Summary: TEN Protocol is best cataloged not as a generic privacy L2 or a vague TEE-powered app chain, but as a confidential rollup whose real control plane is split across three explicitly different components: enclave execution, host orchestration, and a gateway that manages viewing keys, encryption tokens, and native session keys. Its primary-source docs make a useful architectural point that many privacy projects blur: once state and transactions are encrypted, the system must also internalize indexing, query mediation, and account-scoped data access. That makes TEN a useful comparison point for privacy-preserving rollups, TEE-backed app middleware, smart-account gateways, and encrypted-orderflow systems where the real chokepoints are gateway policy, attestation-gated software admission, sequencer ordering inside trusted hardware, and rules for who may see or act on private state.
What it does:
Runs Ethereum-compatible smart-contract execution inside TEE-backed enclaves so transaction inputs, state, and query results can stay confidential
Splits each node into an Enclave, a Host, and a Gateway rather than treating the node as one undifferentiated privacy box
Uses encrypted user RPC and viewing-key-based response handling so reads and writes are scoped to authenticated users rather than exposed through a public RPC model
Keeps the active mempool inside the enclave and has a sequencer produce encrypted L2 batches while validator nodes validate user transactions and return relevant errors
Stores encrypted state plus enclave-side relational/queryable metadata because ordinary public indexing is not available once the chain’s data is private
Posts compressed encrypted batches/rollups to Ethereum for data availability and supports L1↔L2 bridge flows through synthetic transactions and rollup-header commitments
Exposes gateway-managed native session keys and encryption tokens so dApps can get account-abstraction-like UX without a separate proxy-contract-plus-bundler stack
Key claims:
The official overview frames TEN as an Ethereum-compatible L2 built around confidential rollups, encrypted EVM execution, encrypted transactions, and “smart transparency,” where developers choose what remains private, public, or time-delayed.
The main go-ten README makes the architectural split unusually explicit: the Gateway manages viewing keys and standard RPC access, the Host is operator-controlled and treated as adversarial by the enclave, and the Enclave plus encrypted relational database form the trusted computing base.
The README also says encrypted state changes the indexing model itself: because external indexers cannot inspect private chain data, “the enclave itself has to be an indexing service,” with visibility metadata stored alongside queryable information.
TEN’s README claims a major MEV-related advantage from enclave-local transaction handling: because the mempool and ordering logic run inside the secure enclave, the sequencer is not supposed to be able to game transaction ordering in the normal transparent-node way.
The protocol docs and README distinguish sequencer and validator roles in a way that matters analytically: only the sequencer actively builds batches, while validators still accept user transactions and validate them to surface meaningful errors, which splits privacy, liveness, and operator power across roles rather than collapsing them into one “private rollup” label.
The gateway-access docs show that TEN’s privacy model is not only contract-side confidentiality; it is also account-scoped middleware. Users first obtain an encryption token and viewing key pair, authenticate addresses to that token, and then the gateway restricts JSON-RPC reads and writes to addresses bound to that token.
The session-key docs expose another distinct control surface: TEN offers gateway-managed native session keys inside the TEE, letting dApps create, fund, expire, and sweep ephemeral keys without a traditional EIP-4337 bundler or proxy contract. That is analytically useful because the wallet-abstraction layer sits in gateway custody and policy, not only in onchain account code.
TEN clears the corpus bar because it makes confidential execution legible as a stack of separate layers — enclave execution, hostile-host mediation, gateway-side identity/access policy, private indexing, sequencer ordering, and selective disclosure — instead of flattening everything into a generic “privacy L2” story.
Whitepaper: The main repository README points to a reference whitepaper at https://whitepaper.ten.xyz/, and the docs overview points to an official litepaper at https://ten.xyz/litepaper, but neither yielded a readable primary document in this pass. The strongest accessible primary-source packet for now is ../whitepapers/ten-protocol-primary-sources-2026-05-13.md.