Executive Summary

The digital economy, and the big tech industry at its core, was built upon an unspoken consensus: users receive "free" services in exchange for their data-the veritable oil of the 21st century. This tacit agreement, summarized by the adage "If you're not paying for the product, you are the product" has fueled an industry having a deca-trillion dollar combined cap, generating over $740 billions in revenue annually for its dominant players.

Today, however, this foundational consensus is fracturing.

A confluence of factors, including heightened user awareness of data exploitation, the implementation of stringent privacy regulations, and the proliferation of sophisticated ad fraud via bots, is creating a growing wedge between the supply (users) and demand (advertisers) sides of the market. The intermediaries-the large technology platforms-are increasingly unable to deliver the high-quality, verifiable targeting data that advertisers require. Users are becoming more reluctant to share data, and the data that is available is often of diminishing quality.

This paper examines a novel solution capable of disrupting this established consensus using modern cryptography and some game theory: a private advertisement matching system utilizing Fully Homomorphic Encryption (FHE). This research provides a market overview, quantifying the Total Addressable Market (TAM) for a system that can bridge the growing trust gap. The core of this paper details the proposed FHE-powered system, which allows for precise ad targeting based on encrypted, user-permissioned data. This creates a tripartite value proposition: users regain control and can monetize their data, advertisers achieve high-fidelity targeting without privacy violations or bot fraud, and distribution platforms can integrate a system compliant with global privacy regulations and true to the data sovereignty thesis that will gain ever increasing importance in the XXI century albeit at the expense of some part of their ads business surplus.

$Fig1: Tripartite value proposition$_{Fig1: Tripartite value proposition}

1. Advertisers get better targeting, better bang for their buck and more transparent pricing,
   Users get a large part of the surplus generated by the value of their data and data sovereignty,

2. Distribution platforms that follow the ethos of privacy will get a larger share of the ads market, other such platforms… well, they will be disintermediated,

3. At the same time, all parties involved will benefit from hyper-precise ad targeting.

This technology represents a fundamental restructuring of the digital advertising value chain, moving from a broken consensus to a transparent, equitable, and efficient market.

The implementation focuses on the Telegram ecosystem, which generated $650 million in ad revenue in 2025, demonstrating significant market potential. The core idea revolves around users maintaining encrypted "passports" - Galactica ID containing verified personal data, which can be matched against advertiser criteria without decryption. The system addresses the information asymmetry in digital advertising by guaranteeing advertisers reach verified, high-quality audiences while users retain complete privacy.

Introduction

The prevailing bargain of the digital economy-'free' services in exchange for user data-has begun to fracture under the weight of rising privacy expectations, tightening regulation, and the economic drag of bot-driven ad fraud. As platforms disclose less granular data and users resist pervasive tracking, advertisers face declining addressability, higher acquisition costs, and widening uncertainty about audience quality. The industry needs a new substrate that restores trust without reverting to surveillance.

This article explores an alternative: confidential ad matching powered by Fully Homomorphic Encryption (FHE), which enables computations on encrypted, user-permissioned data. In the proposed model, users maintain a verifiable, encrypted identity 'passport' (Galactica ID); advertisers specify target attributes; and matching occurs without ever decrypting personal data-resolving the privacy-utility trade-off while materially reducing exposure to bots and data leakage. We focus on Telegram as an initial distribution environment and describe how FHE-based matching can deliver verified reach, user agency, and regulatory alignment-all without sacrificing performance.

Beyond framing the problem, we situate FHE among emerging privacy-enhancing approaches (from browser-native cohorts to universal IDs, clean rooms, federated learning, and MPC), and we detail an architecture, data representations, and implementation path tailored to messaging-centric ecosystems. We also examine adoption risks and cost profiles, offering a pragmatic lens on when cryptographic guarantees translate into measurable lift for advertisers, real participation for users, and durable revenue for platforms.

The Digital Advertising Market: Scale and Trajectory

The economic opportunity for new advertising technologies is defined by the immense scale of the market they aim to serve. In 2024, the global digital advertising market is valued at approximately $734.24 billion, with forecasts predicting it will reach $1.42 trillion by 2029, growing at a CAGR between 9.5% and 15.4% [1]. North America currently represents the largest market share [2].

$Fig2: Digital Ad Spending Market Size 2024 to 2034 (USD Billion)$_{Fig2:DigitalAdSpendingMarketSize2024to2034(USDBillion)}

The value of digital advertising is derived from its ability to deliver measurable returns through precise audience targeting, which has caused a decisive shift in budgets from traditional to digital channels. As of 2024, digital advertising accounts for over 72.7% of total ad investment[3].

Mobile advertising is the dominant channel, comprising nearly two-thirds of all digital ad spend, while search advertising remains the largest single format. However, the foundational data-driven principles that create this value are now under threat, necessitating new technological frameworks.

Telegram, one of the biggest messengers, has generated approximately $650 million in ad revenue in 2025, making advertising its largest income source among multiple monetization channels. Ad income comes primarily from sponsored messages shown in large public channels (with 1,000+ subscribers), with 65% of ad revenue attributed to these messages, resulting in a much lower global ARPU compared to e.g. Facebook - $1.47 vs $13.12 as of 2023 [4].

This represents the 10x discount that Telegram takes for deliberately not controlling user data and not using it for targeting. This 10x discount represents the value of user data.

Problem Statement

The core inefficiency of the current digital advertising model lies in its forced trade-off between personalization and privacy.

• For Users: To receive relevant content, individuals must surrender control over their personal data. This data is then aggregated, profiled, and monetized by centralized platforms without the user's participation in the economic upside. This creates a significant power imbalance and exposes users to risks of data breaches and misuse.

• For Advertisers: Advertisers face a dilemma. While access to granular user data drives campaign return on investment (ROI), relying on third-party data is becoming untenable due to regulatory restrictions and platform-level changes (e.g., Apple's App Tracking Transparency). The result is declining targeting accuracy and rising customer acquisition costs.

• For Distribution Platforms: Platforms (e.g., social media, messaging apps) are caught between user expectations for privacy and advertisers' demands for data. Failure to comply with regulations can lead to substantial fines and reputational damage, while restricting data access can harm advertising revenue.

The market requires a new technological substrate that can service the needs of all three stakeholders without the inherent compromises of the legacy system.

A Comparative Analysis of Emerging Ad Technologies

The advertising industry is developing a range of new technologies to operate in a post-cookie world. These solutions can be categorized into platform-led ecosystems, alternative identification frameworks, and systems based on advanced cryptographic methods.

• Platform-Led Ecosystems (Google's Privacy Sandbox): This is a comprehensive effort to build privacy-preserving APIs directly into the Chrome browser and Android OS. [5]. Core components like the Topics API and Protected Audience API aim to replace cookie functionality by enabling interest-based advertising and remarketing through on-device processing and data aggregation, limiting the sharing of user-level data. However, this approach has raised concerns about reinforcing Google's market dominance.

• Alternative Identification Frameworks: Industry-led solutions aim to preserve addressability using consented, first-party data. Universal IDs (e.g., UID2) create pseudonymous identifiers from authenticated user information like a hashed email, but their scale is limited to logged-in users. [6]

• Data Clean Rooms (DCRs) are secure environments where multiple parties can jointly analyze their first-party datasets to gain aggregated insights without exposing raw user-level data. [7]

• Foundational PETs: Underpinning many new frameworks are advanced computational techniques. Federated Learning is a decentralized machine learning approach where models are trained on local user devices without centralizing the raw data. [8]

• Secure Multi-Party Computation (MPC) allows parties to jointly compute a function over their private inputs without revealing them to each other. [9]

• Differential Privacy adds statistical "noise" to datasets to protect individual identities while allowing for accurate aggregate analysis. [9]

These technologies form the competitive landscape into which an FHE-based system must enter.

$\mathrm{_T}\mathrm{_a}\mathrm{_b}\mathrm{_l}\mathrm{_e}\mathrm{₁}_:\mathrm{_C}\mathrm{_o}\mathrm{_m}\mathrm{_p}\mathrm{_a}\mathrm{_r}\mathrm{_a}\mathrm{_t}\mathrm{_i}\mathrm{_v}\mathrm{_e}\mathrm{_A}\mathrm{_n}\mathrm{_a}\mathrm{_l}\mathrm{_y}\mathrm{_s}\mathrm{_i}\mathrm{_s}\mathrm{_T}\mathrm{_e}\mathrm{_c}\mathrm{_h}\mathrm{_n}\mathrm{_o}\mathrm{_l}\mathrm{_o}\mathrm{_g}\mathrm{_i}\mathrm{_e}\mathrm{_s}\mathrm{_t}\mathrm{_h}\mathrm{_a}\mathrm{_t}\mathrm{_c}\mathrm{_a}\mathrm{_n}\mathrm{_b}\mathrm{_e}\mathrm{_u}\mathrm{_s}\mathrm{_e}\mathrm{_d}\mathrm{_t}\mathrm{_o}\mathrm{_t}\mathrm{_a}\mathrm{_c}\mathrm{_k}\mathrm{_l}\mathrm{_e}\mathrm{_a}\mathrm{_d}\mathrm{_v}\mathrm{_e}\mathrm{_r}\mathrm{_t}\mathrm{_i}\mathrm{_s}\mathrm{_e}\mathrm{_m}\mathrm{_e}\mathrm{_n}\mathrm{_t}\mathrm{_p}\mathrm{_r}\mathrm{_o}\mathrm{_b}\mathrm{_l}\mathrm{_e}\mathrm{_m}\mathrm{_s}\mathrm{_.}$_{Table 1: Comparative Analysis Technologies that can be used to tackle advertisement problems.Table1:ComparativeAnalysisTechnologiesthatcanbeusedtotackleadvertisementproblems.}

Confidential Ad Matching via Fully Homomorphic Encryption

The proposed system, based on Fully Homomorphic Encryption (FHE), represents a distinct approach to resolving the privacy-utility paradox by enabling direct computations on data that remains fully encrypted.

Conceptual Overview

The system's architecture is centered on confidential computing, ensuring user data is never exposed in a decrypted state. The workflow involves several cryptographically secured steps:

1. User Data Encryption: Users create a detailed personal profile (e.g., KYC data, financial history) which is encrypted on-device using an FHE scheme before being uploaded.

2. Data Authenticity: Users generate cryptographic proofs (e.g., zero-knowledge proofs) to verify the authenticity of their encrypted data without revealing its contents.

3. Advertiser Registration: Advertisers register campaigns with a budget and a target audience profile.

4. Confidential Matching: The service performs a matching computation directly on the user's encrypted profile and the advertiser's plaintext target profile, calculating a match score without any decryption.

5. Encrypted Result Delivery: The encrypted match scores are delivered to the distribution platform, which can decrypt them to select the best-matching ad for display.

Unique Value Proposition

This architecture provides a compelling and differentiated value proposition:

• Privacy Preservation: FHE offers a theoretically absolute guarantee of data confidentiality during computation. This allows for the use of highly sensitive data for targeting in a manner untenable with other technologies, moving beyond mere compliance to a mathematically verifiable privacy promise.

• Solving the "Lemons Problem": The system addresses information asymmetry by allowing advertisers to set stringent, verifiable criteria for their campaigns (e.g., "display only to users with a match score of 80% or higher"). The FHE processing guarantees these conditions are met, assuring advertisers they are reaching a high-quality, relevant audience.

• User Data Monetization and Agency: The model reframes the user as an active participant who can securely and confidentially monetize their own data. A core component is a revenue share model where earnings are explicitly distributed among the ad matching system (40%), distribution platforms (20%), users (20%), and other incentives (20%). This aligns the interests of all parties and shifts the ecosystem from a surveillance-based model to one based on explicit, incentivized consent.

Implementation Idea

1. Galactica ID - Passport for Telegram users holds encrypted personal data,$$$$$$$$$$
   E.g., ID card data, other social networks, profile information, education certificates, preferences, etc.

2. Data in passports can be attested on TON/EVM/L2's by trusted guardians.

3. Proof Creation: Users create cryptographic proofs to verify the authenticity of their profile data, utilizing methods such as zero-knowledge proofs or signed attestations.

4. Users proof statements about the data without disclosing the data itself, e.g:

   1. Compliance: At least 18 years old + living in eligible country;

   2. Influence: Over 10k followers on social media;

   3. High-Value: Credit worthiness, net-wealth or past consumption;

   4. Sybil resistance: Unique per-person vote, not a bot;

   5. Unlocking new online use cases while prioritizing privacy.

5. Ad Registration: Advertisers can register ads, each including:

   1. A URL to the ad content to be displayed.

   2. A target audience profile represented as a feature vector.

   3. An allocated budget.

6. Confidential matching of users and ads:

   1. Accurate targeting through utilization of personal data;

   2. Confidential Matching: The system matches target profiles of ads with user profiles:

      1. Allows the distribution platform to select the best match, for instance, based on the highest match score.

      2. Enables advertiser guarantees, such as:

         1. Ads are displayed only to users with a match score of 80% or higher.

         2. Ads only reach eligible users in specified countries.

      3. Encrypted logs of matches between Galactica ID and Ad ID with a timestamp.

   3. Secure and private through modern cryptography, FHE (see point 1 in Technological Stack section below for example implementation);

   4. Valuable for advertisers by ensuring recipient quality, i.e. every ad is more valuable to advertisers than it is now;

   5. Beneficial for users by qualifying for special deals;

   6. Revenue sharing for participating users and monetizing of personal data;

   7. Reputation system: Build trust scores for advertisers based on their compliance with privacy standards and fair dealing;

   8. Privacy dashboard: Real-time visualization showing what data is being used, which ads were matched and revenue;

   9. Interface based on Telegram Mini App.

7. Use-Centric Control and Experience:

   1. Data Aggregation: Users can selectively choose which data sources to include, such as social media profiles, educational certificates, or government IDs.

   2. Permissions and Consent Management: A Privacy Dashboard would allow users to grant or revoke access to specific data points for ad targeting purposes.

Implementation Idea

1. Fully Homomorphic Encryption (FHE) for confidential cloud computing on encrypted data including ad targeting algorithms

2. Blockchain based infrastructure for security, robustness and decentralization

3. Smart contracts managing attestations, compliance requirements, proof verification and value flow

4. Zero-knowledge (ZK) cryptographyproving statements about personal data without disclosing anything besides the statement itself. Verifiable on- and off-chain.

5. Open source and research

   1. Identity Virtual Machine for Telegram

Specifications

The following specifications are initial drafts that are subject to change as we learn and iterate over the product.

Advertisement Content:

• Simple JSON format with image URL and click-through link
  Lightweight and easy to implement

User Profile Representation:

• Encrypted feature vectors containing user attributes
  Two approaches being evaluated:

  • Binary vectors: Fast, efficient filtering (yes/no attributes)
    Integer vectors: Nuanced scoring for preferences and weights

Those feature vectors can look like in the image below.

$Table 2: Proposed Feature Vectors$_{Table2:ProposedFeatureVectors}

A noteworthy disadvantage of binary feature vectors is that it can only represent data in a very coarse grained way with a low density of information. For example, the age of the user can not be represented as a true/false value directly.

An alternative to binary feature vectors are integer vectors. They add the possibility to represent scalar features such as age or balance directly. Thus they allow representing preferences, such as how likely the user is to be interested in memecoins in a more nuanced way. Furthermore ad targeting can use nuanced weights when considering multiple features.

Below is a suggested format of the integer feature vectors using Zama's concrete-ml. It still used many binary features to allow the dot-product to select for specific ranges or non scalar values, such as the country of residence.

$Table 3: Potential Format of Feature Vectors$_{Table3:PotentialFormatofFeatureVectors}

Market Opportunity and Strategic Assessment

Market Positioning

The FHE system operates within the rapidly growing market for Privacy-Enhancing Technologies, which was valued at over $6.8 billion in 2024 and is projected to grow at a CAGR of over 25%. [10]. The system specifically targets the "Privacy-Safe Ad Targeting" sub-segment, valued at $6.8 billion in 2024, which constitutes its Serviceable Addressable Market (SAM). [11]

The Serviceable Obtainable Market (SOM) is the portion of this segment with the most stringent privacy requirements, such as financial services and Web3, where the ability to use sensitive data without compromising confidentiality is a critical requirement. The system's key differentiator is the superior strength of its privacy guarantee compared to other PETs.

Critical Risk Factors
Despite its promising direction, the project faces several critical risks:

• Adoption Hurdles: The user onboarding process, which requires connecting wallets and verifying data via third-party apps, may create significant friction. On the advertiser side, the challenge is to demonstrate a clear ROI compared to established channels.

• Computational Overhead: FHE operations are computationally intensive, which could lead to substantial operational costs. The business model's viability depends on whether revenue can sustainably cover these expenses.

• Data Quality Dependency: The system's integrity relies on external "guardians" to audit and verify user data. Any failure in these third-party verification processes would directly impact the quality and trustworthiness of the ecosystem.

• Competition from "Good Enough" Solutions: The most significant threat may come from simpler, more scalable PETs like Google's Privacy Sandbox, which benefit from massive inertia and deep ecosystem integration. The FHE system must prove that its superior privacy translates into a tangibly superior value proposition.

Conclusion

Galactica ID aims to create a system where privacy and personalization are not mutually exclusive-and where user consent and compensation are paramount-it offers a framework to build a more equitable, transparent, and efficient digital advertising ecosystem. This approach is not merely an alternative; it is the necessary evolution to mend the growing wedge between advertisers and users and to forge a new, sustainable consensus for the digital age.