April 8, 2026 · Permissionless Technologies
The 2026 Privacy Protocol Landscape: A Technical Taxonomy
From Tornado Cash to FHE coprocessors, the privacy protocol space has exploded into a dozen competing architectures. A comprehensive survey for developers and researchers evaluating the field.
The Numbers That Changed the Conversation
There is roughly $2.2 billion in privacy-shielded value across all protocols right now. Zcash's shielded supply has hit 31% of circulating supply — approximately $1.48 billion locked behind zero-knowledge proofs, with ZEC up 792% year-over-year. Tornado Cash, despite being sanctioned, delisted, and its developers imprisoned, still holds $506 million in TVL. RAILGUN has $101 million in TVL and $4.5 billion in cumulative volume across four chains. Zama's FHE platform launched on Ethereum mainnet in December 2025 with $121 million in total value secured. Smaller protocols — Penumbra, Namada, 0xBow, Panther — add tens of millions more.
Privacy tokens outperformed BTC by roughly 4x in 2025. Monero broke its all-time high. This isn't a niche cypherpunk hobby anymore. It's a sector.
But the space has fractured. What was once a single question — "How do I hide my transactions?" — has splintered into a dozen competing architectures: mixers, shielded pools, privacy L2s, sovereign L1 chains, FHE coprocessors, stealth addresses, intent-based protocols. Each makes different tradeoffs between privacy guarantees, compliance capabilities, proof systems, composability, and performance.
This article is a comprehensive map. We've organized the entire landscape into six generations, compared their compliance models, cataloged their proof systems, and identified the protocols that died, pivoted, or stagnated. Whether you're a developer evaluating which protocol to build on, a researcher tracking the state of the art, or a compliance team assessing institutional readiness — this is the reference.
Generation 1: Mixers (2019-2022) — The Proof of Demand
Tornado Cash
Tornado Cash was the first on-chain privacy tool that actually worked at scale. The design was brutal in its simplicity: deposit ETH or ERC20 tokens in fixed denominations (0.1, 1, 10, or 100 ETH), receive a secret note, withdraw from a mixed pool using a Groth16 zk-SNARK proof to break the on-chain link between depositor and withdrawer. The circuits were written in Circom. The proof system ran on BN254. No compliance mechanism of any kind.
It processed over $7 billion in volume. The demand signal was overwhelming.
What proved it real: Billions of dollars flowed through a smart contract with no marketing department, no token incentives (initially), and no institutional backing. People wanted on-chain privacy badly enough to navigate a clunky, fixed-denomination mixer with multi-hour anonymity-set wait times.
What killed it: In August 2022, the U.S. Treasury's Office of Foreign Assets Control sanctioned Tornado Cash, alleging it had been used to launder over $7 billion — including hundreds of millions by North Korea's Lazarus Group. Developer Alexey Pertsev was sentenced to 64 months in a Dutch prison. Roman Storm was convicted in New York of money transmitting violations. Roman Semenov remains a fugitive.
The legal aftershock: In November 2024, the Fifth Circuit Court of Appeals ruled that immutable smart contracts cannot be classified as "property" under IEEPA — they are not owned or controlled by any entity. In March 2025, the Treasury Department delisted Tornado Cash from the sanctions list, following the court's reasoning.
The delisting didn't un-arrest anyone. The protocol still holds half a billion dollars in TVL. But the lesson was etched permanently into the industry's collective memory: privacy without any compliance mechanism gets developers imprisoned and protocols banned. Every protocol that came after Tornado Cash was shaped by this fact.
Technical snapshot:
| Property | Value |
|---|---|
| Proof system | Groth16 / BN254 |
| Circuit language | Circom |
| Compliance | None |
| Denominations | Fixed (0.1, 1, 10, 100 ETH) |
| Private transfers | No |
| Multi-token | Limited |
| TVL (current) | ~$506M |
| Status | Delisted, contracts still live |
Generation 2: Shielded Pools (2020-present) — The Compliance Generation
The second generation emerged directly from Tornado Cash's failure. Every protocol in this category answers the same question differently: "How do you prove you're not a criminal — without revealing who you are?"
These are UTXO-based privacy pools where users deposit tokens into a shielded set, transfer privately using zero-knowledge proofs, and withdraw through compliance-gated mechanisms. The critical innovation is that compliance and privacy coexist — you prove a property about yourself (approved, not-blacklisted, compliant with some standard) without revealing your identity.
RAILGUN
RAILGUN is the largest deployed privacy protocol on Ethereum by volume. $4.5 billion in cumulative transactions. $101 million in TVL. Live on Ethereum, Polygon, Arbitrum, and BSC. It supports shielded transfers, note merging and splitting, and multi-token pools.
RAILGUN's compliance layer is Private Proof of Innocence (PPOI). When a user shields tokens, the source wallet enters a 1-hour standby period during which List Providers — entities like Chainalysis, Elliptic, and ScamSniffer — check the source against sanctions lists, known exploit addresses, and flagged activity. If the deposit passes, it receives a proof-of-innocence attestation that follows the funds through subsequent transfers.
The key architectural fact: PPOI enforcement happens at the wallet/SDK level, not in the smart contract. The on-chain RAILGUN contracts have no knowledge of PPOI. A user who constructs a valid zk-SNARK and submits it directly to the contract bypasses all compliance checks. This is a design choice — RAILGUN views PPOI as a social and legal signal, not a hard constraint.
RAILGUN V3 has been announced with modular architecture and a claimed 50-60% gas reduction. The proof system remains Groth16 on BN254 (~100-bit security), which is below NIST's 128-bit minimum recommendation.
The protocol charges a 0.25% fee on shielding and 0.25% on unshielding — a 0.50% round-trip cost. For a deeper comparison of RAILGUN's enforcement model, see our analysis: Universal Private Pool vs RAILGUN.
| Property | Value |
|---|---|
| Proof system | Groth16 / BN254 |
| Compliance | PPOI (exclusion, wallet-enforced) |
| TVL | ~$101M |
| Cumulative volume | ~$4.5B |
| Chains | Ethereum, Polygon, Arbitrum, BSC |
| Fee | 0.50% round-trip |
| Status | Live, V3 announced |
0xBow Privacy Pools
0xBow launched Privacy Pools on Ethereum mainnet in March 2025 — the first implementation of the ASP model described in Vitalik Buterin's Privacy Pools paper. It uses Groth16/Circom circuits on BN254 with Association Set Providers that maintain Merkle trees of approved depositor addresses.
The compliance check is on-chain: the smart contract requires a valid ASP membership proof at withdrawal time. If the proof fails, the transaction reverts. This is the same enforcement philosophy as Universal Private Pool — the contract itself is the compliance boundary, not the wallet.
0xBow includes a ragequit mechanism: if a user's address is not included in any ASP set (or is wrongly excluded), the original depositor can exit the pool directly, recovering their funds without needing ASP approval.
Since launch, the protocol has processed approximately $6 million in volume across roughly 1,500 users. Early-stage numbers, but it's the first live proof that ASP-based compliance works on mainnet.
| Property | Value |
|---|---|
| Proof system | Groth16 / BN254 / Circom |
| Compliance | ASP (inclusion, on-chain enforced) |
| Volume | ~$6M since March 2025 |
| Users | ~1,500 |
| Ragequit | Yes |
| Status | Live on Ethereum mainnet |
Panther Protocol
Panther Protocol launched its Canary mainnet on Polygon in March 2025. It introduces Zone Managers — entities similar to ASPs that define compliance rules for specific regulatory zones. A Zone Manager might require KYC at entry, enforce geographic restrictions, or apply jurisdiction-specific sanctions screening.
The protocol completed a 171-day audit by Veridise. The architecture uses Groth16 proofs with a multi-zone compliance model where different jurisdictions can operate different compliance regimes over the same pool.
Panther's distinctive feature is KYC-at-entry: compliance verification happens when a user first enters the system, with Zone Managers attesting to the user's status. This is philosophically different from both ASP (prove at every transaction) and PPOI (screen once, carry proof).
| Property | Value |
|---|---|
| Proof system | Groth16 |
| Compliance | Zone Managers (KYC-at-entry) |
| Audit | 171-day Veridise audit |
| Chain | Polygon (Canary mainnet) |
| Status | Canary mainnet |
Universal Private Pool (UPP)
Universal Private Pool is what we're building at Permissionless Technologies. It's a modular SDK — not a monolithic protocol — that any project can integrate. UPP uses Association Set Providers with on-chain enforcement: the smart contract requires a valid ASP Merkle membership proof for every withdrawal and every private transfer. No wallet cooperation needed. No SDK enforcement. The contract is the compliance boundary.
Three properties distinguish UPP from other shielded pools:
Dual proof system. UPP runs PLONK on BLS12-381 (128-bit security) for everyday transfers, and Circle STARK for a post-quantum-safe vault layer. To our knowledge, it is the only privacy protocol shipping both a SNARK and a STARK system. The SNARK handles the efficient, day-to-day private transfers. The STARK provides a migration path for users who need post-quantum security guarantees before the broader ecosystem catches up.
Per-transaction viewing keys. Most privacy protocols offer all-or-nothing disclosure: share your viewing key and the counterparty sees every transaction you've ever made. UPP generates a unique decryption viewing key (DVK) for each transaction. You can disclose a single transaction to an auditor, a regulator, or a counterparty — without revealing any other activity. This is the finest-granularity audit capability in any deployed privacy pool.
Ragequit and re-provability. If your address is wrongly excluded from an ASP set, you have two remediation paths: wait for the ASP to correct its set and re-prove against the updated root, or invoke ragequit to exit the pool as the original depositor. No funds are ever permanently stuck due to a compliance error.
UPP charges no protocol fee. It is currently pre-audit and deployed on Sepolia testnet.
For the detailed comparison against RAILGUN's architecture, see UPP vs RAILGUN. For a deep dive into the ASP vs PPOI compliance models, see ASP vs Proof of Innocence.
| Property | Value |
|---|---|
| Proof system | PLONK / BLS12-381 + Circle STARK |
| Compliance | ASP (inclusion, on-chain enforced) |
| Viewing keys | Per-transaction DVK |
| Ragequit | Yes |
| Fee | None |
| Status | Pre-audit, Sepolia testnet |
Labyrinth / Veilnyx
Labyrinth (branded Veilnyx in some materials) takes a different approach to compliance: a revoker/guardian model. Instead of allowing users to self-prove compliance, the protocol designates trusted entities (guardians) who can de-anonymize specific transactions when presented with a court order or equivalent legal instrument.
The system uses Groth16 proofs. Multiple guardians hold key shares — a threshold of them must cooperate to decrypt a transaction's details. This is a multi-party de-anonymization model: no single entity can unilaterally reveal user data.
The protocol is currently on Optimism testnet.
| Property | Value |
|---|---|
| Proof system | Groth16 |
| Compliance | Revoker/Guardian (court-ordered de-anonymization) |
| Chain | Optimism (testnet) |
| Status | Testnet |
Generation 3: Privacy L2s (2024-present) — The Programmable Generation
Shielded pools solve transfers. Privacy L2s solve computation. These are full execution environments where the entire state is encrypted — not just token balances, but arbitrary smart contract logic. You can write a private DEX, a private lending protocol, a private voting system. The privacy is programmable, not just transactional.
Aztec
Aztec is the most ambitious project in the privacy space. It launched its Alpha Network on Ethereum mainnet in March 2026 — a full rollup where all state is private by default. The programming language is Noir, a Rust-like DSL for writing ZK circuits. The proof system is from the PLONK family — specifically Honk, CHONK, and Goblin PLONK variants, all transparent (no trusted setup).
What Aztec enables that no shielded pool can: programmable privacy. A developer can write a smart contract in Noir that enforces arbitrary privacy policies. A lending protocol where collateral ratios are verified in ZK without revealing positions. A DAO where votes are private but tallies are public. A compliance layer where users prove properties about their identity (jurisdiction, accreditation, age) without revealing the identity itself.
In March 2026, a critical vulnerability was discovered in the Alpha Network's proof generation pipeline. The Aztec team disclosed it, paused deposits, and announced a fix scheduled for v5 (targeted July 2026). The incident is a reminder that programmable privacy is significantly harder to secure than transactional privacy — the attack surface is the entire execution environment, not just a transfer circuit.
Aztec raised $61 million through a community TGE event. The mainnet alpha is live but explicitly experimental.
| Property | Value |
|---|---|
| Proof system | Honk / CHONK / Goblin PLONK (transparent) |
| Language | Noir |
| Compliance | Programmable disclosure (smart contract) |
| Chain | Ethereum L2 (rollup) |
| Funding | $61M community TGE |
| Status | Alpha Network (mainnet), critical vuln disclosed, v5 fix July 2026 |
Polygon Miden
Polygon Miden spun out from Polygon Labs as an independent entity in April 2025, raising $25 million led by a16z. It's building a STARK-based zkVM with client-side proving — meaning the user's device generates the ZK proofs, not a centralized prover network.
The architecture is fundamentally different from Aztec's. Where Aztec operates as a rollup with a shared prover, Miden pushes proof generation to the client. This has privacy advantages (your transaction data never leaves your device) but creates UX challenges (proving on mobile devices is slow, and users need the full state to verify).
Miden's proof system is pure STARK — post-quantum safe, no trusted setup, transparent. The execution environment is a custom zkVM rather than a circuit-based language.
Mainnet is targeted for late June 2026.
| Property | Value |
|---|---|
| Proof system | STARK (transparent, PQ-safe) |
| Proving model | Client-side |
| Compliance | TBD |
| Funding | $25M (a16z) |
| Status | Pre-mainnet, targeting late June 2026 |
Generation 4: Privacy L1 Chains — The Sovereign Generation
These are standalone blockchains purpose-built for privacy. The entire protocol stack — consensus, execution, state model — is designed around private transactions. They don't inherit Ethereum's composability, but they don't inherit its constraints either.
Zcash
Zcash is the original privacy cryptocurrency — launched in 2016 as the first production deployment of zk-SNARKs. It remains the largest privacy protocol by shielded value. Approximately 31% of ZEC's circulating supply is now shielded — roughly $1.48 billion — and ZEC has appreciated 792% year-over-year.
Zcash currently runs two shielded pools in parallel:
Orchard uses Halo 2 — a proof system developed by the Zcash team that eliminates the need for a trusted setup. No ceremony. No toxic waste. The recursion technique (proof-carrying data) allows proofs to verify other proofs, enabling efficient chain verification without any trusted parameters. Orchard holds approximately 87% of Zcash's shielded value.
Sapling is the older pool, running Groth16 with a multi-party computation ceremony for the trusted setup. It holds the remaining ~13% of shielded value and is being gradually deprecated in favor of Orchard.
Zcash's compliance model relies on viewing keys: a user can generate a key that allows a specific party to see all incoming transactions to their address. This is voluntary — the user decides who gets visibility. There's no on-chain enforcement mechanism for compliance, and no ASP or blacklist system.
| Property | Value |
|---|---|
| Proof system | Halo 2 (Orchard), Groth16 (Sapling) |
| Trusted setup | No (Orchard), Yes (Sapling) |
| Shielded supply | |
| Compliance | Viewing keys (voluntary) |
| YoY price | +792% |
| Status | Mainnet since 2016 |
Penumbra
Penumbra is a Cosmos L1 chain focused on private transactions and a sealed-bid DEX called ZSwap. It launched on mainnet in July 2024 with $3.77 million in TVL.
The proof system is Groth16 on BLS12-377 — a different curve than the BN254 used by most Ethereum protocols. The custom curve (decaf377) is designed for efficiency within Penumbra's specific circuit structure.
ZSwap is Penumbra's distinctive contribution: a DEX where orders are submitted as encrypted bids, matched in a sealed-bid auction, and settled privately. No frontrunning. No sandwich attacks. No information leakage during the bidding process. The privacy is structural — it's not possible to see pending orders because they're encrypted until batch settlement.
| Property | Value |
|---|---|
| Proof system | Groth16 / BLS12-377 (decaf377) |
| TVL | ~$3.77M |
| Notable feature | ZSwap sealed-bid DEX |
| Ecosystem | Cosmos |
| Status | Mainnet since July 2024 |
Namada
Namada is another Cosmos L1, launched on mainnet in December 2024, with approximately $1.5 million in TVL. Its core innovation is the Multi-Asset Shielded Pool (MASP) — a single shielded pool that holds multiple asset types simultaneously.
In most privacy protocols, each token has a separate anonymity set. If only 50 people have shielded USDC and 10,000 have shielded ETH, your USDC transactions have a much smaller crowd to hide in. MASP merges all assets into one pool, so shielding USDC benefits from the same anonymity set as shielding ETH, NAM, or any other token in the pool.
Namada uses Groth16 proofs via the bellman Rust library with a multi-party computation ceremony for the trusted setup. The protocol incentivizes shielding through NAM token rewards — users earn yield simply for keeping assets in the shielded pool, growing the anonymity set.
| Property | Value |
|---|---|
| Proof system | Groth16 / bellman |
| Trusted setup | Yes (MPC ceremony) |
| TVL | ~$1.5M |
| Notable feature | Multi-Asset Shielded Pool (MASP), shielding rewards |
| Ecosystem | Cosmos |
| Status | Mainnet since December 2024 |
Secret Network
Secret Network took a fundamentally different approach to privacy: Trusted Execution Environments (TEEs) instead of zero-knowledge proofs. The network runs smart contracts inside Intel SGX enclaves — hardware-isolated environments where data is encrypted in memory and invisible even to the node operator.
The advantage is performance: TEE-based privacy doesn't have the 10-100x overhead of ZK proofs. Smart contracts run at near-native speed. The disadvantage is trust: you're trusting Intel's hardware, not mathematics.
That trust has been tested. Multiple SGX vulnerabilities have been discovered — side-channel attacks that can extract data from enclaves. Secret Network has had to issue emergency patches in response. The 2026 roadmap includes decoupling from Intel SGX with support for AMD SEV-SNP, diversifying the hardware trust assumption.
| Property | Value |
|---|---|
| Proof system | None (TEE-based: Intel SGX) |
| Trust model | Hardware attestation |
| Compliance | TEE attestation |
| Known issues | SGX side-channel vulnerabilities |
| Status | Mainnet, undergoing SGX decoupling |
Generation 5: FHE Platforms (2025-present) — The Encrypted Computation Generation
Fully Homomorphic Encryption (FHE) represents a conceptually different approach to privacy. Instead of proving statements about encrypted data (the ZK approach), FHE performs computation on encrypted data directly. The data is never decrypted during processing — only the final result is revealed to authorized parties.
This distinction matters for composability. In a ZK privacy pool, each operation is self-contained: you prove ownership, you prove compliance, you execute. In an FHE system, smart contracts can read and process encrypted state without ever seeing plaintext. A lending protocol can check whether encrypted collateral exceeds a threshold. A DEX can match encrypted orders. The privacy is continuous, not proof-gated.
The cost is enormous: FHE operations are 100-1,000x slower than plaintext equivalents. And there's a structural risk unique to FHE: because computation happens under a global encryption key (or a committee-managed key), compromise of that key exposes ALL encrypted data — past, present, and future. In ZK systems, a compromised proving key allows forged proofs going forward but doesn't retroactively expose previously shielded data.
Zama
Zama is the dominant FHE infrastructure company. $130 million+ raised, valued at over $1 billion. They launched their fhEVM platform on Ethereum mainnet in December 2025, with $121 million in total value secured. In March 2026, Zama facilitated the first institutional OTC trade using FHE — executed by GSR.
Zama's scheme is TFHE (Torus Fully Homomorphic Encryption), which operates on encrypted integers. Current throughput is approximately 20 TPS, with a roadmap targeting 500-1,000 TPS through GPU acceleration.
The TFHE lattice-based cryptographic assumptions are believed to be post-quantum secure — the same hardness assumptions (Learning With Errors) that underpin most post-quantum cryptography standards. This gives FHE a structural advantage in the post-quantum discussion, though the practical performance gap remains the primary barrier.
| Property | Value |
|---|---|
| Scheme | TFHE (lattice-based) |
| TVS | ~$121M |
| Throughput | ~20 TPS (targeting 500-1,000) |
| PQ-safe | Yes (lattice assumptions) |
| Funding | $130M+ |
| Status | Mainnet on Ethereum since December 2025 |
Fhenix
Fhenix has raised $22 million and built CoFHE — an FHE coprocessor that's live on Ethereum, Arbitrum, and Base. The pitch is accessibility: "encrypted smart contracts with one line of code." Rather than requiring developers to learn FHE from scratch, CoFHE provides a library of encrypted types (euint8, euint16, euint32, etc.) that developers can drop into existing Solidity contracts.
Fhenix uses Zama's TFHE-rs library under the hood. The coprocessor model offloads FHE computation from the main chain to a dedicated processing layer, reducing the gas impact on the host chain.
| Property | Value |
|---|---|
| Scheme | TFHE (via Zama's TFHE-rs) |
| Model | CoFHE coprocessor |
| Chains | Ethereum, Arbitrum, Base |
| Funding | $22M |
| Status | Live |
Inco Network
Inco Network raised $10 million (a16z CSX) and is building a modular FHE L1 on Cosmos. Like Fhenix, Inco uses Zama's TFHE-rs library. The positioning is as a general-purpose confidential computation layer that other chains can connect to — encrypt state on Inco, verify results on Ethereum.
| Property | Value |
|---|---|
| Scheme | TFHE (via Zama's TFHE-rs) |
| Model | Modular FHE L1 |
| Ecosystem | Cosmos |
| Funding | $10M (a16z CSX) |
| Status | Development |
The ZK vs FHE Tradeoff
This deserves explicit treatment because the two paradigms are often confused:
| Dimension | Zero-Knowledge Proofs | Fully Homomorphic Encryption |
|---|---|---|
| What it does | Proves a statement is true without revealing the data | Computes on encrypted data without decrypting |
| Privacy model | Self-contained (prover holds data) | Shared (computation on ciphertext under shared key) |
| Composability | Low (each proof is standalone) | High (encrypted state is continuously processable) |
| Performance | 10-100x overhead | 100-1,000x overhead |
| Key compromise | Future proofs forgeable; past data safe | ALL past and present data exposed |
| Post-quantum | ZK-SNARKs: No. STARKs: Yes. | TFHE: Yes (lattice assumptions) |
| Maturity | Production (Zcash since 2016) | Early production (Zama mainnet Dec 2025) |
Neither subsumes the other. ZK proofs are better for self-sovereign privacy: you hold your own data, you prove properties about it, nobody else needs to be trusted. FHE is better for collaborative computation: multiple parties need to process shared encrypted state. Most real-world systems will eventually use both.
Generation 6: Stealth Addresses — The Lightweight Generation
Stealth addresses solve a narrower problem than privacy pools: address unlinkability. When someone sends you tokens, a fresh one-time address is generated so that an observer can't link the payment to your known public address. The sender, recipient linkage is broken — but the transaction amount, timing, and other metadata remain visible.
Umbra and ERC-5564/6538
Umbra is the leading stealth address implementation on Ethereum, built by ScopeLift. The V2 architecture implements ERC-5564 (stealth address standard) and ERC-6538 (stealth meta-address registry). Over 77,000 stealth addresses have been generated. The protocol was audited by Trail of Bits.
The cryptographic mechanism is ECDH (Elliptic Curve Diffie-Hellman) key agreement — no zero-knowledge proofs needed. The sender uses the recipient's stealth meta-address to derive a one-time address. Only the recipient can detect and spend from it.
Stealth addresses are complementary to privacy pools, not competitive. A privacy pool hides what's inside (balances, transfers, amounts). A stealth address hides who's receiving. The two can be layered: deposit into a privacy pool, withdraw to a stealth address, and you've hidden both the transaction details and the recipient identity.
| Property | Value |
|---|---|
| Cryptography | ECDH (no ZK) |
| Standards | ERC-5564, ERC-6538 |
| Addresses generated | 77,000+ |
| Audit | Trail of Bits |
| Privacy scope | Recipient unlinkability only (not amount/sender) |
| Status | Live on Ethereum |
Hybrid and Intent-Based Approaches
Not every project fits neatly into the generational taxonomy. Two notable hybrids:
Bermuda Bay
Bermuda Bay evolved from a Tornado Cash Nova fork into something significantly different. It uses Noir (Aztec's ZK language) for its circuits, integrates natively with Safe (formerly Gnosis Safe) multisig wallets, and offers a MetaMask Snap for browser-based privacy. The compliance model is programmable — operators can define custom compliance rules.
Bermuda Bay is backed by Gnosis VC. The Safe-native integration is significant: it means institutional users who already manage treasury through Safe can add privacy as a feature, not a separate workflow.
| Property | Value |
|---|---|
| Proof system | Noir-based |
| Compliance | Programmable |
| Wallet integration | Safe-native, MetaMask Snap |
| Backing | Gnosis VC |
| Status | Development |
Anoma
Anoma is an intent-centric protocol that launched on mainnet in September 2025. Instead of specifying exact transactions ("send 100 USDC to 0xABC"), users declare intents ("I want to swap 100 USDC for at least 99.5 DAI within 10 minutes"). Solvers match intents and execute them, with Halo 2 ZK proofs ensuring that the execution satisfies the user's constraints without revealing the full intent.
The privacy model is different from pools or L2s: you're hiding your preferences and strategies, not just your balances. A sophisticated DeFi user's trading intent — what they want, how much they'll accept, when they need it — is arguably more sensitive than their current balance.
| Property | Value |
|---|---|
| Proof system | Halo 2 |
| Model | Intent-centric |
| Privacy scope | Intent privacy (preferences, strategies) |
| Status | Mainnet since September 2025 |
The Dead, the Pivoted, and the Sunsetting
Not every privacy project survived. The attrition rate is instructive — it tells you which business models and technical approaches the market rejected.
Nocturne — The Fast Death
Nocturne raised $6 million from Bain Capital Crypto, with Vitalik Buterin as a personal investor. It launched a privacy protocol on Ethereum. Eight months after funding, in June 2024, the team shut down. The product never gained traction. The speed of the collapse — $6M raised, ~8 months to shutdown — is a cautionary tale about the gap between raising capital for privacy and actually getting users.
Elusiv to Arcium — The Pivot
Elusiv built a privacy wallet on Solana using zero-knowledge proofs. In February 2024, it rebranded to Arcium and abandoned privacy entirely in favor of general-purpose multi-party computation (MPC). The Solana privacy wallet disappeared. The team concluded that privacy-specific products on Solana couldn't sustain a business — but the underlying cryptographic engineering could serve a broader market.
Light Protocol — The Redefinition
Light Protocol started as a privacy solution on Solana. It abandoned privacy completely and repositioned as a ZK compression protocol for Solana scaling. The team kept the cryptographic tools (Groth16, Merkle trees) but stripped out the privacy use case. Light Protocol now compresses on-chain state using the same circuit architecture that once hid transactions.
Manta Atlantic — The Sunset
Manta's privacy-focused product, Manta Atlantic, is sunsetting in August 2026. The team is pivoting to consumer applications. The privacy L2 — which launched with significant hype — never achieved the TVL or user base needed to justify its infrastructure costs.
Espresso Systems — The Abandonment
Espresso Systems initially built CAPE (Configurable Asset Privacy on Ethereum) — a privacy protocol with built-in regulatory compliance. The team abandoned CAPE entirely and pivoted to building a shared sequencer for rollups. The privacy product was never mentioned again.
Webb Protocol — The Stagnation
Webb Protocol built cross-chain privacy bridges — infrastructure for moving shielded assets between chains. The project has been dormant for over a year with no meaningful updates, commits, or communication. Functionally dead.
The Pattern
The projects that died share common traits: either they launched without compliance (and couldn't get institutional users), or they launched on chains where the privacy user base was too small (Solana), or they tried to build infrastructure before demand existed. The survivors — RAILGUN, Zcash, Aztec — all either had deep existing communities or solved compliance from day one.
Compliance Models Compared
Every privacy protocol must answer the compliance question. The industry has produced seven distinct models. Understanding their differences is essential for evaluating which protocols can survive regulatory contact.
| Model | Used By | Mechanism | Enforcement | Remediation |
|---|---|---|---|---|
| ASP (inclusion) | UPP, 0xBow | Prove membership in approved set | On-chain (smart contract) | Re-prove + ragequit |
| PPOI (exclusion) | RAILGUN | Prove non-inclusion in blacklist | Off-chain (wallet/SDK) | None (immutable) |
| Viewing keys | Zcash, Namada, UPP | Selective transaction disclosure | Voluntary | N/A |
| Programmable disclosure | Aztec | ZK proofs of attributes | Smart contract (L2) | Programmable |
| Revoker/Guardian | Labyrinth/Veilnyx | Multi-party de-anonymization | Court-ordered | Forced disclosure |
| TEE attestation | Secret Network | Hardware enclave verification | Hardware trust | Patch/migrate |
| None | Tornado Cash | No compliance mechanism | None | None |
Several observations:
Enforcement location is the critical variable. On-chain enforcement (ASP model) means compliance cannot be bypassed without breaking the cryptography. Off-chain enforcement (PPOI model) means compliance depends on the wallet cooperating. The difference between "the math prevents it" and "the software prevents it" is the difference between a security guarantee and a policy. An institutional user evaluating these models will ask: "What happens if someone builds an alternative client?" In the ASP model, it doesn't matter — the contract enforces compliance regardless of the client. In the PPOI model, an alternative client that omits the PPOI check can interact with the protocol directly.
Inclusion beats exclusion for regulatory posture. Financial regulation is overwhelmingly built on positive identification. You prove who you are when you open a bank account. You prove the legitimacy of funds when you send a wire. Anti-money laundering (AML) frameworks, from the Bank Secrecy Act to the EU's 6th Anti-Money Laundering Directive, require institutions to know their customers — not to merely assume innocence until a blacklist says otherwise. The ASP model mirrors this positive identification approach: you prove membership in an approved set. The PPOI model inverts the burden: you prove non-membership in a banned set.
The practical difference becomes clear when a new threat emerges. If a major exploit happens at 2:00 PM and the blacklist updates at 3:00 PM, there's a one-hour window in the exclusion model where stolen funds can enter the pool unchallenged. In the inclusion model, the stolen funds can't exit the pool until an ASP adds them to its approved set — which won't happen because the ASP screens deposits. The window doesn't exist.
Remediation is underrated. What happens when something goes wrong? This is the question nobody asks during protocol evaluation, and the question that matters most during a crisis.
In the ASP model, a wrongly excluded user has two paths: wait for the ASP to correct its set and re-prove against the updated Merkle root, or invoke ragequit to exit the pool as the original depositor. Both paths lead to fund recovery. In the PPOI model, once a deposit is excluded from the accumulator, there is no mechanism to reverse it. The proof is immutable. If Chainalysis flags your wallet by mistake — a false positive on a sanctions list — your shielded funds are permanently stuck. In the revoker/guardian model, remediation requires a court order and multi-party key cooperation, introducing legal delays and jurisdictional complexity.
Viewing keys are orthogonal. Several protocols (Zcash, Namada, UPP) support viewing keys as a supplementary disclosure mechanism. Viewing keys allow a user to grant read access to their transaction history — useful for audits, tax reporting, and regulatory inquiry. They're compatible with any of the other compliance models. The key distinction is granularity: Zcash viewing keys expose all transactions to a given address. UPP's per-transaction DVKs allow disclosure of a single transaction without revealing any other activity.
For our detailed comparison of the ASP and PPOI models, see ASP vs Proof of Innocence.
Proof Systems Distribution
The choice of proof system determines a protocol's security level, post-quantum readiness, setup requirements, and performance characteristics. Here's the full landscape:
| Proof System | Protocols | PQ-Safe? | Trusted Setup? |
|---|---|---|---|
| Groth16 / BN254 | RAILGUN, 0xBow, Tornado Cash, Panther | No | Yes (circuit-specific) |
| Groth16 / BLS12-377 | Penumbra | No | Yes (circuit-specific) |
| Groth16 / bellman | Namada | No | Yes (MPC ceremony) |
| PLONK / BLS12-381 | UPP | No | Yes (universal) |
| Halo 2 | Zcash (Orchard), Anoma | No | No (transparent) |
| Honk / CHONK / Goblin | Aztec | No | No (transparent) |
| STARK | UPP (vault), Polygon Miden | Yes | No (transparent) |
| TFHE | Zama, Fhenix, Inco | Yes (lattice) | N/A (different model) |
| None (ECDH only) | Umbra | N/A | N/A |
Several patterns emerge:
Groth16 dominance is an accident of history. Groth16 was the first practical zk-SNARK scheme (2016), and Circom was the first accessible circuit language. Most projects chose Groth16 because the tooling existed — not because it was optimal. The result: the majority of deployed privacy protocols run on BN254 with approximately 100-bit security. That number matters because NIST's minimum recommendation for symmetric-equivalent security is 128 bits. BN254 falls short. The curve was considered adequate in 2017; by 2026 standards, it is a known compromise.
BLS12-381, used by Ethereum's beacon chain and by UPP, provides the full 128-bit security level. BLS12-377, used by Penumbra, provides similar security but with a different field structure optimized for recursive proof composition. The choice of curve is not just a theoretical preference — it determines whether a forged proof is a billion-dollar computation or a trillion-dollar computation.
Trusted setup is a liability. Every Groth16 deployment requires a trusted setup ceremony — a multi-party computation where participants generate parameters and then destroy their secret contributions (the "toxic waste"). If even one participant retains their contribution, they can forge arbitrary proofs. In a privacy pool context, this means creating notes from nothing — minting money, bypassing compliance checks, or both.
Zcash mitigated this with the Powers of Tau ceremony, involving thousands of participants across dozens of countries. If at least one participant was honest and destroyed their secret, the setup is sound. But the ceremony cannot be repeated efficiently — it's circuit-specific. Every time RAILGUN or 0xBow updates a circuit, a new ceremony is needed.
Universal setups (PLONK) and transparent schemes (Halo 2, STARKs) eliminate this risk entirely. PLONK uses a universal structured reference string — one ceremony works for all circuits. Halo 2 and STARKs need no ceremony at all. Their security derives entirely from public, verifiable mathematical properties.
Post-quantum readiness is concentrated. Only two proof paradigms are considered post-quantum safe: STARKs (hash-based, transparent) and TFHE (lattice-based). Every SNARK-based protocol — including Zcash, RAILGUN, 0xBow, Penumbra, Namada, and Aztec — relies on elliptic curve assumptions that a sufficiently powerful quantum computer could break using Shor's algorithm.
The timeline for quantum threats is debated. Current estimates range from 10 to 30 years for a cryptographically relevant quantum computer. But privacy protocols protect long-duration value — the notes shielded today may need to remain private for decades. A "harvest now, decrypt later" attack is already feasible: an adversary records encrypted transaction data today and waits for quantum capability to decrypt it retroactively.
This makes the choice of proof system a forward-looking security decision. Protocols that ship only with elliptic-curve SNARKs are implicitly betting that quantum computers won't threaten their security within the lifetime of the shielded value. Protocols that include STARK or lattice-based alternatives are hedging that bet.
UPP's dual proof system (PLONK for daily transfers + Circle STARK for the vault layer) is designed as that hedge: use the efficient, well-understood SNARK for routine operations where proving time and gas cost matter most, but offer a STARK-based escape route for users who need post-quantum guarantees before the broader ecosystem catches up. For a deeper analysis of quantum threats to privacy protocols, see Q-Day: Post-Quantum Threats to Privacy Infrastructure.
Where UPP Fits
Universal Private Pool occupies a specific position in this landscape. It's useful to be explicit about what it is and isn't.
UPP is a modular SDK, not a monolithic protocol. It's designed to be integrated by other projects — stablecoin issuers, DeFi protocols, wallet developers — rather than operated as a standalone service. The analogy: RAILGUN is a product; UPP is a component.
UPP enforces compliance on-chain. The smart contract rejects non-compliant transactions. This is the same enforcement model as 0xBow Privacy Pools — and a fundamentally different architecture from RAILGUN's wallet-level enforcement.
UPP runs two proof systems. PLONK on BLS12-381 (128-bit security) for everyday transfers. Circle STARK for the post-quantum vault. No other privacy protocol in the landscape ships both.
UPP provides per-transaction viewing keys. Most protocols offer all-or-nothing disclosure. UPP generates a unique Decryption Viewing Key for each transaction. Disclose one transaction without revealing any other activity.
UPP includes ragequit. If compliance goes wrong — an ASP excludes you by mistake, or an ASP disappears entirely — the original depositor can always exit. Funds are never permanently locked by a compliance failure.
UPP charges no protocol fee. RAILGUN charges 0.50% round-trip. UPP charges nothing.
UPP is pre-audit and on Sepolia testnet. We make no claims about production readiness. The protocol has not been audited. It has not been battle-tested with real value. It's a testnet deployment.
These are facts about the architecture. The market will decide whether this combination of properties — modular, on-chain enforcement, dual proof system, per-tx viewing keys, ragequit, no fee — is what the space actually needs.
The Big Picture: What Has Changed
Looking at the entire landscape, several structural shifts have occurred since the Tornado Cash era:
Compliance is table stakes. Every new protocol ships with a compliance mechanism. The only protocols without one are either dead (Nocturne), sanctioned (Tornado Cash), or relics of a different era. The debate isn't compliance vs. no-compliance — it's which compliance model is strongest.
Proof systems are diversifying. The Groth16 monoculture is breaking. Halo 2 (Zcash), PLONK variants (Aztec, UPP), STARKs (Miden, UPP), and TFHE (Zama, Fhenix, Inco) are all in production or near-production. This is healthy — different applications have different tradeoffs.
Privacy is splitting into layers. Stealth addresses handle recipient privacy. Shielded pools handle transactional privacy. Privacy L2s handle computational privacy. FHE handles encrypted state. These aren't competitors — they're layers that compose. The most private system in 2027 will probably use all four: a stealth address receiving a deposit into a shielded pool, with the pool's logic running on a privacy L2 that uses FHE for encrypted order matching.
This layered model also suggests that SDK-based approaches (modular components you integrate) may be more durable than monolithic protocols (all-in-one systems you adopt wholesale). A stablecoin project doesn't need an entire privacy L2 — it needs a shielded pool component and a compliance component. A DEX doesn't need stealth addresses — it needs encrypted order matching. The future likely belongs to composable privacy primitives, not privacy monoliths.
The dead zone is instructive. The protocols that died — Nocturne, Elusiv, Light Protocol, CAPE, Webb — all failed for business model or timing reasons, not technical ones. The cryptography works. The challenge is building products that people actually use, with compliance that regulators actually accept, at costs that users actually tolerate. Privacy infrastructure is unusually hard to monetize: users expect privacy to be a feature, not a product they pay for. Protocols that charge fees (RAILGUN's 0.50% round-trip) face competitive pressure from protocols that don't. Protocols that don't charge fees need alternative business models.
Post-quantum is becoming urgent. With STARKs and TFHE both in production, the conversation is shifting from "should we prepare for quantum?" to "how do we migrate?" Every SNARK-based protocol needs a concrete migration plan — not a vague roadmap, but a technical path from their current elliptic curve proofs to a quantum-resistant alternative. The protocols that have already shipped post-quantum components (UPP's Circle STARK vault, Polygon Miden's STARK VM, Zama's TFHE) are at least partially positioned. Everyone else has homework to do.
Summary Table: The Full Landscape
| Protocol | Generation | Proof System | Compliance | TVL/TVS | PQ-Safe? | Status |
|---|---|---|---|---|---|---|
| Tornado Cash | Mixer | Groth16/BN254 | None | $506M | No | Delisted, live |
| RAILGUN | Shielded Pool | Groth16/BN254 | PPOI (wallet) | $101M | No | Live, V3 announced |
| 0xBow | Shielded Pool | Groth16/BN254 | ASP (on-chain) | ~$6M vol | No | Live |
| Panther | Shielded Pool | Groth16 | Zone Managers | N/A | No | Canary mainnet |
| UPP | Shielded Pool | PLONK + STARK | ASP (on-chain) | N/A | STARK layer | Pre-audit, Sepolia |
| Labyrinth | Shielded Pool | Groth16 | Revoker/Guardian | N/A | No | Testnet |
| Aztec | Privacy L2 | Honk/CHONK/Goblin | Programmable | N/A | No | Alpha mainnet |
| Polygon Miden | Privacy L2 | STARK | TBD | N/A | Yes | Pre-mainnet |
| Zcash | Privacy L1 | Halo 2 / Groth16 | Viewing keys | $1.48B shielded | No | Mainnet |
| Penumbra | Privacy L1 | Groth16/BLS12-377 | N/A | $3.77M | No | Mainnet |
| Namada | Privacy L1 | Groth16/bellman | Shielding rewards | $1.5M | No | Mainnet |
| Secret Network | Privacy L1 | None (TEE) | TEE attestation | N/A | No | Mainnet |
| Zama | FHE | TFHE | N/A | $121M | Yes | Mainnet |
| Fhenix | FHE | TFHE | N/A | N/A | Yes | Live |
| Inco | FHE | TFHE | N/A | N/A | Yes | Development |
| Umbra | Stealth Addr | ECDH | N/A | N/A | N/A | Live |
| Bermuda Bay | Hybrid | Noir | Programmable | N/A | No | Development |
| Anoma | Intent-based | Halo 2 | N/A | N/A | No | Mainnet |
What Comes Next
The privacy protocol landscape in 2026 is unrecognizable from the Tornado Cash era. What was a single-protocol, single-approach space has fractured into six distinct generations, each solving different aspects of the privacy problem with different cryptographic tools and different compliance philosophies.
The next 12 months will answer several open questions:
1. Which compliance model wins institutional trust?
ASPs, PPOI, programmable disclosure, and revoker/guardian models are all live or near-live. The first institutional integrations — banks, exchanges, asset managers using privacy pools for treasury operations — will reveal which compliance model regulators actually accept. Our thesis is that on-chain enforcement (ASP) has the strongest regulatory posture because it provides a mathematical guarantee, not a software promise. But the market hasn't confirmed this yet.
The MiCA regulation in the EU, the evolving AML/CTF frameworks in Singapore and the UK, and the still-unclear U.S. regulatory posture will each shape which compliance models gain traction in which jurisdictions. Protocols that support multiple ASPs — allowing different operators to apply different compliance criteria — may have an advantage in a multi-jurisdictional world.
2. Does FHE cross the performance threshold?
Zama's 20 TPS is adequate for low-frequency institutional operations (OTC trades, settlement) but unusable for DeFi at scale. If GPU acceleration achieves the targeted 500-1,000 TPS, FHE becomes a viable alternative to ZK for composable privacy. If it doesn't, FHE remains a specialized tool for use cases where computation on encrypted state is worth the performance cost.
The key metric isn't raw TPS — it's cost per confidential operation relative to the value being protected. An institutional OTC trade worth $10 million can tolerate seconds of latency and dollars of compute cost. A retail swap worth $100 cannot.
3. How fast does the post-quantum migration happen?
STARKs and TFHE are already post-quantum safe. Every Groth16 and PLONK protocol needs a migration plan. The NIST post-quantum cryptography standards (FIPS 203, 204, 205) were finalized in 2024, and major institutions are already being pressured to begin migration planning. The protocols that move first — or, like UPP, ship with both systems from day one — will have a structural advantage when quantum timelines become clearer.
4. Will privacy become a standard feature or remain a specialty product?
The strongest signal from the landscape isn't any individual protocol — it's the direction of the major platforms. Ethereum's roadmap includes account abstraction and encrypted mempool proposals. Solana has explored private state. Even Bitcoin has Taproot, which improves scripting privacy. If privacy becomes a default layer of general-purpose chains, the standalone privacy protocol category may consolidate significantly.
5. Can the dead zone protocols be resurrected?
Several useful ideas died with the companies that built them: cross-chain privacy bridges (Webb), privacy on Solana (Elusiv), institutional privacy vaults (Nocturne). The technical approaches were sound. The business models or timing were wrong. We expect some of these ideas to be rebuilt by new teams, possibly using SDK-based approaches (like UPP) that reduce the infrastructure burden on the builder.
Our Position
We built Universal Private Pool because we believe the right combination is: on-chain ASP enforcement, SNARK + STARK dual proof system, per-transaction viewing keys, ragequit safety, and no protocol fee — packaged as a modular SDK that anyone can integrate. That's our bet. The landscape described above is the competitive context in which that bet will be tested.
We don't claim to have the only viable approach. RAILGUN has proven real-world demand with $4.5B in volume. Zcash has proven long-term viability over a decade. Aztec has proven that programmable privacy is possible. Zama has proven that FHE can reach production. Each validates a piece of the puzzle.
What we believe is missing — and what UPP is designed to provide — is the combination of on-chain enforcement, dual proof systems, and modular SDK architecture in a single package. The landscape has protocols that are compliant but centralized, private but non-compliant, modular but lacking post-quantum paths. UPP attempts to sit at the intersection.
Universal Private Pool is pre-audit and deployed on Sepolia testnet. Nothing in this article constitutes financial or legal advice. All TVL/TVS figures are approximate and sourced as of April 2026.
For technical documentation, visit the UPP SDK docs. To discuss integration, reach out at permissionless-technologies.com/contact. Follow development on GitHub.