The history of cryptography is largely one of protecting data at rest and in transit. What remained stubbornly unsolved outside of academic circles was the much harder question of computing on data that no one is permitted to see.
As blockchain infrastructure extends into institutional finance, AI training pipelines, and sovereign data systems, the transparency that made public ledgers legible has become a structural liability.
The industry is responding with three distinct answers: zero-knowledge proofs (ZK), fully homomorphic encryption (FHE), and secure multiparty computation (MPC). Each rests on different mathematical foundations and unlocks a completely different class of application.
This roundtable brings together leading experts at the frontier of each paradigm, each building the infrastructure they believe will define how the private web is constructed.
The Interviewees
Dominik studied philosophy and math before moving into the blockchain space. He has been actively scaling Ethereum since 2016 through work with the Raiden Network, ConsenSys, and Polygon. For the past four years, he has focused entirely on building Miden
Alex is the co-founder of Octra, a privacy-preserving blockchain and encrypted compute network. He leads product strategy, ecosystem development, and go-to-market, with a focus on turning advanced cryptography into usable market infrastructure for finance, AI, and onchain applications.
Yannik is the founder and CEO of Arcium, where he is building cryptographic infrastructure for encrypted computing. His background spans cryptography and distributed systems, and he is a strong advocate for privacy as a foundational right, heavily influenced by cypherpunk ideals.
Redefining the privacy guarantee
The word privacy is used to describe everything from hiding a wallet balance to training an AI model on hospital records. Our panel first sought to clarify what guarantees their respective systems actually provide and how they view the current market.
For Alex, the category itself is the problem. In crypto, privacy has been almost entirely reduced to one narrow function: “In crypto today, privacy is still used mostly for the narrowest possible thing: confidential transfers. That already tells you how early the category still is.” He points to the broader web as a contrast: you get cookie banners and annoying terms of service precisely because you do not want your Amazon history visible to random strangers. Onchain, the opposite norm has been accepted by default. “The harder and more important problem is persistent private computation: systems that can keep state encrypted over time while remaining verifiable.”
Octra’s approach is to make the system verifiable while keeping the underlying data secure and private. In its current mainnet alpha design, the amount and recipient remain private while the sender remains visible.
Alex is also clear about what Octra is not. “Confidentiality that depends on moving execution behind an operator, server, or enclave is useful, but it is not the same as making the system itself private. The stronger model is verifiable computation over encrypted state, where sensitive data does not have to be exposed to operators in the first place.”
Dominik’s framework, which he calls “Practical Privacy,” keeps state and execution private while leaving global inputs public. He is candid about the starting point: Miden launches with a centralised operator, which the team is replacing over time with decentralised sequencing and a network of Guardians operating across compliance zones.
“We’d rather ship something institutions can actually use and decentralise it progressively,” he says, adding that cryptographic purity nobody can recover from when they lose a device is not a product.
For Yannik, privacy is the absolute ability to compute over data without exposing the underlying plaintext to any counterparty, operator, or piece of infrastructure involved in the computation.
Rather than focusing on one narrow form of privacy, Arcium is designed as general-purpose infrastructure for a broad range of applications. The threshold this sets is deliberately low. “Under this model, only a single honest node within a compute cluster is required to preserve privacy,” meaning Arcium’s guarantees hold even when the majority of participants behave adversarially.
The architecture of trust
Every privacy architecture rests on a set of trust assumptions and operational models. These foundational elements dictate how a user interacts with the network and what they must believe about the system’s integrity.
Dominik maps the Miden trust model across four layers: the underlying math, specifically STARKs and the Blake3 or Poseidon hash functions; the implementation code; the network operator while training wheels remain; and the surrounding systems including the bridge and Ethereum itself. “The implementation layer is where most of the real risk lives, and where most bugs hide,” he says. The first and fourth layers are shared with every serious ZK system. The second and third are what Miden is actively working to reduce over time.
Octra is designed to remove privileged third parties at the architectural level. “Our trust assumption sits in cryptography rather than a privileged operator, hardware vendor, or fixed committee.” Keys stay with the user, while computations happen on encrypted data.
Privacy does not depend on trusting the team, a hardware vendor, or any privileged third party. “The key design question for any privacy system is simple: if something fails, who still gets to see the data?” In most systems, the answer is the operator or the enclave owner. In Octra’s case, the architecture is designed to remove privileged access to the underlying data.
Arcium runs computation offchain within MPC clusters of distributed nodes. The core difficulty, as Yannik frames it, is that “private computation is difficult because systems must preserve confidentiality while allowing multiple parties to compute over data.”
Their Cerberus protocol addresses this through a dishonest-majority assumption, keeping committee sizes small without relaxing the security guarantees. Arcium’s Mainnet Alpha is currently operated by independent third-party node operators including Staking Facilities, Triton One, H2O Nodes, and Greenfield Capital, with plans to expand further. Crucially, MPC committees are fully customisable by developers, who can define their own committee configurations based on desired performance and privacy guarantees.
Execution and shared state
Handling state transitions without exposing data is a major technical challenge. The panellists unpacked exactly how their networks process these complex computations in real time.
In Miden, computation occurs locally on the user’s machine. The network receives inputs, a proof, and a new commitment: “We keep the things that matter to users and applications private, and we keep the things the network needs to verify public.” That departure from globally ordered state machines is what makes client-side proving viable at scale. For use cases that do not need privacy, developers can opt into public accounts and notes, and the network handles the compute. That choice is per-account and per-note, not a chain-wide mode.
Dominik also flags a deliberate design decision worth noting: Miden’s note tags are public 32-bit semantic identifiers rather than opaque cryptographic blobs, which means applications like DEXes can route and match private notes by use case. It is a considered departure from fully opaque designs, and it is what makes the execution environment practical for real applications.
Octra, meanwhile, runs computations on the encrypted state. The network never sees the plaintext. “User-side cryptography happens locally, while the network processes encrypted state without requiring plaintext access. The important distinction is that the network’s job is to verify and process state transitions, not to decrypt user data.”
Shared state is managed within isolated execution environments called Circles. Access is defined at the application layer through a proxy or access program, so developers can decide who is allowed to read, write, or trigger specific logic.
Arcium uses Arcis, a Rust-based compiler, to abstract away the complexity of building privacy applications. When a user submits encrypted data, the ciphertext is converted into secret shares distributed across nodes. The result: “each node sees only random-looking data.” No individual node learns anything.
The math works out correctly only when the nodes compute together following the MPC protocol. The underlying blockchain only needs to know the resulting state transitions or outputs of the computation, while the encrypted inputs, execution, and underlying logic remain entirely private.
Unlocking new design spaces
These diverse architectures make entirely new applications viable, moving beyond simple transactions into sophisticated financial and data logic.
FHE’s advantage, for Alex, is composability over time. Most privacy systems today are limited to one-shot use cases: a transfer, a proof, a single circuit. DeFi, by contrast, is composable. “The real unlock is not one-off privacy, but composable privacy over time. If you want financial systems built on encrypted assets rather than isolated private actions, you need infrastructure that can maintain persistent encrypted state across applications. Octra aims to be that infrastructure.”
That combination of composability and persistent encrypted state makes it possible to build entirely new financial primitives for the first time. “A meaningful end state is a trustless onchain market structure that preserves visibility where it is useful, such as price formation, without forcing every order and wallet into public view. That only works when privacy exists at the infrastructure layer, not as an afterthought.”
Dominik points to two concrete unlocks. The first is privacy as a product for custodians. "A custodian can offer clients an account where positions and flows are hidden from competitors and from the custodian's own employees, while the custodian keeps the economics of custody without the liability. That's not buildable on transparent L2s, and it's not buildable on privacy chains with no operator model."
The second is crypto-native SME treasuries. "A company can pay suppliers, run payroll, and manage runway without broadcasting its financial position to competitors, while still producing audit-ready reports on demand. Same cryptography that hides data selectively is what proves compliance without exposing it."
Yannik sees the most significant potential in dark pools and collaborative AI model training. "In blockchain, one example is dark pools, which enable private order placement and execution. They are common in traditional finance due to improved price execution, but remain largely absent in crypto because transparent blockchains expose trading intent and order flow." Arcium "allows multiple parties to train shared models on sensitive datasets without exposing the underlying data to one another," opening a design space that has had no viable onchain equivalent until now.
Yannik also points to teams already building in this space: "sealed-bid fundraising auctions through teams like Crafts, shielded pools for private onchain finance through Umbra, and entirely new market structures such as opportunity markets being developed by Bench."
The AI and encrypted compute intersection
The rise of AI creates an urgent need to compute on sensitive data at scale. The panel explored whether private data availability or private computation itself is the more pressing unsolved problem.
For Alex, the answer is unambiguous. “The best data is usually the least shareable. In practice, the real bottleneck is not model architecture, but whether computation can happen on data the holder is not allowed to reveal. Once that becomes possible, privacy stops being only a defensive feature and becomes an engine of growth. We at Octra see this as growing the pie, not just competing with other protocols.”
Yannik agrees that private computation is the harder unsolved problem. "Storing or distributing encrypted data is relatively well understood today, but making that data meaningfully usable without decrypting it, particularly in multi-party environments, remains a fundamentally difficult challenge." Through Arcium's acquisition of Inpher and the integration of the Manticore protocol, an MPC protocol specifically designed for AI and machine learning workloads, the network is directly addressing this gap. "Computation is what transforms private data from something merely stored into something economically and functionally useful."
In the near term, Yannik expects the strongest demand around specialised machine learning models and inference on sensitive datasets rather than frontier-scale models. The healthcare sector is a concrete example: "healthcare data is often siloed across separate hospitals and institutions, but with Arcium these parties can jointly train models or generate predictions across collective datasets without exposing the underlying data to one another."
Dominik is more blunt. “I’ll be direct: most blockchain for AI training narratives are investor theatre. I’ve never met a serious AI researcher who thinks a blockchain will make their model better.”
The genuine opportunity, in his view, is narrower and more interesting: once agents hold capital and transact autonomously, “they need to settle without leaking strategy, and they need counterparties to verify what happened without replaying the whole interaction. That’s a real problem and Miden is well-suited to it.”
Tradeoffs and the friction of privacy
Despite the massive potential, building these systems involves significant technical constraints. The panel discussed where privacy guarantees tend to erode and what developers must actively optimise for.
"Pure privacy is hard to use. Users don't want to wait twelve seconds for a proof in their browser," Dominik says. Miden's response is delegated proving and account Guardians. "Every one of those conveniences is a place where a purist would say privacy erodes. We think the alternative, which is cryptographically perfect systems that nobody can actually use, isn't a real product."
He is equally direct about the near-term constraints: "Three things: The compiler pipeline is complex because the architecture is novel. Tooling is still maturing. And client-side proving adds latency, which rules out some use cases today, high-frequency trading most obviously."
Alex locates the failure point elsewhere. “Privacy systems usually fail at the edges rather than in the core cryptography: wallets, metadata, relayers, bridges, permissions, analytics layers. That is where supposedly private systems often step back into plaintext for convenience.” Octra eliminates some of that risk by using a vertically integrated proprietary stack and minimising dependence on external vendors.
The current constraint is not whether the system works, but the latency of proof-heavy actions on weaker devices. The next optimisation focus is reducing that overhead.
For Arcium, the most significant constraint is the communication overhead inherent to MPC: latency and coordination costs rise as more nodes participate. "Dishonest majority helps us here, as it allows us to maintain low trust assumptions with smaller committee sizes compared to traditional honest-majority protocols, helping reduce coordination overhead while preserving strong privacy guarantees."
Yannik is also candid about where guarantees erode in practice. "For some applications, such as shielded pools, privacy can depend partly on anonymity set dynamics. If a user enters and exits the pool immediately, the practical privacy guarantees may weaken even if the underlying cryptography remains sound." In other cases the failure point is elsewhere: "privacy may have less to do with the underlying data itself and more to do with protecting surrounding information relevant to the user's privacy goals, such as metadata."
Composability and ecosystem fragmentation
A major concern with privacy networks is the risk of liquidity fragmentation and user siloing. To succeed, these private layers must communicate seamlessly with the broader public web.
Miden's position is straightforward: do not try to pull liquidity in. "We lean into cross-chain. That's the honest answer to the fragmentation problem: don't build another island."
With AggLayer integration nearly complete on devnet and engineering work on NEAR Intents underway since March, the vision is Miden as a privacy layer that connects to where liquidity already lives. "The vision is cross-chain from day one: secure your funds on Miden, use DeFi privately on other chains. Hyperliquid as the execution venue, Miden as the compliant private mixer in front of it."
Alex describes Octra’s posture as deliberately neutral. “Our view is that privacy infrastructure should be neutral and easy to integrate. The goal is to publish usable specifications, reduce onboarding friction, and let developers adopt it where there is real demand.”
The endgame is neutral infrastructure for encrypted data, with no bias or preference. “Whoever provides data for computation, or routes transactions through Octra, that is aligned with the model.”
For the Uniswap CCA sale, the team built an Ethereum bridge. A number of larger projects outside crypto, including messaging applications, have also reached out. But the BD-free approach is the stated goal: let the specs do the work.
Arcium's answer to fragmentation is structural: the network is chain-agnostic by design and does not require users to migrate liquidity into a separate environment. "We believe users want privacy integrated into the ecosystems they already use, rather than being forced to migrate liquidity and activity into separate environments that often lack deep liquidity, active developer ecosystems, and mature applications."
While Arcium is currently live on Solana, Yannik is clear that this is merely its initial deployment environment. "Arcium is not itself a blockchain, but an independent encrypted computation network that leverages existing blockchains for coordination, orchestration, and cryptoeconomic enforcement." Because computation is separated from coordination, Arcium can integrate across multiple ecosystems over time and support encrypted computation use cases entirely outside blockchain.
The path forward
Looking to the future, the panel discussed whether the industry will converge on a single dominant primitive or adopt a layered approach.
Yannik expects a deeply layered stack rather than a single dominant primitive. "Client-side zero-knowledge cryptography offers the lowest possible trust assumptions, but is limited to proving or verifying isolated user state and individual assertions rather than managing encrypted shared state across many participants. MPC and FHE, by contrast, enable computation over encrypted shared state, unlocking a wider design space of applications."
For Arcium, the current position is that MPC offers the strongest balance, but Yannik is clear that the stack is still maturing: "We believe privacy-enhancing technologies will occupy distinct and complementary roles rather than converging around a single dominant primitive, as each approach carries different functionality, trust assumptions, and performance characteristics.".
Dominik frames the outcome as a question of whether blockchain architecture itself is willing to evolve. FHE and MPC retrofit the existing model: they layer on top of Ethereum's current state and execution architecture without changing it. ZK requires rethinking it from the ground up. "If we're willing to rethink state and execution, ZK becomes dominant, because you stop needing to encrypt what was never public to begin with."
Miden's own architecture is built on exactly that bet. "Every other major L1 and L2 inherits Ethereum's synchronous, globally ordered state machine. Miden treats accounts as independent actors with local state and asynchronous messages. The actor model is closer to how the real world works, and it's what makes client-side proving viable at scale. It was the harder path. It's also the reason we can credibly claim 500 to 1,000 TPS while keeping state private."
Alex closes with the open question the whole piece has been circling: “Because native encryption is still missing from most programmable blockchains, and programmability remains limited across many private systems, the market will likely converge on external privacy infrastructure. Our thesis at Octra is that this becomes a general-purpose layer for applications, agents, and autonomous systems.”
How that question resolves will determine not just which infrastructure wins, but what the private web is ultimately capable of becoming. The race is still on.