A History of Privacy Development in the Crypto Field

By: milian

Translation: AididiaoJP, Foresight News

Every major technological wave begins with a dedicated or single group, and only later develops into a general-purpose or multi-group phenomenon.

Early computers could only do one thing at a time: breaking codes, processing censuses, calculating ballistic trajectories. It was much later that they became shareable, programmable machines.

The internet started as a small peer-to-peer research network (ARPANET), and only later evolved into a global platform enabling millions to collaborate in a shared state.

Artificial intelligence has followed the same path: early systems were narrow expert models built for a single domain (chess engines, recommendation systems, spam filters), only later evolving into general-purpose models that can work across domains, be fine-tuned for new tasks, and serve as a shared foundation for others to build applications.

Technology always starts in a narrow or single-user mode, designed for one use or one person, before expanding to multi-user mode.

That’s exactly where privacy technology stands today. Privacy technology in the crypto world has never truly broken out of the “narrow” and “single-user” box.

Until now.

Summary:

Privacy tech mirrors the development trajectories of computing, the internet, and AI: systems start as single-purpose, single-user, then become general-purpose, multi-user.

Crypto privacy has long been stuck in a narrow, single-user mode because early tools couldn’t support shared state.

Privacy 1.0 is limited in expressiveness and is single-user privacy: no shared state, mainly relies on zero-knowledge proofs, proofs generated client-side, developers must write custom circuits, and the experience is difficult.

Early privacy began with Bitcoin’s CoinJoin in 2013, followed by Monero in 2014, Zcash in 2016, and later Ethereum tools like Tornado Cash (2019) and Railgun (2021).

Most Privacy 1.0 tools rely on client-side zero-knowledge proofs, leading to confusion between “zero-knowledge proofs for privacy” and “zero-knowledge proofs for verification,” even though many “zero-knowledge” systems today are designed for verification, not privacy.

Privacy 2.0 is multi-user privacy for encrypted shared state, based on multiparty computation or fully homomorphic encryption, enabling private collaboration just like public collaboration on Ethereum or Solana.

Encrypted shared state means the crypto world finally has a general-purpose encrypted computer, opening up an entirely new design space: dark pools, privacy pools, private lending, blind auctions, confidential tokens, and new types of creative markets, even on existing transparent chains.

Bitcoin brought public isolated state; Ethereum brought public shared state; Zcash brought encrypted isolated state; Privacy 2.0 fills the final piece of the puzzle: encrypted shared state.

Arcium is building such an encrypted computer, architecturally similar to proof networks like Succinct, but using multiparty computation instead of zero-knowledge proofs. Its Arcis tool compiles Rust into multiparty computation programs, enabling multi-user encrypted computation.

Emerging applications based on Privacy 2.0 include: Umbra, using Arcium to implement a privacy pool with confidential balances and swaps; Pythia’s private opportunity markets; and Melee’s upcoming opinion markets with private odds and arbitration.

To understand how we got here, and why encrypted shared state is so important, let’s start from the origins of privacy technology.

Privacy 1.0

The first storm of crypto privacy began here.

Users gained transaction privacy through mixers, privacy pools, and privacy coins. Some applications later faced legal issues, sparking debates about whether and how privacy tools should handle illicit activity.

Privacy 1.0 introduced the single-user privacy mode. People could coordinate, but couldn’t dynamically collaborate as on programmable blockchains; privacy expressiveness was limited.

Key features of Privacy 1.0:

No shared state, privacy is “single-user mode,” limited application scope

Mainly relies on zero-knowledge proof technology

Client-side ZK proofs provide the strongest privacy, but complex applications are slow

Developer experience is tough, requiring custom circuit writing to build privacy applications

Crypto privacy actually first appeared on Bitcoin, years before advanced cryptographic technologies like zero-knowledge proofs entered the crypto sphere. Early Bitcoin privacy wasn’t truly “cryptographic privacy,” but clever coordination tricks aimed at breaking the deterministic associations of the public ledger.

The origin was CoinJoin in 2013, where users merged transaction inputs and outputs to obscure payment relationships. It used almost no cryptography, but introduced transaction-level privacy.

Then came CoinShuffle (2014), JoinMarket (2015), TumbleBit (2016), Wasabi (2018), Whirlpool (2018), etc., all based on mixing processes to make Bitcoin harder to track. Some added incentives, others improved user experience or layered encryption.

None provided strong cryptographic privacy. They obfuscated associations but didn’t offer the mathematical guarantees and trustless privacy that later ZK systems brought. They relied on coordination, heuristics, and mixing randomness, rather than formal proofs of anonymity.

Privacy Coins

Monero launched in 2014, the first serious attempt to build a fully private blockchain for private transfers—not just as an add-on privacy tool for transparent blockchains. Its model is based on ring signatures for probabilistic privacy, by default mixing each real input with 16 decoy signatures. In practice, this setup can be weakened by statistical attacks like MAP decoders or network-layer attacks, reducing effective anonymity. Future upgrades like FCMP aim to expand the anonymity set to the entire chain.

Zcash launched in 2016, taking a completely different path from Monero. It doesn’t rely on probabilistic privacy but was designed from the ground up as a zero-knowledge proof token. It introduced a ZK-SNARK-powered privacy pool, providing users with cryptographic privacy rather than hiding among decoy signatures. When used correctly, Zcash transactions don’t leak sender, receiver, or amount information, and anonymity increases with each transaction in the privacy pool.

Programmable Privacy on Ethereum

Tornado Cash (2019)

Launched in 2019, Tornado Cash enabled programmable privacy on Ethereum for the first time. Though limited to private transfers, users could, for the first time, deposit assets into a smart contract mixer and later withdraw with a ZK proof, achieving real privacy on a transparent ledger. Tornado saw widespread legitimate use but became embroiled in major legal disputes after large-scale DPRK money laundering activity. This underscored the need for modern privacy apps to exclude illicit actors to maintain pool integrity—a measure now implemented by most.

Railgun (2021)

Railgun appeared shortly after in 2021, aiming to push Ethereum privacy beyond basic mixing to private DeFi interactions. It not only mixes deposits and withdrawals but allows users to privately interact with smart contracts using ZK proofs, hiding balances, transfers, and on-chain actions while still settling on Ethereum. This was a big step forward from the Tornado model, providing ongoing private state within smart contracts rather than a simple mix-withdraw loop. Railgun remains active and has seen adoption in some DeFi circles. It’s still one of Ethereum’s most ambitious programmable privacy attempts, though user experience is a major hurdle.

Before continuing, it’s important to clarify a common misunderstanding that persists to this day. As ZK-proof systems became popular, many people assumed that anything labeled “zero-knowledge” means privacy. That’s not true. Most “zero-knowledge” tech today is actually validity proofs, great for scaling and verification, but offering no privacy at all.

The disconnect between marketing and reality led to years of confusion, conflating “zero-knowledge proofs for privacy” and “zero-knowledge proofs for verification,” even though they solve completely different problems.

Privacy 2.0

Privacy 2.0 is multi-user mode privacy. Users are no longer acting alone but can privately collaborate just as they do on programmable blockchains.

Key features of Privacy 2.0:

Encrypted shared state, privacy enters “multi-user mode”

Based on multiparty computation and fully homomorphic encryption

Privacy trust assumptions depend on MPC. FHE shares the same assumptions, as threshold decryption for encrypted shared state requires MPC

Circuits are abstracted—developers don’t need to write custom circuits (unless desired)

This is achieved via encrypted computers that allow multiple people to collaborate on encrypted state. Multiparty computation and fully homomorphic encryption are the core foundational technologies—both support computation on encrypted data.

What does this mean?

The shared state model that powers Ethereum and Solana can now exist under privacy conditions. This isn’t just a one-off private transaction, or a tool to privately prove something; it’s a general-purpose encrypted computer.

It unlocks a completely new design space for crypto. To understand why, recall the evolution of “state” in crypto:

Bitcoin brought public isolated state

Ethereum brought public shared state

Zcash brought encrypted isolated state

The missing piece has always been encrypted shared state.

Privacy 2.0 fills this gap. It spawns new economies, new apps, and entirely new fields. In my view, it’s the biggest breakthrough in crypto since smart contracts and oracles.

Arcium is building this kind of technology.

Its architecture is similar to proof networks like Succinct or Boundless, but instead of using ZK proofs to verify execution, it uses MPC to compute on encrypted data.

Whereas SP1 or RISC Zero compile Rust into ZK-proof programs, Arcium’s Arcis compiles Rust into MPC programs. Simply put, it’s an encrypted computer.

Another analogy: “the Chainlink of privacy.”

Privacy Unlinked From Chains and Assets

Arcium is designed to be blockchain-agnostic, able to connect to any existing blockchain and create encrypted shared state on transparent chains like Ethereum and Solana. Users get privacy without leaving their familiar ecosystems. It will launch first on Solana, with the mainnet Alpha version releasing this month.

Zcash and Monero embed privacy into their own currencies. This works, but also creates a separate monetary world with its own volatility. Arcium takes the asset-agnostic path, adding privacy to assets users already own. The tradeoffs differ, but the flexibility is important for users.

Because of this, almost any privacy use case can run on encrypted computation.

Arcium’s impact goes beyond crypto. It’s not a blockchain—it’s an encrypted computer. The same engine is clearly applicable to traditional industries.

Zero-to-One Applications and Features

Encrypted shared state brings an unprecedented design space to crypto. Thus, the following applications are emerging:

@UmbraPrivacy: Solana privacy pool. Umbra uses Arcium to achieve what Railgun can’t—supporting confidential balances and private swaps, while handling transfers with ZK proofs. It delivers much more than simple private transfers under minimal trust assumptions, and provides a unified privacy pool SDK that any project can integrate for Solana transaction privacy.

@PythiaMarkets: Opportunity markets with private windows for sponsors. New information markets where scouts bet on underexplored opportunities, and sponsors discover insights without leaking alpha.

@MeleeMarkets: Prediction markets with bonding curves. Like Pumpfun, but for prediction markets. The earlier you enter, the better the price. They’re building opinion markets where users can express their views, odds remain private, and arbitration is private, solving problems of groupthink and oracle manipulation. Arcium will provide the privacy needed for opinion markets and private arbitration.

Dark pools: Projects like @EllisiumLabs, @deepmatch_enc, and Arcium’s dark pool demo use encrypted shared state for private trading, preventing frontrunning and quote disappearance, achieving best execution prices.

On-chain gaming: By running hidden state and CSPRNG randomness inside encrypted shared state, Arcium restores secrecy and fair randomness. Strategy games, card games, fog-of-war, RPGs, and bluffing games can finally run on-chain. Multiple games are already live on Arcium.

Private perpetuals, private lending, blind auctions, encrypted machine learning predictions, and collaborative AI training are also exciting future use cases.

Beyond these examples, almost any privacy-needed product can be built. Arcium gives developers full customizability with a general encrypted execution engine, and Umbra now provides an SDK for Solana transfers and swaps. Together, this makes privacy on Solana straightforward for both complex systems and simple integrations.

Confidential SPL: Solana’s New Private Token Standard

Arcium is also building C-SPL, the confidential token standard for Solana. It solves pain points of previous Solana “Privacy 1.0” token standards—difficulty integrating, limited features, and unusable by on-chain programs. C-SPL improves on this, removing friction that blocked privacy token adoption.

This makes privacy tokens easy to integrate into any app, without extra user burden.

By integrating SPL Token, Token-2022, privacy transfer extensions, and Arcium’s encrypted computation, C-SPL provides a practical, fully composable standard for confidential tokens on Solana.

Conclusion

We’re still early in this wave of development, and the field is broader than any single approach. Zcash and Monero continue to solve important problems in their realms, and early privacy tools have shown what’s possible. Encrypted shared state solves a completely different dimension by allowing multi-user private operations in the same state without leaving existing ecosystems. It fills a gap, not replaces the past.

Privacy is gradually shifting from an optional specialist feature to a core element of application construction. It no longer requires new currencies, new chains, or new economic systems—just expands the developer’s toolset. The last era established public shared state as the foundation; the next era will expand that foundation with encrypted shared state, adding the missing layer.