1 Introduction
Aztec is a privacy-first Ethereum zkRollup: that is, it is an L2 with full privacy protection.
In order to understand the paradigm-changing nature of private transactions, and why it is important to build privacy directly into the network architecture, one must first discuss why Ethereum is not private.
2. Ethereum: public chain
Ethereum has a public ledger containing accounts and balances.
The most primitive transaction on Ethereum is sending Ether from one account to another account. The way the network tracks this is by increasing the balance in one account and decreasing it in another - in other words, the ETH doesn't really "move" in any sense.
Ethereum uses an accounting ledger to represent simple ETH transfers.
Cracking the public transaction graph is big business: Companies like Chainalysis and Nansen run sophisticated forensic analysis, linking various wallets, monitoring activity and making probabilistic assumptions about who owns what.
Imagine if you showed your bank statement to everyone in the world every time you swiped your credit card to buy a croissant. That would be silly, right?
This is where Ethereum stands today.
3. Encrypt account
With encrypted accounts and encrypted transactions, the ledger will look like this:
Ethereum's default account model is:
- A certain account owns a certain balance.
Aztec is expressed as:
- A certain amount of money (note) has a certain owner.
Aztec adopts the same UTXO (Unspent Transaction Output) model as Bitcoin. UTXO can be thought of as cash (bank notes).
Why is cash inherently safer and more private — or more precisely, more secure and private than account-based systems? the reason is:
- Only the two parties to the cash transaction know that ownership has changed. And everyone else in the entire universe doesn't know.
Cash transactions can be thought of as:
- The ownership of an object (i.e. note) changes
Think of account transactions as:
- Changes to the status of 2 accounts.
When processing an Aztec transaction, instead of updating the account balance (increasing and decrementing the balance), the Aztec network simply reassigns ownership of a specific note.
The reason is that encrypting notes is a simpler solution, and only needs to write 2 things to it:
- How much is this note worth?
- Who owns this note?
When changing hands, just cross out the old owner's name and write in the new owner's name.
In order to avoid the creation of air coins and to maintain token conservation, Aztec transactions are join-split transactions, which need to satisfy:
A + B = C + D A+B=C+DA+B=C+D
can use ZKP technology to prove thatA + B = C + D A+B=C+DA+B=C+D , without disclosing the values of each participant before and after the transaction.
At the same time, in order to ensure that the tokens owned by the user are spent, it is necessary to prove ownership - with the help of the Merkle tree.
There are two types of merkle trees in the Aztec system:
- note tree: Contains all created notes.
- Nullifier tree: Contains all destroyed notes.
In Aztec, having a note means that the note exists in the note tree, but there is no corresponding note-nullifier in the nullifier tree.
Destroying a note means adding a nullifier to the nullifier tree instead of deleting the note from the note tree.
In order to send notes that have proven themselves, a whole new Merkle tree (and Merkle root) is created. Once the Merkle roots of both the annotation and invalidation trees have been moved to new values—in other words, the state of the system has been updated—these roots are published (settled) on the Ethereum main chain and the transaction is considered Recorded.
The challenges of constructing fully confidential Ethereum transactions are:
- It is necessary to verify that the transaction is legal and executed correctly without violating or exposing user data.
References
[1] Aztec 2021年博客 Fully Confidential Ethereum Transactions: Aztec Network’s Privacy Architecture
Aztec Series Blog
- Aztec Hybrid Rollup: Hybrid zkRollup, not zkEVM
- Proof Compression
- Aztec Connect is about to be launched on the mainnet
- Aztec connect bridge code analysis
- Aztec solicits decentralized proposals for Rollup Sequencer
- Aztec's Privacy Abstraction: Implementing smart contract privacy while respecting EVM contract development habits