📰News

This week, the Aztec Protocol went live on the Ethereum mainnet. Aztec is a smart contract toolkit for building privacy centric assets on top of the Ethereum Virtual Machine. In this edition of Build Blockchain, we'll dive into how Aztec works, what it enables, and what it might mean for privacy in the ecosystem. Link.

Efficiency First Architecture

Aztec takes advantage of the expressive, stateful nature of Ethereum as a smart contracting platform to build privacy centric tokens on top of the network. It's fair to think of Aztec assets as private ERC-20 tokens. Aztec uses a much more complex architecture to achieve this confidentiality, starting with the use of zero knowledge proofs. Link.

To ensure the integrity of the system, those zero knowledge proofs need to be validated on chain, by the smart contract. As you probably know, executing smart contract code expends "gas," which must be paid for in the form of fees included with the transaction. ZK-proofs, even after vast improvements in recent years, are still quite intensive to validate from a computational perspective.

A large part of Aztec's complexity comes from architecting the system to minimize gas fees. One example of this: Aztec "notes" use a UTXO model, similar to Bitcoin, to track ownership in their contracts. This is done because validating unspent transaction commitments is more efficient than maintaining an account based system. Link.

Another example of how gas considerations impact Aztec's architecture comes in the choice of zero knowledge proof chosen. Zero knowledge schemes now exist which don't require a "trusted setup" to generate the parameters used for proofs. Unfortunately, these newer proofs are still an order of magnitude more expensive to verify than those that utilize the trusted setup.

To generate proof parameters in a trust minimized way, the Aztec team had to organize an elaborate "ignition ceremony," in which hundreds of participants contributed. Other networks, like Zcash, have pioneered the usage of such ceremonies for trusted setups. As long as even a single participant was honest, and destroyed their part of the secret key, the system cannot be compromised. Link.

zkDai And Beyond

In the current version of Aztec, zero knowledge proofs enable you to transfer funds between accounts without revealing the amount transferred in each instance. The addresses involved in the transaction are still visible, though the Aztec team claims future versions will shield even these details. Users of the system have to generate a set of encryption keys, separate from their normal Ethereum keys, which are then associated with the account in the smart contracts so they can be used to generate zk-proofs.



The most obvious use case for such technology is wrapped versions of existing assets, and in fact, the very first token implemented by the Aztec team is called "zkDai." To get zkDai, you send regular transparent Dai to a smart contract that mints an equivalent amount of zkDai. The zkDai can now be sent confidentially to anyone, and redeemed for Dai again at any time. To demonstrate the newly launched system on mainnnet, the Aztec team minted the first 10,000 zkDai themselves. Link.



As a decentralized, dollar pegged stablecoin, Dai is a great token to use for payments, and thus an obvious first candidate for a confidential wrapped asset. The Aztec team has already announced their intention to create zk-versions of Ether and wrapped Bitcoin. I expect, in time, we'll see confidential versions of just about every widely used ERC-20 token as well.

The Bull Case For Privacy

A few weeks ago, I wrote about the state of privacy tech available in crypto. In that issue, I closed on a pessimistic note, writing:

I guess part of my exasperation about privacy stems from the fact that I don’t see it primarily as a problem for technology to solve. In fact, I believe the technologies for strong privacy do and will exist. I’m just not convinced people will care enough to adopt them.

If we apply that framework to Aztec, it would seem we're stuck in the same place. As impressive as the technology seems to be, there is additional friction that comes with using it. This isn't a knock on Aztec, it's just a reality: better privacy will always come with some additional cost and work. Fully transparent systems will always be easier and cheaper. Unfortunately, there's a lot of evidence— both from early crypto adoption and from traditional applications like social media— that normal users don't care enough to pay for privacy.

In that previous issue, I couldn't muster the effort to make an optimistic (but still realistic) case for the adoption of privacy tech. Let me give it another shot now.

Yes, it's true: most normal users won't bother to use privacy enhancing solutions that require a little extra work or cost. But businesses might. For them, there's too much riding on the transactions they carry out. Full financial transparency would risk leaking business critical information, like supplier contracts or pre-announced partnerships, that could be leveraged against them by competitors. If real businesses start using these networks to conduct commerce, they'll demand privacy, and they'll have the funds and incentives to pay for it.

If you buy that argument, then it actually bodes pretty well for smart contract networks like Ethereum. They're transparent by default, which keeps costs low for undiscerning everyday users who mostly don't want to pay for privacy, but they're also expressive enough at the base layer to support protocols like Aztec, which can provide the privacy which businesses demand and don't mind ponying up for.

As the odd weirdo who genuinely cares about privacy for reasons of principle, this doesn't feel like an ideal outcome. I'd rather see all users demand privacy by default from these networks. Still, I'll take what I can get.