Shahaf Bar-Geffen: 0:00

The shift should be to understand that privacy is not a constraint, it's actually a differentiator and one that people value.

Joeri Billast: 0:10

Hello everyone, and welcome to the Web3 CMO Stories Podcast. My name is Joeri Bilast. I'm your podcast host. And today I'm honored to be joined by Shakaf. Hey Shahaf, how are you?

Shahaf Bar-Geffen: 0:22

I'm great, Joeri. Thank you for having me here today.

Joeri Billast: 0:25

Great to have you on the show, Shahaf. Guys, if you don't know Shahaf, Shahaf Bar Gaffen. He's a seasoned entrepreneur and investor. He's a co-founder and CEO of COTI. And he's also the chairman of Lineup. That's a Web3 game studio. He studied computer science biotechnology and economics at the Tel Aviv University. Let's dive straight in, Shahaf. Privacy is really one of the hot topics in crypto these days. When you look at the rapid conversations that are going on about privacy, what do you think that most marketers and founders still must understand why it's so important and becoming mainstream?

Shahaf Bar-Geffen: 1:02

Yeah, because I think some may make the mistake of thinking about privacy as something trendy or uh you know topical or like a hot narrative, and they'll be missing they'll be missing the point completely because privacy is so fundamental. There is it's a pivotal moment in the space when you know when we will look backwards, uh it would be the same as the moments in which we've launched you know high throughput blockchains and everything became fast, and you didn't you don't need to wait you know long minutes for confirmations. It is as important as these sort of things. Now, the thing that most mareteers and founders miss is that they still see privacy as kind of like a niche feature for hiding transactions, maybe something that is tied to you know anonymity or or like edge cases, but this is really missing the point. Privacy is becoming mainstream right now because it's essential infrastructure for real-world adoption. The fact is that you know transparent blockchains expose everything: portfolios, trading strategies, user data, and you know, institutions they're not going to tokenize trillions in assets as competitors can see every move, and retail users will not adopt crypto if every payment made, every vote made is completely out there in the public. So it's much more than Z-Sh pumping in price. And it's critical infrastructure, and the moment is now. Now, maybe another thing that people miss is that privacy is not about secrecy, it's something different. Secret is I know something and I don't want anybody to know about it. Privacy is about control, it's about deciding who gets to see what. And when you have such control or selective disclosure, it means that you enable compliant, scalable applications in DSFI, real-world assets, and everything and beyond. And when we built COTI, we had this in mind for a few years now, not just you know the last few months. And we are using a unique type of technology called garbage circuits to make privacy programmable, you know, much more than just transactions and very practical and not just ideology. It's not just an idea, it's not just ideology, it's it's about practicality.

Joeri Billast: 3:43

Shahav, maybe you heard I've written this book, The Future CMO, and I talk in the book about trust as a growth engine. So, from your perspective, how does real privacy infrastructure change the way brands can build and measure trust with their users? That's super interesting, actually.

Shahaf Bar-Geffen: 4:01

Look, it used to be that let's talk about, you know, in the context of crypto, of course. Because in um, you know, I've recently had a it's interesting, had a conversation with a few CMOs, and and most of them described trust as the thing you optimize for in crypto, uh, you know, 2025 and beyond, not for hype, not for other things. And it used to be that blockchain gained their trust from being transparent, because if you you don't want to trust anything, you want to verify everything. In order to verify, you need the thing to be transparent. Uh, that was the limitation. Math has changed and cryptography has changed in in the context of blockchains, and you can verify now without thinking the things being fully transparent. So trust isn't just about transparency anymore, it's about giving users control over their data while still proving the integrity of your blockchain. You know, real privacy infrastructure, uh, like the one we've implemented at Cotti, let's brands build personalized experiences without invasive tracking, which is you know trustworthy. So imagine like a loyalty program where users' um you know preferences are are encrypted but still verifiable, or or you know, analytics that aggregate insights uh without exposing individuals. So this you know shifts the measurement from from broad surveillance to consent-based metrics, and everything is is opt-in. So you know, brands can quantify trust via on-chain proofs, you know, and they can show that you know zero data licked leaked at that process, and everything is compliant and the integrity was uh was kept. In that way, you can actually turn uh privacy to a competitive edge that drives loyalty and and growth. So again, I think the conversation can shift and trust when you trust someone with your personal information, you want to know that they are worthy of that, and that you know they will not expose that information, and you can they can you know build that trust with you. And I think with privacy, you can actually you can actually uh do that. So the brands can finally say, you know, we don't see your data, we don't track your intent, we can verify everything without exposing it, and we you know we protect you at the infrastructure uh uh level, and and this is you know a seismic shift in digital brand building.

Joeri Billast: 6:48

To dive deeper also on the fact you mentioned it already, yeah? But when you began building COTI's privacy infrastructure, you are trying to build a problem, and it was actually more than uh it was more than a zero knowledge only approach that you're uh building. So explain a bit more about that, maybe.

Shahaf Bar-Geffen: 7:07

Sure. You know, zero zero knowledge as an example that um uh that you give. You know, what when we started building uh codies privacy infrastructure to solve you know the the the core blockchain contradiction, public being the public being able to verify uh versus real world confidentiality and privacy. You know, early on uh we we aimed to enable private payments and and data handling without sacrificing decentralization. But you know, around 2022, uh as we dove deeper into the enterprise needs, uh like confidential DeFi and real world assets, we realized that that zero knowledge proofs alone wasn't enough. Zero knowledge is good at proving something without revealing the inputs that came into the process. But if you really want to build something interesting, you know, with full confidential computation, where it's important to cover the logic itself, when performance matter, right? Like when you when you're building DeFi, when you want more than one participant in your computation, like you're doing a vote or a bid or DeFi again. So for all of that, ZK falls very short. And we needed something that was faster and more flexible. The analogy that, or the evolution that I usually give is that you know, step one was no privacy, so Ethereum, Bitcoin, all of that. Step two is private transfers. So we hide the transfer itself, we can just that that would everybody know Ccash as an example, or Monero, etc. The last step is private apps, the ability to protect the logic within an app, which is by the way, the experience we have now in web two, right? Your banking and everything, uh, or the stock, uh the the New York stock exchange, all of that is a private. We need to get to that level in blockchain so people will take us seriously and will actually use the project. The test. So ZK is very limited and doesn't offer you that. There are alternatives, but they either you know sacrifice decentralization or trust, like TEEs, or are just super slow and expensive FHE. Uh, what we built is called garbage circuits. It is by far the fastest and lightest and most cost-effective option out there. And you know, we've already benchmarked it, we've uh we've proved it more than once. So this is kind of like what led to uh to what, and this is the evolution that we're talking about. I think right now the market finally, after 10 years of research, has moved from no privacy to private transfers like ZK. And I think the next evolution has to be private apps, and this is where Coti plays.

Joeri Billast: 10:10

Yeah. A very specific solution for a problem that is in the market and people getting more and more aware. Now, an interesting or a major milestone for you is the MetaMask snap integration for Cotti. So, from product thinking perspective, what does this unlock for users and builders that did not exist before?

Shahaf Bar-Geffen: 10:32

Yeah, well, first of all, what it is, it's an add-on that you add to MetaMask, and from this point onwards, you can send, receive, and view private tokens created on the Court E network. And this is amazing because this is the first time it's it's happening. You know, it's the first time you you can access privacy through MetaMask. You couldn't have done this uh before. It it was very exciting for everybody involved, including the MetaMask uh uh team. Now, you know, MetaMask is obviously it's the biggest wallet out there, you know, with millions of users every day, which is great for retail. But for builders, privacy becomes uh a drop-in capability, right? So, like if you integrate MetaMask, you essentially can integrate private tokens. And it means that onboarding becomes you know 10x easier for users, it just means you know, one-click confidential transactions right in their wallet, no extra tools, no learning curve. With other privacy solutions out there, you usually need a specific wallet, specific jank, like a lot of integration just to do a private uh transfer. And you know, we we are early, and uh, you know, Ethereum has just set up its uh privacy cluster, and and you know, Vitalik just spoke at uh Dev Connect last week on their aim to have privacy in wallets in the next you know one or two years. We are already live with this, right? So we have super early on. Uh, we are also working with my Ether wallet to integrate onoff privacy to the wallets, and I think the the my the shift is that before we did this, privacy was always something you had to go somewhere else to do or use. Now it's native to what you already use, and I think this is how privacy goes mainstream and becomes ubiquitous across all dApps.

Joeri Billast: 12:25

Yeah, I think you mentioned somewhere or often say that privacy should be end-to-end, not just in the cryptography. Yeah, maybe explain a bit more what confidentiality at every layer means in practice and why it matters for real-world applications.

Shahaf Bar-Geffen: 12:41

Sure, right. So, so you know, first of all, end-to-end privacy means that the confidentiality isn't just in the crypto proofs, it's not just about the proof, you need to bake it into the entire step, you know, from network metadata to execution to storage. Let's take uh uh an example. Uh, we are the first chain to have a privacy perptex on top of it called Privax. Okay, so you want to launch Ethereum, so you know a lot of data will leak if you do it in hyperliquid, right? Uh, who you are? Uh you're buying Ethereum. This is the price, this is you know the bid, all of that data means that people can front from you. So you're using Privax on Cody, the inputs are encrypted, the magic engine runs on Goblet circuits without revealing the logic, so nobody sees the AMM, etc. The output stays shielded, so you know what you bought and and the prices, etc. And you know, even the queries that are there use selective disclosure. So, you know, no metadata leaks and exposes the patterns, and nobody can, if you are a fan, for instance, understand what you're doing. Now, why does this even matter? It matters because you know, the real-world apps like supply chain, healthcare, they can't afford just to have partial privacy. Because if there is only one weak layer out there, it undoes everything. So you can't expect interesting use cases or globally sized institutions to actually do something on-chain, even if just one chain is uh is is weak and can be hacked. And you know, we uh at Claudio, of course, this architecture makes privacy default. It's not an opt-in, it's not just part of it is private, but the rest is really isn't. And we enable apps that work uh for enterprises, actually do that without the constant risk of data being leaked or patterns being leaked or any part of the stack being leaked.

Joeri Billast: 14:50

Yeah, I love that the privacy by default. You already mentioned garbled circuits. Maybe for people now listening that uh have never heard about this concept. Can you explain a bit more what is a garbled circuit? Yeah, and maybe some more explanation about what products it can make possible.

Shahaf Bar-Geffen: 15:08

Yeah, look, first of all, you know, just explaining garbled circuit goes probably beyond uh the time limitation of any specific podcast. Maybe Lex Friedman can do it, but it's it's uh it's a bit complicated, but uh definitely people can go to coty.io. Uh, when you log in, there's a prompt there, you can ask it how gobbled circuit works, it will, it will tell you everything. What's important to understand? It's important to understand that when you use gobble circuits, you can take data, you can encrypt this data, you can put it on chain. Nobody is able to understand what's there because it's encrypted. Now, what is the problem? I can do that on Ethereum, but the minute I want to understand something about the data, I want to ask something about this data, it needs to be decrypted, it needs to be uh uh put within a smart contract, and then everybody can see it. Bad. When you're using gobbled circuits, you can encrypt the data and ask questions about this encrypted data without ever needing to decipher it. So nobody can actually see uh you know what you're asking, what the result is, all of that remains encrypted the entire time. We do that and we add this to multi-party computing. So nobody holds no nobody specific holds the key to decrypt this data, and we do that uh using Solidity or like uh an improved version of Solidity, which we call GC EVM. Okay, so like gobbled circuits EVM. Uh so it's the same sort of programming languages that everybody uh understands and and can operate upon. So it's very easy to use, it's very strong, and it also has amazing performance. Again, very fast, very light, very cost effective. So it's all sorts of use cases can be developed with it.

Joeri Billast: 17:04

Yeah. You mentioned your website to prepare for the podcast. That's what I did, Shaqaf. I went there and I saw this possibility to put in a prompt and ask more information or more explications about certain certain aspects. So at the end of the podcast episode, we will mention the link, but they will also be visible or you can find them in the show notes. Now I like the concept also about privacy by default, like you mentioned. If you are sitting, I organize this inter-synergist retreat here with marketers and entrepreneurs in AI. Maybe they know a bit about Web3D, but not so much. How would you explain to them this privacy by default opportunity, transparency by design, if you want, those people?

Shahaf Bar-Geffen: 17:49

Yeah. Okay, so if uh privacy is not the default, then it means that it's an abstract thought, right? We've built something, now it's obviously you know very leaky, and now we're trying to close the leaks. It's not a good process. The idea is that to build things where privacy is by default. So picture this you know, your users own their data, and uh you can, you know, you can prove the compliance of everything that you're doing without exposing their data, and then your app can actually scale to institutions, all right? So you're growing your market as a founder that has now built his app because uh users that care about privacy, which is could be probably everybody, now enjoy the fact that you protect their data, and you open you've opened up the market for institutions because they require that by uh by law. Privacy by default, transparency by design means that building apps is a process where confidentiality is the baseline, but you can verify everything that is in the depth, right? Again, it means that for your roadmap as someone who develops things, privacy isn't a bolt-on, it's foundational. So the idea is to shift your mind from being reactive in how you handle security to proactive trust. So that's the idea, and you can be compliant in the process, and you can uh market the fact that your app is protected and you protect the data of your users as a huge advantage and there's a mode. And it's I want to live in a world where it uh what do you know the world is shifting from surveillance-based systems to permission-based systems? It's it's uh it's a good business.

Joeri Billast: 19:42

Absolutely. Yeah, I love what you're building. It's really necessary these days if you see how the world is evolving. Now, but IBC is a whole topic. Tokenization is also a hot topic these days in Crypto Web3. If you now look at enterprises exploring tokenization, which use to use believe will absolutely demand privacy by default in the next two years and what signals are you seeing that it is coming?

Shahaf Bar-Geffen: 20:07

Obviously I think like it is in in in the real world all of it will require privacy but I think what comes top of mind is technique of you know real world assets like private credit, uh real estate trade finance all of that will diminish you know privacy by default because you know exposing the yields the positions or the all god forbid the client data it will kill the the the deal. Obviously health records and identity systems will require privacy uh you know no enterprise shares patient info publicly uh or identity publicly and you know the the signals are already there by the way uh you know BlackRock tokenized funds they they already seek confidential settlements i can tell you that jp morgan tests private chains for compliance we're seeing RFPs and in in these RFPs right now RFPs are requests for proposals they mandate encrypted computation regulators are pushing that as well probably in two years without privacy tokenization will stall as a retail experiment and I think there's 30 trillion dollars opportunity that hinge on the fact that public blockchains will solve for privacy and this is the opportunity we're looking at at Cody yeah it's interesting you mentioned RFPs because that's a real source right where you can see what they are working on these bigger companies.

Joeri Billast: 21:40

Now as privacy layers become programmable and almost probably invisible in to the end users what should marketers and entrepreneurs start doing differently in how they design onboarding storytelling go to market sure look like every good technology or like it is in you know web to apps programmable privacy should be invisible and encryption should be handled seamlessly no tech jargon just user empowerment right so like you click to be shielded and you're protected uh and and you can you know if if you're a stoly storyteller you can you know lead with the benefits right trade privately settle compliantly your data your control and uh I guess if you want to do a go-to market you can target pain points like data breaches which we see all the time uh or front running uh MEV all of that is something that people now understand and you know as an entrepreneur you can build metrics around privacy adoption and engagement you know um A B tests to for verifiable privacy and I think even though it's not that prevalent now it will become the status quo the standard the fact is that anyone ever that was granted privacy as an option never gave it back never said I don't need it well you can take it back I I I don't need privacy. So I think this is you know a very strong vote and it become the standard absolutely it's good that you mentioned and not lead with these technical aspects but about what's in it for them for the users. The other day a podcast episode recording with Rudy Koch from Mythical games I know we also are in web 3 gaming so it's not about the experience and not about the web 3 aspects of it. Let's talk about yeah that's true that's and that's actually true for different for web 3 or web 2 project it's all always about that it's not about the tech and that's a problem that lots of founders make that mistake that they talk about about the tech so now let's talk about yeah maybe about mindset. So if you project forward into the world of the future CMO as my book what kind of marketing leader will thrive in a private by default web 3 environment what mindset shift would you invite our listeners to make today look the the promise of of blockchains is to become this ledger where you don't need a trusted third party to facilitate things.

Shahaf Bar-Geffen: 24:21

Right? Because the math is there and you don't need to trust anything you can verify you can so in this environment it's actually counterintuitive but the future CMO thrives as a trust architect uh that can blend data insights with ethical privacy that can that is using proofs for personalized campaigns but without the invasion that comes with it. You know a CMO that can master selective disclosure uh he can aggregate analytics from encrypted data you can uh build communities around user sobriety and and the mind shift the mindset shift is from collect everything to earn access you know maybe even today cmos can audit their stack for leaks right that they can they can speak with us and then we can experiment with confidential tools like that cody is using but there are other solutions out there and you know the shift should be to understand that privacy is not a constraint it's actually a differentiator and one that people value and you know I I I invite you you your listeners to start viewing data as uh as user owned and hence designed for consent and you know in web 3 it's true globally but I think especially in web 3 the CMO who builds genuine trust wins the long game.

Joeri Billast: 25:57

Yeah I think there's a lot of food for thought you mentioned the podcast episode really a motivational message here at the end.

Shahaf Bar-Geffen: 26:06

Now Shahaf if people they want to learn more about Cotti and everything you're doing where would you like me to send them first you can go to Cody's on on on social network on X which is the Cori Foundation X page is is very active I'm active on social Shahaf B G S H A H A F B G on X as well and of course Cody website and Cori's blog and medium it's Cori.io coti.io perfect as my listeners know I already mentioned it there are show notes there is a blog article related to the podcast episodes all the links and all the everything that Shakaf mentioned will be found in there.

Joeri Billast: 26:49

Shahaf it was a real pleasure to have you on the show today thank you I love that guys what an amazing episode with a lot of insights I am sure that this episode will be very useful for people around you so be sure to share this episode with them. If you're not yet following the show this is a really good moment to do this hit the subscribe button if you haven't given me a review yet if you give me these five stars this will help me reach an even bigger audience and of course I would like to see you back next time. Take care