History of Privacy in Crypto

Every major technology wave starts special-purpose or single-user before it becomes general-purpose or multi-user.

Early computers were built for one task at a time: codebreaking, census processing, ballistic calculations, long before they became shared, programmable machines.

The internet began as a small, point-to-point research network (ARPANET) before turning into a global platform where millions coordinate on shared state.

And AI followed the same pattern: early systems were narrow expert models built for a single domain (chess engines, recommendation systems, spam filters) before evolving into general-purpose models that work across domains, can be fine-tuned for new tasks, and serve as shared foundations for others to build on.

Technologies consistently begin narrow or single-player, built for one purpose or one user, and only later become expansive and multi-player.

And this is exactly where privacy finds itself today. Privacy in crypto never really escaped the “narrow” and “single-player mode.”

Until now.

TL;DR:

Privacy has followed the same pattern as computing, the internet, and AI: systems begin special-purpose or single-user before becoming general-purpose and multi-user.
Privacy in crypto never really escaped the narrow, single-player mode—until now—because early tools could not support shared state.
Privacy 1.0 is single-player privacy with restricted expressiveness: no shared state, mostly ZK-based privacy, client-side proofs, and a tough developer experience requiring custom circuits.
Early privacy started on Bitcoin with CoinJoin (2013), then Monero (2014), followed by Zcash (2016), and later Ethereum tools like Tornado Cash (2019) and Railgun (2021).
Most Privacy 1.0 tools rely on client-side ZK proofs, leading to confusion between “ZK for privacy” and “ZK for verification,” even though many “ZK” systems today are built for verifiability, not privacy.
Privacy 2.0 is multi-player mode privacy with encrypted shared state powered by MPC or FHE, where users can collaborate privately the same way they collaborate on a shared public state on Ethereum and Solana.
Encrypted shared state means crypto finally gets a general-purpose encrypted computer, enabling entirely new design space: dark pools, shielded pools, private lending, blind auctions, confidential tokens and new creative markets even on transparent chains they already use.
Bitcoin gave us public isolated state; Ethereum gave us public shared state; Zcash gave us encrypted isolated state; Privacy 2.0 introduces the missing piece—encrypted shared state.
Arcium is building one such encrypted computer, similar architecturally to prover networks like Succinct but using MPC instead of ZK, with Arcis compiling Rust to MPC to unlock multi-user encrypted computation.
Examples of emerging applications built on Privacy 2.0 include Umbra’s shielded pool using Arcium for confidential balances and swaps, Pythia’s private opportunity markets, Melee’s upcoming opinion markets with private odds and resolution, and more.
Anything can now be < encrypted >, and ZK alone cannot give us encrypted shared state. Privacy 2.0 is one of the biggest unlocks in crypto.

To see how we got here, and why encrypted shared state matters so much, we need to start with where privacy began.

Privacy 1.0

Where the first storm of crypto privacy begins.

Users finally gained privacy for transactions through mixers, shielded pools, and private cryptocurrencies. A few applications later faced legal issues, sparking debate about how privacy tools should handle illicit activity, if at all.

Privacy 1.0 introduced single-player mode privacy. People can coordinate, but not dynamically as they would on a programmable blockchain. The expressiveness of privacy is restricted.

Some common characteristics of Privacy 1.0:

• No shared state, privacy in “single-player mode” limiting applications
• Mostly ZK-based privacy.
• Highest degree of privacy with client-side ZK, but slow for complex applications
• Tough Developer Experience, write custom circuits to build privacy apps

The first signs of privacy in crypto actually appeared on Bitcoin, years before ZK or advanced cryptography showed up in crypto. Early Bitcoin privacy wasn’t truly “cryptographic privacy”, but rather clever coordination tricks designed to break deterministic linkability on a public ledger.

The earliest was CoinJoin (2013), where users combined inputs and outputs in one transaction to obscure who paid whom. It used little cryptography but introduced some form of transaction-level privacy.

This led to variations like CoinShuffle (2014), JoinMarket (2015), TumbleBit (2016), Wasabi (2018), and Whirlpool (2018), all based on mixing flows to make Bitcoin harder to trace. Some added incentives, some added layered encryption, and some improved UX.

None of these provided strong cryptographic privacy. They obscured linkability but did not offer the mathematically guaranteed, trustless privacy that later ZK systems introduced. They relied on coordination, heuristics, and mix entropy rather than formal anonymity proofs.

Private Cryptocurrencies

Monero arrived in 2014 and was the first serious attempt at a fully private blockchain for private transfers, rather than a privacy tool sitting on top of a transparent chain. Its model is probabilistic privacy based on ring signatures, meaning each transaction hides the real input among 16 decoys by default. In practice this set can be weakened by statistical attacks like the MAP Decoder or by network-level attacks, which can reduce the effective anonymity. Future upgrades like FCMP aim to expand the anonymity set to the full chain.

Zcash launched in 2016 and took a very different path from Monero. Instead of relying on probabilistic privacy, Zcash was designed from day one as a ZK coin. It introduced shielded pools powered by zk-SNARKs, giving users cryptographic privacy rather than hiding among decoys. When used correctly, Zcash transactions reveal nothing about the sender, receiver or amount, and the anonymity set scales with every shielded transaction in the pool.

Enter programmable privacy on Ethereum

Tornado Cash (2019)

Tornado Cash launched in 2019 and gave Ethereum its first taste of programmable privacy. It was restricted to private transfers only, but for the first time users could gain real privacy on a transparent ledger by depositing assets into a smart-contract mixer and withdrawing them later with a zero-knowledge proof. Tornado became widely used, and legitimately so, but it ultimately ran into major legal trouble after large-scale DPRK laundering activity flowed through it. This highlighted the need to exclude illicit actors to preserve pool integrity, something most modern privacy applications now enforce.

Railgun (2021)

Railgun arrived a bit later in 2021 with the goal of pushing Ethereum privacy beyond simple mixing and making private DeFi interaction possible. Instead of just mixing deposits and withdrawals, Railgun allowed users to interact with smart contracts privately, using zero-knowledge proofs to hide balances, transfers, and on-chain actions while still settling on Ethereum. It was a major step forward from Tornado’s model, offering a continuous private state inside a smart contract rather than simple mix-and-withdraw cycles. Railgun still stands strong today, and adoption grew within certain DeFi circles. It remains one of the more ambitious attempts at programmable privacy on Ethereum, although its user experience has been a significant barrier for many users.

Before moving on, it’s worth addressing a confusion that remains widespread today. As ZK systems grew in popularity, many assumed that anything labeled “ZK” automatically implied privacy. But that’s simply not true. Most of what gets marketed as “ZK” today is actually validity proofs, incredibly powerful for scaling and verifiability but not private at all.

This gap between marketing and reality has led to years of misunderstanding, where “ZK for privacy” and “ZK for verification” get lumped together even though they solve completely different problems. See the tweet below.

Privacy 2.0

Privacy 2.0 is multi-player mode privacy. Instead of users acting alone, they can now collaborate privately the same way they collaborate on a programmable blockchain.

Some common characteristics of Privacy 2.0:

• Encrypted Shared State, privacy in “multi-player mode”
• MPC and FHE
• The trust assumption for privacy depends on MPC. FHE shares the same assumption because its threshold decryption for encrypted shared state is performed with MPC.
• Circuits are abstracted, so developers do not need to write custom circuits unless they want to.

This is made possible by encrypted computers that let multiple people work over an encrypted state. MPC and FHE are the core primitives here — both allow computation on encrypted data.

So what does this mean?

The shared-state model that powers Ethereum and Solana can now exist with privacy. Not as a single private transaction, not something that can just prove something privately, but as a general-purpose encrypted computer.

It unlocks a new design space in crypto. To understand why, it helps to look at how state has evolved in crypto:

• Bitcoin gave us public isolated state.
• Ethereum gave us public shared state.
• Zcash gave us encrypted isolated state.
• What has been missing is encrypted shared state.

Privacy 2.0 fills that gap. It enables new economies, new applications, and a new whitespace that simply was not possible before. It is, in my view, the biggest unlock in crypto since smart contracts and oracles.

I covered Privacy 2.0 in an earlier piece, along with a list of many great projects. Read it if you want the broader landscape, and do your diligence; the fastest way to be fooled is to outsource your thinking.

Arcium — as the badge on my profile already gives away — is building one such technology.

It is similar in architecture to prover networks like Succinct or Boundless, but instead of proving correct execution with ZK, Arcium enables computation on encrypted data with MPC.

Instead of SP1 or RISC Zero, which compiles Rust to ZK, Arcium has Arcis, which compiles Rust to MPC. Simple. Encrypted computer.

Another analogy is simply “Chainlink for Privacy”.

Chain- and asset-agnostic privacy

Arcium is chain-agnostic by design, meaning it can connect to any existing blockchain and enable encrypted shared state across transparent chains like Ethereum and Solana. Users do not have to leave their favorite ecosystems to get privacy. It will be available on Solana first, with Mainnet Alpha releasing this month.

Zcash and Monero embed privacy in their own currencies. It works well, though it creates separate monetary worlds with their own volatility. Arcium takes an asset-agnostic path, adding privacy to the assets people already use. Different approaches and tradeoffs, but the flexibility matters to users.

With that in mind, almost any use-case that needs privacy can run on encrypted compute. And believe me, there are far more of them than you think. Listing them all would turn this into a phone book, so I will spare you.

Arcium’s reach extends beyond crypto. It is not a blockchain; it is an encrypted computer. The same engine applies cleanly to traditional industries as well. Below is an article that dives into applications across different verticals.

Zero-to-One Applications and Features

Encrypted shared state gives crypto a design space it has never had. These applications and features are emerging because of it:

@ UmbraPrivacy: Solana’s shielded pool. Umbra uses Arcium to go beyond what Railgun can do, enabling confidential balances and private swaps while using ZK for transfers. It achieves the lowest trust assumption while offering far more than simple private transfers, and provides a unified shielded pool (SDK) that any project can integrate for transactional privacy on Solana.

@ PythiaMarkets: An opportunity market with private windows for sponsors. A new information market where scouts bet on underexplored opportunities and sponsors discover information without leaking alpha.

@ MeleeMarkets: Prediction market with bonding curve. Think Pumpfun, but for prediction markets. The earlier you are, the better your price. Will build out opinion markets where users can express real conviction where odds stay private and private resolution, fixing both herd collapse and oracle manipulation. Arcium will provide the privacy needed for opinion markets and private resolution.

Dark Pools: Projects like @ EllisiumLabs, @ deepmatch_enc, and Arcium’s Dark Pool demo use encrypted shared state to enable private trading without frontrunning and quote fading for the best execution price.

Onchain Gaming: Arcium restores secrecy and fair randomness by running hidden states and CSPRNG rolls inside encrypted shared state. Strategy games, card games, fog-of-war, RPGs, and bluffing games finally work onchain. Many are already live on Arcium.

Private Perpetuals, Private Lending, Blind Auctions, Encrypted ML Predictions and collaborative AI Training are also exciting future use-cases.

And beyond these examples, almost any product that needs privacy can be built. Arcium gives developers full customizability with a general-purpose encrypted execution engine, and now Umbra also offers an SDK for transfers and swaps on Solana. Together, they make privacy on Solana straightforward for both complex systems and simple integrations.

Confidential SPL: Solana’s New Confidential Token Standard

Arcium is also building C-SPL, the confidential token standard for Solana. It fixes the major pain points of previous “Privacy 1.0” token privacy standards on Solana, which were difficult to integrate, limited in functionality, and not usable by onchain programs. C-SPL builds on that foundation and removes the friction that held confidential tokens back for both users and developers.

This makes confidential tokens easy to integrate into any application, without adding friction for users.

By unifying SPL Token, Token-2022, the Confidential Transfer Extension, and Arcium’s encrypted compute, C-SPL delivers a practical, fully composable standard for confidential tokens on Solana.

Ending Note.

We remain early in this progression, and the field is broader than any single approach. Zcash and Monero continue to solve important problems in their own environments, and several early privacy tools have shown what is possible within their domains. Encrypted shared state tackles a different dimension altogether by enabling multiple users to operate privately on the same state without leaving the ecosystems they already rely on. It fills a gap rather than replacing what came before.

Privacy is slowly moving from something optional and specialized into something that sits at the core of how applications are built. It no longer requires new currencies, new chains, or new economic systems. It simply extends what developers can already do. The last era established public shared state as the foundation. The next era will expand that foundation with encrypted shared state, adding a layer that was previously missing.

Thanks for your attention to this matter. If you spot any inaccuracies, please let me know. I want to help push privacy forward in every direction, and I’m bullish on all serious efforts in this space. Feel free to discuss in the comments.

Disclaimer:

1. This article is reprinted from [milianstx]. All copyrights belong to the original author [milianstx]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.