Elliot Friedman

Composable Privacy

My career has had two threads. One is engineering. I have spent most of my professional life writing smart contracts, mostly on the Ethereum virtual machine, with a brief detour through Hyperledger Fabric before coming back. The other is investing, and the thing I keep betting on, misplaying, and coming back to is privacy coins.

The first bet was Monero. I was seventeen, it was 2014, and I had just read the CryptoNote whitepaper. I thought it was one of the most interesting pieces of applied cryptography I had seen. Ring signatures, stealth addresses, untraceable transactions as a first-class property of the protocol. I bought some. The price dropped ten percent. I sold. The emotional maturity required to hold through a drawdown is rare at seventeen.

The second bet, a few years later while I was learning to write software, was Dero. It was trading under a cent. I rented ASICs on cloud mining platform, started mining, and started dollar-cost averaging in. What made it interesting was that it promised private smart contracts. You could write a contract, deploy it, and have the system state be hidden. It combined the two things I cared about deeply into one technology. At the time, it was the most advanced private smart platform around.

The problem is that it did not work. Not because the cryptography was wrong (I didn't verify that). Not because the team was unserious. It did not work for a structural reason that explains why, a decade into crypto, no private smart contract platform has been adopted at anything resembling the scale of the public ones. Aleo shipped. Aztec shipped. Penumbra, Namada, Oasis Sapphire, Fhenix all shipped. None of them is where the liquidity, the tooling, or the composition lives. The reason, I think, is composability.

A smart contract platform is only as useful as the contracts you can stack on top of it. The real value of Ethereum is not any single contract. It is that any contract can call any other contract, read its state, act on its outputs, and compose new behaviors out of existing ones. Uniswap matters because aggregators route through it. Aave matters because other protocols take leveraged positions against its positions. The whole thing is a Lego set where the pieces interlock by calling each other's functions and reading each other's storage.

Now imagine that Lego set with every other piece in an opaque black box. The composability collapses. If my contract cannot see the state of your contract, it cannot act on it. If it cannot act on it, it cannot integrate with it. And if nothing can integrate with your contract, your contract is not really part of the ecosystem. It is a private island, a bridge to nowhere.

The industry's answer has been to go partial. Mix public and private state. Say "this part is private, this part is public, trust us that the leakage is bounded." But mixed privacy is often worse than no privacy, because the public parts are usually sufficient to reconstruct the private parts. Blockchain forensics firms earn fees doing exactly this. If even a sliver of the graph is observable, the rest of it falls out by inference. Timing, amounts, counterparties, global contract state. "Private with an asterisk" is how chainalysis sells their software to governments, which means this "privacy" isn't a property you can bet your life on.

Composability is not the only blocker. Prover performance is real. Dev ergonomics for Noir and Leo are still nascent. The post-Tornado regulatory chill makes teams hesitant to put privacy on the marketing critical path. But composability is the one that cannot be solved by throwing more engineers at it. You either find a way for contracts to read each other's state without seeing it, or you do not.

The holy grail for a smart contract platform is fully private, fully composable, with an account model that does not leak, and cryptography that no analytics firm can crack. It may not be possible with the current primitives available today. Maybe it requires advances in fully homomorphic encryption, or zero-knowledge virtual machines with stateful composition, or something nobody has proposed yet. I do not know. I do know that I will be watching for teams that can crack dev ergonomics, composability, and fully private smart contract systems, because if you nail all three, you have a winner.