Difference between revisions of "AZTEC Protocol"

Aztec Network is a L2 privacy layer on Ethereum. It strives to enable affordable, private crypto payments via zero-knowledge proofs. Additionally it allows to deposit funds into a variety of DeFi Protocols such as Lido, Element.Fi, etc.

Basics

• Based in:
• Started in / Announced on: 2019
• Mainnet release: 15-3-2021

• AZTEC Protocol is an open source zero-knowledge protocol built on top of Ethereum, making plug-and-play value transmission and asset governance privacy tools for developers and companies. 
• Their CTO has contributed to two open source projects with the aim of making cryptography cheaper on Ethereum:
  1. Optimisations to the evmone interpreter
  2. Adding batch pairing computation to the Parity BN library
• Created an universal zk-snark construction, called PLONK, which was released (9-2019) in collaboration with Protocol Labs.

Launch

• Have announced (9-2019) their upcoming multi-party computation set-up ceremony and opened to applications for 200 participants to take part in a global relay. The ceremony will build a ‘Reference String’, an echo of ZCash’s Powers of Tau Ceremony, and will lead up to mainnet launch at the end of October. More details on how the ceremony works here. 
• Vitalik announced his participation in the Ignition ceremony, using his own implementation of the MPC.
• AZTEC has completed Ignition, the biggest MPC ceremony in history by number of participants. From their blog (7-1-2020):

"600 sign-ups, 202 participants ran the software — of which 176 were valid, 30 participants stayed incognito. Most participants came from London

Confidential transactions on Ethereum are launching this month!

2 audits completed (Trail of Bits & ConsenSys Diligence), Ceremony finished, Codex computation finished this week → Deploy to Mainnet January 2020"

• From Proof of Work #78 (29-10-2019):

"we’re doing final deploy tests for our mainnet protocol, preparing for our launch later this year."

• Has launched on Eth Mainnet on 1-2-2020.

Audits & Exploits

• Bug bounty program can be found [insert here].
• From L2beat, regarding both Aztec and Aztec Connect (31-10-2022):

"Funds can be stolen if

1. the cryptography is broken or implemented incorrectly,
2. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

Users can be censored if

1. the operator refuses to include their transactions and users lack resources to propose blocks themselves.

MEV can be extracted if

1. the operator exploits their centralized position and frontruns user transactions."

• From competitor Railgun's blog comparing itself with Aztec (28-6-2022):

"Aztec’s protocol and smart contracts have not been externally audited, and while their smart contracts and client-side libraries are open-source, their sequencer code is private. Aztec is at least a year or two years away from a professional-ready, audited platform. Deployer keys could potentially be abused to steal funds, or a court order could force the team to change their code to reveal previously private information without prior warning to users. Aztec is as secure and private as its centralized team chooses it to be."

Bugs/Exploits

• Aztec Connect published (30-10-2023) a vulnerability postmortem, $450k bounty paid, and asked users to withdraw funds from zk.money
• From competitor Railgun's blog comparing itself with Aztec (28-6-2022):

"Another vulnerability was identified."

• From Week in Ethereum (30-10-2021):

"Aztec $50k bug bounty for double-spend vulnerability, emulating non-native field operations."

Governance

Admin Keys

• Had Astria proposing to become its sequencing layer, 16 days later, no responses on it yet (22-4-2024).
• Claims the next version of Aztec will be fully decentralized (29-8-2023).
• From L2beat regarding both Aztec and Aztec Connect (31-10-2022):

"The system has a centralized operator. Only specific addresses appointed by the owner are permitted to propose new blocks during regular rollup operation. Periodically a special window is open during which anyone can propose new blocks. Users can be censored if the operator refuses to include their transactions and users lack resources to propose blocks themselves."

DAO

Treasury

zkTokens

• Does not have a token itself, but releases zk Tokens. The first of which at the launch (1-2-2020) was zkDai. "Over the coming six weeks we’ll release other zk Tokens onto the network, and in two months’ time we will remove restrictions so you can make completely private custom assets from scratch."
• From this article by TrustNodes (10-2-2020):

"You need to deposit dai through the ZkDai (zkassetdetailed) contract, through a zero knowledge proof.” Aztec turns dai into what can be described as a smart contract database asset. You send the dai to Aztec, and you get zkdai which gives you a claim to the dai.

You can transfer this zkdai within the smart contract environment, but the blockchain won’t know until you convert it into dai. In the meantime you’re exchanging value in a very private manner. End users can’t quite play yet with Aztec because an app is not out, but devs can incorporate it through a tutorial of sorts."

Tech

• Whitepaper can be found [insert here].
• Code can be viewed [insert here]. From their blog (10-6-2021): "Aztec initially realeased some of its prover code under the Polaris license jointly created with StarkWare. Today we announce that all future releases of code from Aztec will be under the open source Apache 2.0 license."
• Built on: L2 on Ethereum
• Programming language used: Solidity

Transaction Details

• Capacity (TPS):
• Latency:

How it works

• From L2beat regarding both Aztec and Aztec Connect (31-10-2022):

"Validity proofs ensure state correctness. Each update to the system state must be accompanied by a ZK Proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. Once the proof is processed on the Ethereum blockchain the L2 block is instantly finalized.

All the data that is used to construct the system state is published on chain in the form of cheap calldata. This ensures that it will always be available when needed."

• From their own launch blog (1-2-2020):

"Aztec has deployed the two core components of its technology today:

1. Aztec Crypto Engine (ACE) — our smart contract validator on Ethereum mainnet, checking the correctness of every private transaction
2. Privacy SDK — abstracts away the complexities of Aztec’s cryptography, so developers can integrate privacy into their dapps with ease"

Fees

Upgrades

• From Decrypt (16-12-2021):

"Aztec announced it is unrolling a set of tools, dubbed Aztec Connect, to let developers add its privacy feature to a wide variety of protocols by using a software bridge. "It allows users to confidentially access world-class DeFi services on Ethereum with up to 100x cost savings, all while strengthening Aztec’s existing privacy guarantees. At launch, Aztec Connect extends the capabilities of zk.money, adding whitelisted functionality from select blue-chip DeFi partners," said the company in a blog post."

• Aztec 2.0 went live (12-10-2020):

1. "zkRollup based Layer 2 network, live on Ropsten
2. Private sends by default — shield and send your ERC-20s privately
3. 200x gas reduction compared to Aztec 1.0
4. Secure by design: all transactions are validated on-chain
5. Programmable Privacy with Noir — The private contract language"

Staking and Fernet

• From their docs (9-2023):

"Fair Election Randomized Natively on Ethereum Trustlessly (Fernet) is a protocol for random sequencer selection. In each iteration, it relies on a VRF to assign a random score to each sequencer in order to rank them. The sequencer with the highest score can propose an ordering for transactions and the block they build upon, and then reveal its contents for the chain to advance under soft finality. Provers must then assemble a proof for this block and submit it to L1 for the block to be finalised.

Sequencers are required to stake on L1 in order to participate in the protocol. Each sequencer registers a public key when they stake, which will be used to verify their VRF submission. After staking, a sequencer needs to wait for an activation period of N L1 blocks until they can start proposing new blocks. Unstaking also requires a delay to allow for slashing of dishonest behaviour."

Validation

• From this article by TrustNodes (10-2-2020):

"bitcoiners would argue that because you can’t validate yourself, you can’t be sure zkdai or zcash has not been printed out of thin air.

“That’s not actually true — the point of a parity check is to prove that each transaction has a net zero effect on supply,” says Tom Walton-Pocock, after further adding: “I think I’d return with the question ‘under what conditions can the parity check over Aztec’s encrypted balances fail?’."

Zk-Zk Rollup

• Is putting Zk's inside Zk's (24-4-2020):

"With this code, we can efficiently verify a SNARK inside another SNARK.

In ZK² Rollup, the spender makes a private transaction on their own device, keeping their data secret — this is a ‘proof computation’.

Instead of sending straight to Ethereum (too expensive), they send to a ‘rollup provider’, which aggregates 1,000s of transactions into a ‘rollup proof’. This collapses the gas cost on Ethereum, and makes our payments network scale.

Here are the benchmarks we’d like (in a perfect world):

1. ~1s proof construction times on smartphones
2. ~10s proof construction times for rollups (server-side)
3. ~1,000tps on mainnet
4. 3 layer recursion — proofs of proofs of proofs"

Interoperability

• From Our Network (23-4-2022):

"In the next month, the team will launch Aztec Connect, the first private bridge to Ethereum DeFi, unlocking privacy and scale for leading DeFi projects like Element and Lido."

Other Details

Oracle Method

Privacy Method

• From Bankless (7-9-2022):

"When you make a deposit to shield crypto via zk.money, you receive encrypted notes on Aztec, e.g. zkETH or zkDAI.

If you send these notes to someone else who’s on zk.money they’ll receive zkETH/zkDAI on Aztec, and if you send the notes to someone who’s not on zk.money they’ll simply receive ETH/DAI on the Ethereum L1. In the latter case your send is also private, since the recipient will only see that the funds came from the Aztec smart contract and not your address specifically."

• From Bankless (22-7-2022):

"While complex, at a high-level this architecture functions similar to a UTXO-model and uses zk-proofs to transfer ownership of assets, while simultaneously protecting the identities of any parties involved."

• From Our Network (23-4-2022):

"Aztec's privacy-first zkRollup has also amassed a significant anonymity set, with the 0.1 ETH deposit set ~60% of the size of Tornado Cash's for the same deposit amount."

• From Bankless (15-4-2021):

"Beyond private Ethereum transactions on the platform, which help users protect their privacy and save on gas costs, Aztec can be used as your anonymous DeFi wallet. In other words, it can be used to wash and anonymize your funds if you’re ever trying to fund a new address.

When sending zkETH from zk.money to a regular Ethereum address, the recipient will receive regular, "unshielded" ETH directly to the wallet. The trick here is that Etherscan will show the funds were sent from the 'Aztec Contract' and not the sender's address.

By using Aztec, you could fund new DeFi wallets without worrying someone may track your trail of breadcrumbs. Better yet, you could use zk.money to protect your funds!"

Compliance

Their Other Projects

Aztec Connect

• Went live (7-7-2022).
• From Bankless (22-7-2022):

"Aztec Connect provides users with the ability to directly interact with smart-contracts that are deployed on L1 from within the L2. This means that users can inherit Aztec’s privacy while also accessing the liquidity and composability of dapps on Ethereum. Further, Aztec users also pay minimal gas fees despite the direct interaction with L1 because, like with any rollup, gas fees are still batched and amortized across all transactors."

• From Our Network (23-4-2022):

"In the next month, the team will launch Aztec Connect, the first private bridge to Ethereum DeFi, unlocking privacy and scale for leading DeFi projects like Element and Lido. Meanwhile, Aztec has crossed 4,200 shielded ETH in the system, with over $15m total TVL."

Roadmap

• From their blog (27-3-2020):

"Our privacy roadmap is as follows:

1. ✅ Balance privacy — hiding transaction amounts
2. ⌛ User privacy (coming soon) — hiding ‘spender’ and ‘receiver’ info
3. ✘ Code privacy — hiding asset/code being spent/run"

Usage

• From The Defiant (16-12-2022):

"Aztec’s privacy-enhancing protocol has more than 70,000 unique users who have deposited over 60,000 ETH ($75M) in its smart contracts since it launched in July, according to a Dune Analytics dashboard."

• From Bankless (7-9-2022):

"zk.money has helped facilitate over 250,000 private crypto transactions to date. Aztec currently has ~$2.8M in total value locked (TVL) across mainly ETH and DAI deposits."

• From Bankless (22-7-2022):

"Per L2 Beat, Aztec Connect currently has $3.12M in TVL."

• From Our Network (23-4-2022):

"Aztec's first-party private payments app, zk.money, is nearing $100m in all-time deposits and 60k registered users, with steady growth since launch."

• JPMorgan's blockchain team trialed Aztec during a series of ZKP tests in February 2018.

Projects that use or built on it

• Element Finance (7-7-2022).

Competition

• Other Layer 2 solutions like Optimism, Starkware, Arbitrum and Hermez.

Pros and Cons

Pros

Cons

• From L2beat (31-10-2022):

"The system has a centralized operator."

Team, Funding, Partners, etc.

• London based
• Thomas Walton-Pocock; CEO
• Joe Andrews; co-founder
• Zac Williamson; CTO
• Arnaud Schenk
• Ariel Gabizon; chief scientist

Funding

• Espresso Systems; part of their $28 Series B (21-3-2024).
• From their blog (16-12-2022):

"Aztec Network is proud to announce $100 million in Series B financing led by a16z crypto, with participation from A Capital, King River, Variant, SV Angel, Hash Key, Fenbushi, and AVG."

• From Decrypt (16-12-2021):

"Raised $17 million. Crypto investment giant Paradigm led the latest funding round for Aztec, while other investors included Ethereal Ventures and Vitalk Buterin himself."

• On their website (11-2-2020):

Consensys, a_capital, Coinbase, Mov37, Samos Investments and ef.

• From this article by TrustNodes (10-2-2020):

"So how are they going to make money?

“On value capture we’re not passing detailed comment on that now (not least because the blockchain and zero-knowledge landscape is changing at a breathless pace at the moment). We will lay out our model publicly at a later date,” Walton-Pocock says."

• ConsenSys led a $2.1 million funding round for Aztec in November 2019.

Partners

• Worked together with StarkWare. From their blog (29-1-2021):

"Polaris license under which StarkWare plans to release source code for its STARK prover; Aztec will use the same Polaris license for its PLONK provers (see their post)."

• Has contributed to Pickles (for snarks) on Mina (19-8-202).
• Arranged a partnership with DeFi lending service Element (16-12-2021).