On Prover Markets & Private State

Written By Tom Walton-Pocock

tl;dr

If crypto finally arrives as a place to write economically useful programmes, those programmes will very obviously use private state. To get the experiment going, I suggest someone builds Firebase for Noir, to make private blockchain instances feel like a server that’s recognisable to web developers.

Disclaimer

I’m a long-departed cofounder at Aztec; yes, I hold a certain bias. But I’ve had massive failures of conviction about private crypto state. Technology and regulation both seemed too hard. My former Aztec cofounders Zac and Joe stuck fast to their vision, and in 2025 will see it through. I think they’re about to run Ethereum’s first authentic experiment, to make the world computer ready for the world economy.

Here’s why, if you are in crypto, you should be moving to the private state frontier.

Crypto: Closing the Deconstructionist Era

You won’t recall the ‘deconstructionist’ era of 2010s British cuisine, and that’s a good thing.

My pension-age father was once presented with the dismantled ingredients of his favourite pudding: piles of crumbly biscuit, stewed apple, and rhubarb sticks had been neatly deposited in separate corners (yes, corners) of the plate.

“Could you reconstruct it, please?”

That’s the question I hope everyone is asking this DevCon. Less discussion over fibrous SUAVE designs, or flogging AVS memetics, could go a long way.

In the high noon of 2022, protocols were furiously unspun into their raw, inedible ingredients. Layer 2s lost team members decompiling their constituent parts into coprocessors and prover networks. The collective frenzy prized the industry’s attention away from the bizarre practice of decentralising prover resources that anyone maintaining permanent state (e.g. a Layer 2) already had to decentralise: for each coordinated participant in a prover market, the market bayed, in its token gluttony, to decentralise that into another market.

Even language designers were tapped on the shoulder, asked to splice out untested languages from their execution environments by hungry investors.

We all know why — founders were handed their reward functions by venture: the internal rate of return. “IRR” had long worked well for long-duration private capital, and is hard to game for venture, unlike private equity.

But crypto created its own crucible for liqudity: a phantom edition of the capital markets; but before real capital could be plugged in. In doing so, crypto handed the IRR reward function its Coastrunners 7 moment, and an uncanny world of protocols visited for one-off coin harvests by tourist speculators — disconnected from reality.

Here’s why I think the 2025 narrative will, at long last, lead irresistably to a 100% focus on cloud-like platforms guarded by private state — and why the experiment until now was bound to be futile.

Why We’re Here

The people who came to crypto just after the birth of Ethereum saw, mostly, a computer in the sky: a way to capture a common, universally-consistent history of the virtual world in which we all now spend our waking hours.

Ethereum, borrowing inspiration from Bitcoin, gave developers a medium hard as stone: something like placing the pages of electronic history under a paperweight, in an order that could never be reverted or refuted.

After the anthropocene, the cryptoscene.

Privacy and Reputation

First, the perception problem.

Privacy and crypto: surely, the ultimate toxic cocktail? It sounds like a petition to put the coins-and-monkey economy of Sam Bankman-Fried and Do Kwon under cover of darkness.

Blockchains today carry 99% nonsense software. But looking back, they were bound to.

The congenital defect of crypto was also its defining feature: everyone in the world know for sure it’s correct because they can see every part of its state. Just like the internet prior to SSL, if internet traffic is publicly visible, real business is gated out: consumers would be put at intolerable risk of financial fraud, every moment of every day.

Crypto is absolutely analogous: without privacy enabled, the experiment is dead on arrival, and only the fairground can show up.

Imagine reverting internet privacy —

Imagine, starting right now, your deposit account, credit card data, computer filing system, browser, emails and daily phone tracking data, are open-sourced to the world.

Your passport data is on the loose, used to register bogus companies. Your location is immediately revealed: your morning trip to Starbucks at 8.30am is known to the world. Your purchase of a biography of some controversial character. Your cash balance looks invitingly high, and we can all see you’ve just bought a new MacBook Pro: your house (whose address is known to the world) is immediately broken into.

The guarding of information flows is a default and regulating feature of peaceful coexistence.

But the importance of private stat runs far beyond personal security.

Asymmetric information is the cornerstone of business incentives: to make people go out and build and run companies, to create surplus (things and services) without the threat of instant competition before they start.

And the bad actors, what about them?

There are a thousand ways to keep crime and scam artistry financially and legally penalised on blockchain rails. Force them into two-speed capital systems where their money is trades at a discount. Spike the cost of on-shoring back into the clean money system. The law will do a perfectly good job of enforcing that, just as it always has.

Cryptosystems have just deployed the sharp upgrade to KYC/AML needed to keep our new internet rails clean: they’re called webproofs. You can prove a person is physically holding their passport, their likeness to the photo (inference proofs), and apply liveness detection gates, to show they’re in front of the camera at that moment. The pious and performative legal dance of (trivially forgeable) utility bills have long been a toothless anti-crime measure.

Embrace cryptography, embrace private state, and lock out the criminals.

Reputation dealt with; here’s why you should focus 100% on private computing instances to build transformative apps in crypto.

Public Rollups ⇒ Leisure Mode

Public blockchains are locked out from business economics

  • If you’re prepared to use an application in the view of the whole world, it’s a leisure event:

    • Business incentives demand asymmetric information (structurally weak competition = defensible margin)

    • Business uses ⇒ private compute

    • Or the contrapositive: public compute ⇒ leisure mode (= coins, monkeys, and their rails)

Therefore public rollups must remain locked in leisure mode

ZK Proofs: Luxury for Scaling, Prerequisite for Private Computing

Zero knowledge proofs (ZKPs) are luxury as scaling technology

  • Optimistic rollups are fine — looser security, but they work and you can watch the chain for reversion risks

Zero knowledge proofs are necessary as a private blockchain computing technology

  • ZK proofs are required for on-chain private instances — there’s no replacement technology

If you’re working in ZKP technology, this alone is reason enough to focus on private computing.

And that’s before the economic story.

Public Rollups ⇒ Zero Margin

There are various ways to see that blockchains/rollups serving public compute are zero margin in the asymptote:

  • Rollups need iron-clad fairness ⇒ remove reliance on single computing services: cue decentralise sequencers/provers, crList etc

  • So compute providers are zero margin by construction, unless cartels of large proving farms form (possible, but also creeping back towards the centralised reliance blockchains were built to eliminate)

  • Protocol stakeholders are the users ⇒ perfect net fee (protocol margin) is zero i.e. protocol makes subsistence-grade money long run

My unwavering view is that the fatuous protocol thesis was obviously wrong then, and it is obviously wrong now. Nonetheless we went through a multi-year multi-billion-dollar exercise, “just to check”.

The Paired Business & the Trust Residue

  • Your crypto protocol is an internet protocol — if you are very lucky, yours might one day be bundled with TLS — how do you get it there? You’ll need to make it usable, and fast

  • Where to build? Look at the trust residue: where the protocol stops regulating (e.g. bad state transitions on a blockchain), reliance on trusted services begins

I’m at risk of dishing out theory and never suggesting an idea.

Why Private State Crypto Needs Cloud

I’m reasonably confident that private state crypto tends heavily towards cloud:

  • Cost: The ZKP proof is expensive — needs dedicated resources, pooled with other users

  • Pushing Limits: If people love Noir / Leo, they will be hungry to compete for users by building more expressive programmes

  • Clientside Resources: At the same time, they won’t want to consume clientside resources, creating bad user UX

  • Behavioural Analytics: The best apps can only seek the best UX by understanding user behaviours — collecting analytics; defeating the purposes of clientside computing for all but the most sensitive data (e.g. private keys — and Aztec is doing a great job of making those disappear altogether)

Note that traditional cloud companies are highly unlikely to want to touch private state computing, because the compliance overheads will be a pain. Whilst “cloud for X” is often a mighty battle (see the emerging hyperscalers in AI duelling with AWS et al), crypto cloud might be an interesting protectorate, durable enough to bring a startup to scale. Promising!

Private Cloud: The Moats

Features of private crypto instances relying on server execution create good foundations for durable businesses because:

  • Trust: Users and applications form a relationship of trust with their cloud provider to not leak data

  • Switching Costs: Once servers have build and organised state derived from UTXOs, it’s painful to switch provider

  • Compliance: Applications and/or cloud infra have AML overheads (deep down, I think we all know this even if some are tempted to say, “technically we’re not custodians”). That might well become a moat against the insurgency of new entrants in the long run.

Private compute can’t be decentralised by network orchestration, by definition.

So if we know that decentralised networks can’t build here, what should founders do? Here’s a suggestion.

A First Product: Firebase for Noir

Here’s what a Firebase for Noir might do for the application developer:

  • Maintain App State: Application state consists of UTXOs like Bitcoin — except all these UTXOs are encrypted! So maintaining a ‘hot’ representation of state for performant apps will be very important

  • Hold and Decrypt Notes: Starting afresh reading the chain means brute-forcing every note to see if you ‘own it’: the longer a user depends on a Firebase style provider to hold their state, the costlier it is to switch provider because a new brute-forcing exercise needs to be started again

  • Querying and Data Security: Enable rich querying methods, filters, sorting, compound queries for great UX. Implement security rules to enable separation of powers and protection of user data from the app (possible that cloud providers will achieve VPN-like trust status with the end user, which web cloud providers do not)

  • User Analytics: DB analytics are going to be crucial to allowing users to monitor the safety of application state, and optimise performance. Of course plenty can be fetched from the front end too, so I think privacy from the application developer is not going to be a feature of the most successful apps, almost by definition.

  • Compliance: Yes, the Coinbase moat. Coinbase is, whether you like it or not, the world’s best crypto VPN — infinitely better than Tornado Cash because your capital is checked for cleanliness, and you can use it and hold it and spend it.

Firebase for Noir can turn the cold, hard, lightless computing environment of a private blockchain into a hot-server experience. Now responsive apps that can safely allow money to flow securely through the veins of web apps.

Concluding Remarks

  • I think private crypto instances are margin rich, ripe for product / services opportunities, and the only place where business applications can start to take the ‘stateful internet’ seriously

  • Right now 100% of prover overhead executes on public state blockchain systems — I think that figure trends to essentially 0% over time, and infra companies should start figuring out how they end up there

  • Please tell me if you’re building Firebase for Noir!

Tom Walton-Pocock