Why privacy in blockchain must start with open source
Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model that has and continues to work, but it comes with trade-offs, namely: opacity, concentration of power, and limited innovation.
A new model of trust
With blockchains and decentralized applications (dApps), a new model of trust has emerged: one that doesn’t require trusting institutions but instead trusts the code itself. And this is only possible because of a founding principle: open source.
In the blockchain space, open source is not optional – it’s the default. It’s what allows anyone, anywhere, to inspect the rules of a protocol, audit the smart contracts, and verify that a system does what it says. If the code is not open, users cannot know what they are signing up for.
Now, you’d be forgiven for assuming that privacy and open-source development are in opposition with each other. After all, if the code is open for anyone to inspect, how can it guarantee confidentiality in production systems?
Certainly, as blockchain adoption accelerates across industries, the tension between transparency and privacy has become one of the most important – and misunderstood – conversations in tech.
Open source is how trust is built without intermediaries. It’s the foundation of decentralization. Thousands of developers and security researchers continuously review public codebases. Vulnerabilities are spotted and fixed faster. Over time, this leads to robust and secure systems. Some of the most trusted tools in cybersecurity, like OpenSSL, Linux (which powers about 70% of all web servers globally), or Bitcoin, are open source, and their security has only improved with time.
It’s a principle that goes back to the 19th century; Auguste Kerckhoffs, a Dutch cryptographer, wrote that a secure system should remain secure even if everything about it is public, except the secret key. This is known as Kerckhoffs’ Principle, and it remains a cornerstone of modern cryptography. Open source is simply the implementation of that idea in software: the code must be public so that other developers can verify its behavior independently of the author.
Some people confuse open source with data transparency. These are two very different things. A protocol can be open source, and must be, if it is to be trusted, while still protecting the confidentiality of its users. In fact, that’s the direction blockchain is now taking.
Blockchains were designed to be transparent. Every transaction is public by default – a necessary compromise in the early days, when the technology to protect data while preserving auditability simply didn’t exist. It’s the same story as the early web. HTTP traffic was fully visible for over a decade until TLS was added in 2006 to hide data. This strategy made sense for early blockchain experimentation but has now become a problem for real-world use. No one wants their salary, trading strategy, or personal finance history published forever on a public ledger. So now, the challenge is how to restore privacy, without compromising on auditability.
Privacy-preserving technologies (PETs)
This is where privacy-preserving technologies come in. While not all PETs are open source – trusted execution environments (TEEs) being one example – all cryptography-based PETs used in blockchain are open source by design.
Zero-knowledge proofs (ZKPs), for example, are a way to prove something is true without revealing why. They allow private transactions and identity checks onchain. Most modern ZK systems like PlonK, Groth16, or STARKs are open source, developed and reviewed by the global cryptography community.
Fully homomorphic encryption (FHE) enables computation on encrypted data. It lets you run smart contracts without ever decrypting the inputs. We’ve open-sourced our cryptographic library, TFHE-rs, and are building an open protocol to bring encrypted computation to blockchains.
Secure multi-party computation (MPC) is another key area. It allows different actors to jointly compute results without revealing their individual inputs. Many MPC protocols used today, like threshold signatures or DKG, are open source as well, for the same reason: trust cannot exist without transparency of the mechanism.
Why we must start with transparency in the code
The reality is simple. If we want privacy onchain, we must start with transparency in the code. Open source is not a risk to privacy, it is the very thing that makes it possible. It’s how we make sure that confidential systems are behaving correctly, that there are no hidden flaws or secret backdoors, and that anyone can contribute to improving them.
The future of blockchain and decentralized finance will depend on our ability to balance privacy and auditability. We build trust not by hiding how things work, but by showing them to the world and letting the best ideas survive inspection.
That’s what open source is for. And in our view, it’s the only way.