Ethereum’s transparency has lengthy been certainly one of its biggest strengths, but it surely has additionally grow to be a structural limitation for a lot of real-world functions. From MEV transaction inefficiencies to knowledge breaches in DeFi, gaming, and AI-driven workflows, the belief that every little thing have to be public to be verifiable is more and more being questioned. The TEN protocol is constructed on a distinct premise: that calculations can stay provably right with out forcing customers, builders, and corporations to disclose delicate inputs, methods, and logic to all the market.
On this blockbrief Q&A, the crew behind the TEN protocol explains its “Trusted Computing” idea and why they imagine privacy-first execution is the lacking basic component in Ethereum’s scaling roadmap. Fairly than launching a separate privateness ecosystem, TEN is designed as an entire EVM setting constructed on Ethereum funds and liquidity, permitting builders to select and select what ought to be carried out publicly and what ought to be carried out privately.
On this dialogue, we discover how this hybrid mannequin reshapes the consumer expertise, alleviates MEV, allows sealed bidding markets and hidden order flows, and unlocks new classes of functions, from verifiable AI brokers to provably truthful iGaming. We additionally talk about the safety and governance trade-offs when utilizing a trusted execution setting, and the way TEN’s structure is designed to make failures detectable, contained, and recoverable reasonably than silent and catastrophic.
Our Q&A particulars how selective secrecy can redefine belief, composability, and value throughout the Ethereum ecosystem. 
How are you going to simply clarify to readers who’re new to the TEN protocol what “trusted computing” means and the way TEN really solves issues that the present Ethereum L2 would not?
At its easiest, “computing with belief” means with the ability to use your dapp with out broadcasting your intentions, technique, or delicate knowledge to everybody monitoring the chain.
Transparency is the default in most Ethereum L2s at the moment. It reveals each transaction, its parameters, intermediate execution steps, and sometimes even the “why” behind the motion. Whereas this degree of openness is highly effective for validation, it poses very actual issues in apply. Trades will be forward or in between. Wallets and dapps leak behavioral and financial knowledge. Video games and auctions wrestle to take care of each equity and privateness. And plenty of real-world and enterprise workflows merely can’t work if their design requires exposing inputs and logic.
That is the core structural limitation that TEN addresses. Ethereum is constructed on the premise that to ensure that knowledge to be verifiable, it have to be seen. TEN retains verifiability intact, however removes the concept that the info itself must be made public. With the proper privateness know-how, you possibly can show that your calculations are right with out revealing the underlying inputs or logic.
What it really means is confidence. Confidence that node operators can’t get forward of themselves. The sport is just not secretly rigged. Bids aren’t copied in actual time. Opponents aren’t spying in your technique. Dapps don’t extract or monetize customers’ private enter.
You continue to get Ethereum-grade safety and validation. You needn’t show every little thing.
There are different privacy-focused and TEE-oriented initiatives in cryptocurrencies. What precisely is totally different about TEN’s structure and menace mannequin in comparison with privateness L1, rollup with off-chain proofs, MPC-based approaches, and so on.?
TEN is constructed not as a parallel ecosystem, however as a privacy-first Ethereum execution. The targets are very slim and really intentional. This implies operating EVM-style functions with selective secrecy whereas sustaining cost, composability, and liquidity locked into Ethereum itself.
This design selection is what actually units TEN aside.
Privateness After we have a look at L1, we frequently ask builders to maneuver into a brand new world. New instruments, new execution semantics, and totally different assumptions about composability are frequent. TEN takes the other strategy. It isn’t meant to exchange Ethereum, however to really feel like Ethereum. Builders preserve entry to EVM, the requirements they already use, and present liquidity whereas making certain confidentiality solely when it actually issues.
Though ZK-based non-public execution supplies very robust privateness ensures, these ensures sometimes include trade-offs for general-purpose functions. Circuit complexity, efficiency constraints, and developer friction could make on a regular basis app growth harder than it must be. TEN makes use of TEE as a substitute and targets basic objective delicate computing with a really totally different efficiency and developer expertise profile.
The MPC-based strategy eliminates the necessity to belief {hardware} distributors. Though it is a nice benefit, MPC-based approaches current their very own challenges. Throttling overhead, delays, and operational complexity can shortly degrade the consumer expertise for normal functions. TEN embraces the belief of belief rooted in {hardware} and focuses on mitigating it by way of governance, redundancy, and rigorous safety engineering.
The important differentiator is that this hybrid mannequin. What ought to be public stays public, comparable to finality, auditability, and settlement. Something that must be non-public stays confidential, comparable to inputs, order movement, technique, secret state, and so on.
You discuss how TEN makes cryptocurrencies really feel like “common apps” to finish customers, non-public, easy, and trusted. What’s that like from a UX perspective, and the way is the expertise of a TEN-powered dapp totally different from the expertise of a typical Ethereum dapp at the moment?
On the consumer degree, the fixed feeling that every little thing you do is seen and will be exploited is eliminated.
With TEN-powered dapps, this manifests itself in small however significant methods. You will not have to fret about menpooling or watch your trades get pinched in actual time. Intents are non-public by default, whether or not they’re bids, methods, or execution thresholds. Customers do not should depend on defensive workarounds like non-public RPC or guide slippage hacks to make use of the app securely.
What stays is a cleaner psychological mannequin, nearer to Web2. Assume that the inputs and enterprise logic of the appliance aren’t uncovered routinely, as most software program doesn’t.
The adjustments themselves are refined, however basic. Privateness will now not be a bolt-on function or a sophisticated setting understood solely by energy customers, however merely a core product primitive that exists by default.
A trusted execution setting introduces a distinct sort of belief assumption: {hardware} vendor dependency and enclave safety. How do you deal with considerations about side-channel assaults, backdoors, or vendor-level failures in your safety and governance mannequin?
That is precisely the correct of skepticism. TEN’s place is just not that TEE is magic or with out threat. It is necessary to be clear about your menace mannequin and design your methods so {that a} breach would not go silent with catastrophic penalties.
TEN assumes that enclaves present confidentiality and integrity inside outlined bounds, and builds on that assumption reasonably than pretending they do not exist. The purpose is to make failures detectable, contained, and recoverable reasonably than invisible.
From a safety perspective, this seems as protection in depth. There are robust distant authentication necessities, managed code measurements and reproducible builds, and strict key administration practices comparable to sealed keys, rotation, and strictly scoped privileges. The assault floor of the enclave is deliberately minimized, and the privileged code operating inside is stored to a minimal.
Redundancy and fail-safe design are equally necessary. TEN avoids architectures the place one enclave successfully dominates the system. The place attainable, depend on multi-operator assumptions and construct protocols such that even a compromised enclave can’t rewrite historical past or forge funds on Ethereum.
As soon as governance and operational readiness are full, the image is full. Safety isn’t just about encryption. Additionally necessary is how shortly and transparently the system can reply. This consists of patching, revocation, enclave model locking, and clear incident playbooks that may be executed with out ambiguity.
Importantly, TEN doesn’t ask customers to “belief nothing.” It’s about lowering the substantial belief that must be positioned in operators and buying and selling companions, and focusing what stays of belief in a a lot narrower, auditable space.
On the DeFi aspect, how do sealed bid auctions, hidden order books, and MEV-resistant routing really work with TEN? And the way can customers and regulators achieve belief in a system the place the core buying and selling logic and order movement is deliberately encrypted?
Broadly talking, TEN works by altering what’s revealed by default.
Take into account a sealed bid public sale. As an alternative of broadcasting bids in clear textual content, customers submit bids in encrypted type. The public sale logic runs throughout the TEE, so particular person bids are by no means uncovered throughout execution. Relying on how the public sale is designed, bids could also be revealed solely at settlement, or in no way, with solely the ultimate consequence being revealed on-chain. This one change eliminates the bid sniping, copy buying and selling, and strategic leaks that plague at the moment’s public auctions.
The identical thought applies to hidden order books. Directions aren’t seen to others in order that they will reconstruct your intentions and techniques in actual time. Merchants are protected against systematic copying and abuse, whereas the system produces execution outcomes that may be verified after the very fact.
MEV-tolerant wiring is a pure inheritance from this mannequin. The traditional MEV pipeline of reference, copy, and sandwich doesn’t exist as a result of the consumer’s intent isn’t broadcast to the general public reminiscence pool. There’s nothing to maneuver ahead within the first place.
Naturally, this raises questions on reliability. If the core logic and order movement are encrypted, how can customers and regulators make sure that the system is working accurately?
The reply is that TEN separates enter privateness and consequence verifiability. Even when the enter is non-public, the rule is just not. Anybody can confirm that the matching engine follows revealed algorithms, that liquidation costs are calculated accurately, and that there aren’t any hidden priorities or manipulations.
Along with that, there are clear audit elements and mechanisms for selective disclosure. Regulators and auditors will be granted entry below outlined circumstances, whereas the general public can nonetheless see encrypted commitments and on-chain proof of right execution.
The result’s a uncommon mixture in DeFi at the moment: confidentiality of order movement and accountability of outcomes.
Verifiable AI brokers are one of many principal use instances. Are you able to present a concrete instance of an AI agent operating on TEN? What’s non-public and what’s publicly verifiable on-chain? And why is it higher than operating the identical agent utterly off-chain?
A easy approach to think about that is the protocol’s AI-driven monetary rebalancer.
When that agent runs on TEN, lots of the options that make it beneficial stay hidden by design. In lots of instances, there isn’t any want to show the mannequin weights or prompts, that are core mental property. Proprietary alerts and paid knowledge feeds stay confidential. Inner threat limits, intermediate reasoning, and decision-making logic are by no means leaked to the market. Even the execution intent stays non-public till the second it’s dedicated.
On the similar time, there’s a clear set of publicly verifiable on-chain. By attestation, anybody can confirm that the licensed code really executed. You possibly can confirm that the licensed coverage module enforced the related constraints and that the ensuing actions revered the outlined invariants. The ultimate state transition and settlement will happen brazenly on Ethereum, as all the time.
This mix makes it meaningfully higher than operating the identical agent utterly off-chain. Off-chain brokers in the end ask customers to belief logs, operators, or unverifiable claims that “the bot adopted the foundations.” TEN removes that blind belief. This enables brokers to maintain aggressive dynamics non-public whereas proving to customers, DAOs, and buying and selling companions that they acted strictly throughout the scope of their mandate.
iGaming has traditionally been suffering from belief points, bots, and opaque RNG. How will TEN be capable of certify truthful gaming whereas conserving RNG seeds, anti-bot logic, and gaming methods non-public? And the way do you suppose this matches into the present regulatory framework for on-line gaming?
iGaming has all the time been constructed round a basic contradiction. Transparency is important to show equity, however confidentiality is crucial to guard RNG methods, safety controls, and anti-bot logic. An excessive amount of publicity will sport the system. Should you cover an excessive amount of, belief can be destroyed.
TEN resolves that battle by way of selective confidentiality. Delicate parts stay non-public, however guidelines and outcomes stay provable.
Relating to randomness, this enables “provably truthful” to be literal reasonably than aspirational. Video games can use commit-public and verifiable randomness schemes. Randomness is pre-committed, outcomes are independently verifiable by gamers, and RNG seeds stay non-public till it’s protected to publish or solely partially revealed. Gamers achieve confidence in equity even when an attacker doesn’t acquire a usable blueprint.
The identical ideas apply to anti-bot and threat administration. That is necessary as a result of though bot detection heuristics and fraud methods are run in secrecy, subtle attackers shortly adapt as soon as these mechanisms are uncovered. Protecting them non-public maintains their validity whereas permitting the system to provide verifiable outcomes.
Extra broadly, this enables for provable sport integrity. Gamers can confirm that the sport follows the revealed guidelines and that the outcomes haven’t been manipulated, with out exposing delicate inner info comparable to safety logic, thresholds, and technique parameters.
From a regulatory perspective, this corresponds clearly to the present framework. Regulators are sometimes involved with auditability, making certain equity, and enforceable controls, reasonably than forcing the disclosure of all inner mechanisms. TEN’s mannequin of verifiable outcomes mixed with selective disclosure is a pure match with these necessities.
What does constructing “selective non-public” good contracts on TEN appear to be from a developer’s perspective? How do you mark a perform for TEE execution, and the way do you check and debug logic that may’t simply logout to a public reminiscence pool?
From a developer’s perspective, the best approach to consider TEN is that it is constructed utilizing two execution zones.
There’s a public zone and this appears like common Ethereum growth. Composable contracts that work as anticipated with commonplace EVM logic, public state, and any L2.
Then there’s the delicate zone. Right here, sure capabilities and components of the state are executed throughout the TEE, enter is encrypted, and disclosure is tightly managed.
In actuality, builders explicitly resolve what must be carried out “in non-public” and what ought to stay uncovered. On the confidential aspect, you set issues like commerce matching, RNG, technique analysis, or secret storage, however every little thing else stays uncovered for configuration and settlement.
The adjustments in workflow are most noticeable in testing and debugging as a result of you possibly can’t deal with the general public reminiscence pool as an always-on debugging console. As an alternative, testing and debugging sometimes depends on an area Devnet with enclave-like execution, deterministic check vectors, and managed debugging modes throughout growth. It additionally validates conduct by way of verifiable commitments and invariants, reasonably than counting on public logs, and proves that the system stayed throughout the guidelines even when inputs are non-public.
The important thing change is to maneuver away from mempool introspection as a debugging level and design for provable correctness from the start.
We emphasize composability between non-public and public parts as a key differentiator. What new utility patterns do you anticipate to emerge from this hybrid mannequin, and the way can present Ethereum protocols combine TEN with out utterly rewriting the stack?
TEN’s hybrid mannequin unlocks utility patterns which are very troublesome or just inconceivable with chains which are clear by default.
One clear sample is non-public enforcement with public funds. Delicate logic comparable to commerce matching, technique analysis, RNG, and threat administration will be carried out in secret, however the finish outcomes are nonetheless decided publicly on Ethereum. You possibly can guarantee privateness the place it issues with out giving up verifiability or composability.
One other space is protected worth discovery and darkish liquidity. Sealed bidding, hidden order books, and personal routing make it attainable to function a fairer market whereas producing verifiable outcomes on-chain. Markets achieve completeness with out changing the intentions of all contributors into public knowledge.
Video games and AI brokers are additionally a pure match. The internals of a hand, technique, immediate, or mannequin can stay non-public, however equity, accuracy, and settlement stay provable. This mix may be very troublesome to realize in a totally clear execution setting.
Purposes for selective disclosure are additionally rising. Identification, status, compliance, eligibility checks, and so on. can stay non-public, whereas concurrently imposing public guidelines and producing auditable outcomes.
The distinctive factor about TEN is that you do not have to surrender your Ethereum. TEN is an entire EVM, so present Ethereum good contracts will be deployed to TEN as-is and work as builders anticipate. The distinction is that you just instantly have the choice to run a few of your logic covertly.
For a lot of protocols, integration is straightforward. Groups can deploy the identical contract on TEN in parallel with Ethereum, hold the general public model unchanged, and steadily allow confidential execution the place it provides probably the most worth.
This naturally creates two adoption paths. Some groups select the least effort route by deploying with out altering their present contract and acquiring each public and confidential situations with little further effort. Different firms take a progressive strategy, selectively transferring high-value flows comparable to order movement, auctions, video games, and agent logic to confidential execution over time.
Importantly, TEN doesn’t pressure builders to decide on between composability and confidentiality. This enables us to take care of Ethereum’s ecosystem, liquidity, and instruments whereas making privateness a top-of-the-line function reasonably than an afterthought.
Who will run the enclaves and infrastructure that powers TEN, how will we keep away from centralization to a couple operators, and what would be the roadmap for decentralizing the community, bootstrapping the ecosystem, and attracting the primary breakout apps on TEN?
Like most new networks, TEN begins with a sensible bootstrap part. Initially, it will imply a smaller, extra selective set of operators and infrastructure with an actual concentrate on reliability and safety. The purpose at this stage is to not obtain most decentralization from day one, however to make sure that the system behaves predictably and securely when builders begin constructing actual functions on high of it.
Structure and incentives are actually necessary to keep away from long-term centralization. This roadmap is constructed round onboarding non-privileged operators, mixed with robust authentication necessities so operators can show they’re operating the proper code in the proper setting. Financial incentives are designed to encourage many impartial operators reasonably than small cartels, with a transparent emphasis on geographic and organizational variety. On high of that, efficiency and safety requirements are clear, and the protocol itself is structured to stop a single operator from dominating execution.
By way of how the roadmap unfolds, the primary part is about reliability and bootstrapping developer instruments. As soon as that basis is stable, the main focus will shift to delivery flagship functions that actually require confidentiality, comparable to iGaming, secured DeFi workflows, and verifiable AI brokers. From there, operator participation will develop, governance can be decentralized, extra worth will movement by way of the community, and safety postures will proceed to strengthen as dangers improve.
That is what units up the flywheel of the ecosystem. Builders do not come to TEN simply because it is one other EVM. They’re right here to supply options you possibly can’t get wherever else.
The idea of breakout apps is straightforward and simple. The primary really profitable TEN native utility will be unable to exist or compete on a series that’s clear by default. In that case, confidentiality is just not a checkbox function. It is the product itself.
