Skip to content

Instantly share code, notes, and snippets.

@denniswon

denniswon/gist:32ba5dad6d44ee72de34710735a8d03e

Created March 7, 2026 02:08
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save denniswon/32ba5dad6d44ee72de34710735a8d03e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save denniswon/32ba5dad6d44ee72de34710735a8d03e to your computer and use it in GitHub Desktop.
Download ZIP
Newton Privacy Layer vs Fairblock: Technical Comparison Analysis
Raw
gistfile1.txt
---
Newton Privacy Layer vs Fairblock: Technical Comparison Analysis
★ Insight ─────────────────────────────────────
This comparison covers two fundamentally different approaches to onchain privacy:
- Newton extends an existing EigenLayer AVS (policy evaluation) with privacy primitives — privacy is an add-on to an existing
validator network
- Fairblock is a purpose-built privacy infrastructure chain (FairyRing) that exports cryptographic services to other chains
- The cryptographic primitives overlap significantly (threshold DKG, IBE-like schemes), but the trust models and integration patterns
diverge sharply
─────────────────────────────────────────────────
---
1. Architecture Overview
Newton Privacy Layer
┌──────────────────┬───────────────────────────────────────────────────────────────────────────────┐
│ Component │ Description │
├──────────────────┼───────────────────────────────────────────────────────────────────────────────┤
│ Secure Envelope │ HPKE (RFC 9180) encryption with AAD context binding (X25519/ChaCha20Poly1305) │
├──────────────────┼───────────────────────────────────────────────────────────────────────────────┤
│ Authorization │ Offchain Ed25519 consent signatures validated by gateway │
├──────────────────┼───────────────────────────────────────────────────────────────────────────────┤
│ Operator Network │ Existing EigenLayer AVS operators hold threshold key shares │
├──────────────────┼───────────────────────────────────────────────────────────────────────────────┤
│ Gateway │ Trusted intermediary (Phase 1.5) → replaced by threshold DKG (Phase 2) │
├──────────────────┼───────────────────────────────────────────────────────────────────────────────┤
│ Storage │ Encrypted data refs stored in gateway PostgreSQL (encrypted_data_refs table) │
└──────────────────┴───────────────────────────────────────────────────────────────────────────────┘
Data Flow (Phase 1.5 — current target):
Client → HPKE encrypt to gateway pubkey → store encrypted envelope in DB
→ createTask with encrypted_data_refs
→ Gateway decrypts (single trusted party)
→ Operators evaluate policy on plaintext
→ BLS aggregate signatures → respond on-chain
Data Flow (Phase 2 — future):
Client → HPKE encrypt to threshold pubkey (DKG-derived)
→ Prepare Phase: each operator produces partial decryption
→ t-of-n threshold decryption reconstructs plaintext
→ Operators evaluate policy → BLS sign → aggregate
Fairblock
┌───────────────────┬───────────────────────────────────────────────────────────────────────┐
│ Component │ Description │
├───────────────────┼───────────────────────────────────────────────────────────────────────┤
│ FairyRing │ Cosmos SDK app-chain for decryption key management │
├───────────────────┼───────────────────────────────────────────────────────────────────────┤
│ x/keyshare module │ Manages DKG, validator keyshare submission, aggregation │
├───────────────────┼───────────────────────────────────────────────────────────────────────┤
│ x/pep module │ Pre-execution privacy: stores encrypted txs, decrypts at target block │
├───────────────────┼───────────────────────────────────────────────────────────────────────┤
│ FairyPort │ IBC/cross-chain relayer for key distribution │
├───────────────────┼───────────────────────────────────────────────────────────────────────┤
│ FairyKits │ Integration SDKs for Cosmos, EVM, RustVM chains │
├───────────────────┼───────────────────────────────────────────────────────────────────────┤
│ Encryption SDK │ Client-side browser encryption (no third-party dependency) │
└───────────────────┴───────────────────────────────────────────────────────────────────────┘
Data Flow:
Client → encrypt tx with Master Public Key + condition ID (e.g. block height)
→ submit encrypted tx to destination chain (stored in x/pep)
→ FairyRing validators monitor conditions
→ When condition met: validators submit keyshares
→ On-chain aggregation (2/3+1 threshold)
→ Aggregated key relayed to destination chain
→ x/pep decrypts + executes tx at BeginBlock
---
2. Cryptographic Primitives Comparison
┌─────────────────┬──────────────────────────────────────────────────┬───────────────────────────────────────────────────────────┐
│ Dimension │ Newton Privacy Layer │ Fairblock │
├─────────────────┼──────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ Core Encryption │ HPKE (X25519, HKDF-SHA256, ChaCha20Poly1305) per │ Threshold IBE (Boneh-Franklin on BLS12-381) + hybrid │
│ │ RFC 9180 │ ChaCha20Poly1305 │
├─────────────────┼──────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ Key Exchange │ X25519 Diffie-Hellman (DHKEM) │ Identity-Based Encryption (condition = "identity") │
├─────────────────┼──────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ Threshold │ Pedersen DKG (Phase 2, planned) │ Joint Feldman DKG (implemented, live) │
│ Scheme │ │ │
├─────────────────┼──────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ Signature │ Ed25519 (authorization) + BLS (attestation) │ Cosmos validator signatures │
├─────────────────┼──────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ Advanced │ MPC computation + ZK selective disclosure (Phase │ FHE (CKKS), SPDZ MPC, Twisted ElGamal, witness encryption │
│ (future) │ 3) │ │
├─────────────────┼──────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ AAD Binding │ Secure Envelope binds ciphertext to │ Condition ID binds to block height/price/event │
│ │ domain/policy/chain │ │
└─────────────────┴──────────────────────────────────────────────────┴───────────────────────────────────────────────────────────┘
★ Insight ─────────────────────────────────────
IBE vs HPKE is the key architectural divergence:
- Fairblock's IBE allows encrypting to a condition (block height, price, event) without knowing the decryption key in advance — the
key is derived later by validators. This enables batch decryption: one key decrypts ALL txs for that condition, saving N×S bandwidth
to just S.
- Newton's HPKE encrypts to a specific public key (gateway or threshold group). Decryption requires the key holder to actively
participate. Each envelope must be decrypted individually.
- Fairblock's IBE approach is provably more bandwidth-efficient for batch scenarios (their ePrint paper shows 99.6% bandwidth savings
vs standard threshold decryption for 1000 messages).
─────────────────────────────────────────────────
---
3. Trust Model Comparison
┌─────────────────┬─────────────────────────────────────────────┬─────────────────────────────────────────────────────────────────┐
│ Dimension │ Newton │ Fairblock │
├─────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────┤
│ Phase 1.5 │ Gateway is a single trusted decryptor — │ N/A (already threshold from start) │
│ (current) │ full plaintext access │ │
├─────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────┤
│ Phase 2 │ t-of-n threshold — no single operator sees │ 2/3+1 validator threshold for key aggregation │
│ (planned) │ plaintext │ │
├─────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────┤
│ Validator Set │ EigenLayer restaked operators (ETH economic │ Cosmos SDK validators (staked FAIRY tokens) │
│ │ security) │ │
├─────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────┤
│ Slashing │ EigenLayer slashing conditions │ Custom slashing: slash_fraction_no_keyshare, │
│ │ │ slash_fraction_wrong_keyshare │
├─────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────┤
│ Key Custody │ Operators hold HPKE key shares (Phase 2) │ Share Generation Client creates MSK each epoch, splits to │
│ │ │ validators, destroys MSK │
├─────────────────┼─────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────┤
│ Compliance │ Offchain Ed25519 consent signatures; audit │ Selective per-transaction disclosure; OFAC/MiCA compatible │
│ │ trail │ │
└─────────────────┴─────────────────────────────────────────────┴─────────────────────────────────────────────────────────────────┘
Newton's trust evolution:
- Phase 1.5: Centralized trust — gateway sees all plaintext (stepping stone)
- Phase 2: Threshold trust — t-of-n operators, no single party decrypts
- Phase 3: MPC + ZK — computation on encrypted data, selective disclosure
Fairblock's trust model:
- Threshold from day one — 2/3+1 validators must collude to compromise
- Epoch-based key rotation — MSK destroyed after distribution
- On-chain aggregation — key reconstruction happens transparently on FairyRing
---
4. Decryption Model Comparison
┌──────────────────┬──────────────────────────────────────────────────────┬──────────────────────────────────────────────────────┐
│ Dimension │ Newton │ Fairblock │
├──────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────┤
│ Trigger │ Task creation (explicit RPC call) │ Condition satisfaction (block height, price, event, │
│ │ │ ZK proof) │
├──────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────┤
│ Granularity │ Per-envelope (each encrypted data ref decrypted │ Per-condition (one key decrypts ALL txs under that │
│ │ individually) │ condition) │
├──────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────┤
│ Timing │ On-demand during Prepare Phase │ Automatic at BeginBlock when condition met │
├──────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────┤
│ Bandwidth │ O(N × t) for N envelopes with t-of-n threshold │ O(S) for S validators, regardless of N encrypted txs │
├──────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────┤
│ Privacy Window │ Until operator decrypts during task evaluation │ Until condition is satisfied (can be indefinite) │
├──────────────────┼──────────────────────────────────────────────────────┼──────────────────────────────────────────────────────┤
│ Who Sees │ Operators (during policy evaluation) │ Destination chain (after BeginBlock decryption) │
│ Plaintext │ │ │
└──────────────────┴──────────────────────────────────────────────────────┴──────────────────────────────────────────────────────┘
★ Insight ─────────────────────────────────────
Fairblock's conditional decryption is fundamentally more expressive. Newton decrypts when someone requests it (consent-gated).
Fairblock decrypts when arbitrary on-chain conditions are met — block height, price feeds, ZK proof verification, governance vote
deadlines. This enables use cases like sealed-bid auctions and MEV protection that Newton's consent model doesn't naturally support.
However, Newton's consent model is more suited for compliance-oriented privacy — user controls who sees their data and when.
Fairblock's condition-based model is more suited for market fairness (everyone's data revealed simultaneously).
─────────────────────────────────────────────────
---
5. Cross-Chain & Integration
┌─────────────────┬───────────────────────────────────────────────────┬──────────────────────────────────────────────────────────┐
│ Dimension │ Newton │ Fairblock │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ Native Chain │ No own chain — runs on EigenLayer (Ethereum) │ FairyRing (Cosmos SDK app-chain) │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ EVM Support │ Native (ECS Fargate services on Ethereum/L2s) │ Via FairyKits + precompiles embedded in EVM │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ Cosmos Support │ Not supported │ Native via x/pep module + IBC │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ Solana Support │ Not supported │ Planned │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ Cross-Chain │ Newton's multichain architecture (source → │ FairyPort (IBC relayer) + direct FairyKit integration │
│ Relay │ destination chains) │ │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ Integration │ SDK extension (@newton-protocol/sdk) + RPC calls │ FairyKit deployment + module integration or precompile │
│ Effort │ │ │
├─────────────────┼───────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ User Experience │ Encrypt via SDK, submit via RPC │ Encrypt in browser with Encryption SDK, submit to │
│ │ │ destination chain directly │
└─────────────────┴───────────────────────────────────────────────────┴──────────────────────────────────────────────────────────┘
---
6. Product & Use Case Comparison
┌────────────────────────────┬─────────────────────────────────────────────────┬──────────────────────────────────────────────────┐
│ Use Case │ Newton │ Fairblock │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ Private policy evaluation │ Core use case — privacy for Rego policy inputs │ Not applicable │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ Sealed-bid auctions │ Not natively supported │ Core use case — condition-based reveal │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ MEV/frontrunning │ Not designed for this │ Core use case — pre-execution encryption │
│ protection │ │ │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ Private governance │ Possible via privacy extension │ Native support via encrypted votes │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ Confidential stablecoins │ Not in scope │ StableTrust product (Twisted ElGamal + FHE) │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ Compliance/KYC privacy │ Core design — consent-gated selective │ Supported via post-execution selective │
│ │ disclosure │ disclosure │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ DeFi order privacy │ Possible but not primary │ Protected Trading product │
├────────────────────────────┼─────────────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ Private AI inference │ Not in scope │ Planned (FHE + MPC) │
└────────────────────────────┴─────────────────────────────────────────────────┴──────────────────────────────────────────────────┘
---
7. Maturity & Implementation Status
┌────────────────────────────┬──────────────────────────────────────────────────┬─────────────────────────────────────────────────┐
│ Dimension │ Newton │ Fairblock │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Phase 1 (Foundation) │ 88% complete — HPKE, Ed25519, Secure Envelope, │ ✅ Live — IBE, DKG, keyshare aggregation, │
│ │ DB storage │ public testnet │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Phase 1.5 (Gateway │ 25% complete — gateway as trusted decryptor │ N/A (skipped centralized step entirely) │
│ Decryption) │ │ │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Phase 2 (Threshold DKG) │ 0% — Pedersen DKG, threshold decryption planned │ ✅ Live — Joint Feldman DKG with validator key │
│ │ │ shares │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Phase 3 (MPC/ZK) │ 0% — MPC framework, ZK selective disclosure │ In progress — CKKS FHE, SPDZ, confidential │
│ │ planned │ transfers │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Phase 4 (Ecosystem) │ 0% — L2 deployment, operator onboarding planned │ Active — Arbitrum, CoW Swap, AltLayer │
│ │ │ integrations │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Funding │ Self-funded (Magic Labs / Newton Foundation) │ $2.5M pre-seed (Galileo, Lemniscap, Dialectic, │
│ │ │ etc.) │
├────────────────────────────┼──────────────────────────────────────────────────┼─────────────────────────────────────────────────┤
│ Team/Origin │ Extension of existing Newton Prover AVS │ Academic research from U of Waterloo (ePrint │
│ │ │ 2022/1066) │
└────────────────────────────┴──────────────────────────────────────────────────┴─────────────────────────────────────────────────┘
---
8. Pros & Cons
Newton Privacy Layer
Pros:
1. Leverages existing infrastructure — EigenLayer economic security, existing operator set, existing BLS aggregation. No need to
bootstrap a new validator set.
2. Compliance-first design — consent-based authorization with Ed25519 signatures and audit trails is naturally suited for regulated
use cases (KYC/AML).
3. Progressive decentralization — pragmatic phased approach (gateway → threshold → MPC) reduces initial complexity and time-to-market.
4. Standards-based cryptography — HPKE (RFC 9180) is a well-audited, widely-implemented standard. No novel cryptographic assumptions.
5. Deep integration with policy evaluation — privacy is not a standalone product but an enhancement to an existing product with users
(Rego policy engine).
6. Ethereum-native — no bridging, no Cosmos dependencies, no additional token.
Cons:
1. Phase 1.5 is centralized — gateway as single decryptor is a significant trust assumption. One compromise exposes all privacy data.
2. No conditional decryption — decrypt-on-demand model doesn't support time-locked or condition-gated reveals (sealed auctions, MEV
protection).
3. Per-envelope decryption overhead — each encrypted ref must be decrypted individually; no batch efficiency like IBE provides.
4. Narrow use case — primarily designed for private policy inputs. Not a general-purpose privacy layer for DeFi, governance, or
stablecoins.
5. DKG not yet implemented — Phase 2 threshold operations are planned but 0% complete. The real decentralization story is still
theoretical.
6. No own execution layer — depends on ECS Fargate infrastructure and gateway availability. Not censorship-resistant at the protocol
level.
Fairblock
Pros:
1. Threshold from genesis — never had a centralized decryption phase. 2/3+1 validator threshold from day one.
2. IBE bandwidth efficiency — one decryption key covers ALL transactions under a condition. 99.6% bandwidth savings vs per-tx
threshold decryption (proven in ePrint paper).
3. Expressive decryption conditions — block height, price, events, ZK proofs, custom conditions. Enables sealed auctions, MEV
protection, private governance natively.
4. Multimodal cryptography — IBE, FHE (CKKS), MPC (SPDZ), witness encryption, Twisted ElGamal — selects the right tool per use case.
5. Purpose-built chain — FairyRing optimized for cryptographic operations with native BeginBlock decryption and execution.
6. Broad ecosystem — Cosmos, EVM (Arbitrum), rollups (AltLayer), CoW Swap integration, Solana planned.
7. Academic foundation — published research (ePrint 2022/1066), formal security analysis.
Cons:
1. Requires own chain — FairyRing is an additional trust assumption and infrastructure dependency. Users/apps depend on Cosmos
validator liveness.
2. New token requirement — validators stake FAIRY tokens; adds token economics complexity and bootstrapping challenge.
3. Cross-chain latency — IBC/FairyPort relaying introduces latency between condition satisfaction and destination chain execution.
4. Not Ethereum-native — EVM support via precompiles/FairyKits, but it's fundamentally a Cosmos-first architecture. Ethereum
integration is bolt-on.
5. Centralized key generation step — Share Generation Client creates full MSK before splitting. If compromised during this brief
window, all keys are exposed (mitigated by destroying MSK after distribution, but the window exists).
6. Complexity — multimodal cryptography means larger attack surface and more code to audit across IBE, FHE, MPC, and ZK subsystems.
7. No consent-based model — condition-gated decryption means data is revealed when conditions are met, regardless of whether the data
owner still wants disclosure. Less suited for user-sovereign privacy.
---
9. What We Can Learn from Fairblock
Architectural Lessons
1. Skip the centralized stepping stone. Fairblock launched with threshold DKG from day one. Our Phase 1.5 (gateway as trusted
decryptor) is a pragmatic shortcut, but it introduces a real vulnerability window and delays the trust-minimized story. Consider
accelerating Phase 2 DKG to reduce time spent in the centralized trust model.
2. Conditional decryption is a powerful primitive. Newton's consent-based model ("user signs to authorize decryption") is great for
compliance but limited for market fairness use cases. Consider adding condition-gated decryption as a complementary mode — e.g.,
"decrypt this data at block height X" or "decrypt when price oracle reports Y." This could open sealed-auction and MEV-protection use
cases without building a separate product.
3. Batch decryption via IBE. Our per-envelope HPKE decryption scales as O(N×t). Fairblock's IBE allows one key to decrypt all N
envelopes under the same condition. If we ever need to decrypt many privacy envelopes simultaneously (e.g., batch policy evaluation),
IBE-style schemes would be significantly more efficient. Worth evaluating for Phase 3.
4. On-chain key aggregation. Fairblock aggregates keyshares on-chain (in the x/keyshare module), making the process transparent and
verifiable. Our Phase 2 plans to aggregate partial decryptions off-chain during the Prepare Phase. Consider whether some aggregation
should be verifiable on-chain for auditability.
5. Epoch-based key rotation with MSK destruction. Fairblock's pattern of creating a new MSK each epoch, splitting it, and destroying
the original is a clean forward-secrecy model. Our Phase 2 key rotation (NEWT-174/NEWT-189) should adopt a similar
destroy-after-distribution pattern.
6. Validator slashing for privacy failures. Fairblock slashes validators who fail to submit keyshares or submit wrong ones
(slash_fraction_no_keyshare, slash_fraction_wrong_keyshare). Our EigenLayer operators don't currently have privacy-specific slashing
conditions. Phase 2 should define slashing for operators who fail to provide partial decryptions or provide incorrect ones.
Product Lessons
7. Confidential stablecoins are a market opportunity. Fairblock's StableTrust product targets a clear institutional need. Newton's
privacy layer could potentially be extended to support private transfer amounts in policy evaluation (e.g., "approve this transfer
without revealing the amount to validators").
8. Client-side encryption SDK. Fairblock emphasizes that encryption happens entirely in the browser with no third-party dependency.
Our Newton SDK (NEWT-182) should similarly ensure all HPKE encryption is client-local with no server round-trips for the encryption
step.
9. Precompile-based integration for EVMs. Fairblock embeds cryptographic operations as EVM precompiles, making integration as simple
as calling a contract. For Phase 4 L2 deployment, consider whether Newton privacy operations could be offered as precompiles rather
than requiring SDK integration.
What NOT to Copy
10. Don't build a separate chain. Fairblock's FairyRing adds significant infrastructure and token economics overhead. Newton's
strength is being Ethereum-native on EigenLayer — no bridging, no new token, no Cosmos dependency. Keep it that way.
11. Don't over-generalize. Fairblock tries to be everything (IBE + FHE + MPC + ZK + witness encryption). Newton should stay focused on
consent-gated privacy for policy evaluation and expand narrowly to compliance use cases rather than trying to cover sealed auctions,
MEV protection, and confidential stablecoins simultaneously.
---
10. Strategic Positioning
┌─────────────────────────────────────────────┐
│ PRIVACY DESIGN SPECTRUM │
│ │
User-Sovereign │ Newton ◄────────────────► Fairblock │
(Consent-Based) │ "I choose who sees" "Conditions decide"│
│ │
Compliance-First │ Newton ████████████░░ Fairblock ████░░░░ │
│ │
Market Fairness │ Newton ███░░░░░░░░░░ Fairblock █████████ │
│ │
Ethereum-Native │ Newton ██████████████ Fairblock ███░░░░░ │
│ │
Multi-Ecosystem │ Newton ███░░░░░░░░░░ Fairblock █████████ │
│ │
Production Ready │ Newton ████░░░░░░░░░ Fairblock ████████░ │
└─────────────────────────────────────────────┘
Bottom line: Newton and Fairblock occupy complementary niches. Newton is consent-based, compliance-first, Ethereum-native privacy for
policy evaluation. Fairblock is condition-based, market-fairness-first, multi-ecosystem privacy for DeFi/trading. The biggest
actionable takeaways for Newton are: (1) accelerate Phase 2 DKG to exit the centralized trust model, (2) consider adding conditional
decryption as a complementary mode, and (3) adopt epoch-based key rotation with MSK destruction from the start.
@denniswon
Copy link
Author

denniswon commented Mar 14, 2026

What's Next for Phase 2

The next item to tackle is the Phase 2A gateway/operator integration gaps — the 5 remaining pieces that wire the
threshold decryption crypto (already code-complete in PRs #426-429) into the actual runtime.

However, these integration items depend on PRs #426-429 being merged to main first. So there's a fork:

Option A: Wait for PR merge, then integrate (recommended)

The PRs need reviewer attention. Once #426 merges, the integration work can start on a new branch off main. The 5 items
are:

┌─────┬────────────────────────────┬───────────────────────────────────────────────────────────┬─────────────────────┐
│ # │ Item │ Why It's Next │ Effort │
├─────┼────────────────────────────┼───────────────────────────────────────────────────────────┼─────────────────────┤
│ │ enc_point in │ Without this, the gateway can't send the HPKE │ Small — add one │
│ 1 │ ConsensusPrepareRequest │ encapsulated key to operators during Prepare phase — │ field to the RPC │
│ │ │ operators have nothing to compute partial decryptions on │ request type │
├─────┼────────────────────────────┼───────────────────────────────────────────────────────────┼─────────────────────┤
│ │ Threshold context on │ Gateway needs ThresholdDecryptionContext (MPK + operator │ Medium — config │
│ 2 │ ChainService │ public shares) loaded per-chain at startup so the │ loading + per-chain │
│ │ │ threshold decrypt path in sync.rs can actually run │ init │
├─────┼────────────────────────────┼───────────────────────────────────────────────────────────┼─────────────────────┤
│ │ Operator keyshare loading │ Operator must load ThresholdOperatorConfig from TOML and │ Small — config │
│ 3 │ at startup │ hold KeyShare in memory for partial decryption │ wiring in │
│ │ │ │ builder.rs │
├─────┼────────────────────────────┼───────────────────────────────────────────────────────────┼─────────────────────┤
│ │ newt_getPrivacyPublicKey │ RPC must return threshold MPK instead of gateway's │ Small — conditional │
│ 4 │ switch │ individual key when threshold is configured, so clients │ return │
│ │ │ encrypt to the right key │ │
├─────┼────────────────────────────┼───────────────────────────────────────────────────────────┼─────────────────────┤
│ │ Single-phase consensus │ Privacy tasks using single-phase mode have no Prepare │ Design decision — │
│ 5 │ decision │ phase. Need to either add a decrypt round or reject │ small code either │
│ │ │ privacy+single-phase │ way │
└─────┴────────────────────────────┴───────────────────────────────────────────────────────────┴─────────────────────┘

These are all in the newton-prover-avs repo and collectively complete NEWT-178 (the parent issue "Threshold Decryption
for Two-Phase Consensus").

Option B: Start Phase 2B (Epoch/PSS) in parallel

If you want to keep moving while PRs are in review, Phase 2B work is independent at the Solidity contract level —
EpochRegistry.sol (NEWT-639) can be designed and written without waiting for the Rust PRs to merge. This is net-new
contract code with no dependencies on the threshold Rust crate.

@denniswon
Copy link
Author

denniswon commented Mar 14, 2026

EXPANSION_COMPLETE

The analysis reveals something important: the 5 integration items I originally identified are already implemented on the
feature branches. The actual gaps are more subtle but critical:

┌──────────────────────────────────────────────┬─────────────────────────────────────────────────────────┐
│ Original Assumption │ Reality │
├──────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤
│ enc_point in ConsensusPrepareRequest missing │ Already wired (rpc_server.rs:178, common.rs:366-396) │
├──────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤
│ Threshold context on ChainService missing │ Already loaded (handler/mod.rs:638-663, cloned at 1419) │
├──────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤
│ Operator keyshare loading missing │ Already done (builder.rs:247-270, core.rs:75) │
├──────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤
│ Full threshold decrypt pipeline missing │ Already wired (sync.rs:845-960, 1375-1545) │
├──────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤
│ E2E test missing │ Already exists (threshold.rs, threshold_e2e.rs) │
└──────────────────────────────────────────────┴─────────────────────────────────────────────────────────┘

The real gaps are:

  1. newt_getPrivacyPublicKey always returns centralized key — clients encrypt to wrong key when threshold is configured
  2. No validation rejecting privacy+single-phase+threshold — silent decryption failure
  3. Multi-envelope threshold only handles first envelope — rest silently ignored
  4. Threshold→centralized fallback is useless — different keys, both fail (should remove misleading fallback)
  5. No Prometheus metric for threshold decrypt path

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment