Follow
Tor doesn't; they just encrypt traffic-in-transit with multiple layers, and each node in the circuit has the keys to pierce only one layer. This means that if your traffic goes through a circuit where an attacker controls both the first and last nodes ("guard" and "exit"), you are subject to deanonymisation.
I don't know about Matrix; I've never used it.
Other services have used the attestation and SGX features built into some Intel processors to (a) protect data in an "enclave" of memory from being spied on - even by hypervisors, and (b) remotely verify that the code with access to the data is unaltered. The downside here is that it limits your distributed platform to running on a pretty small set of hardware.
