Privacy is a fundamental right, not an optional feature. Under centralized data management structures, individuals have no say in how their data is protected. Moreover, existing blockchain-based privacy protocols fall short of being a fundamental solution due to limitations such as single-chain dependency and a narrow scope of computation.
Arcium is a computation layer built on Multi-Party Computation that simultaneously achieves the conditions required of a general-purpose privacy protocol: privacy preservation during computation, collusion resistance, scalability through parallelized execution, and chain-agnosticism. In doing so, it presents a comprehensive answer to the shortcomings of today's privacy landscape.
Arcium is currently building real-world, MPC-powered privacy-preserving applications centered around the Solana ecosystem, including C-SPL confidential tokens, on-chain dark pools, Umbra, and private AI. Its ultimate goal is to establish privacy as a foundational layer of infrastructure for every blockchain.
There is a Korean proverb that goes, "You don't notice your clothes getting wet in a drizzle."
It describes how when caught in a light rain, you fail to notice yourself getting gradually soaked until you're completely drenched. It's a metaphor for how small things can accumulate into major problems. I believe this proverb closely parallels our awareness of privacy.
Since the spread of the internet, personal information has ceased to be truly owned by individuals. Transaction records, search histories, location data, and other information that can easily be traced back to individuals through correlation have fallen into the hands of advertising companies, social media services, and search engines. These service providers have offered only nominal protection under the guise of safeguarding user information under legal obligations. And we have witnessed through countless cases just how catastrophic this unverifiable privacy can be.
Looking at South Korea in 2025 alone, we see this clearly. An unprecedented situation unfolded where all three major telecommunications carriers suffered personal data breaches due to hacking. In the case of Coupang, a commerce service used by most Koreans, a former employee stole internal authentication keys and leaked personal information of more than 33 million users.
But can individuals, the victims, be held responsible for any of these incidents? No. The victims did not know, and had no right to know, how their data was being stored and managed. Nor could they choose how their data would be protected. The problem lies not with individual carelessness, but with the structural power of service providers who centrally collect and monopolize data.
Source: @VitalikButerin
As Vitalik's tweet says, privacy is not an additional feature but closer to a fundamental human right. An environment where this fundamental right is not structurally guaranteed is itself flawed. If a single mistake by a service provider can expose everything no matter how careful the user is, that is not a problem of the individual but a problem of the infrastructure.
Source: @yrschrade
In the second half of 2025, the crypto community began to rapidly focus on privacy protocols. Starting with the price surge of $ZEC, interest in existing privacy protocols like Monero and Railgun exploded. Interpretations of the cause vary, but factors such as the intensified debate against EU’s "Chat Control" legislation which mandates age certification for social network users, and Vitalik Buterin's promotion of the privacy narrative, accelerated the privacy narrative.
Source: @zachxbt
However, alongside this interest came criticism of the actual effectiveness of existing privacy protocols. Zashi, which had gained attention as a mobile privacy wallet for Zcash, was criticized for allowing easy tracking of deposit and withdrawal addresses through timing and transfer amounts. Railgun faced criticism for its inconvenient frontend user experience and deposit/withdrawal issues. Monero went through a difficult period when its network was taken over due to a hashrate attack by the Qubic founder.
Source: @milianstx
Beyond these user experience aspects, these solutions share a common limitation. Most remain confined to single-chain, single-transaction-level privacy.
Monero's privacy only works within the Monero chain. In cases where a proprietary chain was implemented, confidential smart contracts are supported within the chain, but privacy is ultimately neutralized once you leave that chain's boundaries. This approach of protection with boundaries seems far from being a fundamental solution that provides privacy applications for everyone. In addition, Monero and Zcash provides privacy limited to their native tokens, XMR and ZEC. The privacy guarantees provided by them are effective only when users are transacting with those specific assets.
Ultimately, to implement the trustworthy general-purpose privacy infrastructure mentioned earlier, the following conditions must be met:
Privacy must be maintained not only for data at rest, but also during computation
Privacy must be provided in a verifiable form
Privacy must not be compromised by mistakes or collusion of a few insiders
Scalability must be high enough to run sophisticated applications
Infrastructure must not be dependent on any specific chain
Arcium is a project that has been building toward a general-purpose privacy infrastructure that meets these conditions. In the following sections, we will examine in detail how Arcium has designed its protocol and how it fulfills these five conditions.
Arcium began in 2022 as Elusiv, a privacy protocol built on Solana. They took an approach similar to Railgun, where users could use any supported asset (USDC, SOL etc) to get privacy by depositing the assets into a shielded pool.
However, the team soon hit a strange wall. They could protect individual user privacy, but they couldn't do anything beyond that. Consider this example: How would you implement a sealed-bid auction on-chain, where A and B each submit secret bids and the highest bidder wins? A's bid should only be known to A, and B's bid should only be known to B. Someone needs to compare the two values to determine the winner, but simple zero-knowledge proofs alone could not solve this.
The team defined this as the difference between "private isolated state" and "private shared state." The former protects one user's secrets, while the latter enables multiple parties to compute together while each maintaining their own secrets. Complex privacy applications such as dark pools, poker, and confidential AI training required the latter.
So why couldn't existing privacy solutions solve this problem?
The solution that comes to mind first for solving such problems is Fully Homomorphic Encryption (FHE). FHE theoretically provides the most powerful solution because it allows computations to be performed directly on encrypted data. The problem was the enormous cost in speed and resources. The maximum throughput of current state-of-the-art FHE implementations, represented by Zama, is approximately 20 transactions per second, which falls short of the speed required to implement the infrastructure Arcium envisions.
Trusted Execution Environments (TEE) are hardware-level security solutions that support encrypted computation at the processor level, preventing service providers or operating systems from arbitrarily observing or leaking data. TEE has been widely adopted across Web2 and Web3 because it incurs less computational overhead than other solutions.
However, TEE has a critical problem: the Remote Attestation process that verifies the integrity of the execution environment typically requires communication with the hardware manufacturer, creating a trust burden on the manufacturer. Additionally, TEE has historically been a victim of side-channel attacks, where attackers with access to the service provider's hardware can combine and exploit various information generated during computation to leak the original data. While sufficient as a complementary measure for Web2 services or some privacy protocols that do not aim for decentralization, such vulnerabilities can be fatal for projects like Arcium that seek to build decentralized & trustless services, potentially contaminating the entire service.
Multi-Party Computation (MPC) was a solution that could largely overcome the limitations of the aforementioned approaches. MPC allows multiple parties to jointly perform computations while keeping their respective inputs secret. The core principle involves splitting data into encrypted shares distributed across multiple nodes. Each node cannot see the complete data and performs partial computations only with its own share, then all partial results are combined to reconstruct the final result. MPC is thousands times faster than FHE, and being a purely cryptographic method, it doesn't require trusting hardware like TEE. Joint computation among multiple parties is inherently possible.
In March 2024, the team announced the sunset of Elusiv and pivoted to an entirely new direction. This was the moment Arcium was born.
However, MPC was not a silver bullet. Existing MPC systems had fundamental flaws when applied to blockchain environments.
Most MPC protocols require the assumption of an "honest majority," meaning security is only maintained if more than half of the participants honestly follow the protocol. In permissioned environments, where participants' identities are verified and can be trusted, this assumption can be reasonable. But public blockchains where the most users interact with, such as Ethereum and Solana, are permissionless environments. You cannot know who the node operators are, and there's no guarantee that anonymous actors won't take control of more than half the network.
"Dishonest majority" MPC protocols theoretically solve this problem. Security is maintained as long as there is even one honest participant. But there was another problem: malicious participants could disrupt or halt computations. If just one person goes offline or deliberately sends incorrect data, the entire computation fails. Since it's impossible to identify who caused the disruption, punishment is also impossible. This means complete vulnerability to denial-of-service (DoS) attacks.
The Arcium team developed the Cerberus protocol to overcome this dilemma. Cerberus protocol, being Arcium’s core MPC protocol, is the first practical dishonest-majority MPC protocol designed to achieve identifiable abort security.
"Identifiable abort" means that when a computation fails, it can be cryptographically proven who caused it. Cerberus is built on the BDOZ protocol, where all data shares have MACs (Message Authentication Codes) attached, so if any node submits tampered data, the tampering is immediately detected and the computation aborts, preventing corrupted results from being produced. Currently, Cerberus provides “secure-with-abort”; malicious behaviors can always be caught, but the aborting party cannot yet publicly prove which specific node is malicious. Publicly identifiable abort, where the witness can produce an externally verifiable proof identifying the cheater, is in an active area of research and development.
Once integrated, such proofs could be submitted to an onchain smart contracts to slash the staked assets of malicious nodes, making economic cost of cheating exceed any potential benefit.
When performing MPC through Cerberus on the Arcium network, privacy of data and accuracy of computation are guaranteed as long as there is even one honest participant, which effectively prevents corrupted results from being produced by collusion of malicious nodes.
2.3.1 MXE: Performance breakthrough via parallelization
MPC requires not just protocols but also nodes to perform computations. Arcium operates these under the name Arx nodes. Each Arx node is assigned an encrypted share of specific data and performs MPC partial computations upon request.
Arx nodes perform computations within an isolated virtual execution environment called MXE (Multi-Party eXecution Environment), developed by Arcium. When creating an MXE, Arcium developers can set parameters such as whether to apply Cerberus or Manticore, or how many nodes will participate in the computation.
One of Arcium's key features is parallelization. Traditional MPC protocols required all computations to be processed sequentially, with extensive communication between participating nodes limiting throughput. In contrast, Arcium's MXE architecture compartmentalizes computations into isolated environments, allowing multiple tasks to be processed simultaneously. For example, while dark pool order matching proceeds in one MXE, AI model inference can run in another MXE, and confidential token transfers in yet another, all independently.
At the protocol level, Arcium claims to achieve performance more than 10,000 times faster than FHE. This performance advantage stems primarily from low communication overhead between nodes and the use of preprocessing techniques that shift heavy cryptographic work to an offline phase before the actual computation happens. Combined with MXE’s parallel execution model that provides both high throughput and strong security guarantees, this design forms the foundation for Arcium to function not as a simple privacy solution but as general-purpose infrastructure capable of running actual large-scale applications.
2.3.2 Manticore: MPC for complex applications
On the other hand, not all situations require the highest level of security, and sometimes speed needs to be prioritized. This was the context behind Arcium's acquisition of Inpher, a Web2 confidential computing company, in 2024. Inpher was a company that had been researching confidential computing technology for about 10 years, with Manticore, an MPC protocol, as its core technology. Manticore is optimized for high-intensity workloads like AI and is the second protocol being further developed by Arcium.
Arcium is not an independent chain that sequences transactions and produces blocks through its own consensus mechanism. Instead, it is a privacy computation layer that sits on top of existing blockchains. This design philosophy is the key to fulfilling the final condition of chain agnosticism.
The operation works as follows: When a user or application requests a confidential computation, the request is first queued onchain. Arx nodes in the Arcium network then pick up the queued request, and perform the actual MPC computation offchain. Once the computation is complete, the result is resolved and recorded back onchain. In other words, both the computation request and its result live onchain, while the heavy confidential computation itself is executed offchain by the Arcium network.
The reason for this structure is fundamental: MPC requires multiple parties to coordinate through a specific interactive process, which is inherently incompatible with how transactions on a blockchain are natively processed. Arcium’s offchain computation resolves this constraint, enabling complex multi-party computation that would otherwise be impossible to perform onchain. Additionally, Arcium is not dependent on the base chain's smart contract language or VM, and can provide the same privacy infrastructure to multiple blockchains, making it advantageous in terms of expansion.
Arcium is live on Solana mainnet, and has been building on Solana for over three years. Solana's high throughput and low fees are suitable for Arcium's frequent on-chain settlements. However, according to Arcium's Purple Paper, the architecture was designed from the start to maintain compatibility when expanding to Ethereum and beyond.
The implications are significant. When porting private applications built with Arcium on Solana to Ethereum or other chains, developers’ Arcis code that represents Arcium-specific computation logic remains unchanged (while smart contract integration may require changes).
Arcium aims not to be a privacy feature of a specific chain, but rather general-purpose privacy infrastructure that can be used like a plugin on any chain.
Controlling visibility over token holdings and transfer amounts can be considered the starting point of privacy. Solana also introduced the Confidential Transfer Extension as part of the Token-2022 program in 2024 to address this issue. It was a feature that encrypted token balances and transfer amounts using zero-knowledge proofs.
Source: Arcium
However, Token-2022's Confidential Transfer Extension had several problems. The biggest issue was its EOA-only design. Token-2022's confidential transfers could only have confidential token accounts controlled by personal wallets. This meant smart contracts could not interact with confidential balances. AMMs, lending protocols, liquidity pools, and other core components of Solana DeFi all operate by having programs hold and move tokens, but Token-2022's confidential transfers were not compatible with such programs.
UX was also a problem. To receive a confidential transfer, the recipient first had to create a confidential token account for that token and set up encryption keys. In regular SPL token transfers, the sender can create the recipient's account on their behalf, but this was impossible with confidential transfers. The user experience requiring recipients to complete complex setup procedures for confidential transfers was bound to be an obstacle to mainstream adoption.
In July 2025, Arcium announced the development of the C-SPL (Confidential SPL Token) standard to overcome these limitations. C-SPL takes an approach of combining multiple programs and protocols into a unified abstraction layer rather than replacing existing infrastructure. It integrates the SPL Token program, Token-2022, the Token Wrap program, Arcium's Confidential Transfer Adapter, and encrypted SPL tokens into one.
C-SPL enables on-chain programs to own and manage confidential token accounts. UX friction is expected to disappear as senders can create confidential accounts on behalf of recipients. It allows all existing SPL assets to be wrapped into confidential versions on demand, and enables free switching between public and confidential transfers.
C-SPL is currently under development and targeting deployment on Solana devnet.
A Dark Pool is a private exchange where order information is not disclosed until execution. They originated in the 1980s when the emergence of electronic trading-based high-frequency trading (HFT) began exposing order book information extensively, leading institutions that wanted to avoid exposure of large positions to use private exchanges.
In traditional finance, more than half of total trading volume now occurs in dark pools. However, blockchain has lacked private trading systems like dark pools due to its philosophical commitment to transparently disclosing all data. But in May 2025, the James Wynn Hyperliquid liquidation incident sparked demand for on-chain dark pools, followed by Changpeng Zhao, former CEO of Binance, raising the need for dark pool-style perpetual futures DEXs on X, drawing significant public attention.
Source: Arcium
Arcium recognized the importance of onchain dark pools early on. In May 2025, they launched a dark pool demo on Solana's public testnet.
Dark pools represent one of the most scalable use cases Arcium can offer. This is because Arcium's MXE, which supports parallelized computation over encrypted states, can generate powerful synergies when combined with Solana's deep liquidity. Moreover, since Arcium's MPC is capable of interacting directly with the Solana ecosystem, it carries the distinct advantage of being able to route the substantial spot trading volume of Jupiter and Raydium through the dark pool.
Source: Umbra
Umbra is a financial privacy protocol for Solana built on Arcium's Cerberus MPC protocol, aiming to provide users with anonymity and confidentiality in the transfer and interaction of their tokens.
To use Umbra's services, users deposit tokens into the shielded pool (an encrypted pool). At this time, the protocol seals the amount and sender address into cryptographic notes or commitments, so while on-chain observers can confirm that a deposit was made to the Shielded Pool, they cannot observe who deposited how much.
To access funds deposited in the shielded pool, users must prove through a smart contract that they own one of the confidential notes. Users do this by revealing a nullifier, a unique serial number associated with the deposit.
Umbra is designed with compliance in mind, embedding a compliance framework within its "programmable privacy" philosophy. At the protocol level, Umbra integrates address screening via the Range oracle on Switchboard infrastructure to proactively screen wallet addresses against sanctions and risk databases. Addresses that exceed defined risk thresholds are prevented from entering the shielded pool, with funds returned automatically.
Additionally, Umbra supports selective disclosure through viewing keys. Users can voluntarily generate read-only viewing keys for specific transaction history, balances, or timeframes. These keys cannot be used to transfer or spend assets, and disclosure remains entirely opt-in and granular, allowing users to control exactly what data is shared and with whom.
Considering these features, the functionality Umbra provides may seem similar to Railgun, an EVM privacy protocol. Railgun also supports deposits and withdrawals through shielded pools and is designed with compliance in mind. However, Umbra has fundamental architectural differences from Railgun, enabling higher scalability and more convenient UX.
Railgun uses a pure UTXO model based on zk-SNARKs, while Umbra adopts a hybrid structure combining UTXO-based mixer pools with account-based Encrypted Token Accounts (ETA). The UTXO model provides strong anonymity, while the account model provides composability and programmability. Umbra aims to achieve both.
ETA is an encrypted equivalent of Solana's standard token account (ATA), where balances are stored encrypted.
The key in Umbra's structure is that ETAs can be owned by PDAs (Program Derived Addresses), allowing smart contracts to hold and manage confidential balances. This enables natural integration with DeFi primitives such as AMMs and lending protocols.
The balance update method also differs. In Railgun's case, users must generate zk-SNARK proofs directly on the client, causing balance updates to operate slowly, taking up to 30 seconds. Umbra also requires client-side proof generation for certain actions such as deposits, but does not for transfers as computations are directly performed on encrypted states through Arcium’s MPC network. This significantly reduces the proof generation burden for the most frequent user actions, supporting faster balance updates.
Umbra is designed not as a simple privacy tool but as a foundational protocol. It provides an SDK for developers to directly integrate Umbra's privacy features into Solana applications, enabling features like private P2P payments, shielded in-app transactions, and confidential user balances with minimal effort. Umbra is currently live with private beta, targeting its public launch in the first half of 2026 alongside Arcium's mainnet.
Source: CrunchDAO
Among Arcium's future use cases, AI is the area of continued research and development.
Building next-generation AI and machine learning models requires access to sensitive datasets such as financial and biomedical information. However, privacy concerns, regulatory constraints, and data breach risks have traditionally limited the scope of collaboration using such data. High-quality data is monopolized by a few institutions and locked in silos, and attempts to share it are directly linked to privacy breach risks.
One of the ways Arcium is addressing this is through collaboration with CrunchDAO. CrunchDAO is a DAO composed of over 8,000 data scientists and ML engineers worldwide, realizing decentralized training of AI models through structured modeling challenges called "Crunches."
Through integration with Arcium, CrunchDAO protects computational data during the model training process while allowing data contributors to maintain complete control, keeping sensitive information within their secure environments.
Beyond discovering potential use cases, Arcium is continuously attempting to aggressively expand partnerships within the Solana ecosystem to translate them into actual applications. In May 2025, Arcium announced the formation of the "Encrypted Ecosystem" through partnerships with projects spanning various sectors including DeFi, AI, gaming, payments, interoperability, DePIN, consumer apps, NFTs, and analytics, signaling rapid expansion in the Solana ecosystem.
Beyond the actual applications mentioned earlier, Arcium is directly exploring potential use cases that can be implemented through its infrastructure and presenting them to the developer community. Arcium has published a list of applications with clear market demand for privacy and revenue potential across DeFi, gaming, and AI through its official blog. They continue to update reference implementations for each use case through their examples repository.
All of these use cases and possibilities is what Arcium calls Encrypted Capital Markets. Arcium provides the infrastructure for crypto native applications and institutions to remove the last bottleneck of adoption. This includes more insitutional use cases like confidential asset tokenization, enabling stocks, bonds, funds, and derivatives to move on-chain while meeting institutional confidentiality requirements. Beyond tokenization, Arcium powers confidential trading, lending, and auctions—core functions required for institutional finance on public blockchains.
Let's return to the proverb "You don't notice your clothes getting wet in a drizzle" mentioned at the beginning.
All this time, we have been living in an environment of drizzling rain. You may or may not have been aware that your privacy was potentially under threat, but you likely dismissed it as a natural phenomenon and moved on. To avoid the rain required too much inconvenience, so this was only natural.
Privacy does not feel like a serious problem until you become a victim yourself. So when we see someone opening an umbrella at the first sign of drizzle, some react by saying it's okay to get a little wet, or that it's an overreaction. But the outcomes differ between someone searching for an umbrella when the downpour comes and someone already under one.
What Arcium is building is ultimately this umbrella. Not an environment where individuals must each prepare their own umbrellas, but one where privacy exists as basic infrastructure, as if umbrellas were scattered throughout the streets. An environment where users can choose privacy at any time.
As the age of AI arrives, the value of data is rising, and personalized data that is expensive to collect is increasingly becoming a target of attacks.
Isn't it time to start looking for an umbrella?
Dive into 'Narratives' that will be important in the next year
EigenCloud
Solana
