The AZTEC protocol enables users to transact confidentially on the Ethereum Network, notably extending Ethereum’s functionality. This report summarizes key AZTEC project details so to better enable readers to understand its impacts for Ethereum.
The ‘Anonymous Zero-Knowledge Transactions with Efficient Communications’— or ‘AZTEC’ —protocol enables users to transact confidentially on the Ethereum Network. When transactions are processed on Ethereum, anyone can see the sender’s and recipient’s public Ethereum address and the amount being sent. In AZTEC’s view, Ethereum’s lack of transactional privacy is a barrier to the blockchain’s ability to support ‘programmable money’ (smart contracts) suitable for finance applications, because mainstream finance requires privacy in financial transactions as a prerequisite. AZTEC’s success would mean that any generic asset (DAI, BAT, REP, etc) issued on a public blockchain could be transacted confidentially and developers could build AZTEC integrating dApps more suitable for mainstream financial use.
Transactions using AZTEC are confidential by default: the protocol encrypts the transaction’s inputs and outputs through a series of zero-knowledge proofs and homomorphic encryption, but the transaction’s parties (i.e. addresses) remain public. However, the protocol is compatible with stealth addresses and trusted third party relays (which obscure user address and gas payment information, respectively). With them, Aztec offers a significant degree of privacy for a class of assets that are otherwise not private.
AZTEC requires a common trusted setup, similar to that used by Zcash, a decision intended to reduce the cost of double-spend combating range proofs and to enable interoperability between dApps that interact with zero-knowledge proofs. A single smart contract, ‘ACE’ (AZTEC Cryptography Engine), manages all AZTEC assets: ACE delegates proofs validation to specific validation contracts and, when proofs are successfully validated, processes state update instruction inside note registries. Note registries are similar to the balance registries used by public blockchains, except some information, such as how much value is held by a note, is unavailable to observers, while other information is made public, such as note ownership. The AZTEC team claims to have developed a method for performing the trusted setup via multiparty computation, which is intended to obviate user dependence on the internal team. (Details are forthcoming.)
Figure 1. AZTEC Architecture
AZTEC uses a UTXO model similar to Bitcoin’s. AZTEC uses ‘notes’ instead of balances, with notes encrypting a number representing a value (i.e. a number of ERC-20 tokens). Notes have owners, with ownership defined by an Ethereum address, and the owner must provide a valid ECSDA signature for the note to be spent: the protocol’s smart contract validator, AZTEC.sol, validates a unique zero-knowledge proof that determines the legitimacy of a transaction. A Note Registry manages a note’s state: registries can contain multiple notes, and each generic digital asset (ERC-20 standard) that utilizes the AZTEC protocol will have its own unique note registry. Notably, the AZTEC protocol can enable existing assets, such as DAI that has already been deployed, to be converted into notes, as well as allows users to issue notes worth nothing at all—this can better enable privacy.
The total computational cost of an AZTEC-enabled confidential join-split transaction was measured at ~840,000 gas (~$3.65 or 0.0168ETH at 20 gwei, ~$0.182 or 0.0008ETH at 1 gwei), as of December 2018. AZTEC estimates that Ethereum’s planned Elliptic Curve Improvements will reduce those costs to 200,000-300,000 gas. (~$0.087 or 0.004ETH at 20 gwei, ~$0.043 or 0.0002ETH at 1 gwei). Besides split-join functionality, AZTEC provides dApp developers tools for performing bilateral swaps, dividend proofs, AZTEC note minting, AZTEC note burning, and private/public range proofs.
The Aztec Protocol is designed by a highly technical team. Zac Williamson (CTO), the creator of the AZTEC protocol, holds a Ph.D. in particle physics from Oxford, and is a former physicist at CERN and T2K Japan. Oana Ciobotaru, the project’s lead cryptographer, has a Ph.D in computer science from the Max Plank Institute for Informatics, and previously was part of ConsenSys’ PegaSys team. Thomas Pocock (CEO) worked at Park Square Capital, a European Debt fund, and holds a masters in mathematics. AZTEC raised $2.1 million in a seed funding round conducted by ConsenSys Labs; the project did not conduct a token sale.