BITE : Solving Blockchain Privacy in Four Phases

kladkogex · April 29, 2025, 11:40am

Thanks to @TheGreatAxios for advocating importance of privacy for next generation blockchains and for the great discussions on this topic!

Abstract:

Since the inception of smart contracts on Ethereum in 2015 [1], privacy has remained one of the blockchain ecosystem’s most persistent unsolved challenges. Early solutions like zk-SNARKs [2] enabled zero-knowledge proof verification but did not support private computation within smart contracts. Projects such as Enigma [3], Secret Network [4], and Zexe [5] explored different paradigms for encrypted execution, but often at the cost of developer experience, composability, or decentralization. More recently, fully homomorphic encryption (FHE) and threshold cryptography have shown promise for enabling secure on-chain computation without data leakage.

BITE (Blockchain Integrated Threshold Encryption) is a groundbreaking protocol that brings full-stack privacy to blockchain systems without compromising decentralization or Solidity compatibility. BITE introduces a phased approach to private computation on-chain, starting with encrypted transactions (Phase 1) and evolving through private smart contract execution (Phase 2), user-specific access control via threshold re-encryption (Phase 3), and culminating in the integration of threshold fully homomorphic encryption (TFHE) for confidential computation (Phase 4). This progression unlocks a wide array of privacy-preserving applications, including sealed auctions, private messaging, secure trading, confidential DeFi, encrypted gaming, private DAOs, and full-featured on-chain banking. By transforming blockchains into privacy-preserving cloud computers, BITE bridges the usability of Web2 with the trustlessness of Web3, offering developers and users a seamless path toward building and interacting with decentralized systems that respect confidentiality by design.

BITE Protocol Goals

What Users Want

Store private information on the blockchain.
Grant dApps fine-grained access to this information.
Enjoy an experience similar to Web2 applications.

What Developers Want

Continue using Solidity.
Easy development workflows.
Minimal learning curve.

Important Use Cases for Private Information

Games with private user data (e.g., card games).
Censorship resistance.
DeFi and trading (MEV protection, secret trading algorithms, and private bids).
Commerce (buying things without global visibility).
Social networks (sharing data only with friends).
Secret voting in DAOs.
Tax filings.
Storing private documents on-chain.
Prediction markets with private bids.

We can progressively address all these needs in BITE (Blockchain Integrated Threshold Encryption) through stages, starting with simple algorithms and evolving to more complex ones while covering increasingly important use cases.

BITE Roadmap

Phase 1: Threshold-Encrypted Transactions (Available Now)

Encrypt transaction data and destination address using threshold encryption.

Problems Solved:

Censorship resistance.
MEV resistance.
Secure prediction market submissions.
Concurrent moves in games (keeping moves secret until execution).
Front-running and cheating protection for all kinds of on-chain compute protocols (e.g., ChatGPT-on-chain systems).

Phase 2: Threshold Decryption Inside Smart Contracts

We will introduce a Decryptor smart contract that decrypts data and passes it to a user-defined onDecrypt() function.

Decryptor Contract

contract Decryptor {
    // decryptAndProcess takes a function pointer and encrypted data
    function decryptAndProcess(
        function (bytes memory) internal pure onDecrypt,
        bytes memory encryptedData
    ) internal pure {
        onDecrypt(decryptedData);
    }

}

How Developers Will Use It

Here is a “Hello World” example where a smart contract takes threshold-decrypted data and decrypts it on demand.

    function print(bytes memory decryptedHelloWorld)  {
        console.logBytes(decryptedHelloWorld);
    }



function main() external pure {
    bytes memory abiEncodedData = abi.encodePacked(encryptedHelloWorld);
    decryptAndProcess(print, abiEncodedData);
}

In this example,

the developer provides an encrypted data blob and a print function that prints decrypted text .
BITE Decryptor smart contract handles decryption and processing inside Solidity, enabling privacy-preserving operations directly within smart contracts.

How it will be implemented in the protocol

When decryptAndProcess() is called, a transaction will be added to the beginning of the next block that will execute the function (similar to async functions in JavaScript).
All decryptAndProcess() calls for the current block $i$ will be collected.
The corresponding threshold decryptions batch will be executed at the start of processing the next block.
Phase 1 and Phase 2 decryptions will therefore go into the same batch.
When all decryptions are performed, onDecrypt() transactions will be executed at the start of block $i+1$.

Use cases for BITE phase 2.

A) Auction with Private Sealed Bids

Users submit encrypted bids.
The smart contract collects bids until the cutoff time $T$.
At time $T$, the smart contract decrypts all bids at once and selects a winner.

B) Sealed Future Transfers (On-Chain Will)

A user submits an encrypted will with encoded money transfers.
At time T, the smart contract decrypts the will and executes the transfers specified in the will.

C) Confidential Sealed Prediction Market

Users submit secret predictions and bids for an event
At the time of the event, bids are unsealed and prediction market is settled.

D) Conditional Encrypted Trading Triggers

Users submit encrypted conditions (e.g., “If price of ETH > $5000, sell 10 ETH”).to the exchange smartcontract.
On reaching certain triggers, the exchange decrypts and processes these conditional operations.

E) Time-Locked Private Messages

Users send encrypted private messages on-chain.
Messages automatically decrypt and become readable at a specified future time (e.g., after 1 year, in a “decentralized time capsule” app).

F) Sealed Negotiation Contracts

Two parties submit encrypted negotiation terms.
When both sides submit, the contract decrypts both at the same time and executes based on the agreed overlap.

G) On-Chain Secret Gifting

Encrypted gifts (NFTs, tokens) are submitted to recipients.
Gifts decrypt and transfer automatically at special dates (birthdays, anniversaries) without any party controlling the timing.

H) Next-Generation Secure Multisig Contract Update

An encrypted contract update byte is submitted to the chain.
Attackers cannot see the update until a threshold of multisig approvals is reached.
Once the threshold is met, the update is decrypted and executed.

I) Game: Rock-Paper-Scissors

Users submit their encrypted choices.
Decryption occurs simultaneously once all choices have been submitted.

J) Game: Battleship

Each player encrypts their board (the full 10x10 grid with ships) using the threshold public key.
They send the encrypted board to the smart contract.
The smart contract waits for players to submit moves.
When a guess is made, the Decryptor contract triggers threshold decryption on:
- The opponent’s board.
- The guessed coordinate.
Only the single square at the guessed coordinate is decrypted and revealed

Phase 3: Threshold Re-encryption Inside Smart Contracts

Phase 3 differs from Phase 2 by adding re-encryption for a specific user or group.
Instead of decrypting the ciphertext and making it public, the smart contract re-encrypts it to the public key of a specific user or group, effectively granting them exclusive access to the information.

contract Decryptor {
    // decryptAndProcess takes a function pointer and encrypted data
    function decryptAndProcess(
        function (bytes memory) internal pure onDecrypt,
        bytes memory encryptedData
    ) internal pure {
        onDecrypt(decryptedData);
    }

    // reencryptAndProcess takes a function pointer and encrypted data
    function reencryptAndProcess(
        function (bytes memory) internal pure onReencrypt,
        bytes memory encryptedData,
        bytes memory destinationPublicKey
    ) internal pure {
        onReencrypt(reencryptedData);
    }
}

Use cases for BITE phase 3.

Phase 3 enables a huge number of access control use cases and makes many mainstream Web 2 apps implementable in Solidity

A) Private Documents with sharing and access control

Store AES-encrypted document on chain with AES key encrypted using threshold encryption
Provide access to the document to a specific user by reencrypting the AES key of this document to the public key of a particular user.

B) Web-2 like social networks

Publish encrypted messages on chain
Provide access to the messages to your friends only.

C) Collaborative document editing

Publish encrypted document on chain
Provide access to the document to other users
Collaboratively edit the document

D) On-chain licensing, access, copyright and subscription management

Use threshold encryption to encrypt secret license key for video stream, NFT, software etc.
Prompt he user pay subscription fee
Re-encrypt the access key to the user public key

E) Encrypted Supply Chain Management

Goods metadata (origin, authenticity certificates) are encrypted.
Authorized parties in supply chain (manufacturer, distributor) get access via re-encryption.
Protects trade secrets while ensuring provenance.

F) Private DAOs (Decentralized Autonomous Organizations)

DAO proposals and votes are encrypted.
Only eligible voters’ keys are authorized to decrypt and view proposals.
Re-encryption dynamically manages access as DAO memberships change.

G) Confidential On-chain Gaming

Game states (hands of cards, private moves) stored encrypted.
Re-encryption gives players access to only their cards/moves.
Enables complex games like Poker entirely on-chain.

H) Secure On-chain Escrow and Dispute Resolution

Encrypted evidence and documents submitted during escrow.
Re-encrypt evidence only for arbitrators when needed.
Keeps sensitive material private unless dispute arises.

I) E-commerce with Private On-chain Orders

Customer orders are private (address, items, payment info).
Seller publishes product info publicly on-chain (item name, price).
Private Purchase (Order Creation)
Buyer creates an order.
Buyer encrypts their delivery address, customization options, and payment proof using threshold encryption.
Order (with encrypted private data) is posted on-chain.
Smart contract re-encrypts the buyer’s private order details to the seller’s public key (after verifying payment or escrow deposit).
Now only the seller can decrypt and process the order.
Seller decrypts the order and ships the product.
Optionally, encrypted shipment tracking data could be updated on-chain and selectively re-encrypted to the buyer.
Order details stay encrypted forever unless the buyer/seller choose to reveal them (e.g., for dispute resolution).

J) Encrypted Resumes, On-chain University Diplomas and Transcripts

Students encrypt their grades, degrees, certifications.
Employers request selective re-encryption proofs of education (e.g., “Graduated with Master’s in CS”) without seeing full transcript.
Smart contracts verify authenticity without revealing all grades.

Phase 4: Threshold Fully Homomoriphic Encryption Inside Smart Contracts

While Phase 3 of BITEs enables the majority of today’s Web2 applications to be implemented in Web3, there remains one particularly challenging area: banking.

To implement an on-chain bank that operates on encrypted user data, several capabilities are required:

Ability to perform basic mathematical operations on encrypted data without decryption.
For example, a user might want to move money from savings to checking, which involves subtracting from one balance and adding to another — all without exposing any sensitive information. A similar scenario is transferring funds between users while maintaining confidentiality.
Ability to disclose high-level information about user funds without compromising overall privacy.
For instance, a user may need to prove to a credit card application that they hold more than a certain amount of funds, without revealing the actual balance or any other account details.

The capabilities discussed above are provided by Threshold Homomorphic Encryption (TFHE).

Threshold Homomorphic Encryption combines homomorphic encryption with threshold cryptography. It enables computations on encrypted data while maintaining security, with the private key shared among multiple parties. A threshold number of parties is required to decrypt, ensuring that even if some participants are compromised, the secret remains protected.

In Phase 4 of the BITE Protocol, we plan to integrate an open-source TFHE framework into SKALE.

Several open-source frameworks are available, including:

We will then provide a Solidity precompiled smart contract for simple FHE operations, such as addition, subtraction, finding the maximum, and others. The goal is to offer a minimal set of basic operations that can be used to support a wide variety of dApps.

For advances users, we can later consider providing low level access to the native FHE framework such as

GitHub - zama-ai/concrete: Concrete: TFHE Compiler that converts python programs into FHE equivalent

Use cases for BITE phase 4.

Main use case for BITE phase 4 is banking, it also enables very secure games, voting and authentication

A) TFHE Confidential Token Wrapper

Existing ERC-20 tokens can be wrapped into a TFHE confidential token wrapper, functioning as follows:
Each account’s balance is stored in TFHE-encrypted form.
Transfers are performed using the encrypted balance of the sender, the encrypted balance of the recipient, and the encrypted amount to transfer.
- A TFHE circuit homomorphically updates the balances:
  - Sender’s new balance = old encrypted balance minus encrypted amount.
  - Recipient’s new balance = old encrypted balance plus encrypted amount.
- The entire computation is performed on encrypted data, without revealing balances or transfer amounts at any point.

Thus, all user balances and transfer amounts are confidential, even to the smart contract itself.

B) On-Chain Bank

The TFHE token wrapper can serve as the foundational primitive for building a fully on-chain bank, replicating the functionality of a traditional Web2 banking system. In addition to confidential transfers, the following advanced operations can be supported through TFHE-encrypted math:

Credit Score Calculation:
- User transaction histories (encrypted balances, repayments, etc.) can be analyzed homomorphically to compute an encrypted credit score.
- The user can selectively reveal (decrypt) the credit score, or parts of it, to authorized decentralized lending protocols.
Confidential Savings Accounts:
- Savings and yield can accumulate directly on encrypted balances.
- Interest computations can be performed homomorphically without balance disclosure.
Confidential Loans and Repayments:
Borrowers can receive loans tied to their encrypted balances and repay them over time, with all amounts and obligations remaining confidential.
KYC-less Compliance:
- Compliance checks (such as transaction limits, suspicious activity monitoring) can be enforced on encrypted data without revealing private user information.
Confidential Payments and Payroll:
- Businesses could use encrypted tokens to pay employees, preserving the confidentiality of salaries on public blockchains.

C) On-Chain Fully Confidential Exchange

Once On-Chain Bank is Implemented, the next step is to implement a fully confidential exchange where users can use an AMM like Uniswap to exchange TFHE-wrapper tokens,

All balances, swaps, and liquidity pools are confidential.
The AMM runs fully encrypted
Each liquidity pool holds two encrypted balances: Enc(balance_A) and Enc(balance_B).|
User submits an encrypted token amount to swap (e.g., Enc(amount_A_in) to swap
AMM applies must apply the AMM bonding curve pricing formuila homomorphically on encrypted values.
After a swap, update Enc(balance_A) and Enc(balance_B) using TFHE math.
LPs can provide or remove liquidity by encrypted operations, without revealing actual amounts.

D) Fully Private DAO Voting

While banking and DeFi are the primary focus of BITE Protocol Phase 4, the protocol also unlocks many other powerful applications beyond finance.

In fully private DAO voting:

Users submit their votes in encrypted form.
The total vote count is computed homomorphically (using TFHE) without revealing any individual user’s vote.

This ensures complete voter privacy while maintaining full transparency and integrity of the voting process.

E) Private Staking

Users submit their staking delegations in encrypted form.
The total stake delegated to each validator is computed without revealing individual user contributions.
Staking rewards are distributed in encrypted format, hiding both the reward amounts and the recipient identities.

This enables decentralized staking mechanisms that protect user privacy at every step.

References:

[1] Ethereum Whitepaper: Ethereum Whitepaper
[2] B. Bünz et al., “Zether: Towards Privacy in a Smart Contract World,” 2019.
[3] Enigma: https://enigma.co/
[4] Secret Network: https://scrt.network/
[5] B. Bünz, J. Bootle, D. Boneh, “Zexe: Enabling Decentralized Private Computation,” 2019.

jackoholleran · May 1, 2025, 5:44pm

This is amazing Stan. Nice work.

The big opportunity for BITE is that it could make all blockchains that aren’t encrypted, obsolete. At some point end users will care that billions in value are being taken from them each year. Application developers will feel an obligation to protect their users and will pick blockchains that have Proof-of-Encryption.

baka · May 2, 2025, 11:11am

From the beginning of my journey into crypto, I’ve been following privacy coins. There are only a few ones that provide smart contract functionality which is encrypted, for example, SECRET. However, that is part of the Cosmos ecosystem and, as far as I know, it doesn’t offer the wide scope of functionality that BITE can offer within SKALE/Ethereum environment.

These use cases are very, very interesting. You’ve created a privacy feature that goes against the status quo and might face resistance from the top But there are some very legitimate use cases for it as well.

It’s very impressive work that could become very influential as we slowly adopt new standards of web3

kladkogex · May 2, 2025, 11:19am

Huge thanks to @jackoholleran and @baka! This is a big milestone for us — the entire engineering team has been putting in serious overtime to make it happen.

olehnikolaiev · May 2, 2025, 12:23pm

hey @kladkogex ! thanks for the amazing insights. how do you think each of the features and functionalities you mentioned will impact on transaction throughput and gas costs? it feels like every phase brings more and more heavy mathematical computations

TheGreatAxios · May 2, 2025, 4:07pm

Hey @kladkogex

Great to see our discussion come to life.
Some thoughts from my side:

I think both Phase III and Phase IV bring really unique options that allow the world to move away from “crypto” and more to “decentralized compute” or maybe a new term “secured compute”
I definitely think that directionally this is a great area to push on and explore overall. The reality is that some things for sure can and do make sense as public compute, but so much of the world relies on and expects privacy it’s needed

@olehnikolaiev per your question, while I can’t answer the throughput directly my understanding is that a high performance network of distributed machines implementing BITE should see some performance impact BUT as long as it’s not really noticeable to an end user I think it would be an acceptable tradeoff as it would be far more secure than using a single machine with a secret provided by a single developer. Per the gas costs, I think this depends on the type of network and action but I think it would make sense to see something along the the lines of:

a. Phase I & Phase II on a chain with a gas fee would have a price per decryption within the virtual machine (could potentially be dictated by size as well). I think the unique part is determine where the value should flow back to.

In theory, on a network that utilizes a more traditional round robin/leader-based consensus; it makes sense that the “gas fee” only flows back to the proposer. However, a chain that did have a gas fee who adds support for BITE; it could potentially make sense to the BITE Fee flow back to the committee of who would be utilized to actually decrypt the data and the actual fee could be split between all committee members.

b. Phase III & Phase IV are also interesting. I think it will be hard to know without further technical specification; but I imagine that they would simply utilize Phase I & II mechanics and multiply based on the amount of compute consumed.

c. I think for a chain that has no fees or a more sustainable economic model there are additional options to explore for compensation, but I imagine that they would come in either as an additional SaaS fee OR a potential requirement for stake (if the rev can be captured back by validators in a guaranteed manner). The first is probably simpler but could be prohibitive for newer chains.

Overall – this is a really great discussion and I’m excited to see it continue to evolve. As always, the above are just some of my ideas. Please do share your thoughts or additional questions back regardless of whether you agree/disagree.

Thanks!