavy and 3 parties was deemed an acceptable parameter with a clear path to upgrading security once this cools down. several optimizations are in the works with which throughput on 4-5 nodes will easily exceed the current throughput with 3
hey david, i’d love to hear where your claimed limit of 3 parties for cerberus comes from? BDOZ online phases are extremely fast and the main factor in computation time is latency rather than bandwidth until you reach a much higher number of nodes or parallel computations. adding nodes doesn’t add rounds of communication, and consequently runtime isn’t significantly affected between 3 and 6 parties for example. it’s also an advantage of having separate clusters that you can distribute that load instead of having it all weigh on a single committee. which brings us to interoperability: privacy fundamentally limits free interoperability, since program B shouldn’t be able to do whatever it wants with program A’s private state (including reveal it): there needs to be role-based access, which requires involvement of the committee. which is exactly what we have with symmetric-key encryption for data meant for specific users (or even other programs). interop then comes in two distinct flavors: permissionned (the one you mention where program A re-encrypts part of its state to program B’s key so B can use it), and permissionless, where a user provides their state plus a ZKP to show it corresponds to the onchain symmetric ciphertext (umbra actually uses this trick for certain ops already). sidenote: ZKPs are also something you leave out when talking about your privacy solution, is it the same as zama where the user’s expected to produce this big zkp client-side with every tx?
as for silent decryption attacks, you know just as well as me that all threshold systems share those attacks, yours included. and yes it involves more parties, but you conveniently gloss over the 2/3 honest supermajority assumption and just talk about committee sizes as if they were comparable in any way to dishonest majority (they aren’t). not only do you eventually run into diminishing returns on security (you can’t expect 50-100 nodes to all run on different infrastructure and not reuse providers/locations at all, which makes them less independent in terms of hacks), but even with a small probability of hacking a given node, you require far larger committee sizes to match dishonest majority’s security. e.g. for a 5% chance of a node being compromised, your system would need 21 nodes to match the security of a 4-party MXE. in our case, the recovery set can be extremely large because its size has no impact on throughput, only on key recovery. also believe it or not key switching is a thing in MPC too! which means you can set up your MXE so that keys are rotated every epoch and the state is re-encrypted by the committee, which mitigates key leaks in the exact same way FHE-based systems can
because @joaomendoncaaaa is always bugging me that i'm writing too many things in comments deep in conversations no one ever reads - here’s a quote of the full discussion with a tl;dr:
- the underlying cryptogtaphy of arcium (generic MPC) cannot scale the committee size, 3 parties look like the practical cap
- this leads to:
-- fragile security
-- susceptibility to offchain attacks that leave no trace and break privacy forever
-- a design choice (multiple committees) that sacrifices composability, requiring complex patches like an external confidential token standard
- these consequences can be cleverly downplayed or even reframed to look like advantages, but a larger more decentralized committee is the only real solution for privacy based on threshold cryptography, which is unlikely to ever be possible with generic MPC
1. cluster size being kept at 3 is primarily because it’s still mainnet alpha, and coordinating frequent node updates across 3 operators is significantly easier on our sanity than 5 or more. it's not an MPC limitation at all and as breaking updates get less frequent this constraint will ease significantly
2. a universal token program is absolutely something you can do with arcium, the decision to go the C-SPL route was a response to dev demand being primarily focused on existing standards like CTS rather than entirely novel ones
3. of course it doesn't apply to 3, but you routinely mention dozens of nodes and diminishing returns absolutely kick in at that point
4. i'll admit I misremembered the ThFHE paper as having a 1/3 decryption quorum, you're right on this one. however I don't think considering a 1% chance of corruption makes sense because probabilities are so small they become meaningless. taking 5 as a reasonable medium-term cluster size target gives p = 10^-10 (vs 10^-16 for 9-of-13 parties), which makes no practical difference. you're not comparing under actual threats at this point
5. what atomic operations are you referring to here?
Opportunity Markets are finally coming and @solana is the first blockchain to have them.
A new class of information market designed to surface high-value insight and deliver it directly to a single market maker.
Unlike traditional markets, they don’t produce public information. Participants stake on opportunities they believe in, and those signals are only visible to the market creator, who rewards the most useful insight.
- Connects people with insight to those with capital and decision-making power
- Outcomes are subjectively resolved based on usefulness, not binary truth
- Favors signal quality and timing, with early conviction incentivized
- Markets are open-ended, allowing new options to emerge dynamically
- No slashing: participants are rewarded for being useful, not punished for being wrong
- Powered by encrypted compute, making signals visible only to the market creator
Think Company A is hiring a motion designer within a budget. People submit candidates, stake on the best ones, and the most valuable signal gets rewarded.
Think a launchpad deciding which project to list next. Capital flows surface high-potential projects early.
Think a company hiring a DevRel or marketing lead. Candidates emerge through conviction-backed signaling.
Think a VC looking for early-stage startups. The best opportunities surface before they’re widely known.
New markets with Encrypted Compute.
Fairblock/Zama/Arcium/Railgun: Let's use cryptography for private transfers
Circle: I'll just trust a TEE, it's been fully broken only 5 times
Tempo: hold my cup, let's fully trust validium operator and lose all privacy to it, same privacy guarantee a CEX
Onchain privacy has forced users to choose between partial solutions: mixers that only unlink transactions, shielded protocols that isolate every action, or privacy chains with limited composability.
@CryptoRick98 breaks down how Arcium and Umbra are built to eliminate that tradeoff on Solana, from the encrypted compute layer to the consumer.
@LefterisJP You might want to try any other consulate in Germany or any other country for that matter. The procedure you mentioned before is done by phone and email and really only requires you to be a Greek citizen, not necessarily a resident of whatever country you're calling.
Arcium Mainnet Alpha is live!
For the first time ever, @solana builders can now use <encrypted> execution directly on Solana mainnet.
This is only the beginning.
gMPC☂️
TL;DR
- Privacy on public blockchains has historically been fragmented and episodic. Umbra introduces persistent, expressive privacy by default.
- Umbra is a private financial layer on Solana, enabling private transfers, swaps, balances, and yield within a continuous shielded environment.
- Umbra combines client-side zero-knowledge proofs for anonymity with MPC for confidentiality
- MPC enables confidential balances via Encrypted Token Accounts (ETAs), hiding balances and transfer amounts
- Privacy strength depends not only on cryptography, but on anonymity set size and user behavior.
- Umbra treats anonymity sets as a first-class metric and designs the product to minimize behavioral privacy failures.
- A multi-purpose shielded pool allows funds to remain private across transfers, swaps, and yield, compounding privacy over time.
- The Umbra SDK allows wallets and applications to integrate private transfers, swaps, and balances, feeding activity into a shared shielded pool.
- Swaps execute via public liquidity venues while identity, balances, and intent remain unlinkable.
- Users can earn yield on shielded assets, incentivizing longer time in the private environment.
- Umbra mitigates exit-related privacy risks through product design, including anonymity indicators, configurable unshielding delays, and confidential balances.
- UTXO-based shielded systems suffer from performance decay as balances fragment into many notes over time, increasing scan and aggregation costs.
- Umbra eliminates this bottleneck by consolidating balances into Encrypted Token Accounts (ETAs), using UTXOs only at the anonymity boundary. The result is encrypted balances with stable, high-performance transfers even as activity scales.
- Compliance is addressed through proactive screening against risk databases and opt-in selective disclosure via read-only viewing keys.
- Umbra was launched via MetaDAO as an ownership coin, with governance and economic policy determined by token holders through futarchy.
- Umbra is not a mixer or a single feature, but a sovereign privacy domain with its own private state and internal economy.
- Umbra is Hopecore for Privacy.
Thank you all for reading!