Privacy's broadband moment

ZK got fast, hardware got attestable, AI agents started carrying their own wallets, and regulators stopped trying to ban math. Four curves crossed and privacy stopped being a research topic — it became infrastructure.

There is a phrase we keep using internally at Zera Labs: privacy’s broadband moment. It started as a slide-deck line, the kind of thing you put in front of an investor to explain why a fifteen-year-old idea is suddenly a 2026 product. After a year of saying it I realised it is also the most precise description I have for what is actually happening in the cryptography stack right now.

Broadband did not arrive because someone invented broadband. It arrived because four unrelated curves crossed at the same time: fibre got cheap, video codecs got good, last-mile rights-of-way got resolved, and people stopped thinking of “the internet” as a separate thing they used at a desk. None of those four was sufficient. All four together were inevitable.

Zero-knowledge cryptography is having the same moment. I want to lay out the four curves I see, one at a time, and then say what we are doing about it.

Curve 1 — proof systems finally got fast

For most of the last decade, “fast ZK” meant Groth16 over BN254 with a trusted setup and proving times measured in seconds for circuits that did anything useful. That was good enough for academic papers and bad enough for products. People shipped in spite of it. Tornado Cash circuits took four-plus seconds to prove on a laptop in 2020. That is not a consumer experience; that is a research demo.

The thing that actually changed in 2024 and 2025 is the boring thing: hash-friendly arithmetisation went mainstream. Poseidon (and the Poseidon-2 successor) went from a “cool paper at SAC 2019” to the default ZK-friendly hash inside almost every modern proof system. Once you have a hash that costs ~250 constraints per permutation instead of the ~24,000 that SHA-256 takes inside a SNARK, the entire calculus of “what circuits are practical to prove on a phone” inverts.

The zera-sdk Rust core ships Poseidon as the only commitment hash. We did not invent that decision; we inherited it. Every serious privacy pool in 2026 made the same call. The reason ZERA can talk about unified shielding — one pool that holds USDC and USDT and SOL and $ZERA and a dozen other tokens at once — is that the per-note proof cost finally dropped below the threshold where wallet UX would tolerate it.

I wrote about how this looks at the metal level in Pedersen commitments, in production and Nullifiers without the witchcraft. Short version: the production implementation is six lines of code per primitive, and the line of code that made it six lines instead of six hundred is the choice of Poseidon.

Curve 2 — hardware attestation stopped being theatre

The second curve is the one nobody likes to talk about because it sounds like 2014 trusted-execution marketing. But it is real now in a way that it was not.

Apple’s Secure Enclave shipped in 2013. For a decade it was a place you stored your fingerprint hash and your Apple Pay tokens. In 2026 it is a place you can ship cryptographic primitives that the OS itself cannot read or steal, with attested provenance. Pixel devices have Titan M2. Modern AMD chips have SEV-SNP. ARM TrustZone is everywhere. The attestation chains are documented, the developer APIs are stable enough to build against, and — critically — the threat model for what a TEE actually buys you stopped being aspirational.

This matters for the True Offline Payments pillar of ZERA in a way that is hard to overstate. “Offline P2P payments” without a hardware trust anchor is a euphemism for “double-spend forever.” With one, it is a sequence-numbered key-attested signature over a note that the rest of the network can verify when they reconcile. The cryptography is the easy part. The cryptography has been ready for a long time. What was not ready until very recently was the assumption that the user has a real TEE in their pocket and that we can tell whether they do.

Foundry Digital taught me to think like an operator — the hardware is the system. ZERA Hardware exists for the same reason mining ASICs exist: when the math is fixed and the silicon is differentiated, infrastructure is where the next decade of value lands.

Curve 3 — AI agents grew wallets

The third curve is the one I genuinely did not see coming until late 2025.

Coinbase shipped x402 — a stablecoin-payment protocol over HTTP — and the AI agent ecosystem absorbed it within a quarter. Anthropic’s MCP standard went from “interesting Anthropic side project” to “ten thousand public servers, ninety-seven million SDK downloads a month” in the same window. Two things that should not have collided collided: autonomous AI agents now carry their own wallets, and the protocols they use to pay each other are running on stablecoin rails.

The implication for privacy is not subtle. An autonomous agent that buys a search result for 0.001 USDC is making a transaction that — under any current rail — is permanently legible to anyone watching the chain. If your agent buys ten thousand search results across an afternoon while it does research for you, the sum of those transactions is a behavioural signature of you. Not your agent. You. Because the agent is acting on your instructions.

This is the use-case that turned privacy from “a thing crypto people argue about on Twitter” into “a thing every AI platform team will be procuring by Q4.” There is no version of an autonomous-agent economy that is also a transparent-by-default payments graph. Either agents acquire privacy primitives, or agents stop being economically rational to operate at scale. We are betting that the first thing happens.

I wrote the threat-model framing for this earlier in the year — see the post on the x402 honeypot research artifact for why this is a 2026 problem and not a 2028 one.

Curve 4 — the regulatory weather changed

I do not love writing about regulation. I will keep this short.

For most of the last decade, “we are building privacy infrastructure” was a sentence you said at a developer conference in Berlin and not at a meeting at the SEC. The Tornado Cash sanctions in 2022, the chilling effect on Nym and Aztec, the post-FTX legislative panic — all of it pushed serious privacy work either offshore or underground.

Two things shifted that. First, the district court ruling overturning the Tornado Cash sanctions in late 2024 re-established that immutable code is not a sanctioned entity. Second, the broader 2025-2026 stablecoin clarity work in the US, EU MiCA implementation, and the Hong Kong VASP regime made it possible for compliant venues to handle privacy assets the way they handle any other asset class — with KYC at the edges and pseudonymity in the middle.

ZERA is built token-agnostic, chain-agnostic, and compliance-aware. The pool holds USDC. USDC has a freeze function. We do not pretend it does not. The interesting design question stops being “how do we build a system that defies the regulator” and becomes “how do we build a system the regulator can verify without the regulator becoming a panopticon.” The answer to that question is zero-knowledge. The reason the answer is finally usable is that curves one through three made it cheap.

What we are doing about it

Four curves crossing is necessary but not sufficient. Someone has to actually ship the thing.

That is what Zera Labs is for. Concretely:

One unified shielded pool instead of one per asset class. The pool is built on Solana for the account-compression-driven cost model — Light Protocol’s compressed accounts let us amortise the per-note state cost down to something that works at consumer-payment scale.
A wallet that does not assume you are sitting at a desk. Zera Wallet targets desktop, iOS, and Android with the same primitives — the offline-P2P story is real and is the reason we keep saying “digital cash” instead of “private DeFi.”
An SDK with an MCP server in the box. Every modern privacy primitive should be callable by an AI agent under a verifiable policy. We made that the default rather than the afterthought. See Building the Zera SDK: Day One.
A research line that publishes. I am doing a PhD by publication in zero-knowledge proof systems while running the company. Every paper has a corresponding production component. Every production component has a paper that would not embarrass me in a peer-review queue.

The thing I keep telling people

You can be early to the right idea by a decade and watch the wave roll in without you. The question is never “is this the future?” The question is “did the four curves cross yet?”

Privacy’s four curves crossed in 2026. The next ten years are infrastructure-build. We are going to be a stupid fraction of that infrastructure or none of it, and either way the wave is happening.