Blog

Zero knowledge of Aztec

A look into our of our recent ZK research projects: the Aztec network. What we learned and why we failed.

It doesn't always work like magic. This is the tale of one of our failures.

Here at Equilibrium we are researching various Zero Knowledge languages and ecosystems. One of the most recent ones was the Aztec network. Sometimes things just don't go as you thought and you just have to abandon the plan.

But let's start with some background information on Aztec.

What is Aztec

Aztec is a layer 2 ZK-rollup network for Ethereum, focused on privacy. It enables fully private ZK transactions either inside the network itself (through a product called zk.money) or to various L1 DeFi solutions (through a product called Aztec Connect).

Sending assets to the zk.money L2 network is public since the transaction originates from Ethereum L1. But once the assets are in the L2, anything that happens to them is private. You can transfer them between other zk.money users or use special Aztec Connect L1 bridges to interact with L1 Decentralized Finance (DeFi) solutions - without anyone knowing who interacted and how much. Your assets become public only once they're withdrawn back to L1.

What's especially cool about the ecosystem, in my opinion, is Aztec Connect. Unlike most L2s which build their own DeFi, Aztec Connect allows users to use the already existing L1 DeFi privately. No need to redeploy all of the DeFi products to the L2 and no liquidity fragmentation!

The whole Aztec ecosystem is still very much a work in progress. They have a lot of plans and I'm very excited to see what will happen within the next year.

Noir DSL

But that's not all they have. Aztec has one more ace up their sleeve: Noir.

Noir is a new Domain Specific Language (DSL) for creating ZK-provable circuits, or programs. Noir is created by the same team as Aztec, but currently it's an independent language. Being independent means it can't be integrated with stuff like zk.money or Aztec Connect.

So, umm, why bother creating a new ZK DSL? There are plenty of those around already, such as Circom and Zokrates. Well, it turns out Noir won't stay independent for long - at some point in the future we will see Noir contracts. So, state management and contract interoperability like in a real smart contract network. All while keeping your data private. Not bad!

Our general plan

The best way to learn a new ecosystem is to (try to) use it. So that's what we did!

Aztec offers grants for exploring the ecosystem and we wanted to create something that would be eligible for a grant. We came up with a small Proof of Concept ZK browser program called Memory game. It's a simple memory card game where ZK proofs are used to keep the actual solution private, but also to verify the user's partial solution.

So what are we trying to prove

The overall idea with utilizing ZK proofs was that we could keep our partial solution (created by the user by playing the game) and the full solution private. The partial solution would be known to the user while the full solution would only be known to the system.

So whenever the user claims that he has found more information of the full solution (a new pair found), he would generate a proof of his new partial solution. This proof is then submitted to a Solidity smart contract (generated by Aztec libraries) which verifies the proof against our existing Noir circuit. The only data moving is proofs and therefore no data is leaked.

The used Solidity smart contract is deployed in any EVM network. It can be generated by Aztec's tooling based on your custom Noir circuit.

Since we had a solid plan, we already started implementing it. Ang got quite far.

And then we failed

We had a great plan. Create something simple, learn while doing it, fund the work with an Aztec grant and possibly continue to build something real after that. Unfortunately, there was a small glitch in the plan: there is no entity in Aztec which could keep the puzzle solution private. We just didn't understand this before we started the project.

One can create a Noir ZK circuit for proving that a partial solution is correct, but as input we need to provide both the user input and the full solution. No matter how private those are inside the circuit, since it's us who input the data we already have to know the full solution! So if the browser game wanted to verify user's partial solution with our custom Noir circuit, the game had to also supply the full solution as input for the circuit.

So what we tried to accomplish is simply not possible. At least not before Noir contracts become reality.

The project is now documented and abandoned. You can have a look at its GitHub repo if you're interested in it.

Failure isn't wasted

So did the project fail? Technically, yes. But in many other sense, no. We made some interesting new connections, we got to play around with a shiny and cool new ecosystem (Aztec) and most importantly we learned a lot. And we got to tell an interesting tale!

About the author

Lauri Peltonen is a developer at Equilibrium, doing mostly EVM and ZK work.