Q : How do you prove you can drive?
A : Show your driver's license.
Here are the basic properties of Zero-Knowledge Proofs (‘ZK’).
2/Privacy. You only need to show your driver's license, no more information is revealed.
3/ Efficiency. Just show your license, no need to spend time showing your skills.
Remember this, let's continue.
When you look at the projects , do you have this feeling: one moment is Rollup, one moment is ZK Rollup, one moment is Aribitrum, StarkWare, very messy.
So, I drew the following chart.
Not a rigorous classification, just to help build intuitive understanding.
Rollup is the process of "rolling" a tons of transactions together and completing them in its own network.
Just like the main road and the secondary road, Rollup is the secondary road, relieving the main road of Ethereum.
Then, every once in a while, the account is reconciled with the main Ethereum network to ensure that the account balance is unified and secure. This greatly reduces the burden on the main Ethereum network.
As an example, users on Aribitrum use Gmx to trade derivatives like crazy, opening and closing positions millions of times a day. All these operations are "rolled up" by Aribitrum and processed without causing any congestion on the Ethereum mainnet.
But the Ethereum mainnet will know how much money you transfer into Aribitrum and how much money was withdrawed left after a period of time.
Optimistic and ZK, are the reconciliation methods.
Rollup is the way transactions are processed.
Both of them are "Rollup", so they process transactions in the same way, just "rollup". The difference is that the reconciliation method is.
So, Optimistic Rollup assumes that the transaction information is true. By eliminating the need for transaction validation, Optimistic Rollup also increases the efficiency of transaction processing.
This is the reason why Aribitrum and Optimism are fast enough.
What if someone provides false transaction information? If you've used Aribitrum or Optimism, you've noticed that when crossing tokens back to other networks, it takes a few days. This is the "waiting period".
During the "waiting period", any nodes can submit and prove that a transaction is fraudulent, and if the challenge is successful, the other node's deposit will be forfeited.
Remember the basic principle of ZK?
ZK Rollup generates a zero-knowledge proof, after the transaction has been executed.
The contract responsible for verification, only need to verify this proof (see driver's license information), no specific verification details (do not need to spend time showing off car skills).
This is the reason why ZK Rollup is also faster, but not as fast as Optimistic Rollup - it takes time to produce the proof.
Since the proof file is small and the verification time is certain, the proof itself does not get larger as the number of transactions increases.
In practice, ZK Rollup protocols such as StarkNet are slow to confirm transactions because the network needs to generate zero-knowledge proofs, i.e., a "driver's license" on the spot. Of course, this problem will be solved later.
Let's review the basic principles of ZK.
We have mentioned the role of ZK in proof and efficiency, but only privacy is not yet available.
Aztec, on the other hand, mainly uses the privacy property of ZK to complete privacy transactions.
(In this field, there are two other projects, Manta Network & Aelo.)
Aztec is an Ethereum privacy Layer2 built with ZK-Rollup that enables anonymous transactions between accounts.
Aztec creates an easy way to generate zero-knowledge proofs, PLONK, and then uses the Bitcoin UTXO model to enable privacy transactions.
Since the UTXO model does not allow Aztec to deploy complex smart contracts, it uses Aztec Connect, a form of contract deployment on the Ethereum mainnet that allows users to participate in DeFi, which is equivalent to "mapping".
Next, the details are explained below.
PLONK's role is to generate zero-knowledge proofs, which is also known as "making a driver's license". In other words, PLONK is a type of zero-knowledge proof technology.
With PLONK, when traders transfer money back and forth, nodes and other people can only get a "driver's license" and know that the information on the "license" is definitely true, but they will not know exactly what the transaction is.
Why do we need PLONK?
Although the technology of proof of zero knowledge is relatively mature, Ethereum was not considered compatible with proof of zero knowledge when it was created.
As a result, it takes a long time to generate a zero-knowledge proof directly with the Ethereum, so developers have to choose other options, and PLONK is one of those "options".
PLONK actually provides a unified zero-knowledge proof "template" for Aztec network nodes to improve network efficiency.
In addition, Aztec has modularized PLONK. If a node does not want to use PLONK and wants to use other ways to generate zero-knowledge proofs, such as FRI, it is also possible.
After using PLONK to generate zero-knowledge proofs, how do you pass the "proofs" back and forth between nodes and accounts?
Yes, with UTXO.
UTXO is a bitcoin transfer method that differs from account systems like Ethereum in that
The difference between an account system like Ethereum is well understood: you and I both have wallets. You pay me, take the money out of your pocket, and give it to me.
UTXO is that we all don't have wallets. Instead, we record on the money, the transfer history of this money. The last recipient on the money is me, so I own the money.
So, the account is "we own the money" and UTXO is "my name is on the money".
What Aztec does is to take the trader's name and erase it from the money.
In order to prevent traders from colluding with each other, a zero-knowledge certificate is generated before the transaction, proving their original transaction, and the new certificate is posted under the new money.
The results of the transfer are recorded in two separate books (Merkle Trees), one for the Note Tree and the other for the Nullifier Tree.
This "proof" exists in the Note Tree, but not in the Nullifier Tree. This means that the balance is valid.
UTXO does not lend itself to complex smart contract deployments, and Connect is designed to solve this problem.
Aztec officially deploys the smart contract Aztec Bridge Contract on the Ethereum mainnet. when a user uses the DeFi protocol on Aztec, the contract aggregates funds and interacts with the DeFI protocol on the Ethereum mainnet, and then returns the funds to the user after the transaction is complete.
When an existing dApp wants to deploy on Aztec, it needs to connect to the Connect SDK.
Currently, Element, Lido, and Compound plan to deploy on Aztec.
Money is Aztec's Tornado-like coin mixing application. It is currently in the phase of replacing the old version with the new one. Single function.
zk.Money plans to support Aztec Connect for privacy DeFi applications.
Seed round - November 2018, Consensys led a $2.1 million funding round.
Series A - December 2021, Paradigm led a $17M funding round with IOSG Ventures, Variant Fund, Nascent, imToken, Scalar Capital, Defi Alliance, ZK Validator, and angel investors Anthony Sassano, Stani KulecFhov, Bankless, Defi Dad, Mariano Conti, and Vitalik Buterin.
Not yet announced
Privacy is absolutely in demand for Web3.
About the market size, take TornadoCash as an example, as shown in the figure below.
(1) TornadoCash was launched in December 2019. In 32 months of operation, a total of 3,497,000 ETH were deposited, valued at approximately $7.64 billion in USD, generating Gas fees of over $18.49 million. There were 12,243 unique pledged users and 59,543 unique coin withdrawal users.
Keep in mind that TornadoCash only offers hidden transaction information, a service. If, in the future, there is a privacy public chain launched on which more privacy-related applications can be launched, the market imagination will be even bigger.
(2) Explosive growth around mid-December 2020. Mainly related to the launch of TORN.
(3) Most of the withdrawals from Tornado are above 1 ETH, and on average, about 20% of the withdrawals are above 100 ETH per month. there is more demand for big money.
(4) Recently, Tornado was sanctioned, especially the front-end webpage is inaccessible, which makes a certain gap in the field of coin mixing.
(5) Recently, FTX blocked zk.Money and warned users not to interact with Aztec addresses.
In response, Aztec gave a response that it would limit the amount of user deposits and transfers to stop black money from entering. This will inevitably affect Aztec's growth and thus market capitalization.
(1) At present, Aztec's core competency is based on providing privacy transaction services based on Ethereum Layer2, especially the Connect API to support DeFi transactions. It connects to the most liquid Ether, and also provides privacy transactions.
(2) At present, the development of Aztec is still early, and the privacy transaction product zk.Money is in the conversion between v1 and v2, and only supports deposit and ordinary transfer. It is difficult to say that Aztec has created a barrier.
Although, the total amount of pledged ETH on Aztec reached 16,068 pieces and 40,433 unique users, the pledged data of 0.31 ETH per address on average shows a large gap with the TornadoCash situation.
It can be judged accordingly that people have high expectations for Aztec's coin offering and transferring small amounts of ETH to it in expectation of getting airdrops.
(3) As shown in the figure, Aztec's direct competitors in zero-knowledge proof-based privacy transactions are Manta and Aelo, and we will analyze these two projects in detail later.
Currently, the whole zero-knowledge proof privacy and Layer2 scaling track is early.
(1) Based on UTXO, the protocol itself is weakly exploitable, and can only interact with existing DeFi protocols through Connect. Although Aztec has announced that it will launch a smart contract service, it is still in the stand-up phase.
From this perspective, Aztec's own development will be limited by the development of existing protocols, and there will be a ceiling on market capitalization. The market value of circulation will also be affected by the DeFi market.
(2) Connect, despite packaging multiple transaction requests, still requires a high amount of Gas to be paid for smart contracts at the Ethernet end of the platform, and the cost of interaction with Aztec is doubtful.
(3) The project development progress is slow.
(1) Aztec needs to cooperate more with existing DeFi projects and let more existing projects access Connect API.
(2) Aztec's market cap may be determined by the coin mix + Connect.
Ariel Gabizon, Chief Scientist, PhD in Computer Science at the Weizmann Institute, research at Columbia University and the Technion-Israel Institute of Technology, former researcher and engineer at Zcash and Protocol Lab. creator of AuroraLight and PLONK.
Zac Williamson, CEO of Crypto Team, PhD in particle physics at Oxford University. Former physicist at CERN and T2K in Japan. creator of the AZTEC protocol and co-inventor of PLONK.
Joe Andrews, CEO of the development team, BSc in Materials Science Engineering, Imperial College London, formerly CTO of Radish, a Silicon Valley food tech startup.
Charlie Lye, CTO, B.S. Computer Science from Heriot-Watt University. 20 years of experience. Previously Lead Engineer at Triptease, C++ Engineer at Bloomberg, C++ Engineer at BetFair.
(1) For Aztec, need to look at DeFi project access to Connect API.
(2) The regulatory situation and the attitude of other project entities towards Aztec, such as FTX.