Interactive deep dive
How Arcium works
Arcium calls itself the encrypted supercomputer: a network of nodes on Solana that computes on data while it stays encrypted. No single machine (not even the ones doing the work) ever sees your inputs. This page unpacks how that's possible, from the on-chain plumbing to the cryptography, based on the official docs.
Architecture: MXEs and the computation lifecycle
Everything you deploy on Arcium is an MXE, a Multi-Party eXecution Environment, which the docs describe as your complete encrypted application and the network's equivalent of a virtual machine. An MXE is three things stapled together: a normal Solana program that acts as the on-chain coordinator, a set of encrypted instructions (confidential logic written in Arcium's Rust-based Arcis framework, where each #[instruction] function compiles to MPC bytecode stored in an on-chain comp def account) and an MXE account holding metadata: which cluster runs the workload, and the x25519 public key that clients encrypt against.
Anatomy of an MXE
Tap or hover each part for detail. The docs call MXEs the network's virtual machines, each one independent, sharing no state with others.
Solana program
A normal Solana program (written with Anchor + arcium_anchor). It receives user inputs, queues computations into the Arcium program via CPI, and handles the callback with the encrypted result. One MXE = one Solana program.
The split of labor is the architectural core. Solana is the coordination layer: per the docs, all state management and orchestration of computations happen on-chain: deterministic ordering through a single decentralized mempool with priority-based execution, node registration and scheduling, verification of results, and the economics of payments, staking, and slashing. The heavy cryptographic lifting happens elsewhere: Arx nodes are off-chain decentralized computational workers that pull jobs from the chain, execute them in MPC, and post signed results back. Here's the full round trip a single confidential computation makes.
Life of an encrypted computation
step 1/6Step through the six hops. Watch the padlocks: nothing in the middle ever gets a key.
Step 1: The client encrypts locally
The client generates an ephemeral x25519 keypair, derives a shared secret with the MXE's public key, and encrypts its inputs locally under a random 16-byte nonce. It then invokes the MXE program's instruction, passing the ciphertexts, its public key, and the nonce. Plaintext never leaves the user's machine.
Collectively, those Arx nodes form arxOS, the distributed encrypted operating system ("arx" is Latin for fortress). What's striking is how ordinary the hardware is: no GPUs, no secure enclaves, just commodity servers running a Docker image, staking collateral that can be slashed for violations.
32 GB+
RAM
12+ cores
@ 2.8 GHz+
1 Gbit/s
bandwidth
No GPU
required
Nodes are organized into clusters, the units that actually execute MXE workloads. Clusters are owner-proposed: a node cannot join unless the cluster owner has proposed it first, and the node must accept. Owners configure capacity and a Node Priority List that governs activation order, and clusters can include randomly selected nodes for sybil resistance. The docs don't fix a cluster size; the localnet minimum is two nodes.
Work itself is metered in CUs, or Computation Units, the smallest unit of computation on the network; every arithmetic operation in a circuit has a CU cost. The price of a CU is a base fee set each epoch by a stake-weighted vote of node operators, plus an optional market-driven priority fee. The docs don't publish absolute CU prices, only this mechanism. And epochs are the network's clock: fixed-duration periods that frame the base-fee vote, stake activation, reward distribution, and unbonding cooldowns. Every computation must complete within a single epoch. The docs don't publish the epoch duration either; the live explorer currently reports 12-hour epochs on mainnet (an observed value, not a documented one).
Sources: docs.arcium.com/…/core-concepts · docs.arcium.com/…/computation-lifecycle · docs.arcium.com/…/architecture-overview · docs.arcium.com/…/pricing-and-incentives
The cryptography: computing on secrets
The engine underneath everything is secure multi-party computation (MPC): a family of protocols that let several machines jointly compute a function over inputs that none of them ever sees in the clear. There is no moment where the data gets decrypted on some trusted box: the plaintext simply never exists anywhere during the computation.
Arcium's flavor is additive secret sharing over a finite field. To hide a value, split it into random-looking pieces that sum back to it modulo a prime. The docs' own example: the secret 42 becomes 17, 93 and −68 across three nodes, each share individually indistinguishable from noise. The useful property is algebraic: adding two shared values is free (each node just adds its local shares, no messages exchanged), and so is multiplying by a public constant. Try it below, and then try to steal the secret.
Split a secret yourself
additive shares over the field 𝔽251What the colluders see
No one is colluding yet. Click up to two nodes to corrupt them.
Combine all three
This is the whole trick behind Cerberus's guarantee: with additive sharing, any coalition missing even a single share learns nothing, so privacy holds as long as one node out of N stays honest, no matter what the rest do.
Multiplication of two secret values is where it gets expensive: shares of a product can't be computed locally, so the nodes must exchange messages: a communication round per multiplication. To keep that interactive part fast, Arcium (like most state-of-the-art MPC systems) uses a preprocessing model: the heavy cryptographic work of generating correlated randomness happens in an input-independent offline phase, scheduled ahead of time on the nodes' spare capacity. The online phase (your actual computation) then just consumes that material, which is why the docs rate multiplication as “cheap, optimized via preprocessing” while bit-by-bit comparisons stay expensive.
Two phases, two metrics
These aren't abstractions: the offlineRounds and onlineRounds counters on the live computations page are exactly these two phases, measured across the network over the last 24 hours.
Arcium ships two MPC backends with very different trust dials. Cerberus, the default, targets the harshest setting the docs define: dishonest majority, where up to N−1 of N nodes can act maliciously and privacy still holds so long as a single node stays honest. Every share carries an unforgeable MAC, so tampering is detected and honest nodes abort. Arcium extends the underlying BDOZ protocol with identifiable abort: cheating can be cryptographically proven to third parties, which plugs directly into on-chain slashing, with separate penalty classes for cheating and for simply not showing up. Manticore, which joined the stack when Arcium acquired Inpher's core tech and team in November 2024, assumes honest-but-curious nodes plus a Trusted Dealer that pre-generates the preprocessing material and then goes offline. Weaker guarantees, much faster, built for machine-learning workloads among operators with an incentive to behave.
Which cluster type runs my app?
Cerberus is what you get by default: if your app serves strangers on a public cluster, you want privacy and correctness to survive N−1 malicious nodes.
One more detail closes the loop: how your data gets in. Clients encrypt locally using an x25519 Diffie-Hellman key exchange and the Rescue cipher in CTR mode (128-bit security). Rescue is an arithmetization-friendly cipher (cheap to evaluate as an arithmetic circuit), and that's exactly the point: the nodes never decrypt your ciphertext. They run the Rescue decryption circuit inside the MPC itself, converting ciphertext directly into secret shares without any node ever holding the plaintext.
Why MPC and not FHE, TEEs, or ZK proofs? That comparison, including the counterpoints to Arcium's own framing, gets a full table in section 05.
Sources: docs.arcium.com/…/mpc-protocols · docs.arcium.com/…/arcis/mental-model · docs.arcium.com/developers/encryption · Arcium Purplepaper
Building on Arcium: Arcis
You don't write secret-sharing protocols to build on Arcium. You write Rust. Arcis is the framework that makes that possible: code inside an #[encrypted] module compiles into fixed MPC circuits that a cluster of Arx nodes executes over encrypted data. The rest of the project looks deliberately familiar to a Solana developer: an MXE project is a normal Anchor workspace plus an Arcium.toml config and an encrypted-ixs/ directory holding the Arcis code, and the arcium CLI is, per the docs, a wrapper over the Anchor CLI.
The core abstraction is the encrypted type Enc<Owner, Data>, which encodes who can decrypt directly in the type system. Enc<Shared, T> is encrypted under a secret shared between the client and the MXE, so both can decrypt; Enc<Mxe, T> is decryptable only by the MXE cluster itself: the docs' tool for private shared state, like an order book no individual user should be able to read. Inside a circuit, .to_arcis() turns ciphertext into secret shares, .from_arcis() seals a result back to an owner, and .reveal() deliberately makes it public. Step through the canonical example below and the whole Hello World of encrypted computing fits in under twenty lines.
Annotated walkthrough
Your first encrypted instruction: add_together
1use arcis::*;23#[encrypted]4mod circuits {5 use arcis::*;67 pub struct InputValues {8 v1: u8,9 v2: u8,10 }1112 #[instruction]13 pub fn add_together(input_ctxt: Enc<Shared, InputValues>) -> Enc<Shared, u16> {14 let input = input_ctxt.to_arcis();15 let sum = input.v1 as u16 + input.v2 as u16;16 input_ctxt.owner.from_arcis(sum)17 }18}
#[encrypted] module
Everything inside this module is compiled ahead of time into a fixed MPC circuit: the structure is frozen before any data flows through it. Only functions tagged #[instruction] become individual circuits that can be invoked on-chain.
On the client side, the @arcium-hq/client TypeScript library handles the cryptography. The app generates an x25519 keypair, fetches the MXE's cluster public key, and derives a shared secret via Diffie-Hellman. Values are then encrypted with RescueCipher, the cipher whose decryption runs inside the MPC itself, as explained in section 02 using a 16-byte nonce and one 32-byte ciphertext per value. Queueing is just an Anchor method call with PDA helpers for the mempool, cluster, and computation accounts; then awaitComputationFinalization waits for the cluster to execute and the callback to land, and the client decrypts the result from the program event. Each encrypted instruction turns into three program instructions: one to initialize its comp def, one to queue, one callback.
Those comp defs (computation definitions) are on-chain accounts storing the compiled MPC circuit for each instruction, addressed by the first four bytes of the SHA-256 of its name. Compiled circuits can reach several megabytes, so the docs recommend off-chain circuit storage for large ones; the comp def then holds a URL plus a circuit_hash! that Arx nodes verify when they fetch the code.
Developer pipeline
From cargo to mainnet
1/5Creates an Anchor-style workspace plus an Arcium.toml config and an encrypted-ixs/ directory, pre-populated with the add_together example.
The honest trade-off: because circuits are fixed before any data flows through them, Arcis is not quite general-purpose Rust. Anything whose shape depends on secret data has to be paid for in full, up front:
Both if/else branches always execute
A secret condition can't skip code, so both sides run and the condition only selects which result to keep. Cost = expensive branch + cheap branch.
Loops need compile-time bounds
for with static bounds works; while, loop, break, continue, return, and recursion don't, because the circuit can't have an unknown iteration count.
Fixed-size types only
No Vec, String, or HashMap (variable length); use [T; N] arrays. Integers, bools, tuples, structs, and fixed arrays are supported.
No .filter() on iterators
It produces variable-length output. map, fold, sum, zip, and enumerate all work fine.
Secret array indexing costs O(len)
Every position is checked so the nodes can't learn which index was accessed.
Callback output ≈ 1,232 bytes max
Results return in a single Solana transaction; anything larger fails with OutputTooLarge.
These constraints are the price of the guarantee from the previous section: a circuit whose execution pattern never depends on the data can't leak the data through its execution pattern. For most confidential-DeFi and gaming logic (comparisons, arithmetic, fixed loops over fixed arrays), they turn out to be workable rules rather than blockers.
Sources: docs.arcium.com/…/arcis · docs.arcium.com/…/hello-world · docs.arcium.com/…/js-client-library · docs.arcium.com/…/arcis/operations
ARX: staking, fees, and supply
ARX is not a gas token. Its live job is collateral: per the official tokenomics page, ARX is what operators put up to provide compute, and the more a node stakes, the more computational capacity it may offer: the docs describe a near-linear stake-to-capacity relationship, gated by a minimum self-delegation. Anyone else can delegate ARX to a node via stake.arcium.com: stake activates at the next epoch, rewards are shared pro-rata minus the operator's commission (auto-compounding supported), and unstaking triggers a one-epoch cooldown. Two governance tracks (a technical one for node operators and a lock-weighted community one) are announced for later in 2026 but not live yet.
The part that surprises people: computation fees are not paid in ARX. Arcium's tokenomics page is explicit that customers pay in the chain's native token (SOL on Solana), and you can see this live on the computations page, where every job carries its fee in lamports plus a callback reserve. Fees have two parts: a base fee set at a minimally economically viable level to cover operator costs, and optional priority fees for jumping the queue, distributed equally to each participating node. The value link back to ARX is indirect: usage generates SOL income for staked operators, which drives demand for ARX as capacity collateral; there is no buyback or auto-conversion mechanism described in official materials.
How a computation fee is split
Fees are paid in SOL (lamports), not ARX (base fee + optional priority fee per compute unit), then divided per arcium.com/tokenomics:
Supply is simple by design: 1,000,000,000 ARX, fixed: no inflation, no dynamic minting. The token generated on June 22, 2026, debuting on Binance Alpha with same-day listings on MEXC, Bitget, KuCoin and BingX, and about 208.8M ARX (20.88%) circulating from day one. Before that, a CoinList community round (March 24 to April 1, 2025) sold 20M tokens at $0.20 (a $200M FDV), raising $4M, fully unlocked at TGE. Launch trading opened around $0.40-0.43, roughly a $400M fully diluted valuation. Here's where the billion tokens go, per the announced tokenomics:
Where the supply goes
1,000,000,000 ARX, fixed, per announced tokenomics (arcium.com/tokenomics). Click a row to inspect its vesting terms.
12-month cliff, then 24-month linear
Largest single pool. Nothing at launch: the full 271.2M sits behind the June 2027 cliff, then unlocks monthly through mid-2029.
Unlock timeline: first 24 months
estimate: linear interpolation between documented vesting points~20.87% circulating (est.)
≈ 208,744,800 ARX
Documented points: 20.88% at TGE, a ~5.86M Community tranche at month 1, then 12-month cliffs on every remaining pool until June 22, 2027 (the largest supply-overhang date), followed by 18 to 42 months of linear vesting per pool. Exact per-month amounts after June 2027 are derived from the published percentages, not stated by Arcium. Full unlock lands roughly 4.5 years after launch, into 2030.
The vesting design front-loads community and ecosystem float and locks insiders hard: every backer, team, angel and validator token sits behind a 12-month cliff, so between July 2026 and June 2027 the circulating supply barely moves. Then the cliffs end all at once (June 22, 2027 is the single biggest date on the schedule) and monthly linear vesting runs for 18 to 42 months per pool, stretching full unlock into 2030. Meanwhile the staking loop below is what the token actually does day to day: collateral in, compute out, SOL fees back, and slashing as the backstop that makes a stranger's node worth trusting.
The staking loop
Slashing is documented in principle, but the docs don't publish penalty percentages or the exact staking constants (minimum self-delegation, stake-per-CU-capacity). Cheating in the default Cerberus protocol is cryptographically provable to third parties (“identifiable abort”), which is what makes targeted slashing possible.
Sources: arcium.com/tokenomics · docs.arcium.com/…/staking/overview · docs.arcium.com/…/pricing-and-incentives · coinlist.co/arcium
Ecosystem: from Elusiv to the "encrypted supercomputer"
Arcium didn't start as an "encrypted supercomputer." It started in late 2022 as Elusiv, a zero-knowledge privacy protocol on Solana with a $3.5M seed round. By March 2024 the team had drawn a harder conclusion: ZK is great for proving things about your own data, but it can't give many parties a shared encrypted state to compute over, the thing a dark pool, a private AI model, or a hidden poker hand actually needs. So they sunset Elusiv and rebuilt around MPC as Arcium. Two months later Greenfield Capital led a $5.5M strategic round (bringing the total raised to $9M) with a conspicuously Solana-native angel list: Anatoly Yakovenko, Mert Mumtaz, Lucas Bruder. The decisive move came in November 2024: acquiring the core tech and team of Inpher, a Web2 confidential-computing firm that had spent nearly a decade building GPU-accelerated MPC for clients like banks, and whose acquired patents Arcium open-sourced.
The road to mainnet
Click an entry to expand it. Filter by what changed: the company, the tech, or the token.
The 2025 testnets stress-tested that stack with thousands of node operators (Arcium's roadmap cites 3,000+ Arx nodes; later coverage says 4,000+), and on February 2, 2026 Mainnet Alpha went live on Solana with a permissioned node set. What runs on it today is more than a demo: Umbra shields transfers and swaps, and ZINC (a privacy-first SOL staking and prize mechanism) cracked the top 3 of all Solana protocols by 24h fee revenue on DefiLlama within two weeks of launching, driving the network past a million confidential computations. Per Arcium, 12 apps were live or in development across 7 categories by June 2026, with the C-SPL confidential token standard nearing completion. The long tail is visible on the live program leaderboard.
Confidential DeFi & dark pools
Encrypted order books that prevent front-running, plus Umbra's shielded transfers and ZINC's private staking positions.
Private AI
Blackthorn: inference and training on encrypted data, on NVIDIA GPUs via MPC: the Inpher inheritance.
DePIN & data
Provisioning sensitive device data and collaborative analytics without exposing raw inputs, per the official docs' use-case list.
Hidden-information gaming
Poker hands and fog-of-war strategy state: game state no player (or server) can peek at.
Why MPC and not the alternatives? Arcium's docs make the case bluntly: FHE (the Zama / Fhenix camp) is dismissed as limited to roughly 5 TPS and impractical at blockchain scale; TEEs (the hardware-enclave camp of Phala, Oasis Sapphire, Secret) are criticized for side-channel vulnerabilities and the need to trust hardware vendors; and ZK proofs are framed as falling short wherever multiple parties share private state. That framing is self-serving (every privacy project draws this table with itself in the winning column, and hybrids like Nillion (MPC + TEE) blur the categories), so the table below shows Arcium's claims with a toggle for the counterpoints.
Privacy tech, compared
Per Arcium's own comparison in its docs. Vendors grade their own homework, so toggle the caveats.
| Axis | MPC (Arcium) | FHE (Zama, Fhenix) | TEE (Phala, Secret) | ZK proofs |
|---|---|---|---|---|
| Performance | Positioned as "the most versatile and scalable" option: cheaper and faster than FHE. | "High computational costs… around 5 TPS"; large-scale blockchain use called impractical. | Not the axis Arcium attacks: its critique of TEEs is about trust, not speed. | "Better suited for niche use cases, such as selective disclosure." |
| Trust assumptions | Trustless per Arcium: with Cerberus, privacy holds if even 1 of N cluster nodes is honest; no hardware-specific trust. | No trusted hardware needed. Arcium's objection to FHE is cost, not trust. | "Proven vulnerable to side-channel attacks… trusted hardware providers also pose a security risk." | Strong: prove correctness without revealing data, but only about what the prover already knows. |
| Shared encrypted state | The headline feature: multiple parties compute jointly on encrypted state no one can read (e.g. a dark-pool order book). | Possible in principle, but throughput limits make shared-state apps impractical today, per the docs. | Yes, inside the enclave, which is precisely the point of contention. | "ZKPs fall short in shared state systems": a proof is about one party's data. |
| Maturity | Decades of academic lineage; Arcium's MPC network reached Solana mainnet in Feb 2026. | EVM FHE coprocessors (e.g. Fhenix) were still in testnet as of early 2026, per third-party comparisons. | The most production-hardened camp: Phala, Oasis Sapphire and Secret run TEE networks in production. | Battle-tested at scale for proofs and rollups, just aimed at a different problem. |
The arc closes on June 22, 2026 with the ARX token generation event. Supply, vesting, and launch figures are broken down in section 04. Four years from a sunset ZK protocol to a live MPC network whose top app competes with Solana's biggest DeFi protocols on fees, and every number on this dashboard is that network, running now.
Sources: docs.arcium.com (MPC vs. other techniques) · The Block (Mainnet Alpha) · CoinList · Solana Compass