tl;dr
- The right hardware bet for Anoma is not a phone. It is a custom phone OS that owns the developer surface for shielded execution.
Note: I co-wrote this post with claude opus 4.7
A return visit to a question we posed in 2023.
It’s been twenty-eight months. On December 10, 2023, I posted Notes from Jamming on Applications, a list of nineteen application concepts we worked through during a session at the hacker house. Item #9 was this:
Eight posts on the thread. @cwgoes extended it (“Anoma P2P should be able to replace much of the IP stack… the main identity primitive should be cryptographic, not physical”). @graphomath proposed generalizing the P2P layer into a “comms stack” that included voice streaming. No pushback. Then the conversation evaporated. As far as I can tell, no forum post since has revisited the hardware question.
A lot has happened in the meantime. The crypto market moved through L2 saturation, a stablecoin-payments wave, the mainstreaming of intent execution, and is now sitting in a “what was the actual product” lull while AI absorbs every developer hour and every dollar of GPU capacity. NVIDIA crossed $5T market cap in October 2025. TSMC’s Q4 2025 revenue mix went 55% HPC, 32% smartphone (gross margin 62.3%, a record), with HPC up 48% YoY. Apple did $416B in FY25 with $209.59B from iPhone alone, hit a record 69% of US Q4 smartphones, and finally took the global #1 slot for the first time in thirteen years. The hardware layer of computing is, plainly, where leverage is going.
So, was the 2023 question wrong, or did we just not finish it? What follows is six candidates, ordered from where I’d push back hardest to where I’d lean in, with the pitch and the reality side-by-side. This is a starting-point pass, not a roadmap. I’m publishing it so we can argue about it.
The Phone
The pitch writes itself. You build the actual Anoma phone. Foxconn run, Linux microkernel, (Anoma Level) AL-only app surface, P2P app store served over Anoma. Beat the Solana Saga at its own game by being protocol-native instead of Android-with-a-wallet. The 2023 instinct was that hardware-software co-design is the only honest answer to “where does the moat compound,” and that instinct hasn’t gone away. If shielded execution becomes default, signing collapses into the device’s secure enclave, and the cleanest hedge against that is to be the device. Apple controls its enclave, Google controls Titan, whoever controls the future Anoma-aware enclave wins the platform.
The math has not gotten kinder. The graveyard is the central artifact:
Sirin Labs Finney (2018): $157M ICO, ~10K phones built at Foxconn FIH, sued by Foxconn for $5.9M unpaid bill, 25% staff layoffs four months post-launch. HTC Exodus (2018): targeted 1M units by end-2019, never confirmed met, line discontinued by 2020. Solana Saga (2023): ~2,200-2,500 sold in the first six months, the BONK airdrop spike in mid-December 2023 pushed resale near $5K, total run ended ~20K units, discontinued. Solana Seeker (Aug 2025): 150K+ pre-orders, driven heavily by token expectations rather than the phone-as-product. Essential Phone (Andy Rubin): ~$100M phone-only spend, ~150K units, shut Feb 2020. Nothing (Carl Pei): >$450M cumulative raised, took five years to reach $1B in lifetime sales across phones, earbuds, and AI products.
Above all of this sits Apple at 20% of global 2025 share, Samsung at 19%, Xiaomi at 13%, and Huawei retaking #1 in China at 16.4% (Apple #2 at 16.2%, per Counterpoint and IDC). India went from 5-7% of global iPhone production in FY22 to ~18% in 2025; per Foxconn shipping data via Business Standard, ~97% of US-bound iPhones came from India by mid-2025, and Tim Cook has now said all US-bound iPhones will come from India by end of 2026. This is what the incumbent does while restructuring its supply chain across a continent.
The 2023 instinct may have been directionally correct. In reality, most VCs will not underwrite a $200M 5-7 year phone bet for a software team with no hardware track record.
The Solver Matching Engine
The pitch: FPGA-based intent matching at sub-millisecond latencies. NASDAQ INET / CME Globex for the intent era. Sell rigs and SDKs to the hundreds of solver firms that emerge as intents become default execution. And there is something to it. Anoma’s foundational technical contribution to crypto was the CSP framing of intents. If you take that thesis seriously, the value-capture layer of intent-centric crypto is solving. Provers are infrastructure cost. Signers are commodity endpoints. Solvers are where order flow lands and rents accrue. Hyperliquid is the empirical proof that crypto matching infrastructure can be a venue-scale business; MEV/orderflow auctions are already a $400M+/year floor on commodity AWS.
The problem is that every existing intent solver (UniswapX, CoW Swap, 1inch Fusion, Across) runs on commodity cloud. DeFi has no co-location. Block times are 250ms to 12s. The marginal microsecond simply doesn’t matter the way it does at NASDAQ, and the fact that no solver firm has reached for FPGAs in three years of the intent thesis being validated is itself a signal. The deeper issue is alignment. A solver matching engine concentrates order flow at whoever runs the fastest box. That is the TradFi NASDAQ pattern crypto was supposed to route around. The legitimacy story is brute-force-plus-performance; the moment a faster box appears, the performance leg drops out and you’re left with brute force. Pluralism-incoherent.
It has the highest revenue ceiling on this list, but would require a significant shift in medium long-term strategic priorities and a lot of money spent on legal fees at scale.
STARK-Tuned Proving Silicon
RISC0 was elevated above Cairo as a priority for Anoma’s EVM Protocol Adapter in late 2024/early 2025. RISC0 is a STARK over BabyBear with Poseidon2 hashing and FRI commitments. The hot path is NTT over a 31-bit prime field plus algebraic-hash permutations — not the 256-bit MSM that absorbed most ZK-hardware funding. Cysic’s SolarMSM/SolarNTT FPGA boards (and their ZK Pro/Air ASIC roadmap, $30M raised), Ingonyama’s ICICLE GPU library ($21M seed, 8-10× MSM and 3-5× NTT), Irreducible’s Binius work ($24M Series A), and Fabric Cryptography’s VPU ($39M total, with a RISC0 partnership) are all calibrated for SNARK-MSM. Nobody has shipped silicon optimized for the STARK triangle that RISC0 and SP1 actually run. The lane exists.
Three things break the case, in escalating order of severity.
The workload is not stable. RISC0’s R0VM 2.0 (April 2025) cut Ethereum block-proof time from 35 minutes to 44 seconds – in software, no silicon. That’s a 50× improvement without an ASIC. Hardware now has to clear that new baseline by another order of magnitude to justify the bet, on a workload that hasn’t been stable for eighteen months.
The market isn’t there yet. Total ZK-proving industry spend is below $100M annually. Boundless launched mainnet in 2025 with ZKC at roughly $900M FDV and per-proof prices collapsed toward free as prover supply outpaced demand. Roughly $100M in equity has already been raised across the four players above, chasing a sub-$100M revenue pool. The terminal state is the Bitcoin ASIC analog: Bitmain at 82%, MicroBT at 15%, two or three players consolidating at thin margins. NVIDIA’s data-center GPU share sits near 92% (Omdia/Mercury, 2024) — a 71% gross margin business. ZK ASICs are not going to be that.
The CUDA analogy mostly doesn’t hold. NVIDIA’s moat was not silicon. AMD’s MI300X has higher peak FLOPs and more HBM than H100. The moat was seventeen years of compiler stack (cuDNN, cuBLAS, NCCL, TensorRT, CUTLASS) co-evolved with co-designed ISA features (tensor cores 2017, FP8 + TMA on Hopper 2022, FP4 on Blackwell 2024) and PyTorch defaulting to CUDA wheels. ROCm launched in November 2016, was Linux-only for years, and ZLUDA was abandoned by both Intel and AMD for “no business case.” Registered NVIDIA developers went from 2M in 2020 to 6M by GTC March 2025. That’s the moat. CUDA is to GPUs as the developer surface is to silicon; whoever owns the surface owns the platform.
So if you build STARK silicon, the developer surface (RISC0, SP1, Plonky3) belongs to other companies who can retarget when a cheaper ASIC ships.
The “Better Ledger” Thesis
Ledger and Trezor are 2014-architecture products. Two-button UX, closed-source secure-element firmware, blind-signing as default, the 2020 customer-database breach that leaked 270K addresses (and meaningfully raised the physical-safety risk for those customers), the May 2023 Recover seed-shard fiasco. Cypherpunks hate them. A modern replacement built around touchscreen UX, open firmware, on-device contract-call simulation, and broader protocol coverage would be a real product.
But the hardware-wallet graveyard is long, and most people haven’t read it carefully. GridPlus Lattice1 raised $40M+ on a bigger screen and smartcards and never broke 50K units. Foundation Passport is beautifully designed and Bitcoin-only and shipped maybe 10-20K units. Coldcard is deliberately niche. Cypherock X1’s multi-card sharding is clever and their revenue is sub-$10M. Tangem cards have moved real volume but at sub-$50 ASPs. KeepKey was acquired and is effectively dead. Keystone is niche.
Ten years of “better Ledgers.” None broke through. The reasons are structural, not product. Ledger’s 2024 revenue was $70.9M (up from $36.7M in 2023) on 7M+ devices cumulative and 1.5M customers; Trezor 2025 was $47.2M on 2.4M devices shipped in 2024; the full global category is roughly $200-300M/year and 5.8M units. The winner of the category does $70M. That is not a venture-scale market.
Also, distribution is brutal. Ledger ships through Amazon, Best Buy, and select Apple Stores, Trezor has European retail, and new entrants have a Twitter announcement. Trust capital is path-dependent. For example, if users bought a Ledger in 2019 and the device still works, they aren’t switching. New entrants face “prove you’re more secure” obstacle, which requires audits, time, and ideally a public attack survived. App-ecosystem accretion is a decade of integration partnerships (Ledger Live supports ~5,500 coins/tokens); new entrants ship the top 10 and lose every long-tail customer.
“Ledger is garbage” is a marketing pitch that genuinely sells. The underlying category cannot support a venture-scale outcome, and you don’t escape it by being a better Ledger. You escape it by being a different device. Which is the next thing we discuss.
The Shielded-Intent Signer
A dedicated hardware device built natively for MASP, Resource Machine, and intent semantics. Hardware-rooted shielded note generation, on-device proof acceleration for shielded spends, intent encoding and partial-transaction signing in firmware. Not a better Ledger, a different category of device that Ledger structurally doesn’t address.
This is the only candidate where Anoma’s intellectual heritage is prerequisite knowledge to build correctly. The secure-element substrate (NXP SE05x, Infineon Optiga, Microchip ATECC) is fully commodity. The defensibility lives in firmware that natively understands MASP note commitments and nullifiers, RM resource semantics, intent encoding, and the local-proving flow that shielded execution mandates, BECAUSE OUTSOURCING TO A REMOTE PROVER COLLAPSES THE PRIVACY GUARANTEE THAT MAKES SHIELDED EXECUTION WORTH USING IN THE FIRST PLACE.
Ledger ships ECDSA/EdDSA. Trezor ships ECDSA/EdDSA. Nobody ships a signer built natively for shielded-pool semantics. That is greenfield. The technical constraint (privacy demands local proving) and the d/acc preference (cryptography deployed at the user’s edge, not a cloud the user doesn’t control) point the same direction. Capital required: $5-15M. Time-to-revenue: 12-18 months. Customer and beneficiary are the same person, clean fairness-legitimacy.
The TAM ceiling is the limit. Even capturing 20% of a growing shielded-curious subset — 500K-1M devices/year at $150-300 ASP — yields $75-300M revenue. Healthy and defensible. Not NVIDIA. Ledger could enter if MASP gets traction, and the defensibility window is probably 18-36 months.
The deeper risk is if Apple or Google ships an MASP-aware Secure Enclave in 2030, which they will if shielded execution actually scales, the discrete signer becomes a Garmin GPS unit after smartphones absorbed GPS. Or a dedicated music player after the iPhone. Or a point-and-shoot camera. Or a pedometer. The dedicated-signer is to the smartphone as the dedicated-MP3-player was to the smartphone, a feature waiting to be platform-absorbed. The list of devices that have survived that absorption over twenty years is quite short, and they all have a physical reason for being separate (a dedicated GPU, a steering wheel, a pacemaker). A signing chip does not.
This is the best of the discrete-device plays. Higher ship probability than silicon, better Anoma-fit than the matching engine, real product against an actual UX bottleneck. But it sits downstream of a platform risk that isn’t hypothetical. If you take that risk seriously, you don’t build a discrete signer — you build the layer that mediates between protocol semantics and the device’s enclave, wherever that enclave lives.
The Phone, Done as Software
The cleanest way to think about this candidate is as the phone bet without the phone. You don’t run a Foxconn line. You take a commodity Android phone ( concretely, a Google Pixel) and you replace the operating system with one you’ve built. Linux has Ubuntu, Fedora, Debian; Android has GrapheneOS, CalyxOS, LineageOS, /e/OS – open-source forks of the Android Open Source Project that strip out Google’s services, harden the security model, and ship a different default experience on the same silicon. They are real, they have users, and the engineering practice of maintaining one is well understood.
The Anoma version is that pattern with the protocol stack at the system layer. Shielded-by-default. The Pixel’s Titan M2 / StrongBox keystore wrapped in MASP/RM-aware key derivation. The Anoma SDK exposed to applications the way Apple’s CryptoKit or Android’s Keystore are exposed today.
<COMMODITY HARDWARE UNDERNEATH, CUSTOM OS ON TOP>
This is the candidate that captures the platform-developer-surface moat the phone bet was reaching for, without the phone-OEM capex. It pre-empts the enclave-collapse risk by being the layer that mediates between protocol semantics and whatever secure element the phone ships. It is the literal CUDA-equivalent move. In particular, own the programming substrate that applications target, not the silicon underneath. NVIDIA didn’t win because they built a chip; they won because cuDNN became the API every framework called. An Anoma OS where the SDK is anoma.intent(...), anoma.shielded.spend(...), anoma.resource.create(...) is the developer surface no incumbent will ship for at least five years and probably ten.
The category exists, even if it’s quiet. GrapheneOS runs on Pixel 6 and later, has roughly 100K active users, and is built by a tiny team. CalyxOS, LineageOS, /e/OS are mature open-source Android forks with established build systems and update channels. F-Droid and Aurora Store provide app distribution paths outside Google Play. Pixel hardware roadmap is set by Google, but the firmware/OS layer above the bootloader is customizable. Capex in the $5-20M range; timeline 18-24 months to a shippable v1 with a MASP/RM-aware keystore and a curated app surface.
The risks are genuine and I want to name them. Open-source phone operating systems struggle with monetization. For example, Graphene runs on donations. Also, Google can change the Pixel security model in ways that break custom forks; verified-boot changes alone could brick the moat. Distribution is right now is only innovators. The “buy a Pixel and flash a custom OS” market is currently smaller than even Ledger’s TAM. App-ecosystem building is years of work and you start at zero.
This is the closest fit to “Anoma’s matrix multiply” that’s actually shippable in eighteen months. It is the answer to the question we asked informally at the Heliax Hacker House in December 2023, “should we build a phone.” The 2026 answer is to ship the OS without ever ordering the device.
Closing
The 2023 phone instinct was right to be having the conversation, and right to punt on execution. The hardware question for Anoma has always been real.
The defensibility comes from owning a developer surface no incumbent will ship for, on a five-to-ten-year horizon. That surface is some combination of intent encoding, shielded-pool semantics, and the Resource Machine’s resource model. Whatever shape the hardware takes, that’s what the OS has to make first-class.
The CUDA analogy holds in spirit and breaks in detail. NVIDIA owned the substrate; Anoma’s equivalent likely is not silicon, but rather the system layer that mediates between protocol and device.