Onchain Encryption Approaches: What’s the Difference Between FHE and TEEs?

Blockchains have a problem. While transparency can be a fantastic thing for creating trustless technology, giving anyone in the world with an internet connection the ability to verify transactions, many of the most obvious use cases for blockchains, such as receiving your salary or voting onchain, are not currently viable without confidentiality. Very few people want their entire financial history, their voting record, or even their poker hand to be public information.

Luckily, new encryption technologies are providing a solution to this issue. The details of smart contracts, such as account balance and transaction amount, can be hidden on public blockchains, opening the door to a widely adopted, efficient ecosystem where users can do everything they would do on a centralized internet but without having to trust institutions with their data. This includes playing games, sending money to friends, receiving salary onchain—all without exposing sensitive information to the public.

Two encryption approaches are currently the best options for building this confidential onchain ecosystem. Fully Homomorphic Encryption (FHE) and Trusted Execution Environments (TEEs) are both feasible technologies for achieving onchain confidentiality, each with their own strengths and trade-offs. Let’s explore these two approaches before comparing them against one another.

What Is FHE?

FHE is a form of encryption that enables computations to be executed on encrypted data, producing an encrypted result. When this result is decrypted, it corresponds precisely to the outcome of operations as if they had been performed directly on the plaintext.

Often referred to as the “holy grail” of encryption, FHE is held in wide regard for its flexibility—data can be stored anywhere and kept private, including onchain, without any additional processes (not the case for zero-knowledge approaches), and can also be processed there without exposing it to the public or even to the owner of a server. This makes it fantastic for retaining blockchain composability and flexibility. However, FHE currently has a high compute overhead and high latency—an issue that is being worked on by research teams, who are making good progress, making FHE a fantastic option for the near future. 

What Are TEEs?

A TEE (Trusted Execution Environment) is a secure enclave within a processor that allows computations to be performed on sensitive data without exposing it to the rest of the system. Data and code inside the TEE remain isolated and encrypted, ensuring confidentiality and integrity even if the broader system is compromised.

Often regarded as a practical solution for secure computation, TEEs provide a strong balance between security and performance. Unlike Fully Homomorphic Encryption (FHE), which allows computation on encrypted data anywhere, TEEs rely on specialized hardware, such as Intel SGX or ARM TrustZone, to provide a secure processing environment. TEEs enable confidential data processing with lower computational overhead and latency, making them an efficient option for real-world deployments today. However, TEEs require trust in the hardware manufacturer and have been known to be vulnerable to certain side-channel attacks, challenges that ongoing research aims to address—although side-channel attacks can be mitigated by protocol design.

FHE and TEEs, Compared

Here’s how these encryption approaches compare in terms of performance, compute, attack risk, verifiability, current practicality, future potential and quantum resistance.

Performance

TEEs provide fast execution since they rely on dedicated hardware for secure computation. In contrast, FHE is currently slow and computationally intensive due to the complexity of homomorphic encryption operations. While TEEs are efficient for real-time applications, FHE is still evolving to improve performance.

Compute

TEEs rely on specialized hardware components to create secure execution environments, whereas FHE uses cryptographic methods to enable computation on encrypted data. This fundamental difference means that TEEs require specific trusted hardware, while FHE can theoretically run on any system.

Attack Risk

TEEs have been known to be vulnerable to side-channel attacks, where adversaries extract sensitive information by analyzing power consumption, timing, or other leakage. FHE, on the other hand, is immune to these but is susceptible to collusion attacks in Multi-Party Computation (MPC) setups, where malicious participants may compromise the system. Without verifiable compute, the MPC network also needs to trust that the computation node has performed the computations correctly. 

Compute Verifiability

TEEs rely on attestation mechanisms to prove the integrity of computations, which requires trust in the hardware provider. FHE, by contrast, currently can achieve integrity through consensus mechanism because computation is deterministic and, in the future, could integrate zero-knowledge proofs (ZK) to strengthen trustless verification.

Current Practicality

TEEs are already widely deployed in various blockchain applications, making them an accessible solution today. FHE, while highly promising, is only just beginning to enter production usage.

Future Potential

TEEs will benefit from advancements in hardware security, addressing vulnerabilities such as side-channel attacks, which can also be mitigated through protocol design. Meanwhile, FHE is expected to see performance improvements, particularly as specialized hardware accelerates homomorphic encryption, making it more viable for blockchain applications.

Quantum Resistance

TEEs are not inherently resistant to quantum attacks, as their security relies on conventional cryptographic principles and trusted hardware. FHE, however, is based on lattice-based cryptography, which is believed to be resistant to quantum computing threats, making it a strong long-term solution for post-quantum security.

Unlocking a Confidential Onchain Future 

A solution to the blockchain confidentiality problem is on the horizon, and both FHE and TEE approaches will be vital in realizing this future. Both are great options for achieving confidentiality, and the choice as to which technology comes down to individual preferences. Both approaches will be vital in the confidentiality-enabled blockchain ecosystem that Inco is unlocking.

‍