The Internet without encryption would be worthless. Blockchains without encryption are too💩 Imagine using the internet in the early ‘90s. There was no secure way to log in, enter credit card details or send private messages to your peers. All traffic between clients and servers was transmitted in plain, making it easy for intermediaries to intercept. Logging into a website was like standing on a public street shouting your password ‘qwerty1’ through a megaphone, hoping only the intended website heard it. SSL was introduced in 1995 and from there on the web was a different place. Being now able to encrypt and securely transmit data, laid out the foundation of the entire web2 economy. Online retail, which was practically nonexistent, exploded into a $25bn industry just within five years. Amazon as we know it today simply wouldn’t exist without encrypted communication. Before SSL was introduced, the internet was a funny little gadget for nerds, with a negligible impact on our economies. A single technological breakthrough turned it into a powerful engine driving the entire information revolution. Talking about blockchains, we’re back in the nerd stage. It’s fun. A nice-to-have. But the reality is, blockchains have had minimal impact outside of crypto. Why? One major reason is the same challenge the internet faced: the inability to encrypt and protect data. Like in the pre-SSL web, any information published onchain is accessible by everyone else. In fact, blockchains make it even easier to retrieve this data - the entire state is publicly shared across - sometimes thousands of - nodes. It’s not just like standing on the street shouting your credit card details in public; blockchains even ensure every participant receives and stores that information. In some ways, today’s blockchains are worse than the early ‘90s internet. This lack of confidentiality severely limits blockchain’s potential. Just as the internet couldn’t scale without encryption, blockchains can't move beyond their infancy until they support private data. ## The Path Forward: ZK and Private State ## To evolve from the pure public state model, ZK was introduced to the blockchain stack. Privacy-focused chains like Aleo, Aztec or Miden emerged. As a user you now can keep parts of your state (i.e., the confidential data) locally and only post commitments onchain. Contrary to public chains, where validators check and process state transitions, ZK proofs are leveraged to verify if a (private) state transition is valid or not. The real power of public chains lies in the simple model ‘my state can access your state’. Composability across protocols enables arbitrary combinations of applications, allows reuse of existing user bases and amplifies network effects. However, in the private state model, this power is at risk. If private state remains solely local, it’s accessible only to the user—other users and smart contracts can’t interact with it without compromising confidentiality. ## The missing piece: Private Shared State ## Programmable public state and ZK-powered private state are two essential pillars blockchain ecosystems rely on. But for blockchains to have their very own ‘SSL moment’, we desperately need a third pillar: Private Shared State (PSS). PSS unlocks the true potential of confidential onchain data. It allows protocols to collect, combine and compute on multiple private states. For the first time, the private state model is not limited to 1 user = 1 local private state. Instead, all this confidential data can be merged together, while preserving privacy for every input. ZK alone isn’t enough to achieve PSS. While local private state relies on SNARKs, private shared state requires an advanced cryptographic primitive: collaborative SNARKs (coSNARKs). coSNARKs integrate Multi-Party Computation (MPC) to handle arbitrary computational tasks offchain. Additionally to the computation a ZK proof of the MPC is generated. Both, the computed output and the ZK proof are then rolled onchain to trigger a state transition. Only upon successful proof verification the state is actually changed, giving the onchain component full control over any state updates. Private shared state and coSNARKs open the door to unprecedented onchain protocols and dApps. Among many others, expect to see: * Information-asymmetric onchain games * Governance processes with selective disclosure * Private yet compliant token transfers * Outsourced privacy-preserving ZK proof generation * Seamless & private web2 data onboarding * MEV-free trading through onchain Dark Pools * Identity data privately stored in smart contracts The last one and a half decades since the inception of Bitcoin were fun. We played around. Tried stuff out. Deployed nice little dApps. With the advent of new and really powerful tech it is finally time to - as an industry - grow up and expand our efforts to make some real impact. LFG! 🚀 --- @a16zcrypto recently dropped a podcast episode on 'Why blockchains need privacy for apps’ with @1HowardWu @SuccinctJT @rhhackett . Check it out for further thoughts on that topic.

RT @luhelminger: coSNARKs aren’t just about secure computation—they also require efficient data transfer and storage. As we design @TACEO_I…

RT @jon_charb: Privacy might take off when people realize it’s just a big UX improvement I don’t want to think about doxxing my wallet to…

@_ArnaudS_ @TACEO_IO @cryptobuilder_ The holy book part 2

@cryptobuilder_ @TACEO_IO how about that?

RT @luhelminger: Private State >> Public State Today’s internet is private—at least from other users or competitors. In web3? Everything i…

RT @rw0x0: CoNoir requires us to build some cool stuff in MPC: - The Poseidon2 Blackbox function features a custom Poseidon2 MPC implementa…

RT @luhelminger: Now imagine what can be built together. Public, private, and private shared state all in one smart contact. 🤝 https://t.co…

RT @Pememoni: Confidential Computing (CoCo) in one look: * ZK is not confidential computing, but it can be complementary for verification…

zkTLS with 10 notary nodes - geographically distributed - instead of one single party to trust. Again and again our engineering team @TACEO_IO surprises me how they push technological boundaries. gg wp!

@nico_mnbl Technically absolutely right. coSNARKs make MPC publicly auditable. But what an awful name for a tech that unlocks a new onchain state model (private shared state)…?

RT @luhelminger: MPC + zkVM - seems like the logical next step, towards verifiable encrypted compute. We thought so too. In fact, we were…

RT @TACEO_IO: Honored to see coSNARKs showing up here! Thank you for the nominations! Also a huge shoutout to @web3privacy for running thi…

@TACEO_IO @cryptobuilder_ I doubt one would be able to fall asleep after reading this exciting piece of history 🤓

@DevSwayam For sure there's some overhead to add the ZK component, but it's really context specific. In certain scenarios there's very little to no overhead compared to plain (e.g. delegated zk proof generation). Gonna release soon some benchmarks to give specific numbers.

@cryptobuilder_ @TACEO_IO Deal!

coSNARK 101 * public state: plain data * private state: commitment on data + zkSNARK * private shared state: computation on multiple private inputs + coSNARK