The Intersection of AI & Blockchain with Rand Hindi of Zama

Rand - 00:00:00:

‍

And confidentiality is actually a much bigger design space than privacy.

‍

Jeremy - 00:00:15:

‍

Hi, I'm Jeremy Allaire, and this is The Money Movement. I'm really excited today to be joined by Rand Hindi, the CEO of Zama. Zama, well, first of all, Rand, welcome to the show.

‍

Rand - 00:00:29:

‍

Hey, Jeremy. Thanks for having me.

‍

Jeremy - 00:00:31:

‍

Yeah, I'm psyched for this conversation. I think... There's so much happening in the crypto world, in the AI world, in the world of sort of trust and truth and identity and so many different areas and a lot of major questions and a lot of major opportunities. And a lot of it, I think, comes down to what's the next critical set of infrastructure that we need to build. To make the use of blockchain and AI safe for society and useful for society. And so we're gonna dive into a lot of that through the lens of your work and the broader FHE landscape. But maybe before we dive into the subject matters, it'd be awesome to just hear about your background, how you kind of got into this space and maybe a little bit of the founding story of Zama.

‍

Rand - 00:01:31:

‍

Sure. So I've been a developer since I was 10 years old. I built my first company in the 90s. It was a social network. And that's actually when I discovered the importance of privacy. Because as a builder of a social network, I could technically access the content and messages of everyone on my platform. And it always kind of felt wrong that I could do that. So I always had this thing on my mind, which is that if we want internet to scale, at some point, we have to deal with privacy. So fast forward, I ended up studying computer science, got into AI, did a PhD in 2007, and built one of the first privacy preserving AI companies, which got acquired in 2019, and which is when I started Zama with my co-founder Pascal Paillier, who's one of the inventors of FHE. So really for me, privacy has been a lifelong journey, you know, that has taken me through AI, through the Web, and through blockchain now.

‍

Jeremy - 00:02:31:

‍

Yeah. Amazing. That's awesome. Yeah, it's, you know, when we think about. I also started early in the internet infrastructure, and I think there's always been... You know, these sort of apparently missing layers of the internet. Real privacy has been one of those, it sort of eluded us both based on business model, but also technology and obviously, money was a missing layer of the internet and we're solving that, trying to solve that at scale today. But, So maybe to kind of dive in a little bit more with Zama, you guys have been pioneering, I think, generic implementations of fully homomorphic encryption, and then some applied versions of that in like a blockchain context or an AI context, et cetera. But maybe just for, you know, the audience that listens to The Money Movement has really brought everything from policy makers to startup founders to the media, maybe just let's do the one to two minute definition of FHE. Everyone talks about ZK. I had ZK Sync on last week, but everyone talks about ZK, and for a lot of people who are out there, it's like ZK will solve everything. But as you go deeper and you think about what really these problems are and how to solve them, obviously we need things like FHE as well, but would be great just the layman's definition. I could ask GPT and play it back, but I'd rather have the expert.

‍

Rand - 00:04:21:

‍

Sure. So the idea of homomorphic encryption, or FHE for short, is that you can compute on encrypted data without actually having to see it. So imagine, for example, I'm... I'm OpenAI. Today, to offer ChatGPT to my customers, I need them to send me their data so that I could analyze it and send back a response. So I can see all of the data of all of my users and customers. With homomorphic encryption, my users could send me encrypted queries, but the way it was encrypted allows you to compute on the encrypted data itself and produce a response which itself is encrypted. So for the user, nothing changes. You're sending data, getting a response, but now the data is encrypted when you send it and during processing. So you can think of it as end-to-end encryption for any kind of online service you might want to use. So, you know, this is really huge, right? When you think about it, not just for cloud and AI in terms of privacy and confidentiality, but if you put that in a context of blockchain, where by design, everything is publicly visible, you can see how that becomes powerful because you can start having confidentiality and encrypted smart contracts on top of public permissionless decentralized blockchains.

‍

Jeremy - 00:05:38:

‍

Right, right. So I use this concept of like we're currently in the third generation of blockchains and sort of we're moving towards the fourth generation of blockchains. And one of the things that the fourth generation of blockchains might be able to do is have something like fully homomorphic encryption and basically have, you know, decentralization, these completely distributed architectures, trustless at some core, but where, you know, I can transact and interact and utilize these, you know, safely as an individual or a corporation and not worry about these, you know, privacy, you know, thresholds getting kind of-

‍

Rand - 00:06:20:

‍

Well, you know, I would actually go, I think privacy is just one aspect of what this technology enables. Because privacy really relates to personal data. But if you look at most of the blockchain applications, it's not actually personal data like your medical records. It's more confidential data. Things you don't want other people to know, but they don't necessarily pertain to an individual. Like it's not, you know, your name or something like that. And confidentiality is actually a much bigger design space than privacy because it includes, you know, B2B transactions, for example. It includes, you know, KYC, AML, compliant stuff. And all of that becomes possible with FHE because you can basically just do things on-chain without having to reveal to other people what's going on.

‍

Jeremy - 00:07:08:

‍

I want to drill into more use cases in a little bit. I think It'd be great to understand kind of where are you in the kind of production application of this today. And I wanna come back to, I also wanna come back to AI cause I think it's as much of a need as blockchain and they can be used together actually in some pretty cool ways. But, yeah, so what is the sort of state of play for Zama in terms of kind of production work right now?

‍

Rand - 00:07:45:

‍

So that's a good question. You know, when we started a company four years ago, there were three issues with FHE. First, it was too slow to be practical. Secondly, it was very limited. You could only do basic arithmetic, additions and multiplications, but you couldn't run a smart contract. You couldn't run a machine learning model and encrypted data. And finally, it was so hard to use that unless you had a PhD in cryptography, well, you couldn't really build something secure. So what we did at Zama is we invented a new form of homomorphic encryption that can enable any kind of computation, no matter how complicated it is, machine learning, blockchain, databases. And not require the developer to know anything about cryptography. So if you're writing a smart contract, you just write solidity code. If you're writing a machine learning model, just write PyCon code. All the cryptography is abstracted away. The only thing that's really missing for this to scale is performance. So we've made FHC about a hundred times faster than when we started a company, which is enough for most work.

‍

Jeremy - 00:08:53:

‍

What, give me a sense for the order of magnitude or where that is in terms of, I guess it's sort of the compute measures is probably the best measure.

‍

Rand - 00:09:01:

‍

So I think, you know, let's take blockchain as an example. When we started Zama, assuming you could do a smart contract, which you couldn't, but assuming you could, It would take about... You would basically be able to do one transaction every 10 seconds. Okay, so like one token transfer every 10 seconds. Why not, right? But not crazy. We now at our level where we can do 20 transactions per second, and we are on track to enable 100 transactions per second next year on GPUs. So I would argue that 100 transactions on blockchain is more than most applications need right now. And we can continue scaling that as we improve performance.

‍

Jeremy - 00:09:49:

‍

But like, what about like a more complex, you know, like a DEX AMM or, you know, something that is, you know, just executing quite a bit more complexity?

‍

Rand - 00:10:01:

‍

I mean, about, I would say five per second right now. Which again, I think is, you know, it's pretty good as a starting point, considering that we haven't even started, you know, using ASICs or things like that to accelerate FHE. So I think, you know, the nice thing is that we got FHE to a point now where it's easy to use. You can use it for anything. Performance is good enough in commodity hardware for most applications. But importantly, you've got Moore's law on your side. FHE now is just a compute problem. Throw more compute, it goes faster. Have better computers, it becomes cheaper. It's that simple. And so we're expecting FHE to increase in performance by a factor of four to 10 every year from now on.

‍

Jeremy - 00:10:48:

‍

So how do you see this evolving, in particular in the blockchain space? How do you see this evolving? Alongside what I think of as various layer one and layer two kind of operating systems. I view basically like OP Stack is like an OS, our internal orbit, or the layer one environments like Solana and Aptos and all these guys. So how do you see this evolving alongside those? Do you see this as kind of... Kind of like how ZK-SNARK kind of started or is sort of a utility that is applied alongside an existing chain? Or do you need to be built into a next generation blockchain? I know you have your fhEVM, which I'd love to hear about, but how do you think about that intersection given the developer flywheels that are taking place out there for these different platforms?

‍

Rand - 00:11:49:

‍

Yeah, we think a lot about that. We really want to make sure that FHE can be broadly deployed without developers having to learn a new language or having to, you know, a new stack. So everything we do has been implemented and integrated into existing blockchain environments. So the EVM to start with, but nothing prevents us from doing it for Solana with the SVM or for Move eventually, but we focus on the EVM first. So we have a unified smart contract library that you can use as a developer to to support FHE on any EVM chain where FHE is enabled. So now the question becomes, okay, if it's just solidity code, then anybody can start building it. How do you get those various L1, L2s to integrate FHE? So either they can integrate it natively, as in the validator run like an extra piece of software, and that piece of software basically interfaces as a pre-compile with the EVM to support those FHE operations. Or if you don't want to modify the validator software, let's say Ethereum, right? And you don't want the software to be running some extra computation. Then we have another paradigm now that we're gonna be launching soon called FHE coprocessors, where the idea is that the user's interacting on the L1, but the FHE computation is actually happening off-chain. But a user doesn't know that. From the user's perspective, they're interacting with an L1, but the L1 itself doesn't do the FHE computation. It's some kind of service off-chain. So you could technically have FHE on Ethereum, on Base, on any blockchain, regardless of whether that chain has decided to integrate it natively.

‍

Jeremy - 00:13:34:

‍

That makes sense. So that makes a lot of sense. And I'm sure you guys are hard at work trying to figure out how to work alongside these different ecosystems.

‍

Rand - 00:13:45:

‍

Well, to be honest, if it's EVM-based, it's pretty easy because it's pretty standardized. There's like, what? There's maybe five stacks running the EVM where you've got Fender Lynch, you've got OP Stack, you've got Arbitrum, Ethereum. Like there's not that many flavors of EVMs around. A little bit more work if you want to support, you know, like a completely different ecosystem, because you have to understand how the actual virtual machine works. But it's not science, it's engineering, right?

‍

Jeremy - 00:14:15:

‍

Yeah, yeah. No, totally. I guess maybe drilling into the utility. I mean, our world at Circle is obviously like real world money running on these networks. And, you know. Basically, you know, how do we make this work for kind of every form of, say, like digital dollar utility in the world? And I think one of the things that we've heard in talking to, you know, whether it's a regulated financial institution, that's like, I love the idea of being able to use a decentralized financial protocol, but I need to know that I'm interacting safely and I don't want other people to watch my transactions. So those are common. Concerns for confidentiality, as you said, how far away are we from you know, say a corporation or a financial institution that wants to use stable coins like USDC or others and to have that level of confidentiality? And then are there things specifically in your stack, forgive the use of the phrase, but in your stack that, you know, kind of deal with the, you know, the need for their auditors or others to be able to like access things if there's like break glass kind of situations or whatever.

‍

Rand - 00:15:43:

‍

Yeah. That's a great question. You know, I mean, I've been talking about this idea that you could bake in compliance on-chain with FHE in a way where all of the complexity is abstracted into the smart contract itself. And people are like, yeah, it's kind of a boring thing to talk about. But you don't get it. This is necessary. You want to scale blockchain to hundreds of billions of assets. You're going to have to deal with that at some point. Someone has to do the job. And so the nice thing about FHE, and that's very different from ZK, ZK only allows you to prove something about some off-chain data. But as soon as you want to start having composability on-chain, ZK doesn't work because ZK doesn't allow you to compute on the ZK proof, right? It only allows you to verify it without seeing the data. FHE allows you to compute on the encrypted state on-chain directly. What that means is that you could have, for example, your identity encrypted, stored in a smart contract on-chain and have any other DeFi protocol that you want to use directly verify just like any composable contract that you satisfy XYZ condition. This would be all just a smart contract on-chain. And so when identity and compliance basically just becomes a smart contract, you can see how much easier it becomes to build those systems. And so this is something that just works. The only thing that's missing for this to actually be deployed is first for the first FHE protocols to go in production. So that's happening in Q1. So we're just a few months away from this being possible. And for someone to actually care enough to build it.

‍

Jeremy - 00:17:28:

‍

Right. Yeah, you know, I mean, we've done work in, you know, trying to work on kind of using... Cryptographic credentials and other things for KRSC proofs. And there are sort of these blind attestation models and other things that are out there. And one of the challenges is in some ways, like the technology isn't the challenge, although it is, there are important differences in terms of how one might do this. And I think the FHE model potentially is the most robust, right? But, You know, it's- Policy itself has to evolve, right? Because right now there's like laws and the laws say, well, if you're a financial institution, you need to have everyone's information in your database. And if you have a transaction of one of your users with another institution, you have to actually know exactly who that other person is. And you have to share all the information with the other party. And you need to be able to have full access to that data and be able to like run sanction screens on it and like do... Now it's getting exciting.

‍

Rand - 00:18:43:

‍

That's how we do it with FHE. So all of the identity KYC data is on-chain, but it's encrypted. So from the outside, nobody can see it. But because everything is just a smart contract, you can define in your smart contract who is allowed to decrypt which part of the encrypted state. That the contract actually controls. So for example, let's take a user balance, something as simple as that. If your balance on-chain is encrypted, obviously you want to allow the user to see their own balance. You know, they wanna know how much money they have.

‍

Jeremy - 00:19:17:

‍

Yeah, right. You might want another smart contract who's gonna write you credit to see your balance or whatever.

‍

Rand - 00:19:24:

‍

Exactly. And this is just a line of solidity code. You just have to say, allow this address to decrypt this value. It's as simple as one line of solidity code. The difficulty is not implementing it. It's deciding which rules should be implemented in which scenario. But I would argue that this is not a technology problem. This is a, how are you compliant problem. But you see, if all the data is on-chain and you can, in the smart contract, programmatically define the rules for compliance and for visibility, then you don't have to worry about reconciliation off chain. You don't have to worry about having a secondary database because the blockchain is your database. All you have to do is authorize the regulator's wallet effectively to access the data. Right? Or, you know, if you have a transaction with another institution, just give them a claim on the data you're transferring to them or something. It's really, really easy. And because... Everything is on-chain.

‍

Jeremy - 00:20:25:

‍

So I see the difference. If the smart contract contains the data and it's fully encrypted, that changes it because you kind of have the on-chain state and you're not creating replication, right? You're effectively, you know, and whoever's the responsible entity for kind of issuing or validating that data would have the ability to kind of write against that smart contract, right? So can you talk about, you know, what's launching in Q1 at a high level?

‍

Rand - 00:20:55:

‍

Sure. So today there are over a dozen protocols implementing FHE, which are planning to go into mainnet at some point early 2025. I can't really tell you whom or when exactly, because that's their choice, but I can tell you what Zama itself is gonna be launching. So what we realize is that, you know, not every blockchain can implement FHE natively. So for those cases, let's say Ethereum or BAKE, Zama itself will be deploying an XAML-hosted FHE core processor. So think about it like as a cloud service that would enable FHE on non-FHE chains. So in Q1, you'll basically be able to have FHE smart contracts on Ethereum. With Zama running the FHE computation. So sure, you know, like you have to trust Zama that Zama does its job right, but everything we do is publicly verifiable anyway. So if we actually cheat on computing the FHE stuff, you can see it and you can effectively just sue us, right? I mean, you know, Terms and Conditions, we're supposed to abide by them. So this will be a great solution while the pure decentralized FHE chains we work with prepare to launch as well.

‍

Jeremy - 00:22:12:

‍

Interesting. That's awesome. So that's going to be a big milestone for you guys.

‍

Rand - 00:22:16:

‍

Yeah, it's a big one. You know, there is also quite a lot of people currently working on testing using FHE for private blockchains. So this wouldn't be about launching on Ethereum. Ethereum would be like the Circle wanted to run a blockchain to do tokenization of assets with five other institutions. Right now, you would disclose to everyone what you're having on-chain if you have a shared blockchain. With FHE, that's no longer a problem. You can have one chain for all of the US institutions where the only thing people reveal to each other is what are trading together and nothing else. So here there is no token. It's not Ethereum, right? This would be like an upwatch, whatever, like a new US chain. Yeah, no, you can...

‍

Jeremy - 00:23:01:

‍

You can totally see that. I'm curious, actually. So in an environment, let's just say you have a... You know, an Arbitrum, an Arbitrum L2 that's launched and you want to use this, that Arbitrum L2, would they need the kind of Arbitrum stack to have the validator, underlying validator support Zama or your implementation? Or could someone who just implements on the Arbitrum stack kind of make a decision and add this in? And then if they did add this in, is it sort of... You know, kind of, it's a developer option as opposed to like everything, right? So theoretically, like you could have an L2 where USDC is the fee payment currency and it obviously... Is something that still relies on sequencers down to the underlying Ethereum chain. Could you on that basically have kind of like regions that are, here's a region of computation and participants that is fully confidential, but can interact with the public side of it as well?

‍

Rand - 00:24:25:

‍

A hundred percent. So when you implement FHE, whether natively or through a coprocessor, like Zama is launching soon, the smart contract, so the blockchain itself is not encrypted. What happens is we introduce new data types alongside the existing types in your Solidity language, for example. So if you had your balance as an integer, now you can also decide to encode your balance as an encrypted integer. But that doesn't change anything to the existing functionality of the EVM and blockchain. This is something we're adding. Aside, think of it like an extra option that you're adding to the EVM, not as a replacement or any kind of internal logic changes. And so because of that, all your existing contracts, they still work. They're exactly the same, right? And you can start building your FHE contracts as just a separate contract effectively, and then you can just bridge back and forth between the two if you need it. Let's take example of a token again. Obviously, moving liquidity to a different chain is very complicated, right? So with FHE, if you wanted to have an encrypted token, you wouldn't need to send it to a separate blockchain. You could have your regular ERC-20 token, and you could deposit that into an FHE ERC-20 wrapper. From which all of the transactions will become encrypted. So really like all of that is just sending tokens from one contract to another. So it's like super, super simple. So that's what you mean. You see, when you talk about zones, we think just about contracts. Some contracts are encrypted, some are not.

‍

Jeremy - 00:26:07:

‍

Yeah. Yeah. Right. A contract or a collection of contracts could be as a, I mean, I'm sort of using a metaphor. Yeah, more like. Exactly.

‍

Rand - 00:26:19:

‍

We even have ways. So, I mean, now we're starting to get into design stuff, but there is also ways where you could even use existing, for example, trading pools. For confidential transactions. Here's how we would do it. Imagine you've got encrypted ERC20 tokens, right? You want to use Uniswap or whatever other DEX, right? Because you don't want people to have to Move liquidity to a new DEX again, which is complicated, right? What you would do, the only thing you would need to do is have an FHE contract that just aggregates the swap requests from, let's say, 100 people. Decrypts the aggregated amount of swaps. We have no idea how much individual people are looking to swap. Do that swap as a regular on-chain swap, not in FHE, encrypt the tokens you received back, and in FHE redistribute them to the people, Krorata, or their thing. So by doing that, you're hiding how much each person has swapped, even though the global amounts...

‍

Jeremy - 00:27:29:

‍

It's effectively like a secure batching model. Yeah, yeah.

‍

Rand - 00:27:33:

‍

Exactly, exactly. But it's just a smart contract. Nothing more than that. That's what's so neat about it.

‍

Jeremy - 00:27:38:

‍

Yeah, yeah. That makes it interesting. And yeah, there's a lot of side effects of that that are really interesting too. Very cool. Well, let's Move a little bit away from blockchain and Move a little bit into AI and maybe a little bit of the intersection there as well. I'm curious about your general views on AI and crypto, AI, crypto, and FHE. We'll just start there with a very high-level question, then we can dive into some other things.

‍

Rand - 00:28:14:

‍

Sure. So, I mean, I've been in AI since 2003 and in crypto blockchain since 2013. So I've seen quite a lot of the evolution of both, right? And, I mean, people don't know that, actually, but I even tried to launch one of the first decentralized AI protocol back in 2018 to do decentralized training using federated learning on-chain. It didn't work. We gave up. We canceled the project. But, you know, the idea is already there. And I think, you know, there are two things that I really find interesting about this intersection of AI and blockchain. The first one is the ability to access data from a large number of people while making all of the rewards for getting your data completely automated. So basically training data in marketplaces. That's a gigantic use case. And here's where FHE really comes in.

‍

Jeremy - 00:29:11:

‍

Yeah, yeah. Yeah, I mean, I totally agree. The way I think about it is like the... The entire user experience of the internet is basically going to be interacting with these intelligences. And so, you know, basically the intelligences just need, they need data and data providers need to be compensated and blockchains and stable coins, you know, and smart contracts are going to be like a very, very powerful way to intermediate that economic value exchange, which needs to occur.

‍

Rand - 00:29:40:

‍

Yeah. Exactly. So here's where FHC plays a huge role, right? And I think you'll appreciate that. Right now, if you sell your data to someone who wants to use it, you really only get to sell it once and then they'll use it for whatever they want to do, right? So if they want to train their model 50 times with it, they really get paid once, even though they use it 50 times. Why? Because, well, once they have the data, they have no incentive to pay you again. But if the data is encrypted in FHE, you don't have to sell your data. They can run their computation on your encrypted data and you would only allow them to decrypt the result of the computation. So every time they want to use your data for a new computation, they have to pay you again for that computation. You're no longer selling the data, you're selling the result of the computation in your data. So all of a sudden those data marketplaces, the value that you can extract from the data you're selling is much bigger because you're not selling it once, you're selling it every single time someone wants to reuse it. So that's huge, man. Like you're basically transferring value again to the end user, right?

‍

Jeremy - 00:30:51:

‍

I get it. No, totally get it. Yeah. Yeah, I mean, it's like Spotify cuts a deal and says, every play you get a fraction of my subscription or whatever it is. And so it's pay-per-play, right? But these sort of microtransactions, they can be batched as well, but like essentially streaming microtransactions and that are kind of happening between the AIs.

‍

Rand - 00:31:19:

‍

And that's exactly what a blockchain is for. Like what is the blockchain for? Like if it's not for coordinating people and payments.

‍

Jeremy - 00:31:27:

‍

And machine to machine as well, right? Yeah, I love your background and the fact that you've kind of crossed these fields. I think that sets you up in a pretty cool place. And as I've commented recently, I don't think it's a coincidence that kind of... The kind of progress in AI has kind of mirrored the progress in crypto and they're happening kind of alongside each other because they need each other.

‍

Rand - 00:31:55:

‍

I mean, can you imagine having AI agents go through the regular payment system every time they have a transaction? It's never gonna work.

‍

Jeremy - 00:32:04:

‍

Totally, totally nuts, yeah. Yeah, very cool. Well, Rand, this has been a really fun conversation, covering a lot of ground. We'll eagerly be watching stuff as it happens. In Q1 and I talk a lot about, people ask me, I should say like, what's it gonna take for this or that to go mainstream and for people mainstream sort of means a lot of different things. It could be a billion people using this or 2 billion people using this. But I think a lot of it is that like households and businesses and others like are depending on this infrastructure for like really meaningful things in their lives. And like my view is that there's sort of a set of infrastructure problems and user experience problems, right? Legal problems too, but let's just say fundamentally as technologists, right? These infrastructure and user experience problems that have not yet been solved where, you know, you're gonna bring everything on-chain. And, you know, I think the work that you're doing is one of the pieces that can contribute to that. And I know, you know, scalability is obviously probably one of the largest challenges. And, you know, the fact that you're working on something with kind of a sort of can scale on Moore's law or equivalent, right, is really encouraging. So should be an exciting couple of years ahead.

‍

Rand - 00:33:29:

‍

So I think I've fully aligned here. And, you know, the way I think about this is, you know, blockchain started by effectively making money more efficient, right? And FHE is important for confidentiality, of course, but think that even one step further, what if your identity becomes a comparable primitive on-chain with FHE, right? What if voting now goes on-chain because you don't have to worry about people knowing? What if you start building every single layer of infrastructure that enables you to run a state or a country on-chain? Like that's really the end game, right?

‍

Jeremy - 00:34:05:

‍

I'm, I'm long on-chain governance and decision-making and all those things. And this is all critical to that future for sure.

‍

Rand - 00:34:17:

‍

Exactly. For sure.

‍

Jeremy - 00:34:19:

‍

Yeah. Very cool. Thank you, Rand.

‍

Rand - 00:34:21:

‍

Thank you, Jeremy. That was great.