Aztec: the Hybrid zkRollup

Vision
May 4, 2023
4
MIN READ
Blog
>
>
Vision
>
Aztec: the Hybrid zkRollup
|

Ethereum-style smart contracts meet encrypted execution in a single zkRollup.At Aztec Labs, our mission has been driving toward an encrypted zkRollup supporting generalized private compute.Today we’re excited to announce the end-game — an entirely new zkRollup with the samename that started it all: Aztec.

Aztec is our vision for a trustless, scalable, and decentralized Layer 2 zkRollup enabling private smart contract execution.

Imagine all the things you love about Ethereum smart contracts, plus the ability to protect your data with programmable anonymity, data privacy, and confidential contracts.That’s it. That’s the pitch.

Ethereum, encrypted.Aztec explodes the design space of what you can do on blockchains by allowing public-private composability, and today, we’re proud to announce the roadmap for delivering Aztec to mainnet.

We are well on our way to completing basic contract deployment (Milestone 1.0), with significant progress across all components needed for a local developer environment.

Developers can expect a local testnet by the third quarter of 2023, and users and network stakeholders can expect to access a full-fledged public testnet by early 2024.

Aztec: it’s not a zkEVM

Ethereum is, at its heart, a state machine. It takes a starting state, ingests transactions (sequenced into blocks), and transitions state deterministically.

Aztec takes the original promise of a global state machine and extends it to private state.This hybrid public-private state machine processes both public and private execution of smart contract logic. Simultaneously, it no longer executes transactions like a conventional blockchain, instead proving the correctness of transactions that have already been computed.

In other words, Aztec is a zero-knowledge execution environment, but it’s not a zkEVM.Why? Isn’t zkEVM the end-game?In Aztec Labs’ search for private smart contract capability, we came to an early conclusion: privacy isn’t EVM compatible.

The beauty of rollups goes beyond mimicking Ethereum but extending its utility. Aztec is an opportunity to enshrine privacy at the base layer with the benefit of Ethereum’s security guarantees.

At the time of its invention, Ethereum traded privacy for public consensus. Trustless, private execution enabled by advanced zero knowledge cryptography had yet to be invented. After all, it wasn’t until 2018 that Zac Williamson and Ariel Gabizon published Plonk, the first zkSNARK that was practical for widespread use in blockchain applications.

But while public account-based blockchain models like Ethereum can’t support native privacy, UTXO-based privacy solutions can’t support the robust ecosystem of applications and tools that have been created for public smart contract platforms.

That’s why Aztec is both.

Aztec combines public and private execution into a single zkRollup, providing seamless composability across encrypted and unencrypted transactions. If Ethereum’s innovation was allowing read and write to public state, Aztec’s is the ability to read and write to both public and private state.The combination of public and private into a single hybrid roll-up enables confidentiality and auditability:

  • Private voting for public DAOs
  • Private sessions of public games
  • Private trades on public AMM’s

Aztec goes beyond unauditable private transactions, enabling smart contracts that allow for flexible compliance and view permissions.

{{blog_divider}}

How does it work?

Aztec takes the prior work achieved with our Connect architecture and massively extends its scope and functionality.

Connect leveraged an encrypted UTXO architecture in which value notes represented money.In Aztec, we’ve carried on with the same design with one key difference: UTXOs can represent not only “the value of a token”, but any data you like.

UTXO’s now store entire smart contracts.Connect supported just 3 custom-built circuits. Aztec can support arbitrary smart contract logic over both public and private state. That means developers can access the full set of Ethereum use-cases, plus entirely new encryption-enabled applications.

Where Connect was designed for and limited to DeFi, Aztec is limited only by your imagination.

{{blog_divider}}

Public-private composability

Aztec’s public and private state environments are fully composable–meaning any function can call any other function.

This leads to completely new blockchain paradigms like private-to-private function calls: smart contracts whose logic is invisible to blockchain observers can call other contracts with invisible logic.

Aztec is building a true privacy ecosystem–a network of smart contracts that can draw from and write to whichever ledger is most convenient:

  • a visible, public one to support primitives requiring transparency like AMMs and lending protocols
  • an invisible private one enabling the creation of private decentralized governance, finance, identity, and gaming.

{{blog_divider}}

View permissions and compliance

Aztec maintains the same segregation between viewing and spending keys as Connect, while extending viewing key permissions to each contract for fine-grained control on data access.

Because Aztec allows for permissioning on a contract-by-contract basis, compliance can be implemented flexibly with new blockchain primitives: decentralized identity, third-party verification, and view key sharing.

Applications no longer have to think about all-or-nothing approaches: Aztec supports the full spectrum of programmably private permissions.

{{blog_divider}}

Noir: Write Code, not Circuits

In order to enable private smart contract computation, Aztec Labs is contributing to core development of Noir, the universal language of zero knowledge.

Noir is an open-source, generalized zero knowledge circuit writing language compatible with any proving back-end and verifiable on any blockchain with customizable smart contract verifiers.

Where lower-level zk programming languages like Circom require knowledge of cryptographic concepts, Noir lets you write code, not circuits.

Zero-knowledge programs can have familiar syntax and abstracted cryptographic safety. An open-source library of crypto primitives means you can rely on a cache of audited crypto code and a community of cryptographers and open-source contributors.

Noir’s vision is to be the LLVM for zkSNARKs. Just as programming languages compile to an intermediate representation rather than machine language, Noir compiles to an abstract circuit intermediate representation (ACIR), which can then compile to any cryptographic backend.

Proofs can then be verified on any chain with a Solidity verifier.

That means devs from Solana to Cosmos can integrate ZK proofs with Noir.

In addition to its use as a generalizable zk programming language, Noir also serves as the smart contract language for Aztec: it retains traditional smart contract semantics, replete with state variables, functions, and cross-contract composability (even across the public-private barrier!).

{{blog_divider}}

Scalability

Our belief has always been that the largest barrier to blockchain adoption isn’t blockspace–it’s utility. Thankfully, zkSNARKs unlock both flexible encryption and scalability for Aztec.

The recursion enabled by Aztec’s kernel circuits is so powerful that we have achieved a massive scalability improvement over Connect. Aztec will target 100+ TPS and single-digit cent transactions by mainnet launch, approximately 5x more throughput than Ethereum and 50-100x more than Connect.

We expect Aztec’s primary cost input–posting call data to Layer 1–to drop significantly via the use of blob transactions facilitated by EIP-4844.Our long-term roadmap includes custom data availability, state sharding, FHE-enabled state syncing, hardware acceleration, and parallelized execution — all of which will allow us to access another order of magnitude of scale.

{{blog_divider}}

Next-level Privacy UX

Outside of core infrastructure, privacy UX has been a major bottleneck to the adoption of blockchain encryption tools.We see the problem as 3-fold:

  1. It’s hard to reason about privacy
  2. Inflexible view permissions make compliance difficult or impossible
  3. The wallet experience is confusing and non-standard

Aztec tackles all three issues head-on.

{{blog_divider}}

Privacy guarantees

Our goal with Aztec was to have significantly stronger privacy guarantees than Connect, while making them easier to reason about. Simultaneously, Aztec improves generalizability and reduces cost–meaning better privacy comes with no trade-offs.

The simple tl;dr?

Private transactions are private. Full stop.With previous-generation privacy solutions, users were concerned with privacy sets. In Aztec, private transaction execution is fully private–not only is the transaction private but the contract being executed is also private. That means private token transfers, private loans, private order book exchanges, and private game state are all totally inscrutable to blockchain observers.There is simply no way to leak information other than the raw number of private state updates triggered, nor is it possible to interrogate the origin or nature of those state updates. The only way an observer gains information about the nature of the transaction is if there is a call to a public function.

Public execution is default anonymous–observers can’t tell who invoked the transaction but can see the results of the transaction publicly.

While public transactions are still reliant on privacy sets for their guarantees, the composability of Noir contracts means privacy sets are shared across the entire network.

A stablecoin like Dai will have a privacy set encompassing payments, DeFi, and usage as an in-game currency.

{{blog_divider}}

Wallet Experience and Account Abstraction

To make Aztec accounts as compatible as possible with existing wallets, user spending keys will utilize the same spending keys as Ethereum wallets.

In addition, native account abstraction will allow users to deploy custom Noir contracts to their account addresses instead of utilizing existing ECDSA signature flows. Aztec account abstraction facilitated by Noir circuits will support:

  • Smart contract wallets
  • M of N multisigs
  • Schnorr Signatures
  • ECDSA over the 25519 curve (the same signature scheme as Apple’s TouchID)
  • Social recovery

The future of blockchains is in programmable wallets, not manually signing transactions and granting permissions. Smart contract wallets will be a core feature of Aztec’s architecture, enabling future-proof blockchain UX.

{{blog_divider}}

Build

Are you an independent or protocol dev wondering whether Aztec is right for you?

Aztec is purely additive to Ethereum. Because it supports both public and private smart contracts, anything that can be built on Ethereum can be built on Aztec.

And while Aztec’s public transactions look broadly similar to Ethereum (since they’re both public state machines), developers will be granted new opportunities unlocked by private compute:

  • Hiding confidential information
  • Anonymity
  • Hiding the terms and conditions of confidential contracts
  • Hiding which contract has even been executed
  • Programming in zero-knowledge

Because Aztec’s core execution engine verifies rather than executes compute, private transactions can have arbitrary runtime. Unlike Ethereum, which has a block resource limit of 30 million gas, there is no hard limit to the compute intensity for an Aztec block.

After all, users run programs and generate proofs on their own devices. That means programs can have arbitrary runtime and still be proved locally.

Aztec therefore allows for the concept of private micro-rollups: programs that are executed and proven locally and sent onward for verification.

Entire rollup instances and applications can be run like Layer 3’s on Aztec.

We’re excited for the new paradigms that are possible when users are empowered to run and prove programs on their own devices.

{{blog_divider}}

Open Vision, Open Source

Aztec’s vision is wildly ambitious. As a result, we are opening Aztec’s codebase, protocol design, and documentation to the broader zk and blockchain communities to discuss.We are starting by building in the open at discourse.aztec.network–our new home for protocol-level discussion and debate, and the future home of Aztec’s decentralized governance.

Join the conversation about Aztec’s specification and roadmap at discourse.aztec.network

In the spirit of radical openness, Aztec is being built under the open-source and permissive Apache 2.0 License, and Aztec’s repos are updated on a regular basis. You can see all of our open repos and documentation here:

{{blog_divider}}

Decentralization and You

Finally, Aztec will be fully decentralized at mainnet launch.Stakeholders will have the opportunity to run Aztec sequencers, provers, or nodes, each of whom play a critical role in running the network and keeping it trustless, reliable, and censorship-resistant.

Sequencers ingest transactions, both public and private, and build blocks for submission to Layer 1. Sequencers then send blocks to a federated network of provers.

Provers then break up the 16,348 individual transactions that comprise an Aztec block into trees of proofs 14 deep. They then “split up” the work of proving individual transactions, working together to construct the full Merkle tree that makes up a finalized Aztec block.

Finally, Aztec nodes provide chain data, syncing chain state, answering RPC requests, and propagating transactions.

Aztec is designed with decentralization and the sustainability of all stakeholders in mind–not just users and applications, but node providers, sequencers, and provers. All components of the stack will use commodity hardware with requirements as low or lower than their Ethereum equivalents. Stay tuned to learn how you can run Aztec infrastructure.

{{blog_divider}}

tl;dr

Aztec is a first-of-its-kind public-private hybrid zkRollup bringing together the best of Ethereum smart contracts and encrypted execution.

It is culmination of Aztec Labs’s long-term vision: a collectively-owned, fully decentralized L2 on Ethereum with encryption as a first class citizen.

We at Aztec Labs are thrilled to be able to build this together with you, and we can’t wait to see you in the forum.

{{blog_divider}}

Build with us

Visit our website and documentation to learn more and get started.

Further Resources

We’ve also compiled a long list of learning resources on both Aztec and Noir:

1️) Get an overview with CEO Zac Williamson’s explanation of the history of Aztec and Noir: https://zeroknowledge.fm/273-2/

2) Explore Aztec’s milestones and specifications, and learn more about the protocol.

3) Get started building with Noir using our Awesome Noir repo and the Noir documentation.

4) Join the latest discussion of the roadmap and protocol: https://discourse.aztec.network/

5) Building on Noir and want to chat directly to our DevRel team?Sign up for developer office hours.Contact our team directly with questions at [email protected].

{{blog_divider}}

Join our team

Aztec Labs is on the lookout for talented engineers, cryptographers, and business people to accelerate our vision of encrypted Ethereum.

If joining our mission to bring scalable privacy to Ethereum excites you, check out our open roles.

And continue the conversation with us on Discourse or Twitter.

Check Circle 1 Streamline Icon: https://streamlinehq.com
Oops! Something went wrong. Please retry
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from Aztec.