Three architectures for confidentiality on public blockchains, and what the institutional infrastructure choice looks like in 2026
Every major custodian, market maker, and stablecoin issuer evaluating public-blockchain rails this year is implicitly choosing among three architectures for confidentiality: operator-controlled environments anchored to a public chain (Tempo Zones), client-side zero-knowledge proofs (Aztec), and fully homomorphic encryption (Zama). Each forces a different conversation with regulators, carries a different failure mode, and ages differently against the next decade of cryptographic and computational change. Trade press coverage of Tempo's Zones launch and the Zama and Aztec critiques that followed has framed the three as competing implementations, but this is short-sighted. What follows is the work of comparing them and the signals that would sharpen the choice over the next two quarters.
The three positions
Tempo Zones: the operator-inside-the-boundary model. Tempo, the payments-focused Layer 1 backed by Stripe and Paradigm, shipped Zones on April 16, 2026: confidential stablecoin transactions inside permissioned environments anchored to a public chain. Visa, Stripe, and Zodia Custody by Standard Chartered had joined the validator set two days earlier; Tempo carries a $5B valuation following a $500M Series A in October 2025. Georgios Konstantopoulos, the Paradigm CTO who has been the architecture's most visible advocate, frames Zones as the pragmatic answer enterprises have been asking for, with known operators, familiar trust relationships, and a compliance posture regulators already understand.
Zama argues that operator-controlled confidentiality is not confidentiality at all. Ghazi Ben Amor, Zama's Senior VP of Business Development, told Cointelegraph shortly after the Zones launch that Tempo's design is "essentially private blockchains, no different from existing centralized payment systems." Zama CEO Rand Hindi has reinforced the same framing repeatedly in public, including in a recent DL News interview tied to the T-REX Ledger integration: permissioned chains, in his telling, function "like 1990s intranets, allowing bilateral data exchange while lacking the scale required for global access," the architectural pattern public chains were built to replace. In the FHE camp's reading, an enterprise running its own Zone is operating a bank ledger with new branding.
The counter-argument may deserve more weight than Zama's framing gives it. Operator-controlled confidentiality is exactly what every regulated financial intermediary has run on for decades, and it is the governance model regulators understand, audit, and have a remediation pathway for. Whether the FHE critique lands depends on what the institution thinks public-blockchain rails are for. If the answer is "settlement infrastructure with familiar trust relationships and faster reconciliation," there is no problem to solve. If the answer is "infrastructure whose security does not depend on any single party's ongoing trustworthiness," the critique requires a different solution.
Aztec: protocol-neutral client-side proving. Aztec rejects operator visibility, but rather than encrypting computation on the network, Aztec keeps the data off the network entirely. Users prove transaction validity from their own devices through zero-knowledge proofs, and only the proofs reach the chain. That posture of protocol neutrality extends to compliance. Speaking on the OpenZeppelin Privacy Wars panel, Aztec's representative argued that regulation differs materially across jurisdictions given that what is legal in one country can be illegal in another and a privacy chain that hard-codes any specific compliance regime is "neither very decentralized nor very permissionless." Their answer is a Turing-complete language and dev tooling that lets each application encode the compliance regime it needs.
Zama: encrypted computation at the protocol layer. Zama's architecture uses fully homomorphic encryption, computation on encrypted data without ever decrypting it, to allow smart contracts to process transaction data without it ever being in the clear. The data stays encrypted in transit, at rest, and during execution. No party, including node operators, developers, or Zama itself, sees the raw data at any point. Decryption rights are governed by an Access Control List embedded in the smart contract and enforced by a threshold MPC committee of 13 KMS nodes (current operators include Fireblocks, Ledger, OpenZeppelin, Etherscan, and Figment), with a 2/3 honest-majority requirement and AWS Nitro Enclaves as a defense-in-depth layer.
The wider stack, briefly
The privacy-preserving computation landscape is wider than these three architectures. Trusted execution environments (TEE) are in extensive production, with Phala running confidential AI workloads across roughly 29,000 TEE devices, Oasis Sapphire the only confidential EVM in production, Flashbots and Unichain use TEEs for block building, and Fireblocks and Clave use them for custody. Multi-party computation is the primary trust mechanism for Nillion (with enterprise partnerships including Deutsche Telekom, Vodafone, and Alibaba Cloud) and Arcium. Hybrid architectures combining ZK, MPC, FHE, and TEE are in research and early deployment.
None of those is the lead choice for regulated-finance confidentiality today. The 2025 disclosures of Battering RAM and Wiretap in early October 2025, which compromised Intel SGX and AMD SEV-SNP on DDR4 systems at hardware costs under $50 and TEE.fail in late October 2025, which extended the same class of attack to DDR5 systems including Intel TDX and AMD SEV-SNP with Ciphertext Hiding, kept TEEs from being the trust anchor for regulated flows. Where these technologies appear in the institutional finance stack, they typically sit inside or alongside the three architectures below. Zama uses threshold MPC for key management and AWS Nitro Enclaves to harden its key shares. Aztec's research team has suggested that hybrids are likely the long-term direction.
Three trust models
Every approach to confidentiality on a public blockchain aims to answer the question: who can see the transaction data, and under what conditions?
Tempo Zones: the operator sees everything. A Zone is a parallel chain connected to Tempo's mainnet. Transactions inside a Zone are hidden from the public but fully visible to the Zone operator, typically a financial institution or infrastructure provider. The operator enforces compliance, monitors activity, and controls access. Users see only their own transactions; assets remain interoperable with the public chain. Tempo's argument is that this is the architecture institutional finance has been waiting for: known trust relationships with no cryptographic complexity to explain to a risk committee. A bank already operates this way internally. Zones extend that pattern to public-blockchain rails without requiring the bank to adopt FHE.
Aztec: the user proves validity without revealing data. Aztec generates zero-knowledge proofs on the user's device. Transaction data never leaves the user's machine; the network sees only proofs that the transaction is valid. The Alpha network has been live since March 2026, with the underlying Ignition Chain running over 3,500 sequencers and 50+ provers across five continents, although a critical vulnerability disclosed on March 17, 2026, affecting the proving system in ways that could potentially allow theft of user funds, remains unpatched until the v5 release scheduled for July 2026. As an Ethereum L2, Aztec also requires users to bridge assets to a separate network, which introduces friction and composability questions for institutions that need to interact with existing Ethereum DeFi.
That stance translated into a concrete institutional deployment in February 2025, when Taurus SA, the Swiss digital asset infrastructure provider backed by Deutsche Bank, Credit Suisse, and State Street, with more than 50% market share in the Swiss banking segment, released an open-source confidential security token standard for debt and equity tokenization built on Aztec's L2. The implementation, written in Aztec's Noir language, ports the CMTAT security token standard into a privacy-preserving form, so ownership, transaction details, and balances stay hidden on-chain while eligibility checks, transfer restrictions, and audit logging are enforced inside the smart contract itself. Taurus has since extended the model to an institutional stablecoin contract on Aztec, minting and burning controls, address blacklisting, emergency transfer halts, and verifiable auditable logs, targeted at payroll, intra-company payments, and cross-border settlement. The Taurus deployment does not settle the broader question of whether Aztec's protocol-neutral approach to compliance scales across every jurisdiction. It does demonstrate that the model has already survived contact with the procurement teams at three of the institutions Aztec critics most often invoke when they ask whether enterprise banks would actually deploy on it.
Zama: the network computes on data it never sees. Zama operates as a confidentiality layer on top of existing chains rather than as a separate chain. FHE coprocessors offload encrypted computation from the base chain, keeping host gas fees roughly normal. Developers write standard Solidity, import the FHEVM library, and the encryption runs behind the scenes. The mainnet has been live on Ethereum since December 30, 2025, and integrations include the T-REX compliance standard for institutional RWAs and recent confidential OTC trade infrastructure with GSR. The main critique, addressed in the performance section below, is computational overhead.
Failure modes
These are qualitatively different failure modes, and the differences matter more than the marketing language around them.
When a Zone operator is breached
A Tempo Zone operator has full visibility into every transaction processed within its environment. If the operator is compromised through a breach, an insider threat, a regulatory subpoena, or an acquisition by a hostile entity, every transaction the Zone has ever processed becomes exposed. The confidentiality guarantee is exactly as strong as the operator's security posture, and it applies retroactively. Historical data that was confidential becomes as exposed as the operator's records allow.
Many Zone-style architectures use TEEs to harden the operator's runtime against insider threats. The 2025 disclosures of Battering RAM and Wiretap attacks undermined the assumption that TEEs are a sufficient last line. TEE.fail demonstrated forged attestation chains that compromised real-world deployments including BuilderNet and Secret Network. For an institution betting on operator-controlled confidentiality, TEEs are no longer the defense-in-depth layer they were briefed as in 2023. The operational mitigation is governance: known operators, contractual data-handling commitments, and the same audit and remediation pathways that apply to traditional intermediaries. That mitigation is not nothing, and for institutions whose existing risk frameworks already operate at this layer, it may be sufficient.
When an Aztec node is compromised
Aztec's model keeps transaction data on the user's device. A compromised node reveals nothing about individual transactions because the node never had that data; it only processed proofs. The architecture is sound in principle: client-side proving structurally eliminates the operator-compromise class of risk. The current implementation is the qualifier. The March 17 disclosure affects the proving system in ways that, until v5 lands in July, leave a known critical vulnerability in production.
There is a second-order tooling question Aztec's team has flagged: when a private chain has a hack, how do you even know? Everything is encrypted note hashes. Affected users in theory have viewing keys to share, but the tooling for sharing them with responders has not historically existed. Aztec is working on this, but for now it is an open edge case in the institutional response playbook.
When a Zama node is compromised
FHE-encrypted data remains encrypted even if every node in the network is compromised, the development team's systems are breached, or the entire infrastructure is seized. The data is ciphertext. Without the appropriate decryption keys split across the threshold MPC committee, never reconstituted, and bound by the on-chain ACL to specific access policies, the data is computationally useless to an attacker. There is no retroactive exposure of the underlying data.
The threshold MPC currently relies on AWS Nitro Enclaves as a defense-in-depth layer for the key shares, which inherits the same hardware-trust questions raised by the 2025 TEE disclosures. The mathematical guarantee on the data itself does not depend on the enclave; the enclave hardens the key shares. Zama's roadmap includes ZK-MPC to remove that dependency, with HSM-based deployment as an interim option for institutional operators. The unresolved question for an evaluator is the long-term governance of the committee itself — how members are added, removed, or compelled by national authorities — which is addressed in the next section.
The cadence of these three failure modes is the cadence of the architectural choice. Operator-controlled confidentiality protects data as long as the operator is trustworthy. Zero-knowledge confidentiality protects data as long as user devices are secure and the proving system is correct. FHE confidentiality protects data as long as lattice cryptography holds. Each of these "as long as" clauses runs on a different timeline.
The open items on FHE deployment
The fairest test of any privacy architecture is whether the people who would have to deploy it at scale, audit it, or write academic SoKs about it find it deployable. The published record on FHE deployment at production scale surfaces three substantive concerns that an institutional review will encounter.
Layered trust assumptions. Sam Wong, a blockchain security researcher at OpenZeppelin, which co-founded the Confidential Token Association with Zama and Inco, wrote in an August 2025 analysis of FHE coprocessor architecture that systems built on this pattern carry not one but two trust assumptions: the FHE coprocessor itself, which the chain has to "trust" to perform the correct computation off-chain, and the threshold MPC committee that holds the decryption keys. On the MPC side, Wong notes plainly that if enough committee members collude, they can decrypt private data without user authorization — a structural feature of every threshold-MPC system, but one that surfaces a continuing governance question: who joins the committee, who leaves, and what happens if a committee member is compelled by a national authority. The mathematical 2/3 honest-majority assumption holds across the operators currently in Zama's 13-node KMS committee.
Verifying ciphertext correctness. The Visa Research and MIT team behind the March 2025 SoK paper on FHE in smart contracts note the absence of mechanisms to verify the correctness and integrity of ciphertexts submitted to FHE smart contracts. Existing implementations including Zama operate under what the paper calls an implicit assumption that users provide well-formed ciphertexts. In adversarial settings, the paper notes, malicious actors could submit malformed or invalid ciphertexts that encode erroneous values, with potentially destabilizing effects on contract state. This is an open research item, not a deployed mitigation.
Hardware-driven centralization. The same Visa-MIT SoK paper raises a second concern relevant to a public-blockchain deployment: FHE performance acceleration through specialized hardware (FPGAs, ASICs) raises the bar for what it takes to participate as a validator. This dynamic could push FHE smart contracts toward more centralized validator sets, and writes that at present it is unclear whether true decentralization is possible — that is, whether FHE smart contracts can be implemented in a permissionless setting at scale. For an institution evaluating Zama specifically as an alternative to operator-controlled architectures, this is the direct counter-pressure on the trust-model argument. The further the hardware roadmap progresses toward production throughput, the more validation concentrates among the operators who can afford the hardware.
Audit-pipeline depth. No major audit firm has yet published a comprehensive methodology document for FHE smart contract review at the depth typical of an ERC-20 or ERC-3643 audit. OpenZeppelin's published research on the architecture is one of the fuller public treatments, and the firm offers ZKP audit as a named service line; the FHE equivalent does not yet exist as a productized review category at OpenZeppelin, Trail of Bits, Halborn, or CertiK. A bank deploying confidential RWA infrastructure on standard Ethereum draws on a deep audit market. A bank deploying on FHEVM today is in a smaller pool of firms with sufficient lattice-cryptography specialization to call the work conclusive.
Regulator acceptance outside the SEC orbit. The SEC Crypto Task Force endorsement of ZK and MPC as compliance mechanisms is a real inflection. The EU regulatory frame is more conservative on adjacent questions: MiCA Article 101 ties crypto-asset service provider obligations to GDPR data-protection standards, and DORA's ICT third-party risk management requirements impose operational-resilience obligations whose application to threshold-MPC key custody is not yet settled practice. UK, Singaporean, and Hong Kong regulators have not articulated equivalent positions to the SEC's. A globally-deployed institution cannot architect around a single jurisdiction's stance, and the operational reality of "a regulator holds a decryption key scoped to a specific address range during a specific time window" remains a model that needs case-by-case approval.
Compliance: three different conversations with regulators
Each architecture forces a different regulatory conversation.
Tempo's argument is the simplest to make. Regulators want a responsible entity who can produce records, respond to subpoenas, and freeze assets. Zone operators provide this. A Zone operator is, in regulatory terms, functionally equivalent to a traditional financial intermediary, with all the benefits of legibility and all the surface area that implies.
Aztec's compliance model relies on zero-knowledge proofs that demonstrate regulatory compliance without revealing underlying data. A transaction can prove it passed AML screening, that the sender is on an approved list, that the amount falls within permitted limits — all without exposing who sent what to whom. The 0xbow Privacy Pools model, part of the Ethereum Foundation's Kohaku effort, implements this pattern. The challenge for institutional adoption is that it requires regulators to accept cryptographic attestation as equivalent to direct inspection. The SEC Crypto Task Force's recent endorsement of ZK proofs and MPC as compliance mechanisms moves the dial, but acceptance is not yet uniform across jurisdictions, and Aztec's protocol-neutral position pushes regulatory answers down to the application layer rather than the chain layer. That is defensible; it also means the compliance story is built deal by deal.
Zama's compliance model uses programmable access policies embedded in the FHE encryption scheme. A regulator can hold a decryption key scoped to a specific address range during a specific time window. The T-REX partnership integrates Zama's protocol with the ERC-3643 compliance standard for institutional RWA tokenization; the ERC-3643 standard now anchors more than $32 billion in tokenized assets and the T-REX Ledger acts as the compliance record of reference for transactions across connected chains. In March 2026, GSR completed the first confidential OTC trade on Ethereum using the integration: encrypted order matching, settlement, and balance updates on a public chain, with full execution detail visible only to the parties and authorized regulators.
The promise is that institutions can prove compliance to a regulator without granting permanent, blanket data access to any single party, including the infrastructure provider. For institutions that have spent decades managing the tension between regulatory transparency and competitive confidentiality, this is the resolution the market has been waiting for. The open question is how quickly regulators outside the SEC orbit will accept it. Even within the EU's harmonized crypto framework, MiCA Article 101 ties crypto-asset service provider obligations directly to GDPR data-protection standards and DORA's ICT third-party risk management requirements impose operational-resilience obligations whose application to threshold-MPC key custody is not yet settled practice.
Performance, in context
Tempo Zones inherit the host chain's throughput. There is no cryptographic overhead, and throughput is limited only by the host chain's capacity. For payments and stablecoin volumes, that is structurally the highest ceiling of the three.
The throughput context worth holding in mind: Visa runs at roughly 1,700 transactions per second on average, with stated VisaNet capacity of more than 24,000 TPS. Major stablecoin networks (USDT, USDC) settle at sustained rates that translate to hundreds of TPS at peak. Anything in the institutional flow that involves retail-payment-scale volume is operating in this envelope.
Zama's mainnet has been live on Ethereum since December 30, 2025 and currently runs roughly 20 TPS on CPU. That is below the volume of any major stablecoin in steady state, and well below Visa-scale. The hardware roadmap closes the gap: an FPGA accelerator (open-sourced, targeting 500–1,000 TPS per chain), GPU-based scaling on testnet from June 2026, and dedicated FHE ASICs targeting 10,000+ TPS by 2027–2028. For a bank evaluator deploying in 2026, the practical implication is that confidential RWA settlement, OTC trade matching, institutional treasury flows, and confidential lending fit inside the current envelope. High-volume retail stablecoin payments do not, and will not until at least the FPGA milestone lands.
Aztec's client-side proving has improved substantially under CHONK (Client-side Highly Optimized PLONK), the proving system purpose-built for phones and browsers that powers the Alpha Network. Aztec's published performance for a basic private function call (a transfer) runs roughly 2.5 seconds on a native laptop, around 5 seconds on native mobile, and approximately 25 seconds of fixed cost in a browser, with each additional call adding a few seconds. For end-user wallet flows, those numbers are workable. For institutional applications running in browser contexts, the 25-second floor is the friction point. Network-level throughput is also constrained: the Alpha Network targets 1 TPS with ~6 second block times and 72-second checkpoints to Ethereum L1, with the public roadmap targeting 3–4 second block intervals by the end of 2026 through further parallelization of the proving pipeline.
Durability, including the post-quantum question
Tempo Zones provide confidentiality that lasts as long as the Zone operator remains trustworthy, operational, and uncompromised. If the operator changes hands, changes its compliance posture, suffers a breach, or is acquired by a hostile entity, the confidentiality guarantee changes retroactively for the historical data the operator holds.
Aztec's zero-knowledge proofs protect data permanently from the perspective of network observation: a proof from today reveals nothing about the underlying data regardless of what happens to the network. The longer-arc concern is that Aztec's PLONK-based SNARK proofs are not quantum-resistant. If practical cryptanalytic quantum computers arrive within the lifetime of the data, the cryptographic guarantee may erode. Vitalik Buterin's February 2026 quantum roadmap and the Ethereum Foundation's dedicated post-quantum research team are addressing this, but the migration is not complete and not all SNARK constructions have a clear post-quantum upgrade path.
FHE-encrypted data is protected by lattice-based cryptography, which is currently believed to be quantum-resistant and is the basis of NIST's post-quantum standards. An FHE-encrypted transaction from today should remain encrypted against quantum capabilities that may emerge in the 2030s.
The quantum-readiness question stopped being abstract on March 30, 2026, when Google Quantum AI, the Ethereum Foundation, and Stanford University published joint research showing that breaking 256-bit elliptic-curve cryptography — the family that secures Bitcoin, Ethereum, and most blockchain signature schemes — could require under 500,000 physical qubits and runtime measured in minutes, an approximately 20-fold reduction in physical-qubit requirements compared to prior estimates. Combined with Google's separately disclosed 2029 internal post-quantum migration deadline, the date now sits inside the planning horizon for any 10-year infrastructure decision being made this quarter.
Composability
Composability gets less attention than it should. What happens to the ability of smart contracts and applications to interact with each other when confidentiality is added?
Tempo Zones preserve composability within a Zone and between Zones and Tempo's mainnet. The composability is mediated by the operator, and transactions between different Zones pass through the public mainnet.
Aztec, as a separate L2, introduces a composability boundary. Assets must be bridged to Aztec. Applications on Aztec compose with each other, but interacting with applications on Ethereum mainnet or other L2s requires crossing the bridge. For institutional deployments that need to interact with existing DeFi infrastructure, liquidity pools, and on/off ramps on the base chain, this is a constraint.
Zama's architecture as a confidentiality layer on existing chains preserves the composability of the underlying chain. Confidential smart contracts on Ethereum compose with other contracts on Ethereum, confidential and non-confidential. A confidential token can interact with a standard DEX, a standard lending protocol, or a standard on-ramp. The existing Ethereum ecosystem gains confidential capabilities without restructuring around a new chain.
For an institution whose deployment needs to interact with existing stablecoin infrastructure, existing liquidity pools, and existing compliance tooling on Ethereum, composability may be the deciding factor.
What would change the analysis
Several events in the next two quarters will sharpen the read.
Aztec v5 in July. A clean v5 release that closes the March 17 vulnerability and demonstrates a maturing security process strengthens the ZK case for institutional adoption materially.
Zama's GPU testnet from June 2026. If the GPU acceleration milestone hits on schedule and the FPGA path stays on track, the FHE performance story moves from a roadmap to a record.
SEC Crypto Task Force follow-on guidance. The endorsement of ZK and MPC as compliance mechanisms is the opening. The next round of specifics around blanket data-access expectations for confidential RWA platforms determines whether programmable-access compliance models are durable or remain a regulator-by-regulator negotiation.
The first major operator-side confidentiality breach. Operator-controlled architectures have been deployed in adjacent contexts for years. The public failure mode has not yet been stress-tested in a Zone-style architecture at scale. The first real incident will reset institutional appetite for the model in either direction.
Maturation of FHE audit methodology. Public methodology from a major audit firm for FHE smart contract review at institutional depth would close one of the open items in the FHE deployment path.
The pace of post-quantum migration in mainstream finance. If the 2029 date holds and migrations begin in earnest in 2027, institutions will be looking for confidentiality architectures that survive the transition without reissuance.
The decision
The decision turns on which dimension the institution is optimizing for, and over what horizon.
If the institution optimizes for procurement-calendar speed and a trust model regulators already understand, Tempo is the answer. The validator set carries names a risk committee will recognize, throughput is unconstrained by cryptography, and the path from evaluation to production is the shortest of the three. The risk is operator visibility. The first significant Zone-operator breach or compelled-disclosure event will challenge this positioning, and historical data exposed in that event will not be recoverable. Whether that is an acceptable tradeoff depends on the institution's threat model and on how much weight it gives to the post-quantum migration timeline.
If the institution optimizes for cryptographic guarantees that survive operator compromise and the post-quantum transition, Zama is the answer. The mathematical guarantee on the data does not depend on any operator's ongoing trustworthiness, the failure mode under network compromise is no failure at all, and lattice cryptography survives a transition that ECC signatures will not. The structural risks are throughput below high-volume retail levels in the current hardware envelope, an audit-and-tooling pipeline that has not yet matured to the depth banks expect for production capital, and regulator acceptance for programmable-access compliance models outside the SEC orbit.
If the institution optimizes for protocol neutrality, client-side data sovereignty, and a compliance posture defined per application rather than per chain, Aztec is the answer. The Taurus deployment with backing from Deutsche Bank, Credit Suisse, and State Street is the strongest counter-evidence to the claim that institutional procurement will not deploy on a privacy chain. The structural risks are the open critical vulnerability until v5 ships in July, browser-side proving overhead that constrains certain institutional UIs, the composability cost of bridging assets to an L2, and SNARK constructions that lack a clean post-quantum upgrade path.
The signals worth watching over the next six months are Aztec v5 closing the March 17 vulnerability cleanly, Zama's GPU testnet hitting on schedule, SEC follow-on guidance on programmable-access compliance, the first significant operator-side incident in a Zone-style deployment, and public FHE audit methodology from a major firm.
What this piece does not settle
Several questions sit outside the scope of a comparison and will require their own coverage. The audit methodology gap for FHE smart contracts is one. The legal and contractual structure of threshold-MPC key custody under compulsion from national authorities is another. The operational playbook for incident response on a chain where transaction data is encrypted note hashes is a third. The procurement reality of deploying confidential RWA infrastructure under MiCA, DORA, and the GENIUS Act simultaneously is a fourth. They are additional pieces of the framework, and the publication will return to them.
Proof Street tracks the convergence of privacy-preserving computation across deployment contexts: blockchain, identity, media provenance, AI, and enterprise. This analysis draws on public statements, company announcements, and published technical documentation. No company reviewed or approved this piece prior to publication.
