Why should a ride-sharing app know where I am at all? Shouldn’t only the driver picking me up have access to that raw location data? Perhaps there’s a safety argument, but even then, shouldn't I choose who gets access to what? Today, that sensitive GPS information is often sent to a central server just to compute distance between riders and drivers. But what if we could calculate proximity without exposing coordinates to anyone?
That tension between utility and control, between usefulness and secrecy, is the heart of modern data privacy. Privacy is the policy goal (“no one should learn where I was”), while confidentiality is the technical guarantee that even during computation the data stays unreadable.
This distinction is especially relevant in the context of public blockchains. If Web3 is to support real-world applications, such as finance, identity, governance, and logistics, it must provide users with a minimum level of confidentiality. Without it, many use cases will remain off-chain. Confidential computing integrated into Web3 is not just a technical milestone, it's a necessary foundation for mass adoption.
Two Roads to Confidentiality Today
Two leading approaches are emerging to fill the confidentiality gap: one based on production-ready hardware, and the other rooted in cryptography and quickly maturing. Both aim to protect data during computation but differ in trust assumptions, performance, and long-term viability. Here's how they compare:
Trusted Execution Environments (TEEs) | Fully Homomorphic Encryption (FHE) | |
|---|---|---|
What it is | Hardware-isolated enclaves that encrypt memory and CPU state | Pure math schemes that let you compute directly on ciphertext |
State of play | E.g., Intel TDX VMs on Google Cloud; AMD SEV‑SNP VMs on Azure | Rapidly maturing libraries and compilers (e.g., TFHE-rs, Go Lattigo) |
Trust anchor | Closed-source silicon and firmware; attestation helps but hardware is a single point of trust | Cryptography only; security rests on lattice math and key ceremonies |
Performance | Near-native; best choice when you need to ship tomorrow | 10–1000× slower today, but performance is improving fast |
Attack surface | Side channels such as the VoltPillager attack | Cryptanalytic break would be needed; considered far harder |
Why FHE Matters
Fully Homomorphic Encryption (FHE) represents the end-game of confidential computing: enabling encrypted computation without reliance on hardware or trusted enclaves. Its independence from proprietary silicon makes it ideal for decentralized, censorship-resistant systems, allowing computations to run securely anywhere.
Secured by lattice-based cryptography, FHE eliminates many risks found in hardware-based approaches, such as supply chain vulnerabilities and side-channel attacks. Unlike RSA or ECC, lattice-based schemes are considered resistant to quantum attacks, including those enabled by Shor’s Algorithm. Though still slower than plaintext computation, it is steadily advancing and already supporting practical use cases today.
FHE in Practice
Tech giants have already begun using FHE (or variants of homomorphic encryption) in production:
Apple: In iOS 18 and later, the Photos app uses homomorphic encryption to identify landmarks. The device encrypts vector embeddings and sends them to Apple’s servers, where similarity search happens without decryption. Results return encrypted and are labeled locally. GitHub / Research summary
Microsoft: The ElectionGuard toolkit uses FHE to improve the security and transparency of digital voting. Voters can verify their votes were counted without revealing their selection. GitHub / More info
Beyond these examples, FHE is unlocking new use cases across decentralized systems:
Governance voting: Prevent bias by hiding intermediate results while enabling verifiable tallies.
Encrypted messaging with moderation tools: Enable flagged content detection without reading messages.
Geolocation access control: Authorize actions based on encrypted GPS input.
Healthcare data sharing: Run analytics across encrypted datasets from multiple institutions.
Tooling and Ecosystems Driving FHE Adoption
The shift from concept to real-world adoption depends on robust tooling and developer accessibility. Several pioneering teams are making FHE usable:
Zama: Creators of TFHE-rs (a Rust library for bit-level FHE) and the Concrete ML SDK. Their fhEVM brings FHE-based smart contracts to the Ethereum Virtual Machine.
Sunscreen: A TypeScript-first FHE compiler and runtime focused on usability and developer experience, especially suited for private applications.
Fhenix: Builders of FHE-Rollups, a dedicated execution layer for Ethereum where encrypted computation is the default.
Inco: A confidentiality layer that integrates FHE into existing blockchain virtual machines, aiming for seamless private computation.
These projects lower the barrier for developers to experiment and build performant, privacy-preserving applications on-chain.
Let’s Build A Confidential Web3 Together
AxLabs is already hands-on. We’re building proof-of-concepts with libraries like TFHE-rs (Zama) and Go Lattigo, and we plan to open-source parts of our work on GitHub soon.
If you’re exploring confidentiality on-chain (or, even off-chain!), let’s co-invent the future together.
Author: Guil. Sperb Machado, Ph.D.
CEO & Builder @ AxLabs
