Vision
Jun 26th, 2024
## min read

Can blockchains and zero-knowledge help humanity survive? 47 real-world use cases

Worldwide, the average person’s daily screen time is 6 hours and 58 minutes. This is approximately 41% of waking time. Does it mean that a modern human is 41% digital?

Share
Written by
Lisa A.
Edited by

Are we becoming cyborgs in 2024?

Many thanks to Elias, Palla, Mahima, Hannes, and Rafal for review. Separate thanks to João Montenegro for an awesome discussion.

Worldwide, the average person’s daily screen time is 6 hours and 58 minutes. This is approximately 41% of waking time. Does it mean that a modern human is 41% digital?

Let’s think.

  • Personal relations are becoming digital (17% of marriages and 20% of relationships begin online) as well as business and consumer relations (81% of consumers prefer communicating in a messenger).
  • Society is becoming “cashless”: only 9% of Americans pay with cash, and in some countries it accounts for only 1% (e.g. Norway, Honk Kong, Sweden, etc.).
  • 71% of smartphone owners sleep with or next to their mobile phones.
  • Google search engine acts almost like humanity's hive-mind.
  • “Information and communications technologies are more widespread than electricity.” – Shoshana Zuboff.

One thing can be said for sure: our everyday life is a blend of the physical and digital worlds and this trend won’t reverse. Furthermore, the share of digital reality is going to grow.

Humanity has rich experience (approx. 300,000 years) living in physical reality.

Within this time we’ve learnt some useful skills. For example:

  • How to build reliable constructions such as houses, bridges, roller coasters, and military offices.
  • How to treat our bodies in such a way that they serve us as long as possible.
  • How to build meaningful relations that last for years and make us feel good, loved, and needed.

With digital reality, our experience is approximately 4,878x shorter (assuming 1983 being the internet’s year of birth). So, it seems we are still at the beginning of the learning curve of living in digital reality.

What part of ourselves is digital? Let’s think.

  • Most of our documents, files, and data (e.g. financial and health) are digital and stored on smartphones or laptops.
  • Most of our communications and social interactions are digital: through emails, social media, video calls, etc.
  • Most of our work is done digitally: collaborative work using Google services and GitHub, web services (e.g. Figma), storing and managing files in the cloud (e.g. Dropbox).
  • Most of our memorable moments and things that make us feel good are stored digitally: pictures from birthdays and weddings, screenshotted messages from those we love and hate, playlists we’ve been collecting for years, movie ratings, etc.
  • Authentications and passwords for all services and accounts we use.

What exactly does “digital” mean in all these cases? In most cases, it means stored in cloud services or on a company server. That is saying that 99.9% of our digital “us” is outside of our control.

Google won’t close tomorrow, will it?

Humans like to be optimistic. Google won’t close tomorrow, right? It just doesn’t make any sense. Humanity pays it so much money. Humanity gives it all its data.

Okay, thinking rationally, let’s assume that Google’s best option is to exist forever. But what about our Google accounts? What about the digital “us”? What about data authenticity? What about the part of our life that happens digitally every day? Will it exist tomorrow?

Let’s for a second move from that optimistic perspective to a more realistic one:

  • Whether we have access to our money or not depends on whether the bank allows us or not.
  • Whether we can access our iPhone or not depends on whether Apple allows us or not.
  • Whether we can access our data backup on iCloud depends on whether Apple allows us or not.
  • Whether we can leave a comment on a forum or social media depends on whether we meet the criteria of being a “good user” or not.

So, the first “layer” is: in order to have access to our digital life, we need to meet the criteria of being a “good customer” every day. Every single day. Doesn’t sound nice, but not a big deal, right?

Source

At the end of the day, we are good humans, we have nothing to hide, we trust our governments and these pretty multibillion corporations. They are nice guys. Is there anything else to worry about?

Hmm, let us think what happens if…

  • Artificial general intelligence (AGI) kidnaps the internet and floods it with bots?
  • Company servers are destroyed because of war or natural disasters?
  • Governmental databases break down, destroying all information about citizens and pushing the world into anarchy?
  • Autopilot transports and machinery get programmed for self-destruction on Wednesday 9:00 Eastern Time?
  • Banking system gets lost or corrupted, so we lose all our money because it is just a digital entry on a centralized server?

We still can stick to an optimistic mindset and say: okay, the probability of this happening is very low. Let’s wait until one such incident happens (e.g. nuclear war) and then we should start worrying. Today we still can access banking apps, scroll Instagram, and order a poke bowl. Why do we need to worry now?

There are several reasons to think about it today:

  1. We can’t think about saving the world after the world has been destroyed because the world won’t exist anymore.
  2. Saving the world might take time. A couple of seconds might not be enough. And if the world is going to be destroyed, no one will kindly tell us 20 years in advance.
  3. We still can eat poke while trying to save the world. There is no contradiction therein.

Now let’s be more precise. While appealing to “saving the world”, by “the world”, we mean “the digital world”, a part of our life and identity that exists purely online or in a hybrid state of offline and online (e.g. medical devices implanted into human bodies having software components). By “saving”, we mean making it robust. That is to say neither governments, corporations, AGI, nor bots can kidnap, destroy, control, or limit a digital part of us.

We must make the internet more robust

Comparing our physical reality to digital reality, if in the former we developed robust materials such as carbon, metal, glass, and ultra-high molecular weight polyethylene fiber, in the latter we are still building twig huts.

The good news is that today we are already equipped well enough to start making the internet more robust. Three components that will allow us to resist factors such as AGI or dictatorships are blockchains, privacy incorporated into blockchains, and cryptography. Why these three?

To have control of our digital “us”, we need four components:

  • Permissionlessness
  • Immutability
  • Verifiability
  • Privacy

Let’s abstract from the wording “the internet”. Instead, let’s use the word “cyberspace”, meaning “everything digital” including the internet, computer networks, and whatnot.

By permissionlessness, we mean that cyberspace is equal for any human on Earth. Create an account, deploy code, own a digital object, talk to another human in cyberspace – whatever is possible there for one human is possible for everyone.

By immutability, we mean that humans have control over their life in cyberspace and if they make an action in cyberspace (e.g. open an account, issue an ID, or deploy code), no one can undo it. One should note that immutability might work as a double-edged sword, as if being immutable means nothing can ever be forgotten. Thus, we should be very conscious while building of what exactly we are making immutable and how it might manifest as a negative externality one day.

By verifiability, we mean something like an objective source of truth. If human 54835934 tells human 82849934 that “this statement” is true, human 82849934 has a tool to objectively verify its truthfulness.

By privacy, we mean control over what is disclosed, when, and to whom. How sincere are we claiming “we have nothing to hide”? Even if we don’t mind “someone” having access to all our correspondence, medical data, pictures and videos (including those hot nudes), food delivery, e-commerce, and porn browser history… What if we take it one step further, right to brain-computer interfaces (BCI)? If someone (whether governments, corporations, AGI or another party with exceptionally good intentions) now has access to all our thoughts and body chemistry, do we still have nothing to hide?

These four properties allow us to ensure that our digital “us” will last at least as long as our physical “us” (or maybe even longer, but that is a topic for another article).

Blockchains and cryptography

No technology in isolation is a magic pill. However, combining the right technologies and applying them in the right cases allow us to come closer to inventing a magic pill.

Let’s first clarify what technologies we have in our “survival kit” and what properties of theirs we are interested in.

Blockchain provides permissionlessness and immutability

Blockchain is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a network.

In this definition, the key property is “shared”. The question is how exactly it is shared or who are the participants of the network. To be shared “for real”, we want the blockchain to have thousands or even millions of nodes that are independent of each other. As of the 15th of April 2024, Ethereum has 5,912 nodes in the network where by nodes we mean different independent parties running infrastructure (one node might run many validators). And even though some of them are run by institutions, Ethereum can be fairly called a shared and immutable ledger. That is to say, Ethereum is good enough to be the base of the robust internet.

Cryptography provides verifiability

Cryptography’s history is almost as long as humanity’s history. But with the advent of the digital era, some specific kinds of cryptography that fit the needs of computers and the internet started evolving at an insane pace.

The history of zero-knowledge cryptography started in 1989, although it wasn’t obvious it would be a perfect complement for blockchains (even though the idea of blockchains was proposed earlier).

A zero-knowledge protocol consists of two parties, a Prover and a Verifier, where the Prover can prove to the Verifier that a certain huge statement is true while conveying only a tiny bit of information. This property is called “succinctness” and is a key component of cyberspace, where individuals need to coordinate with each other all the time and the communication has to be as lightweight as possible.

Privacy-preserving blockchains provide privacy

Privacy-preserving blockchains allow individuals to choose what information to disclose, when, to whom, and in what form. This is another crucial element of cyberspace, as disclosing one bit of data while preserving private other bits of data is a must-have mechanism for efficient coordination.

For example, in the case of elections, an individual wants to tell the tally that (i) they are eligible to vote, (ii) they have voted, (iii) they voted only once, but they don’t want to disclose any details about their vote or their identity.

One should note that privacy on the application layer (e.g. private identity or transfers) can’t be added to a transparent blockchain purely by means of cryptography. Privacy should be incorporated into blockchain design at the level of smart contract anatomy and state management.

Now that we’ve looked at what components we need to build robust cyberspace, let’s explore specific cases we need to fix and decide if we really can fix them with these tools.

47 use cases and 75 examples for blockchains, privacy, and zero-knowledge

In the second part of this article, we will explore 47 use cases and 75 examples of how blockchains, privacy, and verifiability can disrupt, heal, expand, and modify the world around us, addressing its problems, weaknesses, points of failure, and fragilities.

But before we dive into the full list, let’s cover three quick examples as an introductory illustration:

  1. Programmable identity: Today, when someone needs to confirm their identity, age, citizenship, or residential address, they provide a passport, ID, or other formal documents. With zero-knowledge proofs, one can manage all their documents client-side and provide proofs of specific properties upon request, without requiring documents.

One should note that for this use case we strictly need privacy-preserving composable blockchain (e.g. Aztec).

  1. Combining several data sets and a model without datasets and model disclosure between parties.
  1. Smart home that processes all data client-side (i.e. inside of smart home) without sharing its inhabitants’ data with anyone (even Google!).

Now we have some intuition behind how zero-knowledge proofs and privacy-preserving blockchains can create an alternative to the current reality, with several of the cases we’ve mentioned involving fixing data privacy and individual sovereignty issues and unlocking new forms of collaboration and coordination. Finally we are ready to dive into the longlist of blockchain, privacy, and verifiability use cases, where these three factors become the real game changers for the world and humanity’s future.

Most of the ideas described below were borrowed from brilliant minds, either from their public presentations or personal talks. Credit to Barry, Steven, Zac, freeatnet.eth, Jessica, Henry, Tarun, and Joe for being brilliant minds.

We will also categorize all use cases into categories:

  1. Efficient coordination – allows small numbers of individuals coordinating efficiently to compete with much larger agents.
  2. Verifiable computation – “truth objectivity” allows individuals to be sure that something is true without relying on honesty of institutions or other individuals.
  3. Data immutability and robustness – makes the cyberspace environment more long-lasting, reliable, and independent of institutions and individual agents.
  4. Improved world economic efficiency – allows individuals and institutions to utilize the resources at their disposal in a more economically efficient manner.
  5. Privacy – just privacy.

In the table below, we categorize a number of solutions to specific problems we will probably meet within the next decades while the digital share of the world is expanding and rooting deeper and deeper into our reality. We classify them according to whether they require blockchain, privacy, verifiability (provided by zero-knowledge), or a specific combination of these three. In most cases, blockchain serves as a coordination layer, privacy is engaged in all cases where participants can’t go with 100% transparency of all data, and zero-knowledge adds verifiability.

Under blockchain, we assume a decentralized one where nodes are run by thousands of diverse, independent parties. This decentralization makes the network credibly neutral and provides strong security guarantees. Today, Ethereum fits this criteria more than anything else. Layers 2 on top of Ethereum inherit its security property, however, their credible neutrality depends on design details such as approach to block building and upgrade mechanism.

Under privacy, we mean that whatever we want to stay private should be fully processed client-side on the user's device and should not be exposed to any other parties.

We also consider combining blockchain, privacy, and zero-knowledge with other existing technologies such as:

  • MPC and 2PC – enables multiple parties (or two parties in 2PC case) – each holding their own private/secret data – to compute the value of a public function using that private data while keeping their own piece of data secret.
  • TEE – a secure area of a main processor that prevents unauthorized entities from outside the TEE from reading data, and prevents code in the TEE from being replaced or modified by unauthorized entities.
  • Any existing cryptographic primitive such as an ECDSA signature (an example of a public key cryptography encryption algorithm).

Why can't we use these technologies separately and why do we need to combine them with zero knowledge and blockchain? Because we don’t just want to trust those using them that they are acting in good faith; we want to be able to verify that they are acting in good faith.

Efficient coordination

Use case Blockchain Privacy Verifiability
Proof of eligibility (for participation, access, etc.) Example 1: Access to the building (e.g. office).
Example 2: Access to military data regarding ongoing war where if this data is leaked it will lead to numbers of deaths.
Optional Need Need
Proof of innocence
Example: Compliance (proof of not interacting with agents meeting specific criteria, e.g. North Korean hackers).
Need Need Need
A mechanism ensuring collective agreement for making crucial decisions
Example 1: Minimum threshold for pushing the nuclear button where the voting members represent all parties that should be represented in a fair manner (MPC+ZK).
Example 2: Minimum threshold to approve decisions of the board of directors with huge financial impact.
Need Need Need
Prevention from malicious cooperation such as bribery or voting system “tampering” Example 1: Voting mechanism where it is impossible to prove that one has voted for a specific candidate.Example 2: Voters can independently verify that their vote was fairly recorded in the election tally. Need Need Need
“Programmable” trust: verification of specific properties of individuals (e.g. belonging to specific groups, visiting specific events, etc.) that allows the building of “safe spaces”
Example: If one studied at the same university and is a member of the same charity organization, it increases the probability that we share similar values and my default trust in this person can rationally be higher than in those who don’t meet these properties.
Need Need Need
“Temperature check” before making decisions/actions with extremely high general costs or the cost of being among the first.
Example: A government member can check how many other government members are ready to oppose the current ruling coalition and start to act only if they are sure they will have sufficient supporters (MPC+ZK).
Need Need Need
Check the alignment or expectations regarding a specific question in a neutral way as (i) participants don’t need to disclose sensitive information to each other and (ii) no one needs to express their preferences first, so there is no time priority.
Example 1: Negotiation of salary between the employer and employee where no single party needs to reveal their preference first, allowing the second party to adjust their preferences based on the disclosed information.
Example 2: Negotiation of the type of relationship that works best of all for all participants, such as “Should friends start romantic relationships”? (2PC+ZK or MPC+ZK depending on the number of participants).
Need Need Need
Private DAOs as a type of a legal entity
Example: Programmable organization with task-based system where compensation payments fully depend on executed milestones.
Need Need Need
Neutral personal data regulation
Example: Instead of governments enforcing the laws and standards around personal data (e.g. the EU’s GDPR), these standards are designed and regulated by a neutral third party while its execution is verifiable.
Need Need Need
Fair incentives mechanisms
Example: Corporations commit to a specific max level of negative externality regarding the greenhouse effect. If the max level is exceeded even by a tiny amount, the agent is “slashed”. By slashed we might mean monetary or other types of slashing (e.g. “reputational slashing” through public reporting for a worldwide audience).
Need Need Need
Blended experience between offline and online domains
Example: Pokémon Go, where blockchain serves as a coordination layer for a number of players.
Need Need Need

Verifiable computations / truth objectivity

Use case Blockchain Privacy zk
Ensuring that an autonomous automatic system will work exactly in the way it is expected to work (i.e. according to the designed algorithm)Example: Self-driving cars, autopilot planes, and self-navigating rockets can execute only the algorithm they committed to. Optional Optional Need
Executing the algorithm while keeping it a secret, i.e. executing any algorithm that should be executed by an external party while the algorithm owner would prefer not to disclose the underlying mechanism (either for commercial or personal motivations)
Example: Dating matching algorithm (2PC/MPC+ZK).
Optional Need Need
Content authenticity: verifying specific criteria of content (pictures, videos, etc.) such as no-edits, produced by a human, time and place of production, etc.
Example: Distinguishing between deepfakes and authentic sources.
Optional Optional Need
Ensuring that some technology was used in a proper way
Example 1: Ensuring that FHE encryption for cloud data storage was done correctly.Example 2: Zk-snark wrapped up around an NFC signature from a chip's public key to prove that one owns a valid signature without revealing the raw signature itself.
Optional Need Need
Direct data verification from a web2 service
Example: Verifying one’s Twitter username to be used in an external (non-twitter) service.
Optional Need Need
Optimizing subjective manual processes by converting them into objective non-manualExample: Today, to confirm a bank transfer over a specific threshold, one needs to confirm this transfer manually through the bank call center. This manual process can be eliminated by using zero-knowledge proof to pass the bank’s security check. Optional Optional Need
Converting post-factum verification/check into preliminary
Example: In the modern blockchain world, compliance and KYC information is supplied post-factum, after the transaction was executed when it might be too late to address it. Using zero-knowledge, the transaction can be valid only if the counterparties proved that they meet a specific criteria (e.g. possess some kyc token provided by some kyc provider). Hence, any fraud attempts can be handled in time.
Need Need Need
Proof of ML models’ integrity
Example 1: The model owner proves that the result of the ML model running is fair without revealing any information about the model itself.Example 2: Proving that the submitted model was executed on the committed data without revealing data. Combining both examples, the model owner publicly commits to a model, and generates a zk-proof that the committed model was applied to the user’s submitted input, yielding the claimed result.Example 3: In case of LLM making decisions on its own (e.g. shouting military goals), proving how LLM made the decision when the information is fragmented and different parties have access to different fragments. One should be able to see how the data was put together and be able to question it without revealing all data to one specific party.
Optional Need Need
Proof of treating all participants in the same wayExample: Proof of no price discrimination. Need Need Need
Verifiability in supply chains
Example 1: Proving the origin and authenticity of goods and materials.
Example 2: Proving that materials meet compliance standards of supply chains within modern economies without revealing sensitive corporate information such as the identities of their suppliers and customers.
Need Need Need
Verified rating services
Example: Employer review (e.g. Glassdoor) where all the reviewers (i) stay anonymous, (ii) provide proofs of being eligible to review specific company/role.
Need Need Need
Proof of a mistake in a decision made by big data machine
Example 1: If one’s transaction was identified as a fraud but it is not, one can generate verifiable proof that the transaction is legitimate.
Example 2: If one was marked as an individual affiliated with a specific person (e.g. a terrorist) when one is not, one can generate verifiable proof that there are no connections/interactions with this party.
Optional Optional Need
List of attested events (created client-side) based on the data stream
Example 1: Using zk email as a data stream, based on the parking bill from a government authority, to generate a proof that the email owner has a car and lives in a specific city.
Example 2: Based on the shipment delivery updates delivered through zk email, generate a proof of order delivery.
Optional Need Need

Data immutability and robustness

Use case Blockchain Privacy zk
Robustness of interoperability Example: Guaranteed access configurations to Twitter API. That is to say Twitter can’t withdraw or modify this API version and thus break the operations of those using it. Need Need Need
Games/virtual worlds ownershipExample: Games’ immutability protects gamers from game studios’ “dictatorship”, enforcing the ownership over game assets and rules, which is meaningful for professional gamers who spend a huge chunk of their lives playing. Need Need Optional
Immutability for ownership guarantee
Example 1: Impossibility of suspending social media accounts by automated algorithms (especially those with large audiences, e.g. creators) without proof of violation.
Example 2: Impossibility of freezing ad accounts in social media by automated algorithms without proof of violation.
Optional Need Need
Signed internet history that is recoverable in case of web2 internet servers destruction (e.g. putting every internet website as a rollup)
Example 1: Proving data authenticity in case of “sybil attacks”. Example 2: Resisting AI DDOS attack.
Example 3: Impossibility of malicious power’s actions because of data immutability (e.g. revocation of citizenship).
Example 4: Preserving core digital infrastructure in case of internet shutdown/firewalling/censoring (e.g. in case of revolution or war in countries with oppressive regimes).
Need Need Need
A “car” transferring sealed data between various web2 and web3 services (as an alternative to current API mechanism). This allows (i) avoid trusting APIs (e.g. Facebook), (ii) get the data in the format one needs, (iii) data authenticity is verifiable.Example 1: Web2 and web3 oracles.
Example 2: Services built on top of existing services such as “who unfollowed me” on top of Instagram.
Example 3: Cross-chain verification.
Need Need Need
Physical and digital property ownership history
Example: Verifiable ownership history of rare antiques or pieces of art.
Need Need Need
Eliminating the risks of personal database leaks: because of client-side personal data processing, there is no need for collecting and storing huge personal data databases that can be leaked or hacked Need Need Need

Efficiency

Use case Blockchain Privacy zk
Creating global settlement layer of the world’s assets: digitizing real-world assets (e.g. property, pieces of art, IP, etc) to be able to use them in the digital world
Example: Use physical assets as collateral for digital lending.
Need Dearly need Need
Improving efficiency of decentralized services so that they are able to compete with centralized ones
Example: For democracies (which require a lot of multiparty coordination) to be able to compete with the authoritarian regimes that are highly centralized and coordinated.
Need Need Need
Neutral databases of authorized attestations
Example: Proof of holding a certificate issued by the International Culinary Institute that can be verified by anyone without additional requests to the institution that issued it.
Need Need Need
DeFi as an alternative to traditional financial institutions to (i) provide banking services for underbanked parts of the world, (ii) provide humans with censorship resistance and immutability where institutions can’t limit access to assets and number of allowed actions. One should note that even though we have been talking about DeFi for quite a while, the DeFi we have today is fully transparent. That is to say, if one borrows money, everyone can see it, all payments (e.g. salaries), savings, and assets are easily observable. To make DeFi the real alternative to traditional financial institutions, we need privacy-preserving composable blockchains, otherwise it’s a toy example.
Example 1: Buying stablecoins in countries where people are not allowed to buy foreign currency.
Example 2: Immutable private transactions or private compliant transactions.
Example 3: Providing basic banking services in countries with low GDP and weak institutions that can’t provide their population with access to banking.
Example 4: Broker-dealer network for securities trading services.
Need Deadly need Need
By reducing the amount of data that needs to be transmitted and processed, ZKPs can also significantly reduce the energy demands of IoT devices, improving efficiency and reducing costs. Optional Optional Need
Programmable spending based on the on-chain income
Example: Recurring monthly debt payment as the first spending from the salary.
Need Need Optional

To glimpse how all these use cases are possible through combining zero-knowledge and privacy-preserving blockchains, one should note that even though these technologies are absolutely awesome, they are still not magic pills. We need developers, engineers, and architects to combine them in smart ways. That is to say that the real magic pills are the developers, engineers, and architects capable of doing this and caring about our common future as much as the Aztec team does.

The components (i.e. blockchain, privacy, and verifiability) have been clear at a theoretical level for years. But even when they started to be implemented, most implementations were not really feasible for real-world usage and were hard to combine with each other. This was a serious issue, as web3 applications should be competitive with the existing web2 stuff we already use.

Aztec Labs addressed this issue and has been developing Noir, an open-source, domain-specific language that makes it easy for developers to write programs with arbitrary programmable logic, zero-knowledge proofs, and composable privacy. The program logic can vary from simple “I know X such that X < Y” to complex RSA signature verification. If you’re curious about Noir, check the talk “Learn Noir in an afternoon” by José Pedro Sousa.

Privacy-preserving blockchain and zero-knowledge in spacetech and defense

For those who are still skeptical about these 47 use cases above as too cypherpunk-ish, the next section talks about the need for privacy-preserving blockchains and zero-knowledge cryptography in a very specific domain for solving very specific problems.

Blockchains and zero-knowledge in space

Today, operating in near-Earth space is a part of everyday life: countries, industries, and businesses rely on the day-to-day operation of satellites and the complex infrastructure created in Earth’s orbit. That is to say, a number of parties (some of them are obviously hostile towards each other) manage a number of programmable “nodes” with sensitive data. That sounds exactly like a coordination problem that privacy-preserving blockchains and zero-knowledge are able to handle!

  • Case 1: satellite coordination
    Most large countries have their satellites flying in space for some specific missions. That reminds one of car or plane traffic, but instead there are a number of satellites going from point A to point B. The goal is to manage this traffic in a way that there are no collisions or accidents. The coordination problem is that space is everyone’s – that is, the model of plane traffic doesn’t work.

Instead, satellite owners have to coordinate with each other (and as a consequence trust each other) to negotiate space management. This requires pretty deep data disclosure and trust that other parties have good intentions.

We can utilize zero-knowledge to provide proof of correct code execution, meaning that the satellite will perform exactly what its owner promises. For example, it can generate “proof of route”, which is a crucial component of space coordination as one additional zero in the code can send the satellite spinning forever or force it to change its trajectory and crash into other satellites. Privacy-preserving blockchain can be used as a coordination layer to deploy protocols for specific use cases.

  • Case 2: operating over hostile areas
    Sometimes satellites need to fly over the area of the countries with whom they are “not friends”. While flying over these areas, enemy representatives might be interested in hacking the satellite, intervening in its operating activity, and data forgery. For example, providing AI-generated images instead of authentic ones. To mitigate this risk, we can use zero-knowledge to provide proof of data authenticity or proof of metadata.

  • Case 3: planetary defense
    Planetary defense is the effort to monitor and protect Earth from asteroids, comets, and other objects in space. Life on Earth has been drastically altered by asteroid impacts before. For example, once a planet-shaking strike led to the extinction of the non-avian dinosaurs.
    Planetary defense combines comet and asteroid detection, trajectory assessment, tracking over time, and developing tools for possible collision prevention (includes slamming a spacecraft into the target, pulling it using gravity, and nuclear explosions).
    Planetary defense is operated by NASA, the European Space Agency, and other organizations, all representing different countries and dealing with sensitive data collection and secret technologies (e.g. satellite engineering mechanisms).
    ZKPs and privacy-preserving blockchains can be a coordination layer to process data collected by different parties without exposing it to others.  

Blockchains and zero-knowledge for LLMs on battlefields, enterprise, and everyone’s daily lives

LLMs are (today, already, obviously) very valuable, are shaping an absolutely different economy, and will have a huge impact on daily humans’ lives, geopolitical balance, and enterprise operations.

One of the issues with LLMs is that they can’t tell you how they reached their conclusions. However, some of these conclusions change the world and impact millions, if not billions, of people, being used for business, for countries, for battlefields. Take for example the case of using LLMs to detect targets on a battlefield. The model tells the commander “This is the target”, but it doesn’t provide any proof that this target was detected correctly. In this case, the cost of wrong detection is at least a life, maybe a dozen lives, or several hundred thousand lives.

Zero-knowledge proofs can be a “neutral arbiter” providing the proof of what data the model was trained on, what data the model used to make a conclusion, how this data was put together, what the underlying algorithm is, etc. Furthermore, it can be done without revealing any specific information about either the data or the model.

One should note that today we are not talking about whether or not we should use LLMs for specific use cases. The reality is they are already used everywhere, by all major corporations, countries, and their governments. But what we still are able to do while LLMs start flooding our world is make the model owners accountable for their models – that is to say enforce some formal LLM compliance.

Similar to private data processing and collection today, some legislation for AI regulation will be set up as well. However, mere legislation is not enough; standards should be transparent and equal for everyone, and they should be followed.

Can a trusted third party who is believable, shares pro-democratic values, and is neutral enforce legislation compliance? In a domain such as AI, where at stakes are at the very least huge amounts of money (if not shaping the geopolitical landscape of the world for years to come), there are no neutral parties – everyone has their own interests and skin in the game.

In LLMs we don’t have custodial relations to the data, we can’t prove how the decision was made. But at the same time, we need to know how the data was put together and be able to question it. That is, for example, an absolute necessity for the presumption of innocence. ZKPs as a source of truth and privacy-preserving blockchains as a coordination layer can solve this issue to enforce AI standards compliance.

Conclusion

We are just at the very beginning. Privacy-preserving blockchains and zero-knowledge cryptography are needed in spacetech, agrotech, medtech, biotech, AI/ML, military technology, social networks, retail, robotics, big data, IoT, media and entertainment, edtech, fintech, logistics, neurotech, etc.

The 47 use cases mentioned above are kind of obvious today, but the real landscape of ZKPs and blockchain usage in 20 years will be much wider, deeper, and more diverse. Some of them can be predicted today, while some of them are almost impossible to imagine (unless you’re a true visionary).

One thing is absolutely clear, however: world verifiability is an absolutely required property while our world merges offline and online universes deeper and deeper. ZKPs as a “source of truth” and privacy-preserving blockchains as a coordination layer are a very promising duo to make the world verifiable.

It will take us time. The right moment to start was yesterday. But today is also a good day: for those ready to act together with Aztec – fill in the form.

Sources:

  • An article “Planetary defense: Protecting Earth from space-based threats” by Vicky Stein.
  • A talk “on The Global Tech Race” by Alex Karp.
  • A talk “Charting Taiwan DID as a Showcase & Experiment” by Noah Yeh.
  • A talk “State of ZK ECDSA” by Gauthier.
  • A talk 2PC is for Lovers by Barry Whitehat.
Read more
Aztec Network
Aztec Network
30 Jun
xx min read

Inside an Aztec Transaction

On Ethereum today, each transaction reveals everything publicly. The token you moved, the size, the timing, the wallet it came from, every action you take. Given the limitations of this type of transparent network, the industry is now focusing on bringing privacy onchain as a top priority. The response to this has mostly been to enable private transactions that shield transfers in various ways. But when we look at how privacy works on Web2, it’s clear that users and developers need granular privacy controls: the ability to decide what is public or private and who is able to see different types of data.

Aztec was built so that one transaction can carry two halves. A private half that runs on your own device and never leaves it, and a public half that the network runs in the open. Apps can choose which aspects are private or public, and users can choose what they want to reveal and when.

This article will follow an example transaction on Aztec: a vote in an onchain election built on Aztec, where who you are and which candidate you chose stay private, while the running tally for each candidate stays public for anyone to verify.

Public and private in one move

Picture the vote you cast in our example as two aspects that seamlessly weave together. In the first step, you act in private: an app records your vote on your device and hands the network a proof that the vote is valid without revealing it. In the second, the network acts in public: it checks that proof, then adds one to the chosen candidate's public tally. It is one transaction: one part stays with you, one part goes to the network. Both parts end up recorded onchain, in two separate state trees, one private and one public. The walkthrough below follows how these two aspects work together and what this means for how your transaction lands onchain. 

It starts on your device

You open the voting app and connect an Aztec wallet. That first step looks like any onchain app. The difference is inside the wallet. An Aztec wallet carries a private execution environment, the PXE, pronounced "pixie", which runs on your phone or in your browser. The PXE is where the private half of your transaction executes, and where the proof of that work gets made, on your hardware, under your exclusive control.

Every account on Aztec is a smart contract rather than a bare key. That design, account abstraction, allows a wallet to authorize a transaction however its owner chooses without writing an identity onto the network for everyone to read. The wallet is the front door, and on Aztec you can decide if the door is open or closed, who you share your information with. 

The private half runs on your device

The voting app is a smart contract with two kinds of functions. The private functions run first, and they run inside your PXE. Your identity and the candidate you picked are the private inputs, and they stay on your device.

The only thing to leave your device is a proof confirming the legitimacy of your vote. Aztec's client-side proving system, Chonk, takes the private execution and produces a zero-knowledge proof: a compact cryptographic receipt that your vote followed the rules, that you are eligible, and have not voted before, while revealing nothing about who you are or who you voted for. Think of it as a sealed ballot the network can confirm is valid without opening it. The network learns only that a legitimate vote happened. It does not learn how you voted, or even which account voted. 

This is the part that used to be too slow to be practical. Generating a proof on a phone was the bottleneck every privacy app hit. Aztec’s Chonk is purpose-built for fast proving on low-memory devices, both natively and in the browser, so the private half runs on the device in your hand instead of on someone else's server.

The public half runs in the open

Some elements of a vote should be public. The tally is shared infrastructure, the number everyone relies on to trust the result. Thanks to programmable privacy on Aztec, the app marks that part public. Public functions live on the network and run in the open, the way functions do on Ethereum.

On Aztec, private and public logic live in the same contract, and the developer decides which is which, function by function and variable by variable. Programmable privacy is a dimmer, not a switch. The voting app turns it up on the individual ballot and turns it down on the running tally. That boundary is a design decision written into the contract, and it is the thing no transparent chain and no fixed-privacy chain can offer.

The network checks the proof and runs the public part

Your vote leaves your device as a bundle: the zero-knowledge proof of the private half, plus the call to the public function that updates the count. It goes to Aztec's sequencers, a decentralized set of thousands of independent operators, with more than 3,500 of them running the network today.

The sequencers do two jobs at once. They verify the proof of your private vote, confirming it is valid and eligible without seeing the choice behind it, and they run the public function that adds one to the chosen candidate and updates the public tally. Your ballot stays sealed. The count goes up by one for everyone to see. The same proof guarantees you cannot vote twice, even though no one learns which ballot is yours.

Two state trees, both onchain

Aztec has two main state trees, and both live onchain. One holds private state, the other holds public state, so the full record of what happened sits on the network rather than on any one person's laptop. The two trees store each record in two different ways depending on if it needs to be private or public. 

The private tree uses a UTXO model, the same note-based design used by Zcash. In this model, state is written as commitments: each entry is a sealed record that a valid vote was cast, with the voter and the choice kept private. Just like with Zcash or Bitcoin, you do not edit a private entry in place. You write a new one, and the design stops the same vote from being cast twice (old state is nullified). The vote stays private, and the record of a legitimate vote happening is onchain for the network to check.

The public tree uses an account-based model, the same shape Ethereum uses: values that update in place, readable by anyone. This is where each candidate's tally lives.

One transaction wrote information to both trees. The private tree recorded that you voted, sealed. The public tree recorded the new totals, in the open. Everything is onchain. The difference between the two trees is how much each one reveals.

Every private app on Aztec writes into that same private tree. A vote, a payment, and a payroll run all land in one shared record of activity, so each user's privacy grows stronger as the network grows, instead of splitting into a separate pool for every app.

A block is proposed, and Ethereum records it

Aztec is an L2 on Ethereum, so everything settles to Ethereum L1. A sequencer on Aztec gathers transactions into a proposed block. Other sequencers validate it before it goes to Ethereum's pending chain. At that point the block sits on Ethereum, ordered and recorded, waiting for its proof. The network has agreed on what happened and the proposed block is just waiting a final proof. 

Anyone can prove it

Proving a block is its own job, and on Aztec, it belongs to no one in particular. A decentralized, permissionless set of provers competes to take a full epoch, a 32-block stretch of the chain, and compresses it into a single zero-knowledge proof of the entire epoch. Anyone with the hardware can run a prover and bid for the work. There is no privileged operator, no committee you have to trust, no outside network holding a key.

That openness is the whole point of a privacy layer. A system that protects your data but routes it through one trusted server has only moved the exposure rather than removed it. Aztec keeps proving permissionless and your private inputs on your device, thereby avoiding any exposure.

The economics land in the voter's favor too. As an L2 network, Aztec spreads the cost of that one L1 proof across thousands of transactions in the rollup, so a vote costs pennies, not the millions of gas a private proof would cost verified alone on Ethereum.

Settled on Ethereum, verifiable by anyone

A prover then posts the epoch proof to Ethereum's proven chain, and the Aztec state is final. Ethereum verifies one proof and inherits the correctness of everything inside it. Aztec extends Ethereum and settles to Ethereum, so your hybrid transaction carries Ethereum's security without carrying Ethereum's enforced transparency.

Anyone can now verify that the result is valid and that every counted vote was legitimate. No one can see how any individual voted. The tally is on the shared ledger where it belongs, and your ballot stayed yours the whole way through.

What this unlocks

For the voter, their ballot was never a broadcast. The candidate you chose stayed yours, with no record tying your wallet to a name for anyone to read later, and you can still check that your vote was counted and the result is honest. You took part without your choice becoming data for systems built to act on it.

For a founder, the election app in this walkthrough is easy to implement without needing to build extensive custom code. Secret ballots with a public, verifiable count, in one contract, is a product category that opens up only because the boundary is programmable. You can build governance, elections, and polls where people vote without fear and the result still proves itself. And of course you can build anything that requires both public and private state to work seamlessly together. 

For an infrastructure provider, the same machinery serves clients who need a result they can stand behind without exposing the people who produced it. Selective disclosure lets a client prove exactly what a counterparty needs to see, the count and the integrity of the process, and protect everything else, on their own terms. That is a guarantee a transparent chain cannot make.

A real vote needs two things at once: a secret ballot and a count anyone can check. A transparent chain makes you give up the first to get the second. On Aztec, you get both. The tally settled on Ethereum for anyone to verify, and how you voted stayed yours. The infrastructure is in place, what will you create with it? 

->Review the Aztec Basics

->Head to the docs and start building today

Aztec Network
Aztec Network
23 Jun
xx min read

The Devil's Bargain - Privacy Without Credible Neutrality

Crypto is in a long night. It is no secret that the industry is facing challenging circumstances and there has been a clear consolidation of the industry. Right now we are seeing a focus on real traction, demonstrable value projects shipping practical solutions that will meaningfully reach users. 

Some of that discipline is overdue. However, in times like these the properties that made crypto structurally different begin to look expendable. Decentralization slows you down. It makes upgrades harder. It makes institutional sales harder. It removes the control surfaces that the existing financial world knows how to buy.

We used to accept those costs as the price of building something durable. But, in a famine, they look like unaffordable affectations. Discarding them wholesale, however, is like selling the land out from under our feet.

Permissionless, uncensorable transaction networks with rich composability - this is the clay from which our industry was grown. The long term commercial health of our industry depends on preserving these properties in an age of privacy and institutional adoption.

These trade-offs become more challenging and pernicious when privacy is involved. Privacy is the narrative for crypto in 2026, and for good reason. It’s the missing piece that will deliver the traction and real use-cases that the industry so desperately needs. 

The challenges of decentralization multiply under the constraints of privacy and what we are seeing in the industry is not a pivot, but a complete capitulation of all of the differentiable value that made crypto valuable.

I have spent nearly a decade building a network that marries programmable privacy with decentralization. A network where users keep their data, where applications are composable with one another, where transactions can settle without a privileged party learning everyone’s business or deciding which products are allowed to exist. That required new cryptography, new programming models, new state architecture, new wallets, and a fairly insane number of tradeoffs that are invisible until you try to build the thing yourself. There are easier products to ship. 

A centralized privacy service can give institutions something legible quickly, replicating how the existing financial sector works: a responsible operator, a viewing key, a way to block transactions, a way to explain the whole thing to a risk committee. Some of these products will be useful. Some will be good businesses. But they are not the thing we came here to build.

The Devil’s Bargain

Institutional and enterprise adoption is one of the core growth areas in this crypto-winter and the playbook is simple: use the language of crypto as a skin-suit to sell products and services that pattern match onto existing financial rails, with their need for complete visibility, censorship, centralized network operators and all of the liabilities this incurs.

This is a tempting bargain because it shortens the path to adoption. It gives buyers and regulators a shape they understand. A company. A contract. A switch. But the moment you accept that bargain, the system changes character. It may still be encrypted. It may still contain proofs. It may still call itself private. But, it now behaves like and is an operated service. 

There is a party with privileged knowledge and privileged control. Builders must shape themselves around it. Institutions negotiate with it. Regulators may pressure it. Attackers target it. Users ultimately depend on it. By a backdoor I mean something specific: a network or protocol-level viewing key where the product developer does not control who can see their users’ data, especially when paired with network-level controls that can block transactions or ban smart contracts entirely. I do not mean application-level controls. I do not mean user-authorised disclosure. I do not mean a dapp deciding that users must prove something before using it. Regulated applications will need rules. The issue is that the disclosure boundary of your application belongs to somebody else, and the same layer that sees can also decide whether your users are allowed to transact. In short, users lack a platform that has credible neutrality.

The Platform Risk

Privacy on top of centralized rails is fatal. If one party can see everything and stop anything, that party may be treated as responsible for seeing and stopping.

This compounds into substantial platform risk. If an entity builds on top of such a system they must surrender visibility and control to the network operator to satisfy their liabilities without consideration for yours. Decentralization and ultimately credible neutrality is the difference between whether you own durable infrastructure or are renting a service whose rules can change on a whim. Worse, you cannot “just build things”. For novel transaction flows approval must be sought and granted. Tell me, would Ethereum have grown if every smart contract deployment required approval from the Ethereum Foundation?

Privacy needs the same freedom. A private credit market, for example, touches identity, collateral, repayment history, payment flows, liquidation logic, lender disclosures, auditor access and borrower privacy. If every component lives inside a different permissioned service, each with its own operator and viewing assumptions, that is a bureaucratic friction that negates blockchain’s core value proposition; composability.

A decentralized and credibly neutral privacy network prevents the settlement layer from becoming the single place where all surveillance and censorship obligations naturally accumulate. It allows product developers to scope their code to satisfy their own narrow requirements without consideration for the obligations of a centralized operator.

Building for credible neutrality

A lot of today’s privacy narrative treats architecture as if it were a detail. It is not. You cannot take a transparent ledger, staple confidentiality onto the edge, add a viewing key for comfort, and expect to get programmable private infrastructure.

If the state model is not private from the ground up you get wrappers, third party tools, data custodians, ad hoc disclosure paths and a pile of assumptions that every application drags into the next. Developers do not get a normal programming model where private contracts can call private contracts and users keep state on their own devices. They do not get composability.

The difference matters. In a real private execution environment, users generate transactions locally. They do not outsource their intent to a third party who learns what they are doing. Private contracts interact through a state model designed for privacy. The network settles proofs without becoming the party that knows everyone’s business. Privacy is part of the architecture.

This is why Aztec has taken so long. We built something that makes programmable private state and decentralised settlement live inside the same system. That means proving systems that run on consumer hardware, a transaction architecture built around local private execution, and a programming model where privacy is idiomatic and just works out of the box.

A centralized service can skip much of this. It can hold the key, run the prover, approve the flow and call the result privacy. It gets to market faster because it is not trying to arrive at the same place.

The edge

Adding decentralization does not make obligations disappear. Applications, issuers, frontends, custodians and regulated businesses will continue to exist in a web of obligations and responsibilities. Anyone pretending otherwise is unserious.

The question is where those obligations live. If they are pushed into the settlement layer, the settlement layer is no longer credibly neutral. It needs visibility into everyone and controls over everyone. 

The better answer is selective disclosure. Users and applications should prove specific facts to specific parties for specific purposes. A regulated application may need to know that a user passed a check, that a transaction satisfies a policy, or that an auditor can inspect a particular flow. None of that requires the base network to hold a permanent key into everyone’s activity.

This will be harder to explain to the existing world. New infrastructure always fails to fit the categories built for the old infrastructure. Bitcoin did not arrive as a neatly regulated bank product. Ethereum did not wait for every lawyer to understand smart contracts. Stablecoins and DeFi forced institutions, regulators and users to develop new language around rails that kept existing.

If the standard for privacy infrastructure is to plug into the old world without changing anything, the answer will always be a service with a backdoor. And the result will be to catch crumbs falling from the tables of the old world.

The market worth building

The market we should be building is, well, a market. A private financial system that compounds: assets, liquidity, identity, credentials, credit and applications interacting through a shared settlement layer without forcing users to surrender their data to whoever sits in the middle. 

Traditional finance is built out of vertically integrated information silos. Those silos are its moat. Banks, exchanges, custodians, payment processors and data brokers all benefit from controlling the information that flows through them. A global private settlement layer attacks that advantage directly. It lets liquidity and credentials move while outsourcing information custody to neutral cryptographic infrastructure. 

A company wants a moat. A settlement layer wants surface area. A permissioned privacy provider can ration access, raise fees, exclude applications, shape disclosure rules and define acceptable use around its own risk tolerance. These are products pretending to be networks, and not durable financial infrastructure. What bothers me is this compounding category confusion. Networks adding protocol-level viewing keys and transaction controls are using the same language as decentralised programmable privacy, and commentators are treating them as variations of the same thing. They are not.

We have spent nine years walking the hard road. Now, just as we are close, the market has lost faith. Everyone is reaching for whatever lifeline looks immediate. Some of those lifelines will be real. Some will make money. But if crypto responds to its long night by rebuilding financial privacy as permissioned services, then we will have survived by surrendering the property that made the industry worth building.

Markets can grow when the platform is removed from the position where it can dictate the rules. It would be perverse to forget that lesson while building privacy, the domain where control over information matters most.

The land we till

Crypto is in a famine. The land is struggling. We could sell our land for a pittance and survive the season. But the famine will pass, and when it does the land will blossom again. Without the land we are nothing.

We have struggled immensely to create a permissionless network that can marry privacy with decentralisation: an indestructible network whose users cannot be surveilled and whose transactions cannot be censored. This is the soil we have to grow our crops. To surrender a backdoor or a centralized operator for temporary relief is to sell our land for the price of a stablecoin. And we cannot sell the land.


Follow Zac on X to get more insights
Follow Aztec on X for updates & breaking news

Aztec Network
Aztec Network
2 Jun
xx min read

Who controls your privacy off-switch?

Privacy has become a baseline requirement for L1s and L2s who care about bringing real-world users onchain. Users don't want their activity broadcast to competitors or the general public, but applications operating at scale also need some form of auditability, whether for regulators, compliance requirements, or tax reporting. Selective disclosure resolves that tension: privacy by default, with the ability to prove specific facts when required. What separates these networks is not whether they offer that switch, but who gets to hold it.

Aztec, Canton, Starknet, Tempo, and zkSync all offer some form of privacy with selective disclosure, but under the hood they make fundamentally different architectural decisions about who can see your data and who can turn your privacy off. Those decisions determine whether your privacy stays under your own control or sits behind a switch that someone else operates.

Three questions reveal where these networks actually diverge:

  1. Who sees your data?
  2. Who can prove the network followed its own rules?
  3. Who controls when something gets disclosed?

The answers determine whether your privacy off-switch is held by a policy, by an operator's good behavior, or by you alone through a cryptographic proof. As you'll see in this post, there are legitimate reasons to use each one with different tradeoffs. Aztec is the only network, however, where that switch stays in the user's hands, answering all three questions without putting a permissioned set of operators or a standing viewing key in control of your privacy. That gives developers the flexibility to build apps that comply with applicable laws while still keeping full privacy under the user's control.

This article will compare the privacy approaches of Aztec, Canton, Starknet, Tempo, and zkSync to give developers insight into the privacy tradeoffs of each network.

TL;DR

Here’s how each network handles the selective disclosure privacy off-switch, and who has control over your privacy: 

  • Aztec: Only you can see your data, client-side proofs settled to Ethereum let anyone verify every transaction without trusting an operator, and the off-switch stays in your hands, allowing you selectively share information.
  • Canton: Participant nodes read your data in plaintext, no outside party can verify the global ledger, and your off-switch sits with those nodes rather than with you, since disclosure depends on them staying honest.
  • Starknet: No operator ever sees your plaintext because proofs are generated client-side, and those proofs verify the rules, but your off-switch is a standing viewing key that a designated auditor can use to decrypt and trace your entire history on request.
  • Tempo: The zone operator sees every transaction in plaintext, mainnet validity proofs let anyone verify the zone ran correctly, and the operator holds the off-switch, so you are private from the public but not from the operator.
  • zkSync: The operator reads every transaction in plaintext while a validity proof on Ethereum proves it cannot forge state, and the operator holds the off-switch over who sees what, giving you privacy from the outside world but not from the operator.

The Comparison In One View

Comparison chart of privacy on Aztec, Canton, Starknet, Tempo, and zkSync

Comparing your privacy off-switch 

Each of these networks offers privacy with selective disclosure, but each rests on a different network design with its own tradeoffs. We have ordered them by who holds your privacy off-switch, starting with designs where a third party controls access to your data and ending with designs where that control stays with you. At the top, the switch sits behind a policy promise and an honest operator, and further down it is replaced by proofs that the user generates and controls.

Canton

Canton keeps data private by controlling viewing permissions for the various actors on its network. A transaction splits into per-participant views, so each party receives only the sub-transactions that name it, and the parts it is not entitled to never reach it. The sequencer and mediator move those views without reading them, which is real privacy against those roles.

However, the data is still read in plaintext by the participant nodes that host the relevant parties, and in the common regulated-asset pattern where the issuer is a signatory on its own token, the issuer's node sees every transfer. The harder gap is verification, because no third party can reconstruct the global ledger, so correctness rests on the confirming nodes staying honest and their keys staying safe. In practice the off-switch sits with those nodes rather than with you, since you cannot see when your data is read and cannot stop it.

Tempo

Tempo is designed for payments and uses validity proofs to verify that each zone is executing correctly, while still giving the zone operator full plaintext visibility into every transaction within that zone. Privacy comes from Tempo Zones, which are parallel execution environments connected to the Tempo mainnet.

By design, the zone operator has visibility into all transactions within the zone, while users see only their own and the public sees only a proof that the zone is valid. Token issuers set compliance controls, allowlists, blocklists, and freezes, enforced across zones. The mainnet checks each zone's validity, so execution is verified, while the operator still reads every transaction in plaintext and holds the off-switch over what is revealed. Your privacy is from the public, not from the operator.

zkSync Prividium

zkSync Prividium adds the verifiability piece that Canton lacks. Every batch produces a validity proof settled to Ethereum, so a compromised operator cannot forge state or mint tokens from nothing without also forging a proof, which it cannot do. The tradeoff is that the operator processes every transaction in plaintext and decides who sees what, which means the off-switch stays with the operator and your privacy is from the outside world rather than from the operator itself.

This tradeoff has legitimate uses in high-trust institutional environments. If Bank of America, JPMorgan, and Wells Fargo are transacting on a shared network, a zone where BofA's infrastructure processes BofA-originated transactions satisfies internal control requirements while still delivering genuine ZK privacy from the other banks and the rest of the world. Where this model breaks down is in lower-trust environments where giving an operator full plaintext access and the switch that comes with it holds back product design possibilities. 

Starknet STRK20

Starknet's STRK20 breaks from relying on an operator for privacy. It shields ERC-20 balances and transfers in a privacy pool, and every private transaction carries a zero-knowledge proof generated client-side, so no operator sees your plaintext in order to build it.

Disclosure is where STRK20 diverges from Aztec. To join the Starknet Privacy Pool, you register an encrypted viewing key onchain, and it sits there for the life of your participation. On a regulatory request, a designated auditing entity can decrypt that key and trace your complete transaction history, forwards and backwards. StarkWare calls this ‘not a backdoor’ but a carefully scoped access mechanism, and the safeguard is a policy promise that the auditor decrypts only when required. The privacy is cryptographic, but the off-switch is a standing key that someone else holds and can flip whether or not you are watching.

Aztec

On Aztec your private state lives as encrypted private data that only you can decrypt. The contract developer can choose what state is public and what is private, and whether your encrypted private data is emitted onchain as a private log or shared off-chain instead.

Your transactions get proven client-side on your own device, so no sequencer or operator sees your unencrypted private data. Those proofs settle to Ethereum, which gives the same integrity anchor marketed by Prividium, with every transaction verified and no forged state, but without a single operator who reads your data. The base protocol decentralizes sequencing, proving, and governance, so there is no operator to choose and trust in the first place.

Disclosure is your choice too: you decide who learns your private data, and whether they learn it in encrypted or decrypted form. To grant discovery without readability, you share an app-specific tagging secret that lets an auditor find your data in encrypted form without being able to decrypt and read it. This is enough to prove things calculated from that data, such as a tax basis or a profit and loss figure. Granting permission to actually read the data works differently. There's no per-contract read key you can hand out, because decryption uses your master viewing key, which would unlock all your data across every contract. So instead of sharing a key, you share the data itself, plus a proof that your plaintext is what encrypts to the on-chain ciphertext.

Aztec has true selective disclosure in that you can selectively share it, and nothing else you don’t need to. This is app specific, meaning that private data discoverability access on one app does not grant access on another. Most importantly, the off-switch stays in your hands, and you never need to trust the network to handle access to any of your private data and activity.

This is not just conceptual: here is a working proof-of-concept of this model on Aztec. PrivPNL takes you from private DEX trades through a tagging-key disclosure to a browser-generated ZK proof of your PnL. The auditor verifies a proof while the prover only has to reveal the amount they owe, and your portfolio stays private.

Users need to hold their own off-switch, not a promise to look away

Canton keeps the switch with the participant nodes that read your data in plaintext, so disclosure rests on those nodes staying honest rather than on anything you control. Tempo similarly gives the off-switch to a zone-based node operator, but allows you to verify the correctness of transactions using validity proofs. Prividium hardens that promise with a proof settled to Ethereum, a real improvement, but the operator still reads every transaction and still decides who sees what. This can work well for large institutions, but small to medium sized enterprises are left with the same privacy as their current banks unless they run their own Prividium nodes. STRK20 moves the switch into a standing viewing key and asks you to trust that a designated auditor reaches for it only when needed. In each of these models the real question is not whether your privacy can be switched off, but who gets to do the switching, and whether you would even know it happened.

Aztec takes the operator and the standing key out of the question entirely. You keep the data, you generate the proof, and you disclose the result, one fact at a time and only when you choose to. The off-switch never leaves your hands, and no operator, auditor, or node can reach it on your behalf. This is one of the benefits of a network that offers fully programmable, privacy-preserving smart contracts that put you in control. 

Selective disclosure is how privacy survives contact with a regulator, and the model you pick decides who can open your history when you are not looking. On Aztec, that answer is no one but you.

Let's Build

Dive into the technical details: Try a live demo of selective disclosure on Aztec and read the technical article on how it was built. 

Integrate with Aztec: Reach out if you are interested in integrating privacy into your project.

Aztec Network
Aztec Network
26 May
xx min read

The Aztec Stack

Aztec is built on one idea: smart contracts on Ethereum where developers choose what is public and what is private. That doesn't just mean shielded transactions. It means who acts (identity), what they transact (state), and how they execute (computation) can all be private. Aztec makes end-to-end privacy possible; even the contracts themselves can be private.

But privacy also has to be practical. Aztec integrates private and public execution in the same contract, so apps can seamlessly weave together private and public state. Every account is a smart contract, letting users grant granular, revocable access for selective disclosure, which is useful for compliance, tax reporting, or agent permissions.

Finally, Aztec is a decentralized L2, with 3,500+ sequencers participating in the network today. That permissionlessness is what makes Aztec a credible foundation for a global privacy layer.

In this article we’re going to explore the Aztec stack and how we make programmable privacy a reality. We’ll answer questions like ‘what can you do on Aztec?’, ‘how does it all work?’, and ‘what are the core layers of the system that makes it all possible?’

TL;DR

The four layers of the Aztec stack, all live today on the Alpha network

  1. Noir: a programming language for writing private programs with simple, familiar syntax. 
  1. Aztec smart contracts: written in Noir using the Aztec.nr framework, allowing you to easily write smart contracts with both public and private state. 
  1. Aztec Network: a fully decentralized, privacy-preserving Ethereum L2 for building useful applications. Private state uses a UTXO model, public state uses an account-based model like Ethereum. 
  1. Ethereum: L2 txn rollup proofs are stored on Ethereum, inheriting strong economic security. 

Layer 1: Noir, the Universal Language of ZK 

Aztec smart contracts are written in Noir, a programming language with Rust-like syntax optimized for writing private programs. Noir is an open-source project developed by Aztec and is now the industry-leading language for writing private apps using zero-knowledge proofs. Let’s dive into what Noir is, and why we use it as the building block for writing smart contracts. 

Writing zk programs is extremely difficult without a background in cryptography. When developing Noir, our first goal was to create a highly optimized and easy-to-write zk Domain Specific Language (zkDSL) where developers don’t need to know any of the underlying mathematics. As a result, Noir handles all the cryptographic complexities, and will automatically convert your code into fancy zk circuits. 

Noir under the hood
Noir under the hood

Noir compiles down to the Abstract Circuit Intermediate Representation (ACIR), an adaptable intermediary language that makes it easy to plug in a variety of popular proving backends. These proving backends, such as Aztec’s Barretenberg proving system, take the compiled zero-knowledge circuits and generate proofs attesting to the validity of the program’s execution, all without revealing any private inputs. From authorization systems that keep a password on the user's device, to complex onchain state channels with recursive proofs to verify offchain state; Noir and a proving backend handle everything from compilation to cryptography for you. 

In addition to simplifying the developer experience, we also wanted to make it intuitive to specify which elements you want to keep private and which you want to make public. With Noir, privacy is baked in as a default, so all variables and functions are automatically kept completely private, and executed on the user’s device. 

If you want to make any part of your code public, you can do so by simply adding a pub attribute. 

Using public and private inputs together
Using public and private inputs together

Noir on its own is great for writing programs that need to execute stateless functions, such as proving that you reside in a specific country based on passport data, or that you hold a certain number of tokens without revealing how many. Projects are already starting to build with Noir outside of Aztec on Base, Scroll, Starknet, and other chains. However, if you are looking to write privacy-preserving apps that store private state data onchain, it’s helpful to utilize a smart contract library that deliberately handles those complexities for you. That’s exactly what we’ve built at Aztec and what we’ll explore in the next section. 

Layer 2: Smart Contracts 

Aztec smart contracts leverage Noir to create apps with onchain private and public state. This section covers how smart contracts work on Aztec and how you deploy and interact with your contracts. 

An Aztec smart contract is a set of public and private functions written in Noir, deployed on the Aztec Network. They are written using the Aztec.nr framework which handles all the cryptography under the hood for managing private and public state and interacting with other contracts on the network. 

To build useful applications, developers need to be able to incorporate both private and public components into their contracts. For example, an onchain voting contract might want to keep the information of the voter private and prevent someone from voting twice, but publicly display how many votes have been cast, and the outcome. 

Because contracts are written in Noir, this functionality is as easy as adding a ‘private’ annotation above your function. The following function will be executed privately on the user device, allowing a user to cast a vote without revealing their address: 

The output of this private, local execution will be sent to the network, where the correctness of execution is verified and public function calls are executed. The following function is designed to be executed publicly, adding a vote to the total tally without revealing where it came from. 

To seamlessly weave together private and public components that can easily interact with onchain state, Aztec smart contracts utilize the Aztec.nr framework to execute private functions on the user’s device and bundle the proofs for these transactions together with the public functions that will be executed by the Aztec Virtual Machine (AVM). 

This framework adds the functionality needed to build onchain, privacy-preserving apps, including defining contracts, accessing private or public context, and interacting with the Aztec Network. Similar to how a vanilla Noir program would compile down into zk circuits, Aztec smart contracts are compiled into zk circuits for private functions or AVM bytecode for public functions, and stored in the Aztec contract tree. 

Aztec accounts are also written as smart contracts, implementing what is known as account abstraction. Account abstraction allows application developers to create programmable accounts to dramatically improve user experience, including social recovery, sponsored transactions, and multi-factor authentication. It also makes compliance practical, allowing for granular access controls on accounts. 

Layer 3: The Aztec Network

The Aztec Network is the only decentralized L2 on Ethereum. There are currently over 3,500 sequencers running the alpha network. View the live block explorer for the alpha network. 

In order for a network to fully protect users and their data, it must guarantee three levels of privacy: 

  • Private data: input and output values are hidden
  • Private identity: addresses are hidden 
  • Private compute: contract functions are hidden 

When you write  Aztec smart contracts, everything listed  above is taken care of for you. As discussed in the previous two sections, you can easily opt into privacy protections at a granular level by weaving together public and private functions. 

To understand how all of these components fit together, let’s examine how a transaction is executed on the Aztec Network. 

When a user interacts with your application, private functions are executed client-side on the user’s device: a phone, a personal computer, etc. This happens in a private execution environment (PXE) that is able to create highly-efficient zk proofs even on browsers and mobile devices. Any private state updates are added to the state of the network in an append-only database (UTXO tree). Because the proof is generated client-side, no information can be leaked about the inputs, outputs, accounts, or even the functions that were executed.

On the other hand, public transactions are bundled together with the private client-side proofs and sent off to the Aztec Network, powered by a decentralized network of independent community-run sequencers. Sequencers check the validity of private execution proofs, execute any public functions and update the public state, propose blocks, and publish state updates (“diffs”) to Ethereum L1. Sequencers also coordinate with a decentralized network of provers who compute the final proof for every Aztec “epoch” - defined as a contiguous sequence of 32 L2 blocks - and publish it to Ethereum. Any public functions executed by sequencers update an account-based database similar to Ethereum. 

Sequencer and prover roles are fully permissionless. Anyone can spin up the required hardware and join the sequencer set or run provers and start bidding to produce proofs of Aztec epochs. 

Conclusion

Aztec delivers on a simple but powerful idea: smart contracts on Ethereum where you choose what's public and what's private across identity, data, and compute. The four layers we've walked through are what make that possible.

Noir gives developers a Rust-like language for writing zero-knowledge programs without a cryptography background, with privacy as the default. Aztec smart contracts build on Noir through the Aztec.nr framework, letting you weave private and public functions into a single contract and use account abstraction to unlock granular access controls for compliance, tax reporting, and selective disclosure. The Aztec Network is the only decentralized L2 on Ethereum, with over 3,500 sequencers powering end-to-end programmable privacy across data, identity, and compute. And it all settles to Ethereum, inheriting L1's economic security.

The result is the first practical platform for privacy on Ethereum, and a credible candidate to become the global settlement layer of the future.

Now it's your turn to build. Head to docs.aztec.network to ship your first privacy-preserving app.

Follow Aztec on X for updates on the current state of the network.