Evolution of Cryptographic Privacy Technologies

Written by: milian

Translated by: AididiaoJP, Foresight News

Original Title: The History of Privacy Development in Crypto

Every major technological wave starts as dedicated or single-group, then evolves into general-purpose or multi-group.

Early computers did only one thing at a time: cracking codes, processing censuses, calculating ballistic trajectories. Much later, they became shareable, programmable machines.

The internet began as a small peer-to-peer research network (ARPANET), then grew into a global platform where millions could collaborate in shared states.

AI follows the same trajectory: early systems were narrow expert models, built for a single domain (chess engines, recommendation systems, spam filters), then evolved into general models that work across domains, can be fine-tuned for new tasks, and serve as shared foundations for others to build on.

Technology always starts in a narrow or single-user mode, designed for a single use or person, then expands to multi-user modes.

That’s exactly where privacy tech stands today. Privacy technologies in crypto have never truly broken out of the “narrow” and “single-user” box.

Until now.

Summary:

• Privacy tech follows the same trajectory as computing, the internet, and AI: systems start as dedicated, single-user, then become general-purpose, multi-user.
• Crypto privacy has long been stuck in a narrow, single-user mode because early tools couldn’t support shared state.
• Privacy 1.0 is limited-expressiveness single-user privacy: no shared state, mainly relies on zero-knowledge proofs, proofs generated on the client side, developers must build custom circuits, tough UX.
• Early privacy began in 2013 with Bitcoin’s CoinJoin, followed by Monero in 2014, Zcash in 2016, and later Ethereum tools like Tornado Cash (2019) and Railgun (2021).
• Most Privacy 1.0 tools depend on client-side zero-knowledge proofs, which blurs “zero-knowledge for privacy” and “zero-knowledge for verification”, even though most modern “zero-knowledge” systems are designed for verification—not privacy.
• Privacy 2.0 is multi-user privacy with encrypted shared state, based on multiparty computation or fully homomorphic encryption, letting users collaborate privately like they do on Ethereum or Solana’s public shared state.
• Encrypted shared state means crypto finally has a general-purpose encrypted computer, opening new design space: dark pools, private liquidity pools, private lending, blind auctions, confidential tokens, new types of creative markets—even on existing transparent chains.
• Bitcoin brought public isolated state; Ethereum brought public shared state; Zcash brought encrypted isolated state; Privacy 2.0 fills the last piece: encrypted shared state.
• Arcium is building such encrypted computers, architecturally similar to proof networks like Succinct, but using multiparty computation instead of zero-knowledge proofs. Its Arcis tool compiles Rust to multiparty computation programs for multi-user encrypted computation.
• Emerging Privacy 2.0-based apps include: Umbra using Arcium for confidential balances and swaps in privacy pools, Pythia’s private opportunity markets, and Melee’s upcoming private-odds, private-judgment opinion markets, etc.

To understand how we got here and why encrypted shared state matters, let’s start with the origins of privacy technology.

Privacy 1.0

The first storm of crypto privacy began here.

Users gained transaction privacy through mixers, privacy pools, and privacy coins. Some applications later faced legal scrutiny, sparking debate over if and how privacy tools should address illicit activity.

Privacy 1.0 introduced single-user privacy. People could coordinate, but not collaborate dynamically like on programmable blockchains; privacy expressiveness was limited.

Key features of Privacy 1.0:

• No shared state; privacy is in “single-user mode,” limiting use cases
• Mainly relies on zero-knowledge proof technology
• Client-side zero-knowledge proofs provide the strongest privacy, but slow for complex apps
• Poor developer experience—requires custom circuit design for privacy apps

Crypto privacy actually first appeared on Bitcoin, years before advanced cryptography like zero-knowledge proofs entered the space. Early Bitcoin privacy wasn’t true “cryptographic privacy,” but clever coordination tricks to break the determinism of the public ledger.

It started with CoinJoin in 2013, where users combined transaction inputs and outputs to obfuscate payment relationships. It used almost no cryptography but introduced transaction-level privacy.

Later apps include CoinShuffle (2014), JoinMarket (2015), TumbleBit (2016), Wasabi (2018), Whirlpool (2018), all using mixing flows to make Bitcoin harder to trace. Some added incentives, others layered encryption or improved UX.

None of these offered strong cryptographic privacy. They blurred associations but didn’t offer mathematical guarantees or trustless privacy like later zero-knowledge proof systems. They relied on coordination, heuristics, and mix randomness, not formal anonymity proofs.

Privacy Coins

Monero launched in 2014, the first serious attempt to build a fully private blockchain enabling private transfers, rather than as a privacy add-on to a transparent chain. Its model is probabilistic privacy via ring signatures, with each transaction defaulting to mix the real input with 16 decoys. In practice, this setup can be weakened by statistical attacks like MAP decoders or network-level attacks, reducing effective anonymity. Future upgrades like FCMP aim to expand the anonymity set to the entire chain.

Zcash launched in 2016, taking a very different path from Monero. It’s not based on probabilistic privacy, but was designed from the start as a zero-knowledge proof coin. It introduced zk-SNARK driven privacy pools, offering users cryptographic privacy instead of hiding among decoys. When used correctly, Zcash transactions reveal neither sender, recipient, nor amount, and anonymity grows with each transaction in the privacy pool.

Programmable Privacy on Ethereum

Tornado Cash (2019)

Tornado Cash launched in 2019, bringing programmable privacy to Ethereum for the first time. Though limited to private transfers, it let users deposit assets into a smart contract mixer, then withdraw with a zero-knowledge proof, achieving real privacy on a transparent ledger. Tornado was widely used legitimately, but after heavy DPRK money laundering activity, it faced severe legal issues. This highlighted the need for modern privacy apps to exclude illicit actors to maintain pool integrity—a standard now.

Railgun (2021)

Railgun appeared in 2021, aiming to push Ethereum privacy beyond simple mixing to private DeFi interactions. It not only mixes deposits and withdrawals, but lets users interact with smart contracts privately via zero-knowledge proofs, hiding balances, transfers, and on-chain actions, while still settling on Ethereum. This is a huge step up from the Tornado model, offering persistent private state inside smart contracts, not just a mix-and-withdraw loop. Railgun remains active and adopted in some DeFi circles, still one of the most ambitious programmable privacy attempts on Ethereum, though UX remains a challenge.

Before continuing, a key misconception must be clarified. As zero-knowledge proof systems proliferate, many assume anything labeled “zero-knowledge” means privacy. Not so. Today, most “zero-knowledge” tech is for validity proofs—excellent for scaling and verification, but provides zero privacy.

Marketing/reality disconnect has caused years of confusion: “zero-knowledge for privacy” and “zero-knowledge for verification” are conflated, though they solve entirely different problems.

Privacy 2.0

Privacy 2.0 is multi-user privacy. Users are no longer acting alone, but can collaborate privately just as they do on programmable blockchains.

Key features of Privacy 2.0:

• Encrypted shared state; privacy enters “multi-user mode”
• Based on multiparty computation and fully homomorphic encryption
• Privacy trust assumptions depend on multiparty computation. Fully homomorphic encryption shares this assumption, since threshold decryption of encrypted shared state requires MPC.
• Circuits are abstracted—developers can avoid custom circuit design (unless needed)

This is achieved through encrypted computers, allowing many to collaborate on encrypted state. Multiparty computation and fully homomorphic encryption are the core techs—both enabling computation on encrypted data.

What Does This Mean?

The shared state model that powers Ethereum and Solana can now exist under privacy. This isn’t just a private transaction, or a tool to privately prove something to yourself, but a general-purpose encrypted computer.

It unlocks a whole new design space for crypto. To understand why, look at the evolution of state in crypto:

• Bitcoin brought public isolated state
• Ethereum brought public shared state
• Zcash brought encrypted isolated state

What’s always been missing is encrypted shared state.

Privacy 2.0 fills that gap. It enables new economies, new applications, and entirely new domains. In my view, it’s the most significant breakthrough in crypto since smart contracts and oracles.

Arcium is building this technology.

Its architecture is similar to proof networks like Succinct or Boundless, but instead of using zero-knowledge proofs to verify execution, it uses multiparty computation for encrypted data computation.

Unlike SP1 or RISC Zero, which compile Rust to zero-knowledge proof programs, Arcium’s Arcis compiles Rust to multiparty computation programs. In short: encrypted computers.

Another analogy: “Chainlink for privacy.”

Privacy Unbound to Chains and Assets

Arcium is designed blockchain-agnostic, able to connect to any existing chain—bringing encrypted shared state to Ethereum, Solana, and other transparent chains. Users get privacy without leaving their familiar ecosystem. It will launch on Solana first, with mainnet Alpha out this month.

Zcash and Monero embed privacy in their own currencies. This works, but creates a world of assets with their own volatility. Arcium takes an asset-agnostic path—adding privacy to assets users already own. The approach and tradeoffs differ, but flexibility is key for users.

Because of this, nearly any privacy use case can run on encrypted computation.

Arcium’s impact goes beyond crypto. It’s not a blockchain—it’s an encrypted computer. The same engine clearly applies to traditional industries.

Zero-to-One Apps and Features

Encrypted shared state brings unprecedented design space to crypto. The following apps are emerging:

@UmbraPrivacy: Solana privacy pool. Umbra uses Arcium to achieve what Railgun cannot, supporting confidential balances and private swaps, while handling transfers with zero-knowledge proofs. With minimal trust assumptions, it offers much more than simple private transfers, and provides a unified privacy pool SDK for any project to integrate Solana transaction privacy.

@PythiaMarkets: Opportunity markets with private windows for sponsors. A new kind of information market, scouts bet on underdeveloped opportunities, sponsors find information without leaking alpha.

@MeleeMarkets: Prediction markets with bonding curves. Like Pumpfun, but for prediction markets. Earlier entry means better price. An opinion market is in development, where users can express real views, odds remain private, judgments are private—solving groupthink and oracle manipulation. Arcium will provide the privacy needed for opinion markets and private judgments.

Dark Pools: Projects like @EllisiumLabs, @deepmatch_enc, and the Arcium dark pool demo use encrypted shared state for private trading, avoiding frontrunning and quote fading, achieving best execution prices.

On-chain Gaming: Arcium restores secrecy and fair randomness by running hidden state and CSPRNGs in encrypted shared state. Strategy games, card games, fog-of-war, RPGs, and bluffing games can finally run on-chain. Multiple games are already live on Arcium.

Private perpetuals, private lending, blind auctions, encrypted ML prediction, and collaborative AI training are also exciting future use cases.

Beyond these, almost any product needing privacy can be built. Arcium, as a general encrypted execution engine, gives developers full customizability, and Umbra now provides an SDK for Solana transfers and swaps. Combined, privacy on Solana becomes straightforward for both complex systems and simple integrations.

Confidential SPL: Solana’s New Privacy Token Standard

Arcium is also building C-SPL, the Solana confidential token standard. It solves issues with previous Solana “Privacy 1.0” token privacy standards: hard integration, limited features, unusable by on-chain programs. C-SPL improves on this, removing friction that blocked privacy token adoption.

This makes privacy tokens easy to integrate into any app, without adding user burden.

By integrating SPL Token, Token-2022, privacy transfer extensions, and Arcium encrypted computation, C-SPL offers a practical, fully composable standard for Solana confidential tokens.

Conclusion

We’re still early in this wave—the field is broader than any one approach. Zcash and Monero continue solving important problems in their domains, and early privacy tools have shown what’s possible. Encrypted shared state solves a completely different dimension: letting many users operate privately in the same state without leaving existing ecosystems. It fills a gap, not replaces the past.

Privacy is shifting from an optional specialist feature to a core element of app building. It no longer needs new coins, new chains, or new economic systems—just an expanded developer toolkit. The last era established public shared state as the base layer; the next will expand that base with encrypted shared state—adding the layer that was always missing.