PETs Toolkit for DeFi

プライバシー強化技術(PET)のインタラクティブガイド — ユースケースに合った PET を見つけて、実装を探索し、論文を技術にマッピングします。

インタラクティブ判断フローチャート

ユースケースについての質問に答えると、推奨される PET が理由と DeFi の例とともに表示されます。

1
2
3

クイック比較

ZKP
MPC
FHE
DP
PSI
TSS
パーティ
1 つの証明者
n ≥ 2
1 つの暗号化者
1 つのキュレーター
2
n 個の共有
明かす内容
ステートメントの真実のみ
関数出力のみ
出力のみ(復号化)
ノイズ混入集約
交差点のみ
何もなし(t-1 個の共有)
速度
秒〜分
マルチラウンド
きわめて遅い
Fast
セットサイズ依存
高速(オフライン)
最適用途
コンプライアンス証明、ロールアップ
ダークプール
暗号化状態
集約統計
制裁確認
鍵管理
ZKP ゼロ知識証明

ゼロ知識証明

A prover convinces a verifier that a statement about private data is true, without revealing anything beyond the truth of the statement itself.

コア属性

完全性 — 誠実な証明者は常に説得する 健全性 — 詐欺師は証明を偽造できない ゼロ知識 — 余分な情報を明かさない

使用時期

自分のデータのプロパティを証明 コンプライアンス証明(KYC、制裁) ロールアップ有効性証明 データが複数の相互不信パーティにまたがる → MPC 統計的集約プライバシー → DP

DeFi のアプリケーション

KYC / コンプライアンス証明

"I am KYC-verified" without revealing identity. Privacy Pools: "My funds come from a clean subset" — user proves membership in an association set.

Privacy PoolsZEBRA (zkKYC)PEReDi

プライベートトランザクション

"My balance is sufficient, I'm not double-spending" — without revealing amount or sender. Powers Zcash Sapling/Orchard, Aztec.

Zcash (Groth16)Aztec (UltraHONK)

ロールアップ有効性

"This batch of N transactions is correctly executed" — single succinct proof verified on L1. Powers zkEVM rollups.

zkSync EraStarkNetPolygon zkEVM

Collaborative SNARK

Multiple provers jointly generate a ZK proof without sharing inputs — e.g., Renegade's colzkSNARK for dark pool order matching validity.

Renegade dark pool

Implementations

Groth16

Shortest proof (~200 bytes), O(1) verification. Requires per-circuit trusted setup. Used in Zcash Sapling.

Trusted setup per circuitSmallest proof

PLONK / UltraHONK

Universal trusted setup (one SRS for all circuits). Slightly larger proofs. UltraHONK = Aztec's production variant.

Universal setupLarger than Groth16

STARKs

Transparent (no trusted setup), post-quantum secure, larger proofs (~100KB). Used by StarkNet, Polygon.

No trusted setupPost-quantumLarger proof

Cost Profile

Proof gen
seconds–minutes (client-side)
Verify
~ms constant (Groth16)
Proof size
192B (Groth16) / ~100KB (STARK)
On-chain gas
~200K gas (Groth16 verify)

Prover must know all private inputs. Cannot compute on others' private data — that's MPC's role.

Key Limitation

The prover must hold all private inputs locally. If two parties need to jointly compute without revealing inputs to each other, ZKP alone is insufficient — combine with MPC (as in Renegade's colzkSNARK).

Language / DSL

Noir (Aztec) — Rust-like language compiling to UltraHONK circuits. Cairo (StarkNet) — compiles to STARK-friendly AIR. Circom — widely used, compiles to Groth16/PLONK via SnarkJS.
MPC FHE Multi-party Cryptography

Secure Multiparty Computation

複数パーティが共同で計算 a function on their combined private inputs. No party learns others' inputs — only the final output.

Fully Homomorphic Encryption

Compute on encrypted data without ever decrypting it. One party outsources computation to another who never sees the plaintext.

MPC — Deep Dive

Security Levels

Semi-honest (passive) — follows protocol, tries to learn from transcript Malicious (active) — can arbitrarily deviate; requires much more overhead

Malicious security ≈ 10–100× overhead vs semi-honest.

Key Frameworks

  • SPDZ — maliciously secure, preprocessing model
  • Shamir Secret Sharing — passive security, t-of-n threshold
  • MP-SPDZ library (Nigel Smart, Bristol) — reference implementation
  • colzkSNARK (Renegade) — MPC to generate ZK proof jointly

MPC — DeFi のアプリケーション

Dark Pool Matching

Two parties (buyer/seller) run MPC to compute whether orders match, revealing only the matched quantity — not unmatched order details.

Renegade (colzkSNARK)Prime Match (JPM)

Threshold Signatures

MPC for distributed key management. Multiple signers jointly produce a signature without reconstructing the private key.

Binance/Coinbase custodyFireblocks

Insured MPC

Economic penalties (bonds) enforce honest behavior. P2DEX and Rialto: participants stake collateral; misbehavior slashes stake.

P2DEXRialto

MPC Cost Profile

Rounds
Multiple network RTTs
Latency
Network-bound, scales with parties
Scalability
Degrades with more parties

FHE — Deep Dive

How It Works

Encrypt data → send to untrusted server → server computes on ciphertexts → encrypted result returned → decrypt locally. Server never sees plaintext.

Single-party compute on others' data Very high computational overhead

Schemes & Libraries

  • TFHE-rs (Zama, Rust) — fast Boolean gates
  • Microsoft SEAL — BFV/CKKS integer arithmetic
  • HElib (IBM) — BGV batching
  • Lattigo — CKKS for reals + BGV

FHE — DeFi のアプリケーション

Private Smart Contracts (fhEVM)

Zama's fhEVM: contract state is encrypted under FHE. Validators execute on ciphertexts without seeing values. Enables confidential ERC-20 balances.

Currently limited throughputZama fhEVM (testnet)

Sealed-Bid Auctions

Bids submitted encrypted; FHE used to determine winner without revealing losing bids. Practical today for small parameter sizes.

Practical now (simple ops)

Blind Arbitrage (FHE-MEV)

Searcher computes arbitrage profit on encrypted transaction pool — finds profitable arb without seeing individual transaction amounts.

Not yet practical (2024)5–10 years with GPU/ASIC

FHE Cost Reality Check

128-bit cmp
5–10 sec CPU (2024)
Simple add
~100ms CPU
Vs plaintext
1000× – 1,000,000× slower

GPU/ASIC acceleration under active research (Intel HEXL, nGraph-HE).

MPC vs FHE — When to Choose Which

CriterionMPCFHE
Number of partiesn ≥ 2, known set1 client + 1 server
LatencyNetwork RTTs (ms–sec)Compute-bound (sec–min)
Circuit complexityScales with gatesきわめて遅い for deep circuits
Trust modelThreshold of honest partiesNo trust in server
Practical todayYes (SPDZ, dark pools)Simple ops only
DeFi use caseDark pool matching, threshold sigSealed auctions, private state
DP PSI Statistical & Intersection Tools

Differential Privacy

Add calibrated noise to query outputs so individual records cannot be identified from published results. Provides a formal mathematical guarantee.

The ε Guarantee

For any two adjacent datasets D and D' (differ by one element), for any output S:

Pr[M(D) ∈ S] ≤ e^ε · Pr[M(D') ∈ S]

Smaller ε = stronger privacy = less accuracy. Typical ranges:

ε=0.1 — very private ε=1.0 — balanced ε=10 — weak protection

Noise Mechanisms

  • Laplace mechanism — for continuous real queries. Noise ∝ sensitivity/ε
  • Randomized Response — for binary/survey data
  • Gaussian mechanism — for (ε,δ)-approximate DP
  • Exponential mechanism — for selecting items (e.g., auction winner)

DP in DeFi — Applications

DP-CFMM (FC 2022, Chitra)

LP strategy hiding in AMM price functions. Adding calibrated noise to price curve so liquidity provider positioning cannot be reverse-engineered from on-chain observations.

TheoryFC 2022 paper

Atlas-X (JPMorgan, Production)

Axe inventory direction hiding under continual observation. 2-year production deployment at JPMorgan. DP applied to revealed inventory positions over streaming data.

Production (2+ years)Polychroniadou et al.

Correlated-Output DP

DP applied to matching outputs rather than inputs. Protects which orders matched and at what quantities in dark pool settings.

Research stage

IndifDP (JPM 2025)

ノイズ混入集約 price discovery — adds indistinguishable noise to price signals derived from order flow, hiding individual participant contribution.

Recent paper (2025)

Key Limitation: Composition

Privacy budget degrades. Applying k DP queries with parameter ε each yields ε_total ≤ k·ε under basic composition (or √k·ε under advanced composition). Tracking the privacy budget across multiple queries is essential — otherwise guarantees collapse.
DP is for aggregates, not individual transactions. DP hides one person's contribution to a statistic. It does NOT hide individual transaction amounts from observers. Use ZKP or MPC for per-transaction privacy.

Private Set Intersection

Two parties with sets A and B compute their intersection A∩B. Neither party learns anything about elements not in the intersection — the set itself stays private.

Core Guarantee

Only intersection revealed Party A learns nothing about B\(A∩B) Party B learns nothing about A\(A∩B)

Implementations

  • OPRF-based — oblivious pseudorandom function, most efficient
  • DH-based — Diffie-Hellman, classical but leaks set sizes
  • Circuit-based — generic garbled circuits, most flexible

Practical for sets up to millions of elements.

PSI in DeFi — Applications

Sanctions Screening (FAST paper)

Bank holds customer list. OFAC/regulator holds sanctions list. PSI computes overlap without either party revealing non-matching elements to the other.

FAST paperSanctions screening

Counterparty Discovery

Research proposal: two institutions check if they have matching orders (buy side vs sell side) without revealing unmatched order book entries to the counterparty.

Research stage

Cross-Institution KYC

Multiple institutions find shared KYC-verified customers without sharing their full customer databases — reduces duplicate KYC burden.

Proposed

PSI Cost Profile

Set size n
Linear O(n) communication
Compute
O(n log n) with hashing

Only tells you the overlap — no other properties computed. Requires fixed set structure.

TSS Threshold Secret Sharing & Distributed Authority

Threshold Secret Sharing

Split a secret (e.g., private key) into n 個の共有. Any t shares can reconstruct; t-1 shares reveal nothing about the secret.

t-of-n Security

No single point of failure t-1 shares reveal nothing Distributed authority All t parties must be online simultaneously Setup needs trusted dealer or DKG

Shamir Secret Sharing

Secret s encoded as f(0) for a random degree-(t-1) polynomial f. Share i = f(i). Any t points reconstruct f (and thus s) via Lagrange interpolation. t-1 points are information-theoretically random.

Threshold Primitives

Threshold BLS Signatures

t-of-n signers each produce a partial signature on a message. Any t partials combine (with Lagrange coefficients) into a single group signature. No private key is ever reconstructed.

Non-interactive aggregationO(1) signature size

Distributed Key Generation (DKG)

パーティ jointly generate a public/private keypair without any single party knowing the private key. Eliminates trusted dealer requirement. Pedersen DKG is the standard.

No trusted dealerRequires communication rounds

Threshold Decryption

Ciphertext encrypted under a shared public key; decryption requires t partial decryptions. Used for time-lock encryption and commit-reveal without a trusted party.

F3B protocoldrand (randomness)

TSS in DeFi — Applications

Multisig Treasury

DAO treasury or protocol fund managed by team. t-of-n approval required for withdrawals. Gnosis Safe (smart contract), or true threshold ECDSA/BLS for gas efficiency.

Production standardGnosis Safe, Fireblocks

Coconut Threshold Credentials (PEReDi)

Threshold issuance of unlinkable credentials. Multiple issuers each sign a partial credential; user aggregates into one credential no single issuer can trace. Used in PEReDi CBDC design (Kiayias/Kohlweiss).

PEReDi (CBDC)Nym network

F3B — Threshold MEV Mitigation

Transactions encrypted under committee's public key; submitted to mempool encrypted; decrypted only after finalization by threshold validators. Prevents front-running because content unknown during ordering.

Research/testnetF3B paper

Exchange Custody

Binance, Coinbase, and Fireblocks use threshold ECDSA/EDDSA for hot wallet key management. Keys never reconstructed — signing happens via MPC among HSM nodes.

Production (major exchanges)

Key Limitation

Liveness requirement: All t signers/decryptors must be online simultaneously to produce a threshold operation. Network partitions or node downtime can block operations. DKG also requires synchronous or semi-synchronous network assumptions.
TSS vs MPC: TSS specifically manages secrets (keys, credentials) via sharing. MPC is the general framework for joint computation. Threshold signature schemes are a specialized, highly-optimized MPC protocol for signing specifically.

DeFi Privacy Papers → PET Mapping

Filter and sort to find papers by PET, venue, or use case.

Paper / System PET(s) Use Case Reasoning Status