Scalable Privacy Layer for Ethereum

The blockchain is transparent by default, therefore, it lacks privacy properties.

When a transaction occurs on the blockchain, the wallet balances, tokens, NFTs and interactions with other addresses, contracts, and the specific amounts they have ever transacted for the addresses it involves are public and can be seen by anyone, although Public addresses are pseudo-anonymous, but they can be linked to the identity of their owners with some degree of probabilistic certainty. It is hard to imagine this level of complete transparency being sustained on a large scale if blockchain adoption is to maintain its current trajectory and continue to grow rapidly.

But at the same time, full privacy properties are themselves limited by regulatory and compliance issues, which is why privacy layers will play an important role in the realm of infrastructure privacy, and Aztec is a growing company in this direction. protocol.

Aztec Network

The image below shows the context of smart contract interactions on Ethereum. Every transaction executed by the smart contract and the exact value of those transactions can be seen on the block explorer.

Scalable Privacy Layer for Ethereum

The Aztec network introduces a privacy layer for this. The Aztec network was founded by Zac Williamson, Joe Andrews and Thomas Pocock. It is a ZK-rollup (zero-knowledge proof rollup) on Ethereum. Aztec adopts a privacy-preserving architecture to provide users with privacy-preserving transactions through zero-knowledge proofs. and decentralized applications provide privacy protection.

Privacy Architecture

Aztec enables access to privacy through a zero-knowledge proof system called PLONK .

PLONK refers to the permutation and combination of Lagrangian bases for general non-interactive arguments of knowledge.



PLONK, which essentially ranks a set of polynomials according to the lowest degree of correlation between these polynomials, uses a more general and updatable trusted setup that can be used simultaneously for a The above encryption procedure, and allows more participants to join in.

Here’s a more in-depth guide by Vitalik on PLONK that explains its benefits and technical aspects of how it works can be read here.

Transactions in Aztec are private because the value of these transactions is encrypted using PLONK. This encrypted value is named “Aztec note”, or for simplicity we will refer to it as “note” in the following articles. A note consists of a set of elliptic curve commitments and three variables; a message , a viewing key, and a spending key .

  • Elliptic Curve Commitment is essentially a cryptographic algorithm that allows validators to commit to a specific value without revealing or changing that value after committing.
  • Information refers to Aztec’s note, the transaction value encrypted by Aztec.
  • A view key can decrypt a note. Someone with the viewing key is able to view and read the decrypted value of the note, and has the ability to create a joint-split zero-knowledge proof , which is a zero-knowledge proof that validates a joint-split transaction .
  • Whoever has the spending key can sign the zero-knowledge proof of the joint-split.

The joint-split transaction essentially destroys the note, and then creates notes of different values. The value of these notes adds up to the value of the original note, and the joint-split zero-knowledge proof can verify that there has been no double spending, without revealing these The value of a single note.

An easy way to understand the joint-split transaction is to think of it as a formula:

( A + B ) = ( C + D )

joint-split transaction

joint-split transaction

If note A is 50 and note B is 50, then (A + B) is 100. In a joint-split transaction, notes A and B are destroyed and new notes C and D are created. There is no limit as long as the permutations and combinations of the new notes created add up to the original (A + B), which is 100.

All notes that have ever been created and destroyed are kept in two separate Merkle trees: a note tree and a nullifier tree .

A Merkle tree is a data structure that can help prove the integrity of a dataset, and it greatly reduces the required memory requirements through a one-way hash function that merges layers of data into a single Merkle root, enabling verification All data contained in the associated Merkle tree.

The note tree contains all notes that were ever created, and the invalid tree contains all notes that were ever destroyed.

“Destroy” itself is an overstated word, because “destroying” a note simply means adding a corresponding invalid note to the invalidation tree. And verifying your ownership of a note means checking that this particular note exists in the note tree and doesn’t have a corresponding invalid value in the invalid tree.

Merkle tree

Merkle tree

When a group of notes undergo a joint-split transaction, invalid values ​​for those old notes are added to the invalidation tree, while newly created notes are recorded in the note tree, and the invalidation tree is cross-checked to ensure that these new notes do not have corresponding Null value.

Let’s review it with a working example. Imagine that Nancy currently has two $50 notes and wants to send Paul $20. Nancy will create a note (or notes) that adds up to $20 to Paul, and creates one (or more) notes that add up to $80 for herself. Nancy will then create a zero-knowledge proof to verify that ownership of a set of notes that sums up to $20 belongs to Paul, and that ownership of another set of notes that add up to $80 belongs to her. The smart contract will then verify this zero-knowledge proof, and once verified, will “destroy” or add the invalid value of Nancy’s two sets of old $50 notes to the registry’s invalidation tree, and create or add all new note sets (including her and Paul’s) into the note tree.


Aztec’s proof system has been upgraded and is now called UltraPlonk, which is an elevated PLONK with a Plookup gate. With this upgrade, Aztec’s scaling infrastructure works like this:

  • A proof is generated on the client side of the browser
  • The proofs of the 28 clients are aggregated into an inner rollup proof
  • 32 inner rollup proofs are then aggregated into an outer (outer) rollup proof
  • The outer rollup is then verified as the root rollup circuit , another larger circuit whose purpose is to establish the validity of the underlying mechanisms that ensure execution
  • The root rollup loop is then published on Ethereum’s mainnet

External rollup proof

External rollup proof

The illustration above is an upgraded external rollup proof consisting of 28 client proofs processed by 32 internal rollups. Before the latest upgrade, an external rollup consisted of only 4 internal rollups.

Before the upgrade, it was 28 customer proofs multiplied by 4 internal rollups, which equates to 112 TPRs (transactions per rollup). After the upgrade, it is now 28 customer proofs multiplied by 32 internal rollups, which results in 896 TPRs.

Not only did the TPR increase 8x after the upgrade, but the cost of publishing proofs on the Ethereum mainnet also dropped to 550,000 gas, which is equivalent to a 30% reduction compared to before the upgrade (source: Aztec documentation‌)

With these improvements, below is the rollup cost per user per transaction before and after the upgrade.

Source: Aztec

Source: Aztec

However, in their recent community AMA, the team clarified that the throughput of the protocol is currently hovering around 200 TPR in practice. While still a 2x upgrade over the previous system, it’s still far from the so-called 896 TPR. The reason for this is that the Ethereum mainnet cannot handle the full capacity of Aztec’s root rullup loop. The team did clarify that this will be addressed in the next upgrade of their proof system, which is also said to reduce the cost of publishing proofs on the Ethereum mainnet by about 67% to a gas fee of 180,000.


When users bridge from the mainnet (Ethereum) to the second layer network (Arbitrum, Optimism, etc.), they can only interact with protocols that are already deployed on their execution environment.

That is: by bridging to Arbitrum, users can only interact with protocols that are already deployed on Arbitrum. Providing a bridge to Optimism, users can only interact with protocols deployed on Optimism, and so on, as are other Layer 2 networks.

Scalable Privacy Layer for Ethereum

This creates two problems: composability and Fractured Liquidity:

  • Composability – If a rollup user plans to execute transactions for multiple protocols, and only one of those protocols is not deployed on the rollup, it cannot do so. For example, if an Arbitrum user wants to trade on 1 inch, lend on AAVE, and mine on Yearn, but AAVE is not deployed on Arbitrum, then the user cannot do what they originally wanted to do on Ethereum mainnet thing.
  • Fragmented liquidity – Assuming rollup adoption continues to increase, so will the liquidity that decentralizes from the Ethereum mainnet to these rollups, and as more rollups roll out their own incentive structures, the already decentralised liquidity will be distributed across rollups become more dispersed

Finally, the transaction remains completely transparent.

Aztec Connect intends to solve these problems, it is a composable privacy bridge that connects Aztec’s rollup with DeFi protocols on Ethereum, it enables users within Aztec to directly interact with protocols on the Ethereum mainnet, and has more High levels of privacy without requiring these protocols to be deployed on new environments.

Aztec: How does Connect work?

Aztec: How does Connect work?

All transactions within Aztec are private and parties outside Aztec cannot view internal activities. When Aztec users want to transact with the protocol, their transactions will go through Aztec Connect and merged with other Aztec users’ transactions, using a batching mechanism that facilitates anonymity setup and cheaper fees per transaction. Once the intra-batch threshold is reached, Aztec Connect executes all individual transactions against the protocol on the Ethereum mainnet as one large batch transaction.

Batch transactions using Aztec Connect.  Source: Etherscan

Batch transactions using Aztec Connect. Source: Etherscan

This solves the composability issue, as Aztec users will have access to all protocols, from swapping, lending, borrowing, DeFi mining, to governance voting, just like on the Ethereum mainnet. Since the protocol does not have to be deployed on another execution environment, fractured liquidity becomes less important. As for privacy issues, Aztec Connect acts as a proxy where users can interact with layer-1 protocols with complete anonymity.

In mainnet and other rollups, transactions on the block explorer look like this: [from: 0 xUser, to: L1/L2 SmartContract].

Transactions on Arbitrum.  Source: Arbiscan

Transactions on Arbitrum. Source: Arbiscan

Using Aztec Connect, the transaction on the block explorer looks like this: [from: Aztec Connect, to: L1 SmartContract].

Transactions on mainnet using Aztec Connect.  Source: Etherscan

Transactions on mainnet using Aztec Connect. Source: Etherscan

Imagine Aztec like a walled city. All an outside observer can see is that users enter and exit the Aztec through the bridge. Within the city walls, users can exchange assets through transactions in complete privacy. Neither the network nor its participants can see the senders and recipients of transactions, nor their amounts. Additionally, once in the system, users can batch transactions and transmit back to the mainnet – they can exchange, earn yields, lend funds, vote in DAOs, or buy NFTs.
Source: Aztec Documentation is an application built on top of Aztec, which is both a shield protocol and a portal to connect users to Aztec from the Ethereum mainnet.

Users who want to interact with DeFi protocols within Aztec or with Aztec Connect need to register and deposit via Users need to make a unique “pseudonym” (it’s 20 characters, limited only by lowercase alphanumerics) when registering as an internal username on top of your public key, making it easier when users want to send assets to each other input and read. Note that this pseudonym is only used internally by Aztec, it is not ENS. Users need to deposit at least 0.01 ETH + gas fee after registering a pseudonym.

ETH deposited to will be converted into zkETH .

While initial registration deposits currently only support ETH, Aztec and support both ETH and DAI. The latter becomes zkDAI when deposited into Aztec .

The protocol used to support renBTC, although in their most recent community AMA, the team noted that they no longer support these tokens due to the low demand for using renBTC compared to ETH or DAI. Therefore, they decided to drop support for renBTC to reduce any set of variables that could limit and compromise the privacy of their transactions.

As long as users trade with addresses registered with within the scope of Aztec’s rollup, they will trade with zkETH and zkDAI.

When zkETH or zkDAI is sent to an address not registered at, the unregistered recipient will receive plain ETH or plain DAI on the Ethereum mainnet.

How works

How works

In the example above, 0x123 sends zkETH to 0x456, who will receive zkETH because they are registered on

However, if 0x123 sends zkETH to 0xABC, the latter will receive normal ETH on the Ethereum mainnet since they are not registered on

Despite how 0x123 sent ETH to 0xABC, there is no evidence on the block explorer that any direct interaction took place between the two addresses, other than the two interacting with the Aztec Connect smart contract at some point in time.

You can read this in-depth guide on how to set up .

Currently, DeFi protocols Element Finance and Lido work with Aztec:Connect, the former using zkDAI and the latter using zkETH via Curve. Aztec support for protocols like AAVE, Compound, and Liquity is coming soon, and in their most recent community AMA, the Aztec team confirmed that supporting Aztec Connect’s decentralized exchange is one of their top priorities right now.

concluding remarks

At present, the privacy attribute of blockchain has not attracted everyone’s attention. Most people won’t care until it’s too late, or until they themselves experience the effects of a lack of privacy.

Scalable Privacy Layer for Ethereum

Scalability doesn’t matter until it suddenly does.
Decentralization doesn’t matter until it suddenly does.
Privacy didn’t matter until it suddenly did.

With the use of UltraPlonk’s scalability, Ethereum as a decentralized solution layer, a composable privacy bridge, as more and more protocols are integrated, and the architectural emphasis on infrastructure privacy, makes the fracture Liquidity is no longer an issue, and Aztec is well on its way to being a scalable, optional privacy layer for Ethereum.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-11 22:40
Next 2022-08-11 22:41

Related articles