Yeah mobilecoin makes heavy use of SGX. For what it’s worth Intel isn’t going to deprecate this server side for modern use cases anytime soon.

The trade offs between zk and hardware accelerated encryption still lean towards hardware though I’m not sure how much longer that will be true. It’s very difficult to imagine a general purpose ZK machine, but you don’t need general purpose compute to get most of the value out of defi as it exists today.

In short, we’re 5-10 years away from the first general compute zk machines/vm’s imho but bespoke zk circuits are starting to appear for many use cases. Checkout plonky2 as a cool example of a modern fast zk circuit, the polygon team is doing great work here.

We’ve been working towards a fully zk winterfell implementation/proposal but it’s not there yet.

In closing, one of the unique things in mobilecoin is private information recovery at scale using MobileCoin fog (https://mobilecoin.com/news/fog-foward-in-oblivious-computin...) which isn’t possible with any zk circuit I’ve ever seen (due to the need to store lots of information durably with fast access that doesn’t leak access patterns to the server).

That is a good strategy. I hope the ZK VMs come to a reasonable performance before SGX goes fully away. Even though Intel won’t kill it for Xeon soon, I wouldn’t be surprised if they did in 5 years.

I wonder whether we can have our cake and eat it too; are there plans for FPGA-accelerated ZK machines?