Shared Private State

The Privacy Problem in Web3

While the cryptocurrency space has its origins in projects like Chaumian Ecash , which put the preservation of digital financial privacy front and center, it has more recently undervalued privacy for what is ultimately a bad reason: before ZK-SNARKs, we had no way to offer privacy in a decentralized way, and so we downplayed it, instead focusing exclusively on other guarantees that we could provide at the time.

Today, however, privacy can no longer be ignored.

-https://vitalik.eth.limo/general/2025/04/14/privacy.html , Vitalik Buterin

Blockchains are fully transparent by default. Every user’s transactions, every smart contract’s data, and every trading strategy are visible on-chain. This radical openness has utility for trustless verification, but privacy is virtually nonexistent. This lack of privacy is one of the most important open problems preventing the realization of the leviathan-free economy.

Anything that is public leaks alpha. If a fund finds a lucrative trading strategy in DeFi, that strategy can be copied or countered by others immediately. Orders get filled at the worst possible price because block builders can see public transactions in the mempool and sandwich them to extract value. Leverage positions are vulnerable to hunting because liquidation prices and account balances are widely available. Credit markets can’t gain traction because sensitive financial information (e.g., credit scores, identities, risk assessments) would have to be exposed to the world.

No one wants their personal financial activity or proprietary algorithms out in the open. The status quo leads to blockchain-native markets doing less volume with less efficiency and tons of value extracted. Both sides of the market lose. Without privacy, DeFi cannot fulfill its true potential.

It doesn’t have to be this way. Privacy, implemented correctly, will unlock blockchain-native markets.

The Breakthrough: Shared Private State

Synchronicity Protostar is a platform for private, hyper-efficient, purpose-built leviathan-free exchanges. Shared private state – verifiable computation over encrypted data that allows blockchains to have a private memory that many nodes can jointly maintain and update – is a necessary component for highly efficient private on-chain exchange.

Protostar introduces Corino, an open-source distributed node and key management protocol, and combines it with zero-knowledge (ZK) proofs which ensure those updates are correct, to create blockchains with highly scalable shared private state.

The nodes of a Corino deployment agree on and compute over an application state that is encrypted at rest and in transit, and decrypted for use only behind a hardware-enforced trust boundary. A hardware-enforced trust boundary is a protected execution region, such as those found in a trusted execution environment (TEE), where the processor itself enforces confidentiality and integrity to ensure that code and data inside the enclave cannot be read or modified by the host operating system, hypervisor, or even the machine operator.

Nodes’ access to the network is checked, permissioned, and enforced by Corino’s multi-stage, defense-in-depth key management service. To ensure the system’s integrity – that the application’s state as computed by the TEEs is correct – the execution is ZK-proven on a separate TEE and the proofs are posted publicly. Anyone can asynchronously check that any given state transition was correct according to predetermined public rules without needing to see any sensitive user data by simply verifying the proof.

Synchronicity Exchange, the first exchange built on a Protostar deployment, is a perpetual futures exchange that includes the best of both privacy and transparency to create an optimal market. For more information on Synchronicity Exchange and how it leverages Corino, see Synchronicity Exchange.

Shared private state isn’t limited to exchanges. Corino provides a general foundation for composability among private blockchains. Any blockchain that deals with sensitive data or proprietary logic can benefit from its use. For the first time, developers have a way to build applications that are both private and interoperable with the rest of the blockchain ecosystem.

How It Works

This section details how Corino creates trust-minimized shared private state in a distributed system.

1. Each node runs inside a TEE.

   All sensitive data is stored and processed in encrypted memory within the TEE. This means an attacker or even a cloud admin with full control of the machine cannot extract the secret state or keys from the node. Unlike purely cryptographic approaches (e.g., fully homomorphic encryption or multi-party computation), the performant nature of TEEs means Corino doesn’t incur a massive slowdown to keep data private.

   Corino is hardware agnostic, but its first implementation and deployment will leverage Intel’s Trust Domain Extensions (TDX), which allow nodes to run full containerized applications in a virtualized secure enclave. Corino uses the dstack deployment framework, an open-source SDK, allowing developers to package their application into a Docker container and launch it directly inside a TDX enclave.

2. TEEs are permissioned through remote attestation.

   Corino ensures only legitimate, pre-authorized code is being run by network validators via remote attestation, a process in which each enclave proves to an outside verifier what code it’s running, that it’s a genuine TEE, and that it’s been appropriately configured for confidential compute.

   In practice, when a new node wants to join the validator set, it must present an attestation quote signed by the TEE’s hardware key. This quote includes cryptographic measurements of the node’s software stack (e.g., hashes of the OS, enclave application binary, and configuration). Rather than trusting a single company or centralized server to verify attestations, Corino anchors attestation verification in a smart contract that anyone can inspect.

   Corino’s on-chain smart contract checks this quote to see if it matches the expected fingerprint of pre-authorized code, and that the code is up to date. Corino leverages Automata  to verify Intel’s TDX attestation reports on chain via ZK-proof such that even the attestation verification process is trustless. Only if the node’s attestation is valid will it be authorized and provisioned decryption keys so that it can start computing over the application’s shared private state.

   On-chain governance is responsible for deciding which enclave providers and security standards are acceptable. By making enclave permissioning a governance policy rather than a hard-coded choice, Corino allows networks to determine acceptable hardware providers through on-chain rules, eliminating vendor lock-in and enabling support for multiple TEE standards.

3. Encrypted transactions, state and ZK-proofs of correctness are posted publicly.

   When a Protostar deployment processes a batch of transactions, each validator updates the state within its own enclave. The lead sequencer then needs to communicate these updates to the outside world for verification. However, the system’s privacy would be compromised if a node posted the raw transaction data or application state in plaintext.

   Instead, Synchronicity uses an encrypted data publishing approach. First, the new state is encrypted under a shared key that only the authorized TEEs know, and this new encrypted state is written to a data availability layer.

   Second, a prover node publishes a ZK-proof attesting that “this encrypted state, when decrypted, is the result of correctly applying all the transactions to the state since the time of the last proof, according to the Protostar deployment’s rules.” The ZK-proof does not reveal anything about the underlying transactions or state; it only proves correctness.

   If a node tries to post a bogus state update (e.g., a dishonest node tries to credit itself extra funds or mismatches orders), the proof will fail. Thus, integrity is guaranteed purely by cryptography.

4. Correctness can be verified without needing to see the underlying data.

   Anyone connected to the network can verify this proof. Users don’t have to blindly trust the TEEs for correct behavior. At the same time, the use of TEEs means the actual computation of each state transition can be done swiftly and without information leakage. The result is a fully verifiable blockchain where confidential data remains private, even as the system stays performant and secure.

5. Corino manages keys for shared private state.

   In order for multiple TEE nodes to decrypt and encrypt the same state consistently, the enclaves need a shared secret: encryption keys derived in a way that only attested, vetted, and permissioned nodes can decrypt the shared private state.

   The first node in a Protostar deployment generates a fresh symmetric key (or key set) for encrypting the application state. Additional nodes, upon joining the network and passing attestation, retrieve this key via Lit Protocol , which uses a decentralized network of TEEs to function like a distributed hardware security module.

   The network’s state-sealing keys (and other critical secrets) are encrypted via Lit under an access control condition. Lit enforces a policy that says “release this key to a requester only if they present a valid network-specific attestation and are approved by the on-chain governance.” This encrypted key material is posted in a public location. When a new node proves itself via attestation, it can then query the Lit nodes to decrypt this encrypted key. The Lit network, seeing the valid credentials, sends key shards to the new node, which can locally combine the shards to compute the decryption key(s). Upon computing the decryption key(s), the node can decrypt the network’s state and transactions to begin processing state transitions within its enclave.

   By leveraging Lit Protocol’s network of TEEs, no single point of trust exists for key distribution or application state. Keys are protected by a combination of TEE hardware and a threshold of independent nodes. Prior to Corino, TEEs typically sealed data with a device-specific key such that each machine’s enclave could only decrypt its own data. Corino overcomes that siloing by deriving keys from an agreed upon public application standard. If one node goes down, another can pick up right where it left off. This guarantees fault tolerance and liveness. The rollup can continue operating as long as there’s at least one honest enclave online, and new enclaves can join or replace old ones seamlessly.

Implications

Privacy is progress: if we gain new ways to share our information selectively while protecting it from being misused, we can unlock a lot of value and accelerate technological and social progress.

-https://vitalik.eth.limo/general/2025/04/14/privacy.html , Vitalik Buterin

Protostar is the foundation for an entirely new suite of applications that were previously impossible. Shared private state creates a “privacy layer” on top of existing public chains. In the same way that L2 solutions extended Ethereum with scalable computation, Corino and Protostar enable a trust-minimized confidential compute layer that create a world of composable privacy, where private applications are no longer siloed and can communicate without sacrificing their confidentiality.

The Tech is Ready Now

Historically, shared private state was difficult to achieve because cryptographic primitives weren’t yet sophisticated enough to support the required performance, scale and composability. TEEs were vendor-locked, expensive, and required specialized and opaque deployment architectures. Generating ZK-proofs was slow. Data availability was expensive.

However, modern tools have finally matured to resolve these bottlenecks, and Protostar assembles these advances into a coherent and practical deployment framework, yielding highly scalable leviathan-free private computation over shared state.

Corino Roadmap

Corino is being developed with a phased approach to ensure the protocol is maximally useful for real world applications.

• Phase 1 — Synchronicity (prove product-market fit)

Launch Synchronicity, an exchange-specific blockchain with confidential order flow and on-chain matching. Demonstrate trustless scalable shared private state and get data from real world deployment.

• Phase 2 — Platformize (make privacy a developer-facing product)

Generalize Corino into a developer platform; create SDKs, APIs, and templates for confidential apps that inherit Corino’s attestation and key access control out of the box. Support projects where privacy is a hard blocker (e.g., credit/under-collateralized lending, identity-gated markets) to build on Synchronicity or deploy Protostars.

• Phase 3 — Standardize (become crypto’s privacy layer)

Make Corino the default shared private state primitive across blockchains via open standards and reference implementations. Expand to multi-vendor TEE support and cross-network interoperability so private applications can compose across networks as easily as today’s public ones. The goal: a neutral, widely adopted privacy fabric where exchanges, credit markets, and data-driven user-facing applications run privately by default.