Vitalik Buterin Takes Part in the Aztec Ceremony of Zcash and Monero Like Smart Contract Launch

Click here to view original web page at

After a year on testnet, a London based team of coders has finally launched a set of contracts known as Aztec.

The contracts use zero knowledge proofs to create complete privacy in as far as no one can see who transacted with who or how much was moved within the smart contract.

We had a look at it when it was on testnet, with the smart contract described as “basically a database of its own where who owns what and how much is sort of kept in a blackhole that is not accessible to the blockchain.”

Now this has gone live on the 31st of January, with a set of smart contracts bringing Zcash like privacy to ethereum tokens and potentially dapps.

“Aztec relies on zero-knowledge proof validators on-chain, which can be difficult to use on their own,” says Arnaud Schenk, tech lead at Aztec.

Describing one of the smart contracts, he says “ACE abstracts that complexity away, so that developers and asset issuers can easily deploy zkassets and zkdapps.

The ZkAsset talks to ACE, whose job is to validate zk proofs and implement some of the trickier pieces of logic to allow for zkasset transfers, and public<>private asset conversion.

You need to deposit dai through the ZkDai (zkassetdetailed) contract, through a zero knowledge proof.”

Aztec turns dai into what can be described as a smart contract database asset. You send the dai to Aztec, and you get zkdai which gives you a claim to the dai.

You can transfer this zkdai within the smart contract environment, but the blockchain won’t know until you convert it into dai. In the meantime you’re exchanging value in a very private manner.

End users can’t quite play yet with Aztec because an app is not out, but devs can incorporate it through a tutorial of sorts.

“We’re launching an easy User Interface (UI) in the coming weeks, for now our main product is our SDK, aimed at developers,” Schenk says. “The UI will be built on top of this SDK as a demo.”

Once that goes out then presumably this can be as easy as turning private mode on and off where end-users are concerned. For dapps, the matter seems to be a bit more complicated.

3/ The simple solution is to "wrap" CDAI or RDAI. We will be releasing more tokens in the coming weeks including interest bearing tokens. Users will then be able to “wrap” those tokens into their confidential form.

— Joe Andrews (@jaosef) February 6, 2020

“In short, building these systems with private assets is more complex, since most currently rely on collateral being public for liquidation,” says Schenk.

This is all open source, however. So while it might be complicated for defi where devs are concerned, how easy it would be to synergize presumably depends on the nature of the dapp.

The Aztec Ceremony

This uses zero knowledge proofs, a new area of cryptography where through very advanced maths you can prove the right to something without revealing what that something is or the amount.

To do this magic you require a ceremony to create “a large number of points with mathematical relationships to one another (called monomial points).”

The system is secure if just one key is destroyed, or if only one participant behaves as they should, with considerable public testimony of attendants for the Aztec ceremony.

Happy to have participated as AZTEC Ignition trusted setup ceremony participant #1!Ethereum Address: 0xdbbbef6a9db7ae52e73673747ece3407d8540307Transcript Hash: 0xa3138886ebdae51010e1c24d4ba7e3da66a9ac7ccffc980871f3b91847fadb81

— vitalik.eth (@VitalikButerin) February 7, 2020

“The ignition ceremony was a multiparty computation (mpc) ceremony,” Schenk says, adding:

“We completed Ignition in early January, after 176 individuals and institutions from over 30 countries took part.

The output of Ignition is a public resource, and can be used by other teams building crypto systems.

Vitalik took part as participant #1, and built his own custom implementation of the ceremony software.

We had an open call for signups, and during the ceremony, anyone could make a 1 WEI transaction to get a slot.”

Trusted Setup

While this new tech is pretty cool, bitcoiners would argue that because you can’t validate yourself, you can’t be sure zkdai or zcash has not been printed out of thin air.

“That’s not actually true — the point of a parity check is to prove that each transaction has a net zero effect on supply,” says Tom Walton-Pocock, Aztec’s CEO, after further adding:

“I think I’d return with the question ‘under what conditions can the parity check over Aztec’s encrypted balances fail?’.

One is a systemwide failure whereby smart contracts are not validated correctly according to the validator smart contract code — that unfortunately applies to all smart contracts, whether their state is visible or not — the risk is no higher for Aztec than in any other system.

However the purpose of a blockchain is of course to eliminate that risk with each node validating their copy of the chain, and multiple implementations of the blockchain client.

The second is that the cryptography is incorrect — however we are fortunate that the current Aztec encryption scheme is extremely mathematically straightforward, and has been subject to repeated peer review.

The third is that the smart contracts are being followed correctly by the network participants but are just wrong — this risk would of course apply to ERC-20 transactions too. Again that is not specific to Aztec.”

Zachary Williamson, Aztec’s co-founder and CTO, says “the zero knowledge proofs that we use have well understood soundness proofs, that an adversary cannot double spend without breaking most of modern-day cryptographic techniques.

We use this to ensure that anybody can validate the integrity of all AZTEC transactions, without revealing the values of the encrypted notes in our smart contracts.”

This validation concern would apply more in an abstract philosophical setting where you hypothesize even one key might have not been destroyed because although the participant himself may have destroyed it, someone else – like a hacker – might have seen it.

In that case, you wouldn’t know there is more zkdai or more zcash than there should be, but in this ceremony there were ordinary people from across the globe in addition to the destruction of a laptop by one participant. So you probably can be sure the rules are being followed as much as you can be sure of anything.

ZK Tech, Cooler Than Defi?

ZK tech is a good solution to privacy with the team previously stating it can be used for “anonymous voting for governance mechanics, anonymous identity schemes, and a decentralized zero-knowledge exchange.”

“We’re actually planning to present a programmable form of privacy (we call it ‘Code Privacy’) so that developers can create all these offerings inside the Aztec privacy wrapper,” Walton-Pocock says.

They’ve raised funding from “some excellent VCs on both sides of the Atlantic — no immediate plans to raise further for now,” Walton-Pocock says, but did not wish to reveal how much they have raised “though we did formally announce our original seed round of $2.1m equivalent in October 2018.”

On their site they show ConsenSys and Coinbase backing them, in addition to others, with the project offering zero gas fees to dapps for 12 months while waiting to launch their scaling technology. So how are they going to make money?

“On value capture we’re not passing detailed comment on that now (not least because the blockchain and zero-knowledge landscape is changing at a breathless pace at the moment). We will lay out our model publicly at a later date,” Walton-Pocock says.

ZK tech is rising as one of the most promising area in blockchain and dapp development because it can do quite a bit more than just privacy.

It can for example be one of the most promising method of scaling public blockchains, with this area still too new and rapidly developing.