Ethereum's transparency has lengthy been one in every of its best strengths, but it surely has additionally turn into a structural limitation for a lot of real-world purposes. From MEV transaction inefficiencies to knowledge breaches in DeFi, gaming, and AI-driven workflows, the idea that every part should be public to be verifiable is more and more being questioned. The TEN protocol is constructed on a special premise: that calculations can stay provably appropriate with out forcing customers, builders, and corporations to disclose delicate inputs, methods, and logic to all the market.
On this allnewsbitcoin Q&A, the staff behind the TEN protocol explains its “Trusted Computing” idea and why they imagine privacy-first execution is the lacking basic factor in Ethereum's scaling roadmap. Moderately than launching a separate privateness ecosystem, TEN is designed as a whole EVM setting constructed on Ethereum funds and liquidity, permitting builders to choose and select what must be finished publicly and what must be finished privately.
On this dialogue, we discover how this hybrid mannequin reshapes the consumer expertise, alleviates MEV, allows sealed bidding markets and hidden order flows, and unlocks new classes of purposes, from verifiable AI brokers to provably honest iGaming. We additionally focus on the safety and governance trade-offs when utilizing a trusted execution setting, and the way TEN's structure is designed to make failures detectable, contained, and recoverable relatively than silent and catastrophic.
Our Q&A particulars how selective secrecy can redefine belief, composability, and value throughout the Ethereum ecosystem. 
How will you simply clarify to readers who’re new to the TEN protocol what “trusted computing” means and the way TEN truly solves issues that the present Ethereum L2 doesn't?
At its easiest, “computing with belief” means with the ability to use your dapp with out broadcasting your intentions, technique, or delicate knowledge to everybody monitoring the chain.
Transparency is the default in most Ethereum L2s as we speak. It reveals each transaction, its parameters, intermediate execution steps, and sometimes even the “why” behind the motion. Whereas this degree of openness is highly effective for validation, it poses very actual issues in follow. Trades may be forward or in between. Wallets and dapps leak behavioral and financial knowledge. Video games and auctions battle to keep up each equity and privateness. And lots of real-world and enterprise workflows merely can not work if their design requires exposing inputs and logic.
That is the core structural limitation that TEN addresses. Ethereum is constructed on the premise that to ensure that knowledge to be verifiable, it should be seen. TEN retains verifiability intact, however removes the concept that the info itself must be made public. With the appropriate privateness know-how, you’ll be able to show that your calculations are appropriate with out revealing the underlying inputs or logic.
What it truly means is confidence. Confidence that node operators can not get forward of themselves. The sport is just not secretly rigged. Bids should not copied in actual time. Opponents should not spying in your technique. Dapps don’t extract or monetize customers' private enter.
You continue to get Ethereum-grade safety and validation. You don't have to show every part.
There are different privacy-focused and TEE-oriented tasks in cryptocurrencies. What precisely is completely different about TEN's structure and menace mannequin in comparison with privateness L1, rollup with off-chain proofs, MPC-based approaches, and many others.?
TEN is constructed not as a parallel ecosystem, however as a privacy-first Ethereum execution. The targets are very slim and really intentional. This implies operating EVM-style purposes with selective secrecy whereas sustaining cost, composability, and liquidity locked into Ethereum itself.
This design selection is what actually units TEN aside.
Privateness Once we have a look at L1, we regularly ask builders to maneuver into a brand new world. New instruments, new execution semantics, and completely different assumptions about composability are frequent. TEN takes the alternative method. It isn’t supposed to exchange Ethereum, however to really feel like Ethereum. Builders preserve entry to EVM, the requirements they already use, and current liquidity whereas guaranteeing confidentiality solely when it actually issues.
Though ZK-based non-public execution offers very sturdy privateness ensures, these ensures usually include trade-offs for general-purpose purposes. Circuit complexity, efficiency constraints, and developer friction could make on a regular basis app improvement tougher than it must be. TEN makes use of TEE as an alternative and targets common objective delicate computing with a really completely different efficiency and developer expertise profile.
The MPC-based method eliminates the necessity to belief {hardware} distributors. Though this can be a nice benefit, MPC-based approaches current their very own challenges. Throttling overhead, delays, and operational complexity can shortly degrade the consumer expertise for normal purposes. TEN embraces the idea of belief rooted in {hardware} and focuses on mitigating it by governance, redundancy, and rigorous safety engineering.
The important differentiator is that this hybrid mannequin. What must be public stays public, equivalent to finality, auditability, and settlement. Something that must be non-public stays confidential, equivalent to inputs, order circulate, technique, secret state, and many others.
You speak about how TEN makes cryptocurrencies really feel like “common apps” to finish customers, non-public, easy, and trusted. What’s that like from a UX perspective, and the way is the expertise of a TEN-powered dapp completely different from the expertise of a typical Ethereum dapp as we speak?
On the consumer degree, the fixed feeling that every part you do is seen and may be exploited is eliminated.
With TEN-powered dapps, this manifests itself in small however significant methods. You gained't have to fret about menpooling or watch your trades get pinched in actual time. Intents are non-public by default, whether or not they’re bids, methods, or execution thresholds. Customers don't must depend on defensive workarounds like non-public RPC or handbook slippage hacks to make use of the app securely.
What stays is a cleaner psychological mannequin, nearer to Web2. Assume that the inputs and enterprise logic of the appliance should not uncovered mechanically, as most software program doesn’t.
The modifications themselves are refined, however basic. Privateness will now not be a bolt-on characteristic or a complicated setting understood solely by energy customers, however merely a core product primitive that exists by default.
A trusted execution setting introduces a special kind of belief assumption: {hardware} vendor dependency and enclave safety. How do you tackle issues about side-channel assaults, backdoors, or vendor-level failures in your safety and governance mannequin?
That's precisely the proper of skepticism. TEN's place is just not that TEE is magic or risk-free. It's necessary to be clear about your menace mannequin and design your techniques so {that a} breach doesn't go silent with catastrophic penalties.
TEN assumes that enclaves present confidentiality and integrity inside outlined bounds, and builds on that assumption relatively than pretending they don't exist. The objective is to make failures detectable, contained, and recoverable relatively than invisible.
From a safety perspective, this seems as protection in depth. There are sturdy distant authentication necessities, managed code measurements and reproducible builds, and strict key administration practices equivalent to sealed keys, rotation, and strictly scoped privileges. The assault floor of the enclave is deliberately minimized, and the privileged code operating inside is stored to a minimal.
Redundancy and fail-safe design are equally necessary. TEN avoids architectures the place one enclave successfully dominates the system. The place attainable, depend on multi-operator assumptions and construct protocols such that even a compromised enclave can not rewrite historical past or forge funds on Ethereum.
As soon as governance and operational readiness are full, the image is full. Safety is not only about encryption. Additionally necessary is how shortly and transparently the system can reply. This contains patching, revocation, enclave model locking, and clear incident playbooks that may be executed with out ambiguity.
Importantly, TEN doesn’t ask customers to “belief nothing.” It’s about decreasing the substantial belief that must be positioned in operators and buying and selling companions, and focusing what stays of belief in a a lot narrower, auditable space.
On the DeFi facet, how do sealed bid auctions, hidden order books, and MEV-resistant routing truly work with TEN? And the way can customers and regulators acquire belief in a system the place the core buying and selling logic and order circulate is deliberately encrypted?
Broadly talking, TEN works by altering what’s printed by default.
Think about a sealed bid public sale. As an alternative of broadcasting bids in clear textual content, customers submit bids in encrypted kind. The public sale logic runs throughout the TEE, so particular person bids are by no means uncovered throughout execution. Relying on how the public sale is designed, bids could also be printed solely at settlement, or in no way, with solely the ultimate outcome being printed on-chain. This one change eliminates the bid sniping, copy buying and selling, and strategic leaks that plague as we speak's public auctions.
The identical concept applies to hidden order books. Directions should not seen to others in order that they will reconstruct your intentions and methods in actual time. Merchants are shielded from systematic copying and abuse, whereas the system produces execution outcomes that may be verified after the very fact.
MEV-tolerant wiring is a pure inheritance from this mannequin. The basic MEV pipeline of reference, copy, and sandwich doesn’t exist as a result of the consumer's intent isn’t broadcast to the general public reminiscence pool. There may be nothing to maneuver ahead within the first place.
Naturally, this raises questions on reliability. If the core logic and order circulate are encrypted, how can customers and regulators make sure that the system is working accurately?
The reply is that TEN separates enter privateness and outcome verifiability. Even when the enter is non-public, the rule is just not. Anybody can confirm that the matching engine follows printed algorithms, that liquidation costs are calculated accurately, and that there aren’t any hidden priorities or manipulations.
Along with that, there are clear audit facets and mechanisms for selective disclosure. Regulators and auditors may be granted entry beneath outlined situations, whereas the general public can nonetheless see encrypted commitments and on-chain proof of appropriate execution.
The result’s a uncommon mixture in DeFi as we speak: confidentiality of order circulate and accountability of outcomes.
Verifiable AI brokers are one of many primary use instances. Are you able to present a concrete instance of an AI agent operating on TEN? What’s non-public and what’s publicly verifiable on-chain? And why is it higher than operating the identical agent fully off-chain?
A easy manner to consider that is the protocol's AI-driven monetary rebalancer.
When that agent runs on TEN, lots of the options that make it helpful stay hidden by design. In lots of instances, there is no such thing as a want to show the mannequin weights or prompts, that are core mental property. Proprietary alerts and paid knowledge feeds stay confidential. Inner threat limits, intermediate reasoning, and decision-making logic are by no means leaked to the market. Even the execution intent stays non-public till the second it’s dedicated.
On the similar time, there’s a clear set of publicly verifiable on-chain. By means of attestation, anybody can confirm that the licensed code truly executed. You may confirm that the licensed coverage module enforced the related constraints and that the ensuing actions revered the outlined invariants. The ultimate state transition and settlement will happen overtly on Ethereum, as at all times.
This mix makes it meaningfully higher than operating the identical agent fully off-chain. Off-chain brokers in the end ask customers to belief logs, operators, or unverifiable claims that “the bot adopted the foundations.” TEN removes that blind belief. This permits brokers to maintain aggressive dynamics non-public whereas proving to customers, DAOs, and buying and selling companions that they acted strictly throughout the scope of their mandate.
iGaming has traditionally been stricken by belief points, bots, and opaque RNG. How will TEN be capable to certify honest gaming whereas holding RNG seeds, anti-bot logic, and gaming methods non-public? And the way do you assume this suits into the present regulatory framework for on-line gaming?
iGaming has at all times been constructed round a basic contradiction. Transparency is critical to show equity, however confidentiality is important to guard RNG techniques, safety controls, and anti-bot logic. An excessive amount of publicity will recreation the system. When you conceal an excessive amount of, belief will probably be destroyed.
TEN resolves that battle by selective confidentiality. Delicate parts stay non-public, however guidelines and outcomes stay provable.
Relating to randomness, this permits “provably honest” to be literal relatively than aspirational. Video games can use commit-public and verifiable randomness schemes. Randomness is pre-committed, outcomes are independently verifiable by gamers, and RNG seeds stay non-public till it’s secure to publish or solely partially printed. Gamers acquire confidence in equity even when the attacker doesn’t acquire a usable blueprint.
The identical ideas apply to anti-bot and threat administration. That is necessary as a result of though bot detection heuristics and fraud techniques are run in secrecy, refined attackers shortly adapt as soon as these mechanisms are uncovered. Conserving them non-public maintains their validity whereas permitting the system to provide verifiable outcomes.
Extra broadly, this permits for provable recreation integrity. Gamers can confirm that the sport follows the printed guidelines and that the outcomes haven’t been manipulated, with out exposing delicate inside data equivalent to safety logic, thresholds, and technique parameters.
From a regulatory perspective, this corresponds clearly to the present framework. Regulators are usually involved with auditability, guaranteeing equity, and enforceable controls, relatively than forcing the disclosure of all inside mechanisms. TEN's mannequin of verifiable outcomes mixed with selective disclosure is a pure match with these necessities.
What does constructing “selective non-public” good contracts on TEN appear to be from a developer’s perspective? How do you mark a operate for TEE execution, and the way do you check and debug logic that may't simply logout to a public reminiscence pool?
From a developer's perspective, the best manner to consider TEN is that it's constructed utilizing two execution zones.
There’s a public zone and this looks like common Ethereum improvement. Composable contracts that work as anticipated with customary EVM logic, public state, and any L2.
Then there's the delicate zone. Right here, some particular performance and state is carried out throughout the TEE, enter is encrypted, and disclosure is tightly managed.
In actuality, builders explicitly resolve what must be finished “in non-public” and what ought to stay uncovered. On the confidential facet, you set issues like commerce matching, RNG, technique analysis, or secret storage, however every part else stays uncovered for configuration and settlement.
The modifications in workflow are most noticeable in testing and debugging as a result of you’ll be able to't deal with the general public reminiscence pool as an always-on debugging console. As an alternative, testing and debugging usually depends on an area Devnet with enclave-like execution, deterministic check vectors, and managed debugging modes throughout improvement. It additionally validates habits by verifiable commitments and invariants, relatively than counting on public logs, and proves that the system stayed throughout the guidelines even when inputs are non-public.
The important thing change is to maneuver away from mempool introspection as a debugging level and design for provable correctness from the start.
We emphasize composability between non-public and public parts as a key differentiator. What new software patterns do you anticipate to emerge from this hybrid mannequin, and the way can current Ethereum protocols combine TEN with out fully rewriting the stack?
TEN's hybrid mannequin unlocks software patterns which might be very troublesome or just unattainable with chains which might be clear by default.
One clear sample is non-public enforcement with public funds. Delicate logic equivalent to commerce matching, technique analysis, RNG, and threat administration may be carried out in secret, however the finish outcomes are nonetheless decided publicly on Ethereum. You may guarantee privateness the place it issues with out giving up verifiability or composability.
One other space is protected value discovery and darkish liquidity. Sealed bidding, hidden order books, and personal routing make it attainable to function a fairer market whereas producing verifiable outcomes on-chain. Markets acquire completeness with out changing the intentions of all individuals into public knowledge.
Video games and AI brokers are additionally a pure match. The internals of a hand, technique, immediate, or mannequin can stay non-public, however equity, accuracy, and settlement stay provable. This mix could be very troublesome to realize in a totally clear execution setting.
As well as, selective disclosure purposes are additionally rising. Id, fame, compliance, eligibility checks, and many others. can stay non-public, whereas concurrently implementing public guidelines and producing auditable outcomes.
The distinctive factor about TEN is that you just don't have to surrender your Ethereum. TEN is a whole EVM, so current Ethereum good contracts may be deployed to TEN as-is and work as builders anticipate. The distinction is that you just instantly have the choice to run a few of your logic covertly.
For a lot of protocols, integration is simple. Groups can deploy the identical contract on TEN in parallel with Ethereum, preserve the general public model unchanged, and regularly allow confidential execution the place it provides probably the most worth.
This naturally creates two adoption paths. Some groups select the least effort route by deploying with out altering their current contract and acquiring each public and confidential cases with little extra effort. Different firms take a progressive method, selectively transferring high-value flows equivalent to order circulate, auctions, video games, and agent logic to confidential execution over time.
Importantly, TEN doesn’t drive builders to decide on between composability and confidentiality. This permits us to keep up Ethereum's ecosystem, liquidity, and instruments whereas making privateness a top-of-the-line characteristic relatively than an afterthought.
Who will run the enclaves and infrastructure that powers TEN, how will we keep away from centralization to a couple operators, and what would be the roadmap for decentralizing the community, bootstrapping the ecosystem, and attracting the primary breakout apps on TEN?
Like most new networks, TEN begins with a sensible bootstrap section. Initially, it will imply a smaller, extra selective set of operators and infrastructure with an actual concentrate on reliability and safety. The objective at this stage is to not obtain most decentralization from day one, however to make sure that the system behaves predictably and securely when builders begin constructing actual purposes on prime of it.
Structure and incentives are actually necessary to keep away from long-term centralization. This roadmap is constructed round onboarding non-privileged operators, mixed with sturdy authentication necessities so operators can show they’re operating the appropriate code in the appropriate setting. Financial incentives are designed to encourage many impartial operators relatively than small cartels, with a transparent emphasis on geographic and organizational variety. On prime of that, efficiency and safety requirements are clear, and the protocol itself is structured to forestall a single operator from dominating execution.
When it comes to how the roadmap unfolds, the primary section is about reliability and bootstrapping developer instruments. As soon as that basis is strong, the main target will shift to transport flagship purposes that actually require confidentiality, equivalent to iGaming, secured DeFi workflows, and verifiable AI brokers. From there, operator participation will develop, governance will probably be decentralized, extra worth will circulate by the community, and safety postures will proceed to strengthen as dangers improve.
That's what units up the flywheel of the ecosystem. Builders don't come to TEN simply because it's one other EVM. They're right here to supply options you’ll be able to't get wherever else.
The idea of breakout apps is straightforward and simple. The primary really profitable TEN native software won’t be able to exist or compete on a sequence that’s clear by default. In that case, confidentiality is just not a checkbox characteristic. It's the product itself.
(Tag translation) Ethereum
