Loader
logologo
Alpha Zone
Analysts
My Reading List
Log in
DeFiGaming & MetaverseInfrastructureMarketsNFTs
Aztec: a Hybrid Public-Private ZK-Rollup
main
Key Takeaways
10 min read
  • Aztec is focused on extending Ethereum's capabilities by introducing private smart contracts through zero-knowledge proofs as an L2 solution, offering a new level of privacy while maintaining the security benefits of Ethereum.
  • Aztec's composability enables seamless interaction between public and private environments, including private-to-public function calls, allowing for novel applications with varying degrees of privacy. Examples include private trades on public AMMs and anonymized voting on public DAOs.
  • The Noir smart contract language developed by Aztec Labs simplifies the development of dApps that utilize zero-knowledge proofs by abstracting away the complexities of ZK cryptography and making it accessible to developers without extensive cryptographic expertise.
  • A total of $100m was raised in Dec, 2022 and it is set to launch in 2024 with various testnet iterations planned throughout this year. The ambition is to fully decentralize all of its core components (sequencer, prover, nodes) by mainnet.

Introduction

Ethereum is a public state machine, it starts from a specific state and updates its state in a deterministic way according to the transactions that take place. Ethereum was not designed with privacy in mind due to the challenge of coming to consensus while achieving privacy. However, thanks to the advancements in the field of Zero-Knowledge Proofs over the last decade it has become possible to still reach consensus while preserving privacy.

Aztec is building a public-private hybrid ZK-Rollup (L2) that allows both public and private execution of smart contract logic while still inheriting the security benefit of Ethereum. On Aztec, privacy is an optionality rather than being required by default. Its goal is to extend Ethereum, where everything is public, with private function calls, transaction privacy, and user anonymity. This allows users to safeguard sensitive information from other network participants while still being able to share it with relevant authorities for compliance purposes, if necessary.

Aztec, thus far, faces little competition in its mission to introduce privacy programmability to Ethereum. While other L2 solutions such as StarkWare, zkSync, and Scroll primarily prioritize scalability, Aztec distinguishes itself by prioritizing privacy as its primary focus, with scaling as an added benefit. Similar to Aztec, Aleo also aims to make programmable privacy a reality by building a standalone Layer 1 blockchain that is private by default, also using Zero-Knowledge Proofs.

Aztec in the Broader Ecosystem

To get a better understanding of Aztec Network, we take a look at other major blockchains and how they differ in terms of programmability and privacy characteristics.

Aztec
Source: Aztec

Bitcoin only supports simple transfers without the support of programmability or privacy.

Ethereum introduced programmability through smart contracts, allowing for the development of applications on the blockchain. Ethereum lacks transaction privacy since all transactions are visible to everyone by default. However, applications can be built on top of Ethereum which offers a certain degree of privacy, such as Tornado Cash, which obfuscates transactions through its mixer functionality.

ZCash provides transaction privacy through shielded ZCash transfers utilizing ZKPs, but doesn’t offer programmability.

Zk.money supports private transfers of ERC20 tokens within its Layer 2, while Aztec Connect enables anonymous L1 DeFi interactions by transfers between its Layer 2 shielded pools and Layer 1 DeFi contracts. These two together are commonly referred to as (Aztec) Connect. In terms of programmability, Connect was still very limited.

Aztec Connect, which served as a trial run for Aztec, has been discontinued, allowing the team to fully focus on the development of its generalizable hybrid ZK-Rollup, Aztec. Nonetheless, Aztec has fully open-sourced the entire Aztec Connect protocol, offering the opportunity for interested parties to potentially fork it. It is important to note that the decision to sunset the project was not driven by regulatory concerns. Instead, it was made in recognition of the need to allocate resources and efforts toward advancing their ZK-Rollup solution. Despite its discontinuation, Aztec Connect successfully showcased the potential of on-chain privacy.

With Connect being discontinued, what lies ahead for Aztec? Enter Aztec: the Hybrid ZK-Rollup.

Aztec enables fully programmable private smart contracts with three key features: private functions that can modify general private state, cheap Layer 2 public functions, and Layer 1 public functions. Execution of a private function has the following guarantees:

  • Function privacy: conceals the called function and its underlying logic from the public.
  • Input privacy: hides transaction inputs and outputs from the public.
  • User anonymity: observers can’t tell who invoked the transaction but can see the results of the transaction publicly.

However, executing a private function that calls a public function may result in various degrees of privacy depending on the deployed application, similar to how deposits and withdrawals to and from shielded pools can potentially leak sensitive information.

Not a zkEVM

The term ZK-Rollup can be misleading because most ZK-Rollups leverage the scaling aspect of validity proofs and don’t offer privacy. Aztec, on the other hand, is the first ZK-Rollup that has a privacy-centric approach while still reaping the scaling benefits that ZKPs bring. As Aztec works towards building a ZK-Rollup that supports private smart contracts, it has become evident that achieving EVM compatibility is not feasible as it is currently incompatible with privacy. Moreover, the extensive use of client-side proof construction further makes EVM compatibility impractical.

Architecture

In Aztec, a "smart contract" is essentially a set of public and private functions written in Noir circuits. A circuit represents a computational structure made up of logical gates that perform computations on input data. These circuits form the foundation of zero-knowledge programs, typically requiring significant technical expertise in ZK to construct. However, with Noir, Aztec's private smart contract language, this complexity is abstracted away, enabling anyone to write ZK code without extensive knowledge of the underlying intricacies.

Aztec Kernel

The Aztec kernel consists of two circuits: one for private operations and another for public operations, with each circuit independently validating the correctness of its corresponding function calls.

The transaction construction includes generating proofs for multiple iterations of kernel circuits. The call stack, representing the function calls in the transaction, follows a First In, First Out (FIFO) order. Each iteration of the kernel circuit validates a call from the stack. Notably, there are two separate call stacks: one for private calls and another for public calls. Private calls are always prioritized. Once the private call stack is cleared, the transaction progresses to the public phase. In this phase, the public kernel circuit verifies the proof of the public/private kernel circuit, with an empty private call stack. This recursive process continues until the public call stack is also empty.

The transaction is deemed complete once all the calls have been executed, resulting in an empty call stack. The only information that is leaked during the process is:

  • The number of private state updates triggered.
  • The set of public calls generated.

The number of private state updates provides minimal insights, whereas the transparent nature of public calls ensures accessibility to all participants. The addresses of all private calls are hidden from observers.

To maintain the privacy of user inputs to the circuit, the private circuit is executed locally on the user's end. On the other hand, the execution of the public circuit is handled by a sequencer, which possesses the knowledge of the current state of the public data tree at any given moment. The sequencer has the option to delegate the generation of proofs to the prover pool.

Noir

Smart contracts on Aztec are written in Noir, an open-source smart contract language designed for writing and verifying zero-knowledge proofs, developed by Aztec Labs. Noir is inspired by Rust and designed to make zero-knowledge cryptography accessible to developers by eliminating the requirement of a background in cryptography. Noir, the general-purpose programming language, is not restricted to on-chain applications; instead, it caters to any application that wishes to make use of the scalability and privacy benefits that ZKPs enable.

Noir simplifies dApp development that utilizes zero-knowledge proofs (ZKP) by providing a one-click generation of a verifier smart contract for each Noir program. The verifier contract, written in Solidity, allows on-chain verification of Noir proofs, supporting Ethereum and other EVM-compatible chains.

PLONK Proving System

Aztec has developed its own in-house zk-SNARK proof system named PLONK, distinguishing it from other well-known zk-SNARKs like Groth16, which is utilized by zkSync. One key distinction is that PLONK features a universal setup, requiring initiation only once, and can be reused across all circuits. In contrast, Groth16 circuit-specific setups require new trusted setups for each individual circuit.

In Aztec's proving system, there are three parties involved: the user, the rollup provider, and the blockchain. The user wants to keep their secret information while engaging in transactions, the rollup provider batches and compresses user transactions, and the blockchain verifies the proofs. To make zero-knowledge transactions affordable, Aztec combines different versions of PLONK (PLONK, TurboPLONK, UltraPLONK), to minimize computational costs for users during proof generation and reduce computation on the parental chain, Ethereum. More on the specifics of PLONK can be found in their paper.

Decentralization

Aztec is committed to achieving decentralization of its core components upon mainnet launch.

Participants will have the freedom to operate their own nodes, sequencers, and provers, all of which are crucial components of the network. Enabling individuals to run these in a permissionless manner ensures trustlessness, censorship resistance, and decentralization of Aztec network.

Aztec
Source: Aztec

Sequencers play a crucial role by processing both public and private transactions and build blocks containing those transactions to submit to Layer 1. Once the blocks are created, they’re sent from sequencers to provers.

Provers partition the 16,348 individual transactions within an Aztec block into 14-level proof trees. By collaborating, they distribute the workload of proving individual transactions, ultimately constructing the complete Merkle tree that forms a finalized Aztec block.

Aztec nodes are responsible for the provision of chain data, synchronization of chain state, responding to RPC requests, and propagating transactions throughout the network.

Privacy and Compliance

Aztec accounts share a similarity with Ethereum in that they both utilize a public key. However, Aztec sets itself apart by incorporating a unique feature: it employs not just one, but two private keys. Unlike Ethereum's single private key, Aztec's accounts consist of a spending key and a viewing key. The spending key serves a familiar function, resembling a traditional private key on Ethereum. It enables activities such as fund transfers and contract interactions through the signing of transactions. In contrast, the viewing key is a distinctive component specific to privacy networks like Aztec and enables the holder of it to decrypt the transaction and the holder’s balance. This dual-key approach allows third parties to gain authorized access to the content of private transactions using the viewing key, while simultaneously safeguarding access to the funds through the spending key. This enables transaction privacy among network participants while also allowing for their disclosure to the necessary authorities to ensure regulatory compliance.

Additionally, Aztec's contract-specific permissions capability enables flexible implementation of compliance using blockchain primitives such as decentralized identity, third-party verification, and view key sharing. Aztec allows applications to go beyond rigid all-or-nothing approaches as it allows you to explore the full spectrum of programmable private permissions.

Applications

The composability of Aztec enables seamless interaction between public and private environments, as illustrated below. This breakthrough opens up possibilities for novel forms of interaction, such as private-to-private function calls. With this, smart contracts, whose underlying logic remains hidden from observers, can now interact with each other effortlessly.

Aztec
Source: Aztec

Other examples of possible applications are:

  • Private voting for public DAOs: allows conducting voting processes while maintaining the privacy of individual votes, ensuring confidentiality, and preventing the identification of voters.
  • Private sessions of public games: enables private interactions and gameplay within public games on the blockchain, allowing participants to engage in confidential sessions while still utilizing the transparency and security features of the underlying blockchain.
  • Private trades on public AMMs: facilitates confidential trading activities by obfuscating sensitive information such as traded size and assets, ensuring privacy while still leveraging the liquidity provided by the AMM.

Competitors

Aztec differentiates itself from other Ethereum Layer 2 solutions by prioritizing privacy over scalability. Being the first privacy-focused ZK-Rollup, it takes considerably longer to launch compared to other Layer 2 solutions due to its ambition of offering privacy on top of scalability. Aztec network has raised $100m in their series B led by a16z announced in December 2022.

Aleo, a standalone Layer 1 competitor, aims to achieve similar features. They recently raised $200m at a valuation of $1.45b, backed by notable investors including Softbank, A16z, and Tiger Global. While currently in the third and final phase of testing, Aleo's mainnet is expected to go live in Q4 of this year.

Roadmap

Contract deployment is on its way to completion. Other milestones needed for a local developer testnet are being worked on in parallel and expected to become available in Q3 2023. Details regarding the specific milestones, their corresponding sub-milestones and completion status, can be tracked here.

The public testnet accessible to all users is expected to go live by early 2024.

Conclusion

Aztec is the first of its kind to extend Ethereum beyond its public smart contracts by adding private smart contracts functionality powered by zero-knowledge proofs, operating as an L2. The composability of public and private functions allows developers to build a wide range of applications with various degrees of privacy which were previously thought of as unthinkable. While transactions remain private to external observers, the option to share relevant content with authorized entities eliminates the regulatory challenges often faced by privacy-oriented projects. Aztec is strongly committed to decentralization and intends to launch their network with the three core components (sequencers, provers, and nodes) decentralized at launch. Throughout the remainder of this year, multiple testnets are planned, beginning with a permissioned version and subsequently transitioning to a public one, paving the way for the mainnet launch scheduled for 2024.

You might also like
Article cover
Linea Airdrop Sybil Detection
Article cover
Eclipse: The Next Big Airdrop?
Article cover
Eclipse: The Speed of Solana and Liquidity of Ethereum?
Disclosure: The authors of this content and members of Nansen may be participating or invested in some of the protocols or tokens mentioned herein. The foregoing statement acts as a disclosure of potential conflicts of interest and is not a recommendation to purchase or invest in any token or participate in any protocol. Nansen does not recommend any particular course of action in relation to any token or protocol. The content herein is meant purely for educational and informational purposes only and should not be relied upon as financial, investment, legal, tax or any other professional or other advice. None of the content and information herein is presented to induce or to attempt to induce any reader or other person to buy, sell or hold any token or participate in any protocol or enter into, or offer to enter into, any agreement for or with a view to buying or selling any token or participating in any protocol. Statements made herein (including statements of opinion, if any) are wholly generic and not tailored to take into account the personal needs and unique circumstances of any reader or any other person. Readers are strongly urged to exercise caution and have regard to their own personal needs and circumstances before making any decision to buy or sell any token or participate in any protocol. Observations and views expressed herein may be changed by Nansen at any time without notice. Nansen accepts no liability whatsoever for any losses or liabilities arising from the use of or reliance on any of this content.