COSIC seminar · KU Leuven · online

Applied Cryptography for Privacy in Ethereum

Usecases, constraints, and requirements

Ali Atiia
Private Reads team · Ethereum Foundation
privreads.ethereum.foundation
Ethereum
This talk

Three parts

1 · Ethereum What it is, the three pillars its R&D pushes on, and who uses it today.
2 · R&D map Ongoing work through an applied-crypto lens: post-quantum and scaling-by-SNARK.
3 · More about privacy In-protocol privacy EIPs, the access layer, and private reads: PIR for Ethereum state.
01

Overview of Ethereum R&D

A proof-of-stake blockchain; the three pillars (security, decentralization, scalability).

Part 1 · Intro

Ethereum is an applied-cryptography R&D program

  • Cutting-edge R&D has gone, and still goes, into:
    • breaking the trade-off between the three pillars every blockchain must balance: security, decentralization, scalability;
    • hardening the guarantees of permissionless, censorship-resistant access to the protocol, in a privacy-preserving manner.
Part 1 · Intro

Three pillars, one tension

Security Decentralization Scalability pick any two?
  • Security: slashing & recovery, faster finality (single-slot finality R&D), censorship-resistance (inclusion lists), post-quantum track.
  • Decentralization: stateless validation (verify blocks from witnesses, not a full state copy), client diversity, consumer-hardware staking.
  • Scalability: rollups + blob data (EIP-4844; PeerDAS sampling live since the Fusaka fork, Dec 2025), zkVM-proven execution, L1 gas-limit growth.

Cryptography, namely SNARKs and data-availability sampling, is the lever that relaxes the trilemma instead of trading one pillar for another.

The one last problem to solve before the trilemma is fully overcome: incentivised hosting and sharing of partial state, for the future where the Ethereum state becomes extremely large.

TLDR: Ethereum blockchain is: BFT consensus + VM + merklized state and logs.

Part 1 · Intro

Proof of stake

  • Validators bond ETH (32 minimum) and run a node; misbehavior (equivocation) is slashed: security is economic, not computational.
  • Time is divided into 12 s slots; one validator proposes a block, a committee attests; every validator votes once per 32-slot epoch.
  • Finality: a ⅔-supermajority checkpoint vote (Casper FFG) makes blocks irreversible unless ≥⅓ of stake is destroyed, a unique balance of safety/liveness [2].
  • Feasible only because of signature aggregation: ~1M attestations per epoch compress to a few signatures per block.
Part 1 · Intro

Adoption

~$50BDeFi value locked on Ethereum L1, ~54% of all-chain DeFi (DefiLlama)
~$160Bstablecoin supply on Ethereum, of ~$320B globally (DefiLlama)
~1.1Mactive validators; ~36M ETH staked, ~29% of supply (beaconcha.in)
5 + 6independent execution + consensus client implementations, in 4+ languages (clientdiversity.org)
~32kactive open-source developers in the ecosystem (Electric Capital, 2025)
~73live rollups (L2s) securing >$48B (L2BEAT)
Part 1 · Intro

Example applications

ApplicationFor a cryptographer, it is…
Stablecoinsdigital dollars as on-chain tokens, the dominant payment use; settlement without correspondent banking.
DeFiexchanges, lending, derivatives as open smart contracts: financial logic with public, auditable state.
Prediction marketsmarkets on real-world events with on-chain settlement (e.g. Polymarket).
ENSthe on-chain analogue of DNS: human-readable names → addresses, keys, records.
Collectibles / NFTsa global ownership registry for digital (and tokenized physical) objects.
Governance / DAOson-chain voting and treasury management for internet-native organizations.
02

Ethereum R&D, through an applied-crypto lens

The deployed cryptography, the post-quantum migration, scaling by SNARKs, and a map of the privacy work.

Upgrading to post-quantum crypto

Part 2 · R&D

The cryptography running Ethereum today

PrimitiveWhere it runsQuantum
ECDSA / secp256k1every user transaction (account signatures)Shor-broken
BLS12-381 aggregate sigsconsensus attestations (~1M validators/epoch)Shor-broken
KZG commitmentsblob data availability for rollups (EIP-4844)Shor-broken
Keccak-256state trie, addresses, content addressingfine (Grover only)
SNARKsrollup validity proofszkVM STARK proofs are PQS, but Groth16 proofs that wrap them (for cheap on-chain verifiability) are not

All non-PQS components must be upgraded away: on the live system, with no maintenance window.

Part 2 · Post-quantum

Lean Ethereum: three herculean replacements

Consensussignatures
BLS aggregate signatures
Hash-based signaturesleading candidate: XMSS, aggregated by SNARKs
Datacommitments
KZG polynomial commitments
Hash-based commitmentsFRI-style, coding-theoretic
Executionaccounts
ECDSA account signatures
PQ signaturesopted in per account ("account abstraction")

Each one: live migration, ~1M participants, zero downtime. The hardest is consensus, where BLS aggregation has no cheap post-quantum analogue: everything reduces to hash functions, plus SNARKs over hashes.

Part 2 · Post-quantum

leanVM, and ~$2M of open invitations

  • leanVM: a minimal zkVM for SNARK-based signature aggregation, built on WHIR (hash-based proximity proofs) + Poseidon2 over the 31-bit KoalaBear field.
  • Leading signature candidate: XMSS, with public key ~52 B (≈BLS-sized) but signatures ~3.1 kB → SNARK aggregation is mandatory, not optional.
  • Both performance and safety hinge on SNARK-friendly hashes and on proximity testing for Reed–Solomon codes.
QR: PQ key registry design space ethresear.ch/t/exploring-the-design-space-for.. PQ key-registry design space
Proximity Prize · $1Mtwo challenges on Reed–Solomon proximity gaps (mutual correlated agreement; list decoding), judged by Boneh, Fenzi, Arnon. proximityprize.org
Poseidon Initiative · ~$1.25Mcryptanalysis programs for Poseidon/Poseidon2, incl. a $992k collision prize (to 2029) and yearly bounties. poseidon-initiative.info

Scaling

Part 2 · Scaling

Scaling by verifying, not re-executing

  • Today every full node re-executes every transaction: the gas limit is bounded by the slowest acceptable node.
  • zkVMs change the model: the block builder proves the block's execution with a SNARK; everyone else verifies it and accepts the block without having to re-execute.
  • ethproofs.org tracks the race: independent zkVM teams proving real mainnet blocks: currently ~94% of tracked proofs land in ≤10 s, at ~$0.01–0.03 per block proof.
  • Target: real-time proving, the proof ready within the 12 s slot, which raises the gas limit and lets phones verify full blocks; the roadmap ends at enshrined L1 proofs.
QR: ethproofs.org ethproofs.org
03

More about privacy

Protocol-amending EIPs, access-layer privacy, and private reads: PIR over Ethereum state.

More about privacy

The privacy R&D map

In-protocol EIPs amending L1 to make private applications cheaper and native: confidential transfers, stealth addresses, privacy-friendly opcodes & precompiles.
Extra-protocol privacy between users and infrastructure: network-level transport (Tor-style), private RPC reads (PIR), encrypted mempools.
IRL bridges making web2 facts verifiable on-chain without revealing them: zk-TLS (prove a TLS session's contents: TLSNotary), zk-ID (prove personhood / attributes: ZKPassport).

I will zoom into the first two.

More about privacy

Everything on Ethereum is public by default

  • Everything on-chain is public, forever: balances, transfers, votes, names, counterparties; by design, that is what makes it verifiable.
  • And trustless access requires a full node (>1 TB NVMe, days to sync), so almost everyone reads the chain through someone else's server.
  • So even reading public data leaks your assets, affiliations, and counterparties from query patterns alone; no cryptography is broken.

Transparency is the feature. Surveillance is the side-effect.

More about privacy

Two surfaces of privacy leakage

Write privacy (on-chain)

What you put on-chain: transfers, balances, votes. Adversary: everyone, forever.

Tools: ZK proof systems, stealth addresses, privacy pools, confidential transfers.

Read privacy (off-chain)

What you ask about the chain: queries to RPC infrastructure. Adversary: your provider (and whoever watches it).

Tools: PIR, ORAM-style techniques, anonymous transport, query unlinkability.

Privacy leakage from reads: a curious or malicious server can profile you just by tracking what you read, undermining privacy measures you worked hard to follow elsewhere. Shielding your transactions doesn't help if the read pattern alone tells the same story.

QR: Vitalik's L1 privacy roadmap ethereum-magicians.org/t/a-maximally-simple.. Privacy Roadmap
More about privacy · In-protocol

Recent proposals to improve the ergonomics and lower the cost of privacy transactions

all drafts · June 2026
EIP-8141 Frame transactions The foundation: native account abstraction, so one shared sender can act for many users.
EIP-8250 Keyed nonces Transactions flowing through a shared pool become unlinkable, and can be processed in parallel.
EIP-8272 Recent roots Lowers the cost of privacy transactions.
  • Already standard: stealth addresses, via ERC-5564 (final) + ERC-6538 registry: non-interactive one-time addresses with view tags.
  • Censorship-resistance as a complement: FOCIL (EIP-7805, draft) inclusion lists guarantee privacy transactions can't be quietly excluded.
  • Privacy has become a major priority for the Ethereum Foundation and the ecosystem at large.

Privacy at the access layer

the periphery of the protocol, where you query it

More about privacy · Access layer

The access layer: privacy of traffic and query contents from remote state providers

wallet / dapp you RPC provider full node, theirs Ethereum p2p network getBalance, call, getLogs answers
  • Provider learns: your IP, all your addresses in one breath (linkage), the assets and dapps you care about, and when you check them.
  • Concentration makes it worse: most wallet traffic defaults to a handful of providers.

This layer is where my team (Private Reads, EF) works.

More about privacy · Access layer

TorJS: network-level privacy where wallets live

  • Wallets are browser extensions and web apps; they can't ship a Tor daemon. TorJS brings a Tor client into the JS/browser environment, so RPC traffic can be onion-routed from inside the wallet.
  • What it fixes: the IP → identity link. The provider no longer knows where the query came from.
  • What it cannot fix: the query content: addresses inside the query still link to each other and profile the (now pseudonymous) user.

Anonymous transport is necessary but not sufficient: content-level protection needs PIR.

QR: TorJS docs privreads.ethereum.foundation/docs/torjs TorJS docs
More about privacy · Access layer

An abstract access layer: anon-rpc

  • Today each wallet hard-wires its own provider integrations; privacy tech would need to be re-integrated wallet by wallet.
  • anon-rpc: a common abstraction over how clients reach chain data, so transports (Tor, mixnets) and query protections (PIR) slot in beneath every wallet at once.
  • Goal: make the private path the default path, not a power-user opt-in.

ongoing work

QR: anon-rpc post privreads.ethereum.foundation/feed/anon-rpc anon-rpc design post
More about privacy · Private reads

Private Information Retrieval

  • Database of $N$ records; client wants record $i$; the server must learn nothing about $i$.
  • Trivial scheme: download everything, at communication $O(N)$. PIR asks for sublinear communication.
  • Two families by security: IT-PIR (information-theoretic, needs 2+ non-colluding servers) and cPIR (computational security; enables a single server, homomorphic-encryption based today).
  • The catch: without preprocessing, every server must touch every record per query, $\Omega(N)$ work; a skipped record reveals it is not $i$. Preprocessing lifts this, but it also comes with its own issues.
client wants i server q (hides i) r = f(q, DB)
More about privacy · Private reads

The taxonomy, against Ethereum's constraints

ClassStrengthPain point at chain scale
IT multi-serverfast (XOR), no latticesneeds non-colluding operators, hard to certify
Single-server cPIR (RLWE)one untrusted serverheavy server compute, big queries
Stateful / preprocessingsublinear online time via client hintshints break when the DB mutates: Ethereum's state changes every 12 s
Doubly-efficient PIRsublinear server time, no per-client statepractical constructions: open problem
QR: PIR engineering notes github.com/0xalizk/PIR-Eng-Notes
More about privacy · Private reads

Sharded PIR for the Ethereum state

  • One PIR engine over everything is impractical: too intractable for double-stateless $O(N)$ schemes (e.g. exceeds GPU memory), and too volatile for preprocessed schemes, which need to refresh precomputed "hint" structures after mutations.
  • So: slice by update & access profile, from curated hot data (1–10 GB) to full archival state (2–20 TB), and pair each slice with the PIR scheme that fits it.
  • Privacy is restored by decoys: the client sends its genuine query to one engine and real decoy queries to all the others, in parallel.
client wants x ∈ slice 3 decoy real engine 1 engine 2 engine 3 engine 4 on the wire: 4 indistinguishable queries

Observer's view = monolithic PIR over the whole state. Performance = per-slice optimized: the genuine answer arrives at the small slice's latency, not the monolith's.

Decoys are real queries: each engine sees a uniform access either way. Subtleties (timing side-channels → wait-for-all / m-of-k; all-data-or-nothing coverage).

More about privacy · Private reads

Doubly-stateless PIR, tailored to GPUs

  • Doubly-stateless: no per-client state on the server and no client-side hint for updates to invalidate: any client queries cold; the 12 s mutation costs nothing per client.
  • Why insist on it: users query the state from all sorts of contexts (wallets, dApps, a website they are just passing through), so statelessness makes the PIR solution applicable to everyone, requiring no a priori storage or preprocessing on their part.
  • InsPIRe (current focus):
    • single-server lattice PIR with silent preprocessing (server-side only, no hint download)
    • vs. YPIR: ~50% smaller queries, 5× smaller keys, up to 25% more throughput
      • ~36 ms latency per query, 390 KB communication, ~6.5 s setup, on a 16 GB DB
  • The price is raw server compute, a memory-bandwidth-bound linear scan, shaped for GPUs: our GPU port of InsPIRe is underway, with promising early numbers.

The paper's benchmarks are CPU; the GPU figures are our own in-progress, unpublished work.

More about privacy · Private reads

Open problems

  • Doubly-efficient PIR: drive online server work sublinear, touch strictly fewer bits than the database per query, with communication below the database size, so answering beats just downloading the state. Today this needs heavy preprocessing or non-standard assumptions.
  • Hint delegation under a frequently mutating database: client-stateful schemes precompute a hint that a 12 s state change can invalidate; cheap incremental repair, or delegating the preprocessing itself (FHE-based, round-optimal, cf. ThorPIR), is barely explored.
  • Hardware acceleration: doubly-stateless lattice PIR is a memory-bandwidth-bound linear scan; GPU/FPGA is the lever (current GPU state of the art: GPIR, 2026). The bar is hundreds of GB at thousands of queries per second, sub-100 ms.
  • Provable security & batching: 128-bit security under standard assumptions, not heuristics; plus many-client batching and anonymity-set-aware sharding.

A PIR solution for the entire Ethereum state (300 GB+ hot, 2 TB+ archival) would be the largest demonstration of PIR to date. The few existing PIR deployments serve comparatively tiny databases.

More about privacy · Private reads

Using a PIR-friendlier state trie

Scale to serve: ~10⁸ accounts, ~10⁹ storage slots, 300 GB+ hot state, mutating every 12 s, orders of magnitude beyond most PIR benchmarks.

Block N · header MPT root canonical, mainnet UBT root PIR backend's view zk equivalence proof both roots commit to the same state

$\forall\,(k,v):\ (k,v)\in\mathrm{MPT}\iff(k,v)\in\mathrm{UBT}$

  • The PIR backend can serve the UBT (flat, index-addressable, one SNARK-friendly hash) while mainnet keeps the MPT.
  • A per-block zk proof binds the two roots to the same state, so private reads get the PIR-friendly structure before it ships on-chain.
  • It pays off: a read under PIR costs ~48× on the MPT versus ~9× on the binary tree (our analysis).
QR: UBT workstream privreads.ethereum.foundation/workstreams/ubt/

EIP-7864 is draft, not scheduled; the hash choice is open (BLAKE3 in the current draft; Poseidon2 and Keccak candidates). A geth binary-trie prototype today is ~1.7× slower on reads and ~2.5× on writes than the MPT (CPerezz benchmarks), optimization ongoing. Verkle, its EC-based predecessor, was de-prioritized largely for post-quantum reasons.

Outro

Summary of open problems in Ethereum R&D generally

PQ Post-quantum signatures Aggregation-friendly hash-based schemes, SNARK aggregation at ~1M-validator scale, the PQ key registry.
CRYPTANALYSIS SNARK-friendly hash cryptanalysis Poseidon2 under real-money bounties (the $992k collision prize), Reed-Solomon proximity gaps (the $1M Proximity Prize).
PIR PIR at chain scale Doubly-stateless schemes, GPU/FPGA acceleration, preprocessing under mutation.
TLS MPC-TLS / zk-TLS Turning designated-verifier proofs into publicly verifiable (public-coin) proofs, making proofs about web2 consumable on-chain.
Thank you

Questions, and pointers

QR: privreads.ethereum.foundation privreads.ethereum.foundation the team
QR: ethresear.ch ethresear.ch Ethereum Research
QR: ethereum-magicians.org ethereum-magicians.org Technical Forum