Zama's HTTPZ Bet: Can FHE Become the Default Privacy Layer of the Internet?

On December 30, 2025, a stablecoin transfer moved through Ethereum that nobody could see.

Not the sender, not the receiver, not the amount. Just a valid state transition, a $0.13 gas fee, and a cryptographic receipt. The token was cUSDT — a confidential wrapper around Tether — and the rails were Zama's newly-live Confidential Blockchain Protocol. Four months later, in April 2026, Zama has a listed token, a growing roster of EVM deployments in progress, and an unusually audacious pitch for how the rest of the internet should work.

They call it HTTPZ.

The analogy is deliberate. The web moved from HTTP (plaintext) to HTTPS (encrypted in transit) once Let's Encrypt and Cloudflare made certificates free and automatic. Zama argues the next jump is end-to-end encryption of computation itself — so servers, validators, and intermediaries process your data without ever seeing it. If HTTPS is the padlock on the wire, HTTPZ is the padlock around the CPU.

It's a lovely slogan. The question is whether fully homomorphic encryption — the math powering this vision — is finally fast enough to stop being a research curiosity and start being infrastructure.

From 1,000,000x Overhead to the 100x Threshold

For most of FHE's 15-year history, the honest answer to "why don't we just encrypt everything?" was a single number: a million. That was roughly the slowdown factor for running a computation on ciphertext versus plaintext. A one-second task became eleven days. Nothing shipped.

Zama's own telemetry tells the story of how that number has collapsed. The company reports speed improvements exceeding 2,300x since 2022, dragging FHE overhead down from roughly 1,000,000x to the 100–1,000x range for typical operations. Current CPU benchmarks for confidential ERC-20 transfers sit around 20 TPS. GPU acceleration, which Inco Network has pushed hardest, delivers another 784x leap, yielding 20–30 TPS in production and a public roadmap targeting 500–1,000 TPS per chain by end of 2026. ASICs arrive in 2027–2028 with a target of 100,000+ TPS.

Those numbers are still far below what you'd call "fast." But they're above the threshold where a confidential payroll, a sealed-bid auction, or a private governance vote becomes practical. That's the threshold that matters. Nobody ever needed FHE to be free — they needed it to be usable.

Zama's architecture cheats gravity in a clever way. Smart contracts don't touch ciphertext directly; they manipulate lightweight symbolic handles that reference encrypted values. The heavy FHE operations run asynchronously on an off-chain coprocessor network, with results committed back on-chain. The gas costs users see are closer to ordinary EVM transactions, because the on-chain work is ordinary EVM work. The magic happens where it's cheap to run.

What Actually Shipped on Ethereum

The mainnet launch wasn't a testnet announcement dressed up with a press release. It was a live deployment on Ethereum L1, with a Decentralized Key Generation ceremony involving 13 independent operators and a first confidential transfer that cost the same as moving an ERC-20 on a quiet day.

Since December, Zama has added progressively harder demonstrations:

• cUSDT confidential transfers — encrypted balances, encrypted amounts, standard Ethereum finality.
• The first confidential payroll on Ethereum mainnet, executed with fintech firm Bron. Employees received salaries whose amounts were hidden from everyone except the sender and recipient, even though the state transitions were publicly validated.
• FHEVM — a full-stack framework that lets Solidity developers add encrypted types (euint8, euint64, ebool) to existing contracts without learning new languages.

The payroll demo is the one worth staring at. Corporate treasuries have quietly avoided on-chain payroll for years, not because they don't want the settlement properties, but because publishing every employee's comp to a block explorer is a discrimination lawsuit waiting to happen. If FHE closes that gap, the addressable market isn't "crypto users." It's every business with a payroll and a CFO who's heard of Etherscan.

The Privacy Stack's Uneasy Alliances

Zama's marketing frames HTTPZ as a winner-take-all thesis. The reality of 2026 is messier and more interesting.

FHE has three credible siblings in the privacy computation space, and the sophisticated projects are stacking them rather than picking one.

Zero-knowledge proofs answer a different question: how do I prove something is true without revealing the data? ZK is excellent when you know the inputs and want to convince someone else the output is correct. It's terrible when multiple parties each hold private inputs and need to compute something jointly — because somebody has to actually do the computation, and ZK doesn't hide that person's view.

Trusted execution environments (Intel SGX, AMD SEV) offer near-native performance and are the pragmatic choice today for privacy-sensitive workloads at scale. Their weakness is the trust root: you're trusting Intel, AMD, or a chip supply chain that has produced a steady stream of side-channel vulnerabilities. TEEs are fast until they're broken, and then they're suddenly very not.

Multi-party computation splits data across nodes so no single participant sees plaintext, with Arcium and Nillion as the best-funded bets. MPC shines for joint computation across mutually distrusting parties but pays a heavy communication cost and doesn't compose cleanly with single-chain execution.

The 2026 pattern is compositional privacy: Nillion orchestrates MPC, FHE, and ZK based on workload; Inco offers a TEE-fast mode and an FHE-secure mode; Aztec wraps ZK around private state with FHE under consideration for specific primitives. The honest take is that FHE wins the quantum resistance fight by default — it's lattice-based — and wins the arbitrary computation on hidden data fight, but loses the pure-throughput fight to TEEs for another few hardware generations.

HTTPZ as a slogan works because FHE is the only one of the four that can plausibly be "turned on by default" without trust assumptions about hardware vendors or honest-majority committees. That's the specific thing HTTPS didn't require, and the specific thing the other three can't quite deliver.

Where This Actually Gets Adopted First

The fastest adoption paths in 2026 aren't the consumer stories. They're the boring, regulated ones where privacy is a legal requirement rather than a user preference.

Confidential DeFi for institutions. Market makers lose money every time their order sizes become public. A fund that wants to rebalance $200M of ETH can't do it on-chain today without paying a meaningful MEV tax and signaling to every bot in the mempool. FHE-enabled DEXs let the intent stay encrypted until execution — which is exactly the primitive institutional allocators have been asking for since the last cycle.

Private AI inference. The killer use case here isn't model training (still too slow) but inference on sensitive inputs — a hospital sending encrypted patient data to a diagnostic model, a bank running encrypted customer records through a credit model. Zama's Concrete-ML has pushed FHE inference on CIFAR-10-class models from minutes in 2024 into the tens-of-seconds range. That's still too slow for real-time, but it's fast enough for batch workflows that previously required data residency contracts and compliance reviews lasting six months.

Regulated stablecoins. This is the dark horse. The GENIUS Act and its NPRM implementation push issuers toward monitorable, auditable stablecoins. Public chains give you auditability but no privacy; private chains give you privacy but no auditability. A confidential-by-default stablecoin with selective-disclosure keys for regulators sits right in the Venn overlap — and it's a better compliance story than either extreme.

The HTTPZ Thesis, Stress-Tested

Will HTTPZ happen? Probably not in the maximalist sense Zama paints — the internet is not going to flip a switch and start running every HTTP request through FHE. The overhead economics don't support it, and most web traffic doesn't need it.

But the useful version of HTTPZ — private-by-default computation for the narrow set of workloads where plaintext is a liability — is visibly happening. Mainnet is live. Transactions cost pennies. A Fortune-listed payroll has cleared on a public chain without exposing a single salary. EVM expansion is scheduled for H1 2026 and Solana support for H2. The ZAMA token listed on Coinbase and Binance in February.

The question developers should be asking isn't "is FHE ready?" It's "which of my product's public data points are actually liabilities, and would I pay a 100x compute premium to hide them?" For a growing list of teams — payroll providers, institutional market makers, healthcare ML, regulated stablecoins — that answer is already yes.

The HTTPS transition took a decade. The HTTPZ transition will probably take longer, because the math is harder and the incentives are weaker. But the trajectory finally looks like a trajectory.

---

BlockEden.xyz runs production RPC infrastructure across Ethereum, Solana, and 25+ chains where the next wave of privacy-native applications will be built. If you're prototyping on fhEVM or experimenting with confidential workflows, explore our API marketplace for the underlying chain access you'll need.

Sources

• Zama Confidential Blockchain Protocol Litepaper
• Announcing Our Series B and the Zama Confidential Blockchain Protocol
• Zama Mainnet Launches with cUSDT Privacy Transfer
• Ethereum's Privacy Breakthrough: Zama Mainnet Delivers Confidential Transactions For $0.13
• The End of the Open Book: Zama and Bron Execute the First Confidential Payroll on Ethereum Mainnet
• FHEVM GitHub Repository
• Understanding Zama: A Comprehensive Overview (Messari)
• 'Confidentiality Layer' Zama Wraps Blockchains in Privacy (Bankless)
• The Privacy Stack Wars: ZK vs FHE vs TEE vs MPC (BlockEden.xyz)