Designing Private Smart Contracts
with Aztec
1
What is Ethereum?
2
A public blockchain
3
A state machine
A public blockchain
4
5
6
Ethereum (L1)
erc20
erc721�(NFTs)
Lending/�Borrowing
Trading�(AMMs)
Oracles
Derivatives
Other defi stuff
Experiments
Games
Insurance
Rollup Processors
Bridges to other L1s
Legal contracts
Real Estate
Voting
Staking
Etc…
7
Ethereum (L1)
erc20
erc721�(NFTs)
Lending/�Borrowing
Trading�(AMMs)
Oracles
Derivatives
Other defi stuff
Experiments
Games
Insurance
Rollup Processors
Bridges to other L1s
Legal contracts
Real Estate
Voting
Staking
Etc…
🌪️
erc20
8
Ethereum (L1)
erc20
erc721�(NFTs)
Lending/�Borrowing
Trading�(AMMs)
Oracles
Derivatives
Other defi stuff
Experiments
Games
Insurance
Bridges to other L1s
Legal contracts
Real Estate
Voting
Staking
Etc…
Rollup Processor��
Aztec’s L2 (v1)
“ERC20” transfer
Batch lots of transfers, off-chain
9
Aztec’s Rollup
“ERC20” transfer
Rollup Processor��
“ERC20” transfer
“ERC20” transfer
“ERC20” transfer
“ERC20” transfer
“ERC20” transfer
“ERC20” transfer
“ERC20” transfer
Proof
Proof
Proof
1 verification = cheap
Actual zk-SNARKs
Wait, it’s all recursion?
11
Ethereum (L1)
erc20
erc721�(NFTs)
Lending/�Borrowing
Trading�(AMMs)
Oracles
Derivatives
Other defi stuff
Experiments
Games
Insurance
Rollup Processor��
Bridges to other L1s
Legal contracts
Real Estate
Voting
Staking
Etc…
Aztec Connect
ERC20 transfer
Defi�Deposit
Defi Claim
12
Ethereum (L1)
Aztec Connect
“Who did that defi interaction?”
Users retain anonymity
Bridge Contract
5 ETH
5,000 DAI
Or lending, borrowing, staking, DCA’ing, etc.
Swap Contract
L1 inputs still public
L1 states still public.
L1 computations still public
L1 contract still public
Pool of private tokens
13
Ethereum (L1)
erc20
erc721�(NFTs)
Lending/�Borrowing
Trading�(AMMs)
Oracles
Derivatives
Other defi stuff
Experiments
Games
Insurance
Rollup Processor��
Bridges to other L1s
Legal contracts
Real Estate
Voting
Staking
Etc…
Aztec (L2)
erc20
erc721�(NFTs)
Lending/�Borrowing
Trading�(AMMs)
Oracles
Derivatives
Other defi stuff
Experiments
Games
Insurance
Bridges to other L1s
Legal contracts
Real Estate
Voting
Staking
Etc…
Public Functions�& States
Private Functions & Private States which aren’t available on Eth L1 or other L2s
+
14
asset_id: ETH,
value: 10
owner: Alice,
salt: 0x1234,
contract_address: 0x2345,
storage_slot: 42,
value: 10
owner: Alice,
salt: 0x1234,
Generalising Private State
15
Private State change,�within a Private Function
contract_address: 0x2345,
storage_slot: 42,
value: 10
owner: Alice,
salt: 0x1234,
Prove knowledge�of Alice’s secret key
+5
nullifier = h(commitment, Alice_secret_key)
Perform operations on the private state’s value
contract_address: 0x2345,
storage_slot: 42,
value: 15,
owner: Alice,
salt: 0x3456,
Nullifier Tree
Private State Tree
Prove it exists somewhere in the tree
This has to happen on the user’s device!
16
‘Private L2’ functions & state changes
‘Public L2’ functions & state changes
L1 functions & state changes
User device
Rollup Sequencers
Eth Nodes
15
“�Blockchains can make state information global,
ZK-SNARKs can make state information private,
but we don't really have any good way to make state information global and private at the same time.�“
Edit: you can use multi-party computation to implement shared private state. But this requires an honest-majority threshold assumption, and one that's likely unstable in practice because (unlike eg. with 51% attacks) a malicious majority could collude to break the privacy without ever being detected.��- Vitalik
https://vitalik.ca/general/2022/06/15/using_snarks.html
15
How to abstract all of this complexity from devs?
15
16
Rust-based domain specific language (DSL) for creating and verifying zero knowledge proofs.
Easiest way to write zk applications compatible with any proving system.
16
We’re hiring engineers to realize this vision!