Ethereum’s transparency has lengthy been one among its best strengths, but it surely has additionally grow to be a structural limitation for a lot of real-world purposes. From MEV transaction inefficiencies to knowledge breaches in DeFi, gaming, and AI-driven workflows, the belief that every little thing have to be public to be verifiable is more and more being questioned.
The TEN protocol is constructed on a distinct premise: that calculations can stay provably appropriate with out forcing customers, builders, and corporations to disclose delicate inputs, methods, and logic to the complete market.
On this btcpizza Q&A, the crew behind the TEN protocol explains its “Trusted Computing” idea and why they consider privacy-first execution is the lacking elementary factor in Ethereum’s scaling roadmap.
Slightly than launching a separate privateness ecosystem, TEN is designed as a whole EVM surroundings constructed on Ethereum funds and liquidity, permitting builders to select and select what needs to be performed publicly and what needs to be performed privately.
On this dialogue, we discover how this hybrid mannequin reshapes the consumer expertise, reduces MEV, permits sealed bidding markets and hidden order flows, and unlocks new classes of purposes, from verifiable AI brokers to confirmed honest iGaming.
We additionally talk about the safety and governance trade-offs when utilizing a trusted execution surroundings, and the way TEN’s structure is designed to make failures detectable, contained, and recoverable reasonably than silent and catastrophic.
Our Q&A particulars how selective secrecy can redefine belief, composability, and usefulness throughout the Ethereum ecosystem. 
How will you simply clarify to readers who’re new to the TEN protocol what “trusted computing” means and the way TEN really solves issues that the prevailing Ethereum L2 does not?
At its easiest, “computing with belief” means with the ability to use your dapp with out broadcasting your intentions, technique, or delicate knowledge to everybody monitoring the chain.
Transparency is the default in most Ethereum L2s as we speak. It reveals each transaction, its parameters, intermediate execution steps, and infrequently even the “why” behind the motion. Whereas this stage of openness is highly effective for validation, it poses very actual issues in observe. Trades might be forward or in between. Wallets and dapps leak behavioral and financial knowledge. Video games and auctions wrestle to keep up each equity and privateness. And lots of real-world and enterprise workflows merely can not work if their design requires exposing inputs and logic.
That is the core structural limitation that TEN addresses. Ethereum is constructed on the premise that to ensure that knowledge to be verifiable, it have to be seen. TEN retains verifiability intact, however removes the concept that the info itself must be made public. With the appropriate privateness expertise, you possibly can show that your calculations are appropriate with out revealing the underlying inputs or logic.
What it really means is confidence. Confidence that node operators can not get forward of themselves. The sport is just not secretly rigged. Bids will not be copied in actual time. Rivals will not be spying in your technique. Dapps don’t extract or monetize customers’ private enter.
You continue to get Ethereum-grade safety and validation. You need not show every little thing.
There are different privacy-focused and TEE-oriented initiatives in cryptocurrencies. What precisely is totally different about TEN’s structure and menace mannequin in comparison with privateness L1, rollup with off-chain proofs, MPC-based approaches, and so on.?
TEN is constructed not as a parallel ecosystem, however as a privacy-first Ethereum execution. The objectives are very slim and really intentional. This implies operating EVM-style purposes with selective secrecy whereas sustaining cost, composability, and liquidity locked into Ethereum itself.
This design selection is what actually units TEN aside.
Privateness Once we take a look at L1, we regularly ask builders to maneuver into a brand new world. New instruments, new execution semantics, and totally different assumptions about composability are frequent. TEN takes the other strategy. It’s not supposed to exchange Ethereum, however to really feel like Ethereum. Builders keep entry to EVM, the requirements they already use, and current liquidity whereas guaranteeing confidentiality solely when it actually issues.
Though ZK-based personal execution gives very sturdy privateness ensures, these ensures sometimes include trade-offs for general-purpose purposes. Circuit complexity, efficiency constraints, and developer friction could make on a regular basis app growth tougher than it must be. TEN makes use of TEE as a substitute and targets basic function delicate computing with a really totally different efficiency and developer expertise profile.
The MPC-based strategy eliminates the necessity to belief {hardware} distributors. Though it is a nice benefit, MPC-based approaches current their very own challenges. Throttling overhead, delays, and operational complexity can rapidly degrade the consumer expertise for normal purposes. TEN embraces the belief of belief rooted in {hardware} and focuses on mitigating it by means of governance, redundancy, and rigorous safety engineering.
The important differentiator is that this hybrid mannequin. What needs to be public stays public, similar to finality, auditability, and settlement. Something that must be personal stays confidential, similar to inputs, order movement, technique, secret state, and so on.
You discuss how TEN makes cryptocurrencies really feel like “common apps” to finish customers, personal, easy, and trusted. What’s that like from a UX perspective, and the way is the expertise of a TEN-powered dapp totally different from the expertise of a typical Ethereum dapp as we speak?
On the consumer stage, the fixed feeling that every little thing you do is seen and might be exploited is eliminated.
With TEN-powered dapps, this manifests itself in small however significant methods. You will not have to fret about menpooling or watch your trades get pinched in actual time. Intents are personal by default, whether or not they’re bids, methods, or execution thresholds. Customers do not should depend on defensive workarounds like personal RPC or handbook slippage hacks to make use of the app securely.
What stays is a cleaner psychological mannequin, nearer to Web2. Assume that the inputs and enterprise logic of the applying will not be uncovered robotically, as most software program doesn’t.
The adjustments themselves are refined, however elementary. Privateness will not be a bolt-on function or a sophisticated setting understood solely by energy customers, however merely a core product primitive that exists by default.
A trusted execution surroundings introduces a distinct sort of belief assumption: {hardware} vendor dependency and enclave safety. How do you handle issues about side-channel assaults, backdoors, or vendor-level failures in your safety and governance mannequin?
That is precisely the proper of skepticism. TEN’s place is just not that TEE is magic or with out danger. It is necessary to be clear about your menace mannequin and design your programs so {that a} breach does not go silent with catastrophic penalties.
TEN assumes that enclaves present confidentiality and integrity inside outlined bounds, and builds on that assumption reasonably than pretending they do not exist. The objective is to make failures detectable, contained, and recoverable reasonably than invisible.
From a safety perspective, this seems as protection in depth. There are sturdy distant authentication necessities, managed code measurements and reproducible builds, and strict key administration practices similar to sealed keys, rotation, and strictly scoped privileges. The assault floor of the enclave is deliberately minimized, and the privileged code operating inside is saved to a minimal.
Redundancy and fail-safe design are equally necessary. TEN avoids architectures the place one enclave successfully dominates the system. The place attainable, depend on multi-operator assumptions and construct protocols such that even a compromised enclave can not rewrite historical past or forge funds on Ethereum.
As soon as governance and operational readiness are full, the image is full. Safety is not only about encryption. Additionally necessary is how rapidly and transparently the system can reply. This consists of patching, revocation, enclave model locking, and clear incident playbooks that may be executed with out ambiguity.
Importantly, TEN doesn’t ask customers to “belief nothing.” It’s about lowering the substantial belief that must be positioned in operators and buying and selling companions, and focusing what stays of belief in a a lot narrower, auditable space.
On the DeFi facet, how do sealed bid auctions, hidden order books, and MEV-resistant routing really work with TEN? And the way can customers and regulators achieve belief in a system the place the core buying and selling logic and order movement is deliberately encrypted?
Broadly talking, TEN works by altering what’s revealed by default.
Think about a sealed bid public sale. As an alternative of broadcasting bids in clear textual content, customers submit bids in encrypted kind. The public sale logic runs throughout the TEE, so particular person bids are by no means uncovered throughout execution. Relying on how the public sale is designed, bids could also be revealed solely at settlement, or in no way, with solely the ultimate consequence being revealed on-chain. This one change eliminates the bid sniping, copy buying and selling, and strategic leaks that plague as we speak’s public auctions.
The identical thought applies to hidden order books. Directions will not be seen to others in order that they’ll reconstruct your intentions and techniques in actual time. Merchants are protected against systematic copying and abuse, whereas the system produces execution outcomes that may be verified after the actual fact.
MEV-tolerant wiring is a pure inheritance from this mannequin. The traditional MEV pipeline of reference, copy, and sandwich doesn’t exist as a result of the consumer’s intent isn’t broadcast to the general public reminiscence pool. There’s nothing to maneuver ahead within the first place.
Naturally, this raises questions on reliability. If the core logic and order movement are encrypted, how can customers and regulators make certain that the system is working appropriately?
The reply is that TEN separates enter privateness and consequence verifiability. Even when the enter is personal, the rule is just not. Anybody can confirm that the matching engine follows revealed algorithms, that liquidation costs are calculated appropriately, and that there aren’t any hidden priorities or manipulations.
Along with that, there are clear audit elements and mechanisms for selective disclosure. Regulators and auditors might be granted entry below outlined situations, whereas the general public can nonetheless see encrypted commitments and on-chain proof of appropriate execution.
The result’s a uncommon mixture in DeFi as we speak: confidentiality of order movement and accountability of outcomes.
Verifiable AI brokers are one of many essential use instances. Are you able to present a concrete instance of an AI agent operating on TEN? What’s personal and what’s publicly verifiable on-chain? And why is it higher than operating the identical agent fully off-chain?
A easy means to consider that is the protocol’s AI-driven monetary rebalancer.
When that agent runs on TEN, lots of the options that make it priceless stay hidden by design. In lots of instances, there is no such thing as a want to reveal the mannequin weights or prompts, that are core mental property. Proprietary indicators and paid knowledge feeds stay confidential. Inner danger limits, intermediate reasoning, and decision-making logic are by no means leaked to the market. Even the execution intent stays personal till the second it’s dedicated.
On the identical time, there’s a clear set of publicly verifiable on-chain. By attestation, anybody can confirm that the licensed code really executed. You may confirm that the licensed coverage module enforced the related constraints and that the ensuing actions revered the outlined invariants. The ultimate state transition and settlement will happen overtly on Ethereum, as at all times.
This mixture makes it meaningfully higher than operating the identical agent fully off-chain. Off-chain brokers finally ask customers to belief logs, operators, or unverifiable claims that “the bot adopted the foundations.” TEN removes that blind belief. This permits brokers to maintain aggressive dynamics personal whereas proving to customers, DAOs, and buying and selling companions that they acted strictly throughout the scope of their mandate.
iGaming has traditionally been tormented by belief points, bots, and opaque RNG. How will TEN be capable to certify honest gaming whereas retaining RNG seeds, anti-bot logic, and gaming methods personal? And the way do you suppose this matches into the prevailing regulatory framework for on-line gaming?
iGaming has at all times been constructed round a elementary contradiction. Transparency is important to show equity, however confidentiality is important to guard RNG programs, safety controls, and anti-bot logic. An excessive amount of publicity will recreation the system. For those who disguise an excessive amount of, belief can be destroyed.
TEN resolves that battle by means of selective confidentiality. Delicate elements stay personal, however guidelines and outcomes stay provable.
Concerning randomness, this enables “provably honest” to be literal reasonably than aspirational. Video games can use commit-public and verifiable randomness schemes. Randomness is pre-committed, outcomes are independently verifiable by gamers, and RNG seeds stay personal till it’s protected to publish or solely partially revealed. Gamers achieve confidence in equity even when an attacker doesn’t acquire a usable blueprint.
The identical rules apply to anti-bot and danger administration. That is necessary as a result of though bot detection heuristics and fraud programs are run in secrecy, refined attackers rapidly adapt as soon as these mechanisms are uncovered. Holding them personal maintains their validity whereas permitting the system to supply verifiable outcomes.
Extra broadly, this enables for provable recreation integrity. Gamers can confirm that the sport follows the revealed guidelines and that the outcomes haven’t been manipulated, with out exposing delicate inner info similar to safety logic, thresholds, and technique parameters.
From a regulatory perspective, this corresponds clearly to the prevailing framework. Regulators are sometimes involved with auditability, guaranteeing equity, and enforceable controls, reasonably than forcing the disclosure of all inner mechanisms. TEN’s mannequin of verifiable outcomes mixed with selective disclosure is a pure match with these necessities.
What does constructing “selective personal” sensible contracts on TEN appear like from a developer’s perspective? How do you mark a perform for TEE execution, and the way do you check and debug logic that may’t simply logout to a public reminiscence pool?
From a developer’s perspective, the best means to consider TEN is that it is constructed utilizing two execution zones.
There’s a public zone and this looks like common Ethereum growth. Composable contracts that work as anticipated with normal EVM logic, public state, and any L2.
Then there’s the delicate zone. Right here, sure capabilities and elements of the state are executed throughout the TEE, enter is encrypted, and disclosure is tightly managed.
In actuality, builders explicitly resolve what must be performed “in personal” and what ought to stay uncovered. On the confidential facet, you set issues like commerce matching, RNG, technique analysis, or secret storage, however every little thing else stays uncovered for configuration and settlement.
The adjustments in workflow are most noticeable in testing and debugging as a result of you possibly can’t deal with the general public reminiscence pool as an always-on debugging console. As an alternative, testing and debugging sometimes depends on a neighborhood Devnet with enclave-like execution, deterministic check vectors, and managed debugging modes throughout growth. It additionally validates habits by means of verifiable commitments and invariants, reasonably than counting on public logs, and proves that the system stayed throughout the guidelines even when inputs are personal.
The important thing change is to maneuver away from mempool introspection as a debugging level and design for provable correctness from the start.
We emphasize composability between personal and public elements as a key differentiator. What new software patterns do you anticipate to emerge from this hybrid mannequin, and the way can current Ethereum protocols combine TEN with out fully rewriting the stack?
TEN’s hybrid mannequin unlocks software patterns which can be very tough or just unattainable with chains which can be clear by default.
One clear sample is personal enforcement with public funds. Delicate logic similar to commerce matching, technique analysis, RNG, and danger administration might be carried out in secret, however the finish outcomes are nonetheless decided publicly on Ethereum. You may guarantee privateness the place it issues with out giving up verifiability or composability.
One other space is protected worth discovery and darkish liquidity. Sealed bidding, hidden order books, and personal routing make it attainable to function a fairer market whereas producing verifiable outcomes on-chain. Markets achieve completeness with out changing the intentions of all individuals into public knowledge.
Video games and AI brokers are additionally a pure match. The internals of a hand, technique, immediate, or mannequin can stay personal, however equity, accuracy, and settlement stay provable. This mixture could be very tough to realize in a very clear execution surroundings.
Functions for selective disclosure are additionally rising. Identification, status, compliance, eligibility checks, and so on. can stay personal, whereas concurrently imposing public guidelines and producing auditable outcomes.
The distinctive factor about TEN is that you do not have to surrender your Ethereum. TEN is a whole EVM, so current Ethereum sensible contracts might be deployed to TEN as-is and work as builders anticipate. The distinction is that you just instantly have the choice to run a few of your logic covertly.
For a lot of protocols, integration is simple. Groups can deploy the identical contract on TEN in parallel with Ethereum, preserve the general public model unchanged, and progressively allow confidential execution the place it provides essentially the most worth.
This naturally creates two adoption paths. Some groups select the least effort route by deploying with out altering their current contract and acquiring each public and confidential cases with little further effort. Different corporations take a progressive strategy, selectively shifting high-value flows similar to order movement, auctions, video games, and agent logic to confidential execution over time.
Importantly, TEN doesn’t power builders to decide on between composability and confidentiality. This permits us to keep up Ethereum’s ecosystem, liquidity, and instruments whereas making privateness a top-of-the-line function reasonably than an afterthought.
Who will run the enclaves and infrastructure that powers TEN, how will we keep away from centralization to some operators, and what would be the roadmap for decentralizing the community, bootstrapping the ecosystem, and attracting the primary breakout apps on TEN?
Like most new networks, TEN begins with a sensible bootstrap part. Initially, it will imply a smaller, extra selective set of operators and infrastructure with an actual deal with reliability and safety. The objective at this stage is to not obtain most decentralization from day one, however to make sure that the system behaves predictably and securely when builders begin constructing actual purposes on high of it.
Structure and incentives are actually necessary to keep away from long-term centralization. This roadmap is constructed round onboarding non-privileged operators, mixed with sturdy authentication necessities so operators can show they’re operating the appropriate code in the appropriate surroundings. Financial incentives are designed to encourage many unbiased operators reasonably than small cartels, with a transparent emphasis on geographic and organizational variety. On high of that, efficiency and safety requirements are clear, and the protocol itself is structured to forestall a single operator from dominating execution.
By way of how the roadmap unfolds, the primary part is about reliability and bootstrapping developer instruments. As soon as that basis is strong, the main target will shift to transport flagship purposes that actually require confidentiality, similar to iGaming, secured DeFi workflows, and verifiable AI brokers. From there, operator participation will develop, governance can be decentralized, extra worth will movement by means of the community, and safety postures will proceed to strengthen as dangers improve.
That is what units up the flywheel of the ecosystem. Builders do not come to TEN simply because it is one other EVM. They’re right here to supply options you possibly can’t get wherever else.
The idea of breakout apps is easy and easy. The primary really profitable TEN native software won’t be able to exist or compete on a sequence that’s clear by default. In that case, confidentiality is just not a checkbox function. It is the product itself.
