‣
- Aztec is an open source layer 2 network that aims to bring scalability and privacy to Ethereum. It strives to enable affordable, private crypto payments via zero-knowledge proofs.
- Aztec is a Layer 2 Network that aims to become a scaling solution with privacy as their main priority
‣
- Optimistic: no fixed costs, finality delayed by 7 day challenge & withdrawal period; in case of fraud, blockchain state gets rolled back
- zk: high fixed costs, finality limited by speed of rollup, no challenge or withdrawal period, no possible fraud (caveat: as long as the cryptography works as intended)
‣
Here’s a school child’s diagram of the scalability equation for Aztec and other zkRollups:
Must be a really good school if this is what they’re teaching ‘em.
‣
- In Aztec’s current technological paradigm, an improvement of our proving system called UltraPlonk, the cost of posting a proof to Ethereum is approximately 550,000 gas, ~30% cheaper than it was when zk.money was first launched.
- We anticipate this coming down to ~180,000 gas with the advent of our next-generation proving system, [super secret code name redacted].
‣
Aztec’s current system was recently upgraded from 112 transactions per rollup at zk.money’s launch to 896 transactions per rollup, an improvement in throughput of 8x.
The way Aztec worked under the hood prior to this most recent upgrade is:
- A proof is generated client-side in-browser
- 28 client proofs are then aggregated into an “inner” rollup proof
- 4 inner rollup proofs are then aggregated into an “outer” rollup proof
That “outer” rollup proof is then verified in what we call the root rollup circuit — the circuit that establishes the validity of all the underlying work that goes into ensuring execution on Aztec happened as expected. Then that final proof gets posted on-chain for posterity.
It’s proofs on proofs on proofs.
For the release of Aztec Connect SDK, we’ve increased the outer rollup’s capacity to 32 inner proofs by optimizing the outer rollup circuit. 28 * 32 = 896. Magic.
That’s why we go through all this headache, writing circuits that can efficiently verify recursive Plonk proofs.
If you’re following so far, the share of rollup costs per transaction fell from:
- 750k / 112 = 6,700 gas; to
- 550k / 896 = 614 gas → an 11x improvement!
We think that’s well worth inventing novel forms of cryptography.
‣
- In addition to the proof, which validates Aztec’s off-chain transactions, Aztec also has to post call data¹ for each transaction, such that anyone can reconstruct the state of Aztec’s rollup and prove the validity of off-chain computation.
- Aztec broadly supports efforts to reduce the cost of data on Ethereum, and we’ll discuss the minutiae of the two EIPs in a separate post.
- For now, it’s true for our architecture that scaling costs beyond a few hundred transactions asymptotically approach the cost of call data:
- Note that the chain on which Aztec posts call data is critical for security, because data availability is of chief concern in case Aztec’s rollup provider ceases to function and system state needs to be reconstructed once the provider comes back online.
- Note that while a rollup provider going down can only freeze users’ funds in place, with no ability to steal funds, recomputing blockchain state can only happen if state is available (hence data availability).
- That’s why for the foreseeable future, we intend to post the rollup’s state to Ethereum–it is for now the Lindy-est, most secure chain with consistent and proven uptime. We’re also excited about exploring our own first-party offchain data availability solution and 3rd-party chains like Celestia.
For now, an Aztec transaction requires the storage of a number of items on-chain:
- Transaction viewing keys (8,480 gas)²
- Join-split call data (2,064 gas)³
- For DeFi transactions, call data for deposit and claim (2,064 * 2)⁴
- Total: 14,672 gas
‣
- zk.money is a Layer 2 privacy app built on top of the Aztec network. Ethereum users can use it to shield tokens and protect their transaction data from the public.
- Shielding a token means having it under a zkSNARK (zero-knowledge proofs cryptography) shell that protects the user’s privacy. Sending and receiving a token is anonymous, and does not publish any of the transaction’s data publicly.
‣
- Aztec Connect allows users to confidentially access world-class DeFi services on Ethereum with up to 100x cost savings, all while strengthening Aztec’s existing privacy guarantees.
- As a result, users save 80–90% on gas fees with privacy thrown in for free.
- Aztec Connect is a giant leap ahead: users can now bridge private assets to mainnet for a DeFi interaction and return to Aztec in the same transaction.
- For the first time ever, it’s now possible to interact cheaply and privately with any Ethereum DeFi application.
- Connect is a privacy and scalability module for money markets, DEXes, liquid staking pools, derivatives, and everything else Ethereum builders dream of.
- It also interacts directly with Layer 1 liquidity and contracts, meaning no fragmentation or core contract redeployment.
‣
- Once users decide on a DeFi transaction, Aztec batches transactions up with other transactions of the same type and passes them to an Aztec Bridge Contract.
- The Bridge Contract then takes the aggregated funds and calls the relevant functions from a DeFi protocol, returning proceeds from the interaction to the rollup contract. Finally, Aztec updates its state tree and in the process gives users on the network their share of funds as shielded notes.
- Aztec Connect acts as a proxy acting on behalf of users within Aztec who want to execute a DeFi transaction on Layer 1.
‣
- How does this translate to practical cost-savings? Let’s talk through a basic Uniswap swap, which costs ~130,000 gas ($55.64).¹
- Because the Aztec rollup supports large batch sizes — up to 896 transactions at launch, courtesy of Flashbots (more on this in a later post) — the cost of validating Aztec zero-knowledge proofs is amortized across many users.
- You can think of this as the cost of privacy. At current proof construction costs, the cost of privacy is just 1,875 gas per transaction.
- Say 100 users want to execute the same swap on Uni. Splitting the cost of the Uniswap transaction and cost of posting data on Ethereum, they each pay 15,762 gas.
- In total, the cost of a Uniswap transaction becomes just 17,637 gas, or $7.52, an 86% savings over L1. Swaps become 7.4x cheaper, with iron-clad privacy as a bonus.
- Aztec Connect vastly expands Aztec Network’s capabilities at launch, adding whitelisted DeFi functionality with select partners. Any developer looking to integrate Aztec to an existing DeFi application can write an Aztec Connect Bridge Contract.
- Soon thereafter, the Connect SDK will allow developers to integrate affordable private transactions directly into their front-ends, making Aztec accessible straight from the DeFi experiences you love.
- Permissionless, programmable privacy on Ethereum.
‣
- https://twitter.com/aztecnetwork/status/1462938619790852098?s=20&t=kkKXP6uDiZ-vM5QFP9xQzg
- https://twitter.com/aztecnetwork/status/1469121178228994051?s=20&t=kkKXP6uDiZ-vM5QFP9xQzg
- https://twitter.com/aztecnetwork/status/1507296266501296131
- https://www.reddit.com/r/ethereum/comments/a3upfr/why_the_aztec_protocol_is_one_of_the_best_things/
‣
- https://medium.com/aztec-protocol/privacy-for-pennies-scaling-aztecs-zkrollup-9f2b36615cc6
- https://medium.com/aztec-protocol/aztec-zkrollup-layer-2-privacy-1978e90ee3b6
- https://zk.money/
- https://aztec-protocol.gitbook.io/zk-money/faq/frequently-asked-questions
- https://medium.com/aztec-protocol/private-defi-with-the-aztec-connect-bridge-76c3da76d982
- https://medium.com/aztec-protocol/fully-confidential-ethereum-transactions-aztec-networks-privacy-architecture-274f968b13d4
- https://twitter.com/aztecnetwork/status/1469121178228994051?s=20&t=kkKXP6uDiZ-vM5QFP9xQzg
- https://developers.aztec.network/
- https://l2beat.com/projects/aztec/