Breakthrough implementation of universal SNARK recursion
Aztec’s progress towards fast programmable privacy takes another step forward today with the the release of our first ZK² rollup code.
We announced this program at the end of last month. Today, we’re showcasing our v0.1 code.
This code is the first implementation of universal recursion for pairing-based SNARKs over a single curve. Our implementation means:
- No need for pairing-friendly cycles
- We run industry-standard hashes — no need for SNARK-friendly hashes
With this code, we can efficiently verify a SNARK inside another SNARK.
Here’s why that’s important.
Programmable Private Payments
We’re building a global network of peer-to-peer private programmable payments.
You’ll be able to send money from smartphones, tablets, laptops, without sending (and therefore leaking) the data to anyone else.
Meanwhile, developers must be able to program Aztec cash with custom logic — after all, if you have private dollars on your smartphone, you might want to spend it in any number of contexts:
- Shopping channels: escrow security, integration with shipping alerts etc
- Gaming: payments for upgrades, trading rewards etc
- DeFi: depositing, holding and releasing private collateral etc
Where we‘re aiming
In ZK² Rollup, the spender makes a private transaction on their own device, keeping their data secret — this is a ‘proof computation’.
Instead of sending straight to Ethereum (too expensive), they send to a ‘rollup provider’, which aggregates 1,000s of transactions into a ‘rollup proof’. This collapses the gas cost on Ethereum, and makes our payments network scale.
Here are the benchmarks we’d like (in a perfect world):
- ~1s proof construction times on smartphones
- ~10s proof construction times for rollups (server-side)
- ~1,000tps on mainnet
- 3 layer recursion — proofs of proofs of proofs
Where today’s code gets us
Here’s what we can do with today’s code release:
- ⏳~40s proof construction times on smartphones
- ⏳~60s proof construction times for rollups (server-side)
- ⏳~10tps on mainnet
- ✅ Multilayer (≥3 layer) recursion
‘Proof construction times on smartphones’ = the processing time your smartphone requires to prepare a transaction.
‘Proof construction times for rollups’ = the time it takes a rollup provider (e.g. Aztec) to aggregate a large number of private transactions into one rollup proof (to save gas on Ethereum, and get to scale at low cost).
‘3 layer recursion’ = full programmability
Before we go to a production release, we need to slash those proving times, and speed our throughput rates from 10tps.
Fortunately, a recent paper from Aztec, known as Plookup, comes to our rescue. Computations that previously needed dozens of gates are now a single TurboPLONK gate.
Our Research Library has the latest papers, benchmarks on TurboPLONK, and primers to help you get a handle on zero knowledge.
And for regular updates on our Privacy SDK, protocol and research output, sign up for our bulletin!
Join the Team
We’re on the lookout for talented engineers and applied cryptographers. If joining our mission to bring scalable privacy to Ethereum excites you — get in touch with us at firstname.lastname@example.org.