The Private World Computer | Aztec Co-Founders Zac Williamson & Joe Andrews

Ryan:
[0:02] Welcome to Bankless, where we explore the frontier of private internet money and internet finance. This is Ryan Sean Adams, just me today, so I'm here to help you become more bankless. There's been this recent refrain in crypto, it almost rings out like a complaint, where have all the cypherpunks gone? I'm pleased to say I have two of them on today's episode, and honestly, talking to them was like a breath of fresh air. The promise of their project, Aztec is to bring privacy to Ethereum without cutting any corners. They're trying to ship a private layer two that truly extends Ethereum grade decentralization with privacy on top, private transactions for all of DeFi. Now, I know it's still early, but honestly, I think they may have done it.

Ryan:
[0:48] Zach and Joe have been working on Aztec for so long that I think a lot of people in crypto half expected this thing would never ship. Yet, it's here. The Aztec network is live. It's producing blocks. These are private Ethereum-secured blocks, and they're just months away from an alpha mainnet. To me, this is probably the most cypherpunk project to launch in crypto since maybe 2016. And maybe it won't be successful. After all, the critics keep telling us that the world doesn't care about decentralization, that crypto is now just a whole bunch of ETFs and corporate chains and BlackRock and compliant stablecoins. I think they might be wrong about this. The world may not care about privacy

Ryan:
[1:29] and decentralization, but the world definitely needs it, now more than ever. And crypto needs more cypherpunks like Zach and Joe. Zach, Joe, welcome to Bankless today.

Zac:
[1:41] Thank you so much for having us on.

Joe:
[1:42] Thanks so much for having us.

Ryan:
[1:43] Really excited about this. So it's been five years almost since we've had you on Bankless. This is actually a screenshot from a very young baby face looking David, I think from one of his, one of the many places he's lived around the world. And the two of you guys from five years ago, four months or four years and eight months ago, I guess starting the question out, what have you guys been doing over the past five years?

Joe:
[2:10] Well, I guess the obvious one is I've regrown some hair. This was in the depths of COVID, I think. And yeah, we kind of hadn't seen each other or the team for a while. So we all went a bit crazy in the UK in COVID. But apart from that, we've been kind of chipping away and bringing privacy to Ethereum. So I think since we last spoke, we had a roll up on Ethereum called Aztec Connect. And we've now built a brand new version of that that brings you know fully programmable privacy to ethereum and it launched its ignition chain uh last week at dev connect so a lot's been happening we've been kind of keeping beating on the same drum

Joe:
[2:50] of bringing privacy to ethereum and yeah it's been it's been crazy to kind of see see the progress so.

Ryan:
[2:55] Zach how do you explain your hair situation back then was it all covid and you know have things yeah

Zac:
[2:59] It's pretty hard joe and i we took the opposite approaches joe was like i'll cut my own hair I was like I won't bother cutting my hair um

Zac:
[3:07] And yeah, you know,

Zac:
[3:08] I was going on research benders back then trying to figure out how to like fix certain existential issues with privacy tech. So I don't know, maybe the hair helped the channeling Albert Einstein.

Ryan:
[3:18] Are those things fixed now? Well, I mean, I think we fixed it,

Zac:
[3:22] But we'll find out because we're going to be fully deploying our network early next year. The issues I was trying to figure out was effectively how do you actually take a smart contract platform like Ethereum, programmable blockchain, a world computer, how do you We make that fully private without destroying the user experience, the developer experience. And that's a hard problem. It took us a while to solve. It's why we've been building for five years. But we're pretty confident we've sold it.

Ryan:
[3:50] Five years of building, there's so much to get into today. I guess I'll give listeners some context. So the Aztec Ignition chain is a newly launched chain. It's not fully launched. It's in one of the launch phases. We'll talk about that. I'm actually at the time, about five years ago, we were talking about one of the first Ethereum roll-ups, which was a roll-up that the Aztec team had come up with and you guys deployed that. And then I believe that went into legacy maybe a few years later. We'll talk about the story of that and now where we are with this new Ignition

Ryan:
[4:23] chain and all of the features and all of the things that you've built up into that chain in a moment. But I guess I want to start with the high level here so as you think in about 2025 and going into 2026 can you describe the state of privacy in ethereum today like have we made any progress where are we right now

Zac:
[4:45] Privacy has clearly become more of a core value of ethereum people care about it people talk about it the quality of privacy that you have today versus five years ago not a huge amount has changed to be

Zac:
[4:58] You know, we're starting to see the seeds of that.

Zac:
[5:01] But ultimately, Ethereum is still a completely transparent network. When you send transactions to Ethereum, everybody can see what you're doing, they can see who you are, they can see who your recipients are, they can see the smart contracts you're calling, the programs you're using, the amount of money that you're sending around. And this is hugely restricting on what you can actually do with Ethereum. Just purely not being able to hide your balances is a big problem. If you want to use Ethereum for anything competitive or professional, for example, if you have a portfolio on Ethereum and you've hedged it and you're trading, well, people can see your hedges and so they can undermine those. And we've seen demonstrated attacks against that that have happened on Ethereum, they've happened on Hyperliquid. It's also extremely limiting the lack of identity on Ethereum, but I think I can go into that in a separate topic.

Ryan:
[5:50] So how is it the case, Zach, that over the past five years, We've made almost like, has there been any progress made? I mean, there are some privacy protocols out there right now.

Zac:
[6:00] There's railgun. I mean, Ternodocache is no longer sanctioned. I believe it's no longer considered a terrorist by the American government. You have a lot of toolkits available that could be used to build products as well. Kohaku is something which is being developed by the Ethereum Foundation. That's a wallet, yes. That uses Railgun, I believe. But ultimately, and there's been a lot of technological innovation. The reason for the lack of the limited progress in terms of user-facing products and services is just, it's an extraordinarily hard problem. We cracked a few years ago, how do you do private token balances? Is how do you transfer them around? You know, Zcash were pioneers, and you have things like Railgun, you had AstorConnect. But the challenge is, how do you add programmability into that? Because if you want to do anything really advanced with privacy, you need an understanding of who somebody is, because you probably need to be able to distinguish between good and bad actors to somehow, given, you know, current climates, given user preferences, given the basic needs

Joe:
[7:02] To create legitimate systems.

Zac:
[7:05] And that question, who are you? That's very hard to answer in a permissionless, fully decentralized network without having to rely on centralized third parties.

Ryan:
[7:14] Is that something that the ignition change has kind of cracked? The who are you part as well? Yes. Maybe do you have to

Zac:
[7:18] Think about that.

Ryan:
[7:20] Huh. Interesting.

Joe:
[7:22] Yeah. So I think at a high level, like...

Zac:
[7:25] The way we've kind of solved identity is actually,

Joe:
[7:28] It doesn't just happen to be on kind of the ignition chain. It's more about kind of in general, the state of ZK technology. There's kind of teams now building proof of identity. And previously that was kind of, you know, credentials signed by kind of third parties like five years ago. Now we can take your passport and we can verify on chain that it's a valid passport issued by the UK or issued by the US. And you can effectively do a proof of personhood using your existing passport or identity card with a smart contract. And you can selectively disclose any information you want to the chain in that check. So I could prove I'm above 18 or I could prove I'm not from a sanctioned country or my name's not on a sanctions list. And so we're now in this world where you can take a zero knowledge proof.

Joe:
[8:17] Send it to a smart contract And instead of getting privacy through kind of centralized intermediaries, you can just directly interact with the blockchain and make a compliant application that effectively knows that you're not someone. And that's a huge breakthrough. And so that's powered by a lot of the technology we've been building over the last five years. We have a programming language called Noir, which makes that very easy. And Aztec is kind of the default place where you can now deploy these applications. And so I think it's more like, as Zach was saying, the core tech has come on a long way, but we're still seeing kind of maybe the industry catch up. There was a bit of a chilling effect that came into effect around tornado cash and kind of the ban of privacy in the US, which I know you guys are fighting for as well on the front lines. I think that has maybe.

Joe:
[9:07] Slowed down where privacy adoption could be relative to kind of where it is in the background. But we feel very confident that the tech now is ready to kind of make a breakout

Joe:
[9:17] because we have these amazing tools like ZK Passport that can put it front and center again.

Ryan:
[9:22] Let's talk about ZK Passport for a minute and this idea of identity, because I do think you're right. Privacy and identity seem to coexist or at least grow together in some way. And I think the lack of identity solutions, private identity solutions has maybe prevented us from scaling privacy in the way that we want to scale it. I was looking at a lot of, there are a bunch of tweets in my timeline over the

Ryan:
[9:46] past few days that looked something like this. And I think this is a tweet from Martin over at the Gnosis Safe Project.

Ryan:
[9:53] And he is tweeting a picture of a Google Gemini AI-generated deepfake of somebody with a passport. Actually, this is him with a passport. And so, So he's using an AI prompt to basically deepfake AML KYC in Gemini style. I think everyone listening to this has probably signed up for some sort of digital bank online, maybe an exchange, and there's some sort of AML KYC type of service. And the way this goes is usually take a picture of your driver's license or your passport, and you send it in. And then there's a, I guess, a proof of personhood type real-time checker where you take a selfie of yourself, you might look into the camera, you might stare left, you might stare right. And it signifies that this is a human, that this is Ryan S. Adams, and we can let this person in because he's not on a sanction list. It's interesting that AI is going to break this completely, is it not? I mean, the ability to just deep fake this, it's like, and I don't know that world governments or existing compliance regimes have caught on to how fast this is going to happen, and it has already started now.

Zac:
[11:06] That method is basically broken.

Ryan:
[11:08] Can you talk about this? And how is something like ZK Passport a change from this regime?

Joe:
[11:16] Yeah, maybe I can start. I think I've got a few good analogies here.

Zac:
[11:19] So I think since about 12,

Joe:
[11:22] 15 years ago, ICANN, who are the kind of civil aviation kind of body, started creating e-passports. And they created the standard that has means that kind of all modern passports and identity cards, they have a chip in them. And that chip can be read by an NFC scanner. And inside it, it has data that's signed by the issuing authority. So your government who issued the ID card, who...

Zac:
[11:47] You know, you may not trust fully, but if you live in that country,

Joe:
[11:50] They're a good source of trust as kind of like a trust authority. And so what ZK Passport does is it uses the same tech that lets you enter through an eGate. When you scan your passport in an eGate, what's happening is they're reading that chip. They're kind of using the, there's a decryption key embedded into the image. They're decrypting information in that chip and they're making a zero knowledge proof that that's valid.

Ryan:
[12:14] Can you hold on for a second here, Joe? So an NFC chip inside of a nation state password, is that counterfeit resistant? Is that tamper resistant?

Joe:
[12:24] Completely, yeah. And then, yeah, it's kind of all of the chips. There's a big kind of like tree of trust. And so at the top of that tree, there's a private key stored by a nation state. And then you can verify that every chip that's issued and signed has been signed by that key. So unless you can get hold of a nation state's private key, you can't issue and verify a fake passport. And so this is how we let people into countries. This is how eGates work. And what we're doing kind of in Ziki Passport is we're taking that same signature that's embedded inside your passport and we're verifying it in zero knowledge and getting Ethereum to say, hey, is this valid? So you can kind of think of like Ethereum is now an eGate for transactions and with the same security as you have to enter the US or the UK or any kind of country, we can now get the same registration that you're not on a scientist list or you're from a certain country, which is crazy that this has never happened before. And all of the Web2 companies are still using kind of pictures of your ID and a liveness check. And so, yeah, we're very bullish on this as being kind of a much more private way of doing things.

Joe:
[13:37] It takes a little bit of a mental model switch because at first when people hear about privacy, they're like, oh, I don't want to put my ID into something, but that's because Ethereum is fully public. Now we have like strong zero knowledge proofs and a way to kind of actually encrypt that information and send it to the blockchain. You can start to send this information as part of transactions and prove interesting things about it. So I think that shift is going to start to come. And I think it's really the only way we have to kind of resist against kind of deep fakes. So it's going to be exciting 2026, I think.

Ryan:
[14:08] Can I make sure I understand the user flow for ZK Passport? It's been on my list to go try this and check this out. And I know it's kind of integrated into the part of the onboarding experience of Aztec, which we'll talk about in a minute. But so you're saying basically I take my government issued passport. I have one from the US, let's say it has an NFC chip in it. And what do I do? My phone, like my iPhone with a ZK Passport app can actually has the ability to scan an NFC chip and validate it.

Zac:
[14:36] Totally. So, you know, you tap your passport, your phone, the phone will scan the chip. What's going to happen is, so that chip will give your phone a digital signature of all the passport data, like your photo, your passport number, your date of birth, your name, blah, blah, blah. Stuff you don't want to share with the world. And what's going to happen is, Zika Passport uses our technology to create a zero-knowledge proof saying, here's a hash of all this data, like an unintelligible hash. I'm not going to tell you what's inside it, but I can prove to you two things. A, you know, it's like this person's not from a sanctioned list, and B, this is quite important, this person's phone, what the app asks you to do is it asks you to take pictures of your face, and your phone's secure enclave, the little secure chip, will say, this photograph that I've taken, it matches the face of the ... It matches the photo in the passport. And so that's also wrapped into the proof so you don't just know that somebody possesses a passport from a certain region you know that they're that that also like they're live as in like the the person holding the passport is the person running the app

Ryan:
[15:41] Okay so the the zk zk passport not only verifies that i have a passport in my possession nfc chip but it also does that live as well with my face and sort of matches that but that information stays effectively within the secure enclave of my phone it doesn't

Zac:
[15:58] Leave it doesn't leave your phone because the secure enclave creates a digital signature going yeah this is good and then that signature is validated within the zk passport proof so that you know i i think is how it works you basically you know like yes they're like there's a there was a liveness check performed by like an iphone or an android phone of a photo of somebody that matches the photo in a passport.

Zac:
[16:21] And that passport is like from a certain region or not from a certain region. And that's the data that gets broadcast. So the things like your photograph, your name, date of birth, that stuff, that stays on your phone. Wow.

Ryan:
[16:35] Okay. So, I mean, even that alone, I know this is a powerful application of ZK and it's broader than Aztec, but that alone with the advent of basically AI deepfake coming out over the next six to 12 months. I mean, don't all Web2 companies, doesn't the entire financial system, doesn't like everything need to de facto adopt that? Like, what's the alternative? Everything happens in person again? Like, that can't be what we do.

Joe:
[17:02] Zach keeps saying that privacy is eating the world, but I think this is a clear case of like, whereas it has to, right? I mean, it's like, I think otherwise we have to stop doing things online.

Zac:
[17:13] Right. worse you rely on trust of third parties like everything the ZK Password app does you could get the same effect if you just send all your data to a server and then that server has your passport data and that's often how it works today and then you get and those servers get hacked and your passport data gets leaked and it's a nightmare Doing it the zero-knowledge way is the secure way of doing it, for sure.

Ryan:
[17:34] Okay, so that's the ZK Passport piece of this. And I guess that works very natively inside of a crypto system, right? Because then you know that this person is who they say they are, and maybe they're not sanctioned. Just briefly, though, how is ZK Passport related to the Aztec project? Is it sort of just an adjacent type of application that is useful for privacy? Or are you guys tied into it? So a few ways.

Joe:
[18:01] So it's a team we funded in our ecosystem. So that's kind of the main kind of relation. But beyond that, there's a few other places where there's overlap. So you can take CK Passport proofs, you can verify them completely off chain. It's a kind of like proof of age on kind of websites. You can verify them in Ethereum smart contracts or you can also verify them natively inside Aztec transactions. And so you can take the serial knowledge proof and ASDIC is kind of like the best place to verify these proofs. So that's kind of one area where they're also related. And then secondly, we're also using this in our token sale, which is happening at the moment. So we've been able to convince Swiss regulators that using a zero-knowledge proof of non-sanctions is a valid form of sanctions check. So if you want to go and participate in token sale, you can, go and use Ziki Passport. And I think for the first time, you can use this kind of zero-knowledge proof to prove to an Ethereum smart contract that you're not on the sanctions list, which is incredibly exciting. You can obviously go and do the old way of doing KYB or KYC if you want to, but there's now a privacy-preserving alternative. And the last way it's related is it's also written under the hood in this programming language we've built called NOIR, which is a kind of very developer-friendly language for writing serial knowledge applications. So because ZK Passport team is in our ecosystem, they've been building this in NOAH for the last kind of 12 or so months, which is exciting to see.

Ryan:
[19:31] So for the ICO, the coin sale that's ongoing right now, ZK Passport is effectively used in lieu of a traditional AML KYC check just to make sure that the entity has not been sanctioned and is eligible for the token sale. That's correct?

Joe:
[19:46] Yeah, we were able to get the Swiss kind of regulators to kind of first read that this was like a valid form of sanctions check for individuals. So yeah, it's really exciting.

Ryan:
[19:56] Will individuals need, like later when we go full mainnet and users start using the Aztec chain, will they need CK Passport in order to interact with the rest of the protocol? Or is that part completely permissionless?

Zac:
[20:07] Permissionless, you know, like from day one on that book, permissionless decentralized. We have account abstraction, so how one chooses to authorize their account, that's up to anyone. But we won't be using ZK Passport for that because it's not... Well, we don't think users will, application developers will, because it's not convenient to carry a passport around everywhere to log into a Web3 account.

Zac:
[20:28] But if I could segue a little bit, this kind of touches on something which is quite a core issue and value proposition inside Aztec,

Zac:
[20:37] Which is how do you know who somebody is? Let's say you're building an application like a private stablecoin. And you need some understanding that, for example, the person isn't North Korea, right? Because if you can't see what's going on, you need some understanding you're not a baddie.

Zac:
[20:54] It's also very important for us at ASIC as a network that we give application developers the tools and the resources to program their applications such that they can give guarantees to their users that their users are not facilitating bad actors. You know, we don't mandate any of this. We just want to make it possible. And so this ties into something which we're very, very keen on pursuing with ASIC and our ecosystem, which we're calling holistic identity.

Zac:
[21:23] Effectively, right now the way the world works when it comes to identity is, you know, you have some centralized third party comes up with some kind of standard that's like 200 pages long and then it gets implemented and it doesn't change because changing it's just too much effort. And it means that, you know, this kind of identity standard is very rigid and flexible and can't get used by a lot of applications that could benefit from it. What we want to do in Aztec is the complete opposite. Instead of top down as bottom up, the idea is, let's say you're an app developer, maybe have some identity needs well it should be very easy to program those like checks and checks into your application you know we'll provide the libraries and resources and in doing so that application developer is effectively issuing a credential on chain like an nft or a token which is a testing something about a user it might be as simple as you know this user has a twitter account with over 100 followers so they're probably not a bot it could be this user has received an email from a certain company so i know they have an account with that company And you can use zero knowledge, ZK email, our technology to prove that. If you have enough of these people participating in the network, building these applications, building these credentials, issuing platforms, then you can start to create meta credentials on top of that. You can start to wrap a lot of these tokens so that you can say something more concrete about an individual.

Zac:
[22:40] And in doing so, I think you can end up in a world where you have very strong identity checks, identity standards. But what's happened is twofold. Two things. First of all, it's all using ZK. So none of the data is leaving the user's device, right? There's no actual data on chain on the network that is telling you about what somebody is. It's all encrypted. But the other important thing is these credentials are not being issued by centralized third parties that can exert a lot of control over who participates in the network. The idea is we don't want one identity provider saying, oh, you're Ryan, you're Joe. We want smart contracts to be able to go, oh, yeah, you're probably Ryan. But that knowledge has come from possibly hundreds of different sources all on-chain that are being issued by hundreds of different counterparties so that you have a fully genuine decentralized commissionless network that can provide

Zac:
[23:31] strong identity, strong privacy benefits.

Ryan:
[23:33] So in that world, the nation states and government passport issuers are just one more attester, essentially. And they're able to attest citizenship and some other things with some certainty. But there are many hundreds of attesters. This has been kind of a promise that Ethereum has made for quite a while. There's kind of like Ethereum identity protocols that have been proposed. How come we've not gotten this on Ethereum already? And what is Aztec specifically doing to bootstrap ZK attestation to, you know, to be able to provide richer identity services?

Joe:
[24:11] I think the main thing is that the early versions of this required an intermediary. So it was like, hey, give your data to this service. Then they'll sign a message saying you did the thing. So it could be, you know, that you control this email account or that you have this many followers on Twitter. but it was all intermediated.

Joe:
[24:29] Then there were some projects, I think Polygon had a project around kind of like ZKID, but a lot of it, like the credentials that you want, use Web2 cryptography, which notoriously is very hard to kind of prove things about in ZK. And so we needed some breakthroughs in the kind of cryptography technology to actually make this possible. So I think like now we're in a world where it is possible. So it's always been the promise, but I think we haven't been there today because either the tech wasn't fast enough to prove things locally on your device or it was just done through intermediaries before and that didn't really catch on. It was kind of against the whole thesis of Ethereum, which was like remove the intermediaries. And so I think those two reasons are why it hasn't happened. In Aztec, I think the main reason why we think it's going to take off is because every transaction is a zero-large proof. So there's no way for you to kind of like leak this information. You can bring in all different types of data sources into one transaction on Aztec and verify them all succinctly and cheaply when you send that transaction to the blockchain. So I think that alone should encourage developers to start experimenting. And we should just see this take off naturally.

Zac:
[25:44] I can expand on that as well. Another key thing is you really need a fully private by default blockchain for any of this to work.

Zac:
[25:53] And this concept of private composability, basically. I can write a private smart contract and I can just code it up like in a regular normal looking programming language like Noir and my contract can call other private smart contracts written by other people and they can call other private smart contracts and this all gets bundled up into in a single transaction the user sends. It just works. That's not possible anywhere else. And I'll give an example of why it doesn't work on Ethereum right now. Let's say you want to build some kind of identity standard system on Ethereum, right? You need ZK because that data can't be transparent. You're not going to put passport numbers, social security numbers on a public ledger. So you need to do something in ZK. And that right now on Ethereum, because Ethereum doesn't have default privacy, requires you writing some complicated ZK circuits and providing some complicated ZK software for users to generate those required proofs set into Ethereum. So now let's say someone's built that. And now I come along and I have an app and I'm like, well, I need a slightly different concept of identity. So I've got to build my own. And I've got to do this all again. And I've got my own ZK stuff and my own ZK software. And let's say there's a third app, which is like some exchange or an AMM in it. And it says, okay, well, I want to interface with these two identity platforms because I need both of them to interoperate. Well, now I have to inherit that complicated tooling and software on my end. And if anybody wants to incorporate my app, they have to do the same. And you have this kind of explosion of complexity because every privacy solution on Ethereum has to be its own hand-coded circuit with its own toolchain. That's not the case on Aztec, right?

Joe:
[27:20] You can code.

Zac:
[27:21] Up whatever your program's doing, if it's doing identity or games or whatever it's doing, you just code it in noir and your contract has an interface that gets exposed, right? And then you can just ask your nodes to call a contract and it just works.

Zac:
[27:34] And so you can actually start to build these composable private systems with a real network effect.

Ryan:
[27:39] One of the things that I feel like has always been central to the Aztec project as you've moved through different iterations of what this looks like is actually bringing privacy to Ethereum specifically. And I think maybe the reason for that is because you want to make privacy programmable. So privacy does exist in pockets. You have a chain like Zcash, for instance, which tries to accomplish kind of a Bitcoin transactional UTXO model style chain and provides privacy around that. We also have things like Railgun or Tornado, which maybe allows for privacy pools and kind of like shielded transactions in some small form. I

Zac:
[28:27] Think the main thing

Ryan:
[28:29] Behind Aztec and why I've long thought that this was sort of the promise, at least, is the holy grail. It's actually bringing Ethereum's Turing complete programmability, which implies all of DeFi and everything that can be built on top of Ethereum. On top of Ethereum, bringing privacy to that. Can you talk about that? Is that still kind of the mission behind Aztec? I think part of my question going into this is like, okay, this took a long time. I know you guys have been hard at work. I know it's not like you've been slacking off for the past five years playing with meme coins. You've been hard at work on this. Is that the big thing? Is that why it took so long? Is it because you needed to preserve the programmability? Maybe talk about that. Why is that the mission? And why was that so hard?

Joe:
[29:14] Yeah, 100%. So that's definitely still the mission. And we kind of get there in two ways. I think the first way I think is to maybe look back at what we talked about last time on the podcast, which was kind of how we can bring privacy to existing DeFi. And that was with a product we called Aztec Connect. And what we had with Aztec Connect was a way to effectively have Zcash-style transactions for any ERC-20 on a roll-up we'd built. But we gave that roll-up the ability to interact with other Ethereum smart contracts. So if you sent a transaction from the kind of Aztec Connect L2 back then, you could bridge funds effectively to any DeFi on layer one.

Joe:
[29:56] We have built that functionality into kind of every smart contract on the new Aztec chain. And so by default in this chain, you can now bridge funds from any Ethereum smart contract and any Ethereum L2 smart contract. And the reason this works is because Aztec's block space is differentiated. If you send a transaction from Aztec, the block space is private. And so you can bridge funds to base or to arbitrum or to optimism. You can bridge an intent to those networks and you can interact with existing pools of DeFi without having to rebuild Uniswap or Aave on Aztec itself, which is really exciting. And the reason it's taken so long is exactly kind of what you were trying to say earlier around preserving composability. When we had the old version of Aztec, we wrote all the smart contracts that existed inside Aztec. Effectively, there were three smart contracts. There was an account contract, a joint split contract for transfers, and a DeFi contract. And we had to kind of audit them all against each other. They were all written in C++, and composability was a nightmare.

Joe:
[31:04] What we realized kind of with that old version of Aztec is that, you know, in order for this to take off, we had to build programmability and composability between smart contracts into the protocol and have it such that a smart contract could call another smart contract without the core team having to kind of audit it and write it. So that was the big breakthrough that took many years to kind of get right.

Joe:
[31:27] Effectively what it means now is that you can have this programmable composability within Aztec and each Aztec contract can call five contracts within Aztec the L2 and then you can also have the result end up on another L2 or Ethereum and you get incredibly strong privacy guarantees as a result. So we kind of view ourselves like a bit like a privacy layer for all of Ethereum and it doesn't matter kind of where the transaction ends up because you're kind of moving funds as a user through Aztec, you get privacy as a result of doing that.

Zac:
[32:01] It's a private world computer. Ryan, you were completely accurate when you were talking about our goal of being a private Ethereum. Yes. Privacy tech, I think right now, before Aztec, I know that's been some years away from this, but it's largely in terms of the applications you can use. It's private Bitcoin. That's what it really is. And we want to make it privacy tech, private Ethereum. That programmable world computer is the thing that really captured us in the early days. The idea that you can write any kind of software, you can write a decentralized bank, you can do assets, you can do finance, you can do derivatives, you can do voting, you do governance. Ethereum is not just a financial technology like Bitcoin. It's a social technology. It's a way of organizing people and organizing communities and getting them to coordinate and collaborate on shared projects. And that side of Ethereum, I think, is very constrained and limited because of the lack of privacy. The financial side is limited by the lack of privacy. It's all limited by privacy. You know, we came into this looking at privacy, thinking this is like the missing ingredient to make Ethereum like really big, really, really big. You know, like the world spanning financial infrastructure. So yeah, we've been obsessed with it for years.

Ryan:
[33:10] The private world computer bringing privacy to all of Ethereum. The Aztec ignition chain is a layer too. And Joe, when you were talking about this, you were talking, you were using terms like composability. And I think the experience that users have with layer twos is not quite composability. In fact, they might use the term fragmentation instead. So the typical experience of using a layer two is it almost feels like going to a separate country, a separate chain, right? So I take my whatever asset on Ether and if I want to go trade it for an asset on Ethereum rather than if I want to go trade it for an asset on base, I have to go through this whole process of like bridging to this layer two and there's a different set of liquidity and there's kind of a different UX. I feel like I'm in a different land altogether.

Ryan:
[34:00] How does, I guess, how does Aztec in, because it is a layer two, how does it blanket existing Ethereum with privacy and preserve some of that composability? It would be helpful here is if you took listeners through a typical flow. Let's say they have Ether as an asset, and they want to get some USDC, and they want to make a trade, exchange my Ether for USDC, and they want to do that privately. Do they have to go through this process of, I got to go bridge my Ether all the way to Aztec, I get to Aztec, and there's limited liquidity for USDC, I'm getting worse trade execution, and I'm in this Aztec world. And by the way, it took a long time to bridge and it's a pain in the ass. And then when I want to move my USDC back to Ethereum someday,

Ryan:
[34:53] then it's a whole nother process. Is that the user experience? Or can we do something better? Like when you said composability, I was hopeful for a feeling that I'm still on layer one, but I'm somehow in my wallet, I'm being able to click a button that says like, do this incognito or do this transaction privately. And it just seamlessly happens for me. Is that a world we could live in?

Joe:
[35:16] I think the answer is yes and no. I mean, under the hood, bridging still has to occur. It depends on how much you abstract that from the user. So to walk through the flow, there's kind of two ways it can work. One way is kind of the user moves their funds to Aztec and you do still have to go for a bridging flow. But when you do the bridging from Aztec, you can pick any destination chain, you can pick which liquidity kind of you want to trade against and you get privacy as a result of doing it. So it's kind of like you take the existing bridging flows, which can suck, but you're at least giving them a reason to go through them because when they go through them from Aztec, you will get privacy by default. So that's kind of like one flow and like maybe just make.

Ryan:
[36:01] It out if i'm bridging and i want to go to base you're saying i can go through aztec first and then i'm starting from a like privacy either private instance of base so aztec is sort of a your pass through

Joe:
[36:14] Chain yeah that's kind of the best way to think about it it's a bit like the whole like intent meta like near intent is a great example with what's happening going up with near intent on zcash but effectively as an aztec user So you would have, let's say you have 10 ETH on Aztec, and you decide you want to switch it for USDC on base. Well, you send a transaction on the Aztec L2 that says, I want to swap 10 ETH on base for USDC. And the world sees someone on Aztec wants to swap 10 ETH for base on USDC, and they want the funds to be kind of sent back to Aztec.

Joe:
[36:52] What happens under the hood is a relay comes along and they pick up that intent, they fill it for you, and they return you the funds. And they can return the funds to Aztec. They could return the funds to a brand new account abstraction account on base that's controlled by Aztec. They could even return the funds to Ethereum mainnet if they wanted to. So there's lots of kind of different ways this pans out. But effectively, because the user who's doing the transaction is not known inside Aztec, you get a degree of privacy doing this. There are other ways to do this directly from your kind of ethereum wallet but that requires kind of a little bit of adoption on the kind of l1 wallet stage which which obviously hasn't happened yet because aztec's brand new but over time i think there will be ways to streamline this under the hood so you may not even know that you're bridging when you do this and there's a lot of work going on in the ethereum space right now to try and unfragment ethereum and that will just make it even easier for us to bridge privately to other chains so i think it's.

Joe:
[37:51] Yeah, it's going to be an exciting year to kind of see this bridging or private intents kind of play out. And the way I think about Aztec in the short term is kind of what percentage of transactions on all these L2s would like to have some privacy. And I think a decent percentage of users will route those transactions through Aztec as a way to kind of maintain some of their privacy.

Joe:
[38:11] You can go a step further as well and say that when you route through Aztec, you can enforce logic ahead of those transactions. So let's say you have now a real world asset pool on Arbitrum where only people in the UK can interact with the pool. You can put a ZK passport proof ahead of the transactions on Aztec and say, okay, well, we want to enforce that only users who have UK passports can interact with this pool. And the same flow is possible. And what you would see kind of in public was someone on Aztec who has a UK passport wants to trade with this pool. And you would have a guarantee from Aztec backed by Ethereum, because we're an L2 that kind of rolls up to Ethereum, that this is true. And so you get this kind of incredibly strong privacy kind of credentials as a result. And then over time, we will see DeFi kind of net new DeFi start to be created on Aztec. But I think that will mostly be, we won't be recreating Uniswock or Aave. We'll be building DeFi. DeFi that requires privacy kind of built into it to function. And a good example is maybe the difference between an AMM and an OTC desk. So there will be kind of new DeFi primitives built on Aztec because privacy expands the design space. But in the short term, we'll see a lot of this kind of private intent flow to kind of bring privacy to.

Ryan:
[39:30] All of Ethereum. Fascinating. Okay, so the private intent flow is really part of the unlock here that really allows Aztec to blanket get the rest of Ethereum and all of the layer twos, the L1 and the layer two with privacy rather than... Because I think a lot of people listening might be stuck in the paradigm of rollups from 2023, 2024, and even 2025, which is if you start a new rollup, the number one thing you have to do is you have to go copy paste all of the existing Ethereum DeFi protocols. So I need my version of Aave. I need my version of Uniswap. I need all of the different primitives that I find on Ethereum. And we have to copy and paste this and then bootstrap the liquidity. And of course, these ecosystems need to port their contracts. And that gives me a little containerized ecosystem, right? That's the way maybe I was thinking about Aztec going in or some listeners are thinking about it going in. You're saying that's not the case. Effectively, the entire Ethereum ecosystem, all the layer twos, all of the DeFi protocols on Ethereum mainnet, they can, using private intents, basically tap into Aztec privacy on demand at request. And I guess maybe talking about the user experience of that, if that's painful at first because it's not directly integrated into wallets, I don't know if that causes additional transaction fees or delays, but the idea is,

Ryan:
[40:53] You're able to blanket the entire Ethereum ecosystem and everything in DeFi, all of the liquidity with privacy, rather than having to copy and paste and start from scratch. Am I understanding this correctly, Joe?

Joe:
[41:05] Yeah, definitely. All we need kind of when the chain, like transactions are enabled on the chain is one UI that enables you to deposit an Ethereum wallet. And you could have, because we have really native account obstruction features, you could just go to that UI, that data, and it can give you access to all of Ethereum privately. So that's like one smart contract on Aztec, which enables all of that. And obviously you could have much more expressive contracts. And so we're excited about the design space kind of expanding, but with one simple kind of bridging contract. And we have, I think, two teams have built them already, the Wormhole team and a team called, oh, I forget their name for now, but the Wormhole team has built a bridge.

Joe:
[41:46] And yeah, that basically gives you that functionality for free. And you don't need to bootstrap any new liquidity. You just need users to kind of decide they want privacy, which I think most people do. And that should be a very compelling use case.

Ryan:
[42:00] So in my wallet, I want privacy for this particular swap transaction. This is in

Joe:
[42:05] The far future maybe.

Ryan:
[42:06] And I click the make my transaction private button. Will this require additional fees from a user perspective? Does Aztec kind of take a cut? And what about the time, right? Like to bridge, to get the kind of the order filled, all of that, will that add some delay to my transaction as well?

Joe:
[42:23] Yeah, it does add some fees. You have to send a transaction through Aztec, but we're a layer two. So like most other transactions will have kind of two to five cent transactions. So there'll be some fee you have to pay to Aztec. It's fairly nominal and a fixed fee. And most of these use cases require one block on Aztec and one block on the destination chain to kind of fulfill. So there's a little bit of latency, but with block times coming down, to be kind of like solve the theorem blocks. It should be kind of a pretty great UX in the near future. So I think it's, you know, from a kind of when the transaction is confirmed to when it actually settles, there's a difference there. But from a user perspective, they should just send the transaction and it's kind of set and forget.

Zac:
[43:08] To add to that, I think it's Substance Labs and Train and the other machine partners that we're tapping into that we're working with. I think to just at a high level, the fundamental reason why we are doing this, why we can do this, is because bridging into an Ativastic, in my opinion, is a very positive sum, and it's quite unique. Because most L2s are parasitic to their L1s, because you want your own liquidity, as you said, it's fragmented. That's because of the incentives. Every protocol wants its own ecosystem, and they're all largely undifferentiated. They all have AMMs, they all have lending markets, they all have the same stuff, and so they're all trying to compete with the same liquidity.

Zac:
[43:46] With Aztec, there's a very unique distinction, which is that there is value in bridging not assets, but information into and out of Aztec, where if a transparent network wants to either do some kind of permissioned request that requires knowledge of a user, they can send a question to Aztec going, hey, is this person who they came to be? Are they allowed to do this? And then the Aztec network can perform the checks encrypted in an encrypted way and then send back yes or no. Or you can use Intense to perform bridging to get access to private funds for DeFi. Either way, the assets, the long-term home is on some other network. What's happening inside Aztec is really information processing. But we get fees from that. So we're happy as a network. And the other LTs and L1s are happy because they get added value from connecting with Aztec. So I think you're going to see a very different dynamic between Aztec and the rest of the ecosystem that you don't see with transparent L2s.

Ryan:
[44:42] So is this it? Does this solve privacy on Ethereum? Like, are we done here? I know Aztec isn't fully made net. We'll talk about that. But once it is, once Wallets integrate it, we have private transactions for everything in DeFi, correct? Is that it? Or is there something that Aztec doesn't solve here?

Zac:
[45:04] I'll try and be objective. There's always more, I know. I mean, it does largely solve it, in my opinion. I think that the challenge is execution, right? We need a lot of app developers to grind to the coalface to build these systems. We need work from wallet developers to integrate. But fundamentally, yes, basically when ASIC launches where Ethereum was in 2015, but for privacy. So we have a lot of work to do. We're not going away. We're going to keep pushing the boundaries because we want the network to scale. We want it to be faster, more throughput. We want it to be cheaper. We want it to be more seamless, faster block times so there's all sorts of work we can and are going to

Zac:
[45:37] Do there but the fundamental

Zac:
[45:39] Primitives of what you can do yeah they'll be They should be possible. You know, feel free to call me and Joe out on this

Zac:
[45:46] in 12 months time, right? If you can't do this stuff, if you can't bridge privately, if you can't tap into a CEREMD if I privately call us out on this, because this is our goal. This is our dream.

Ryan:
[45:55] Wow. That's amazing. So this is not live yet completely. Let's talk about what is live. So there was a mainnet launch of the Aztec Ignition chain. But I think this has been described to me as almost like a beacon chain type launch, whereas it's available for sequencers or maybe we'll call them validators. I wanted to find that role to just sort of get involved in the network and help run some of the infrastructure. It's not available for users yet. But it will be available for users, I think, in 2026. All of the flows that we talked about will be possible. Can you talk about what has launched specifically right now and what is yet to be launched, Joe?

Joe:
[46:38] We're waiting kind of last week at 1 a.m. in DevConnect for the ignition chain to launch decentralized. So we don't run a single node. The community runs all its nodes. So it's very easy to run a node. So if there are people listening who are kind of home stakers, there are things you can do today whilst you're waiting. You can go and help secure the ignition chain and test it out. So you just need some Aztec tokens and you can stake as a sequencer and validator at the same meaning on Aztec. And you will be elected for a committee and you can help produce blocks. The difference between kind of the ignition chain and kind of what's happening later next year is just that the gas limit right now is set to zero. So it's actually the same full execution environment as tech is built.

Joe:
[47:21] We're just waiting for some audits to complete. And we want to ensure that, you know, as one of the first layer twos that's launched fully centralized, we want to ensure that everything runs as intended on mainnet. We've been running this on testnet for many months, but the final missing piece was kind of economics and making sure this works in a mainnet setting with spending actual ETH on gas and sequencers and provers getting asset tokens as incentives on the network. And so the ignition chain is kind of that running on mainnet. It's been running flawlessly for the last week.

Zac:
[47:58] Four to five days now.

Joe:
[47:59] And yeah, at some point early next year, there'll be a governance vote by those sequences to turn on transactions. And then all of these flows we talked about will be possible. So it's really exciting to kind of see decentralization in action and see this thing come alive. I think kind of we're targeting the audits to be complete kind of early to mid February. And so that will be kind of when the change fully goes live and the gas limit gets raised from zero.

Ryan:
[48:26] The first layer two to launch that's fully decentralized. What do you mean when you say that? I think when I think of a layer two being fully decentralized, I'm thinking of layer two beats and it's gotten to maybe stage two, all of the requirements there. And then if I'm thinking even beyond that, maybe the full sequencing is also decentralized as well. And that's fully permissionless for everyone to participate. So of course, layer two's consensus happens on Ethereum, I suppose, but they're using layer twos, use some sort of a sequencer to kind of order blocks. And fully decentralized to me would mean also decentralizing the ordering of blocks into some sort of permissionless network. But Joe, when you said that, the first layer two to be fully decentralized, what do you mean? What's your definition here?

Joe:
[49:16] Yeah, it's all of that and more so yeah aztec is i think of it as a stage two roll-up it's it's kind of not stage two because it doesn't have transactions but it will be once it launches so we have we have, decentralized sequencing so anyone can be a validator it's fully permissionless to sign up and be a validator there's currently about 600 validators on on the mainnet and we should see many more come in and a.

Ryan:
[49:39] Validator is a sequencer those are one in the same in aztec yeah you have

Joe:
[49:44] Two roles as someone who's staking. You're sequencing when it's your turn to produce a block and you're validating when you're helping other people make blocks. And the reason we have the distinction is because, We, as a layer two on Ethereum, we need to basically submit the validity proofs to Ethereum every kind of 20, 30 minutes. That would be a terrible UX if we had to wait for that to settle. And so the kind of sequences and validators can run ahead of Ethereum to give good UX to users. And so we have these two roles that kind of when you stake ASTO tokens, you fulfill. And so that's kind of on the validating side. So we tick that box. The second kind of thing in being fully decentralized in my definition is decentralized proving. So a lot of chains kind of.

Joe:
[50:33] Maybe started to think about decentralizing their validator set moving away from like a single kind of team validator or sequencer and but they still have a centralized proving system so we also had to kind of decentralize that it's fully permissionless to be a prover in the aztec system and then the final kind of metric is around governance and ownership and i think this is the one that's usually forgotten like if you have the first two done but you know the core team controls the protocol, they can decide what upgrades happen, they decide kind of what happens on the network, and the community doesn't own the network, then you haven't really decentralized. I mean, so we've tried to achieve kind of all three of those. And the ignition chain is kind of that in action. And the kind of ongoing token sale is our attempt to decentralize the last one, which was governance and ownership in the network. So yeah, I think we are the first kind of fully decentralized there too. And I think the reason for that is that privacy just shouldn't be owned by anyone. It's not owned by anyone on the internet. We kind of take that for granted. When we kind of use SSL transactions, like this podcast is encrypted. The way we send this information over the internet is it's not going over a public connection, it's encrypted. And so we want to make sure that when this amazing kind of privacy comes to Ethereum, it's not controlled by one entity or one team. And so we took decentralization very seriously as a result.

Ryan:
[52:02] How did you guys, how in the world did you guys have the confidence to completely one-shot this? All right. So we've got all of these roll-ups right now going through stages of decentralization, right? And kind of graduating. It's taking a long time. Part of the reason for this is there could be bugs. There could be issues. You need some sort of centralized task force to step in and fix something. Some have said the technologies right here. Now, here Aztec is, and you guys are one-shotting this all the way to kind of stage two, where, correct me if I'm wrong, but you can't. There's no security council. You can't shut this thing down. You can't censor. You can't steal funds. Like, it's a decentralized network in the way Ethereum was at launch, essentially. And you guys are starting all the way there at the finish line and basically leapfrogging everybody. I thought there were good reasons for this not to be one-shotted and for this to be some sort of progression. And yet Aztec is starting at the end here.

Zac:
[53:07] I can feel that. I mean, there's two things going on here. One of them is just the reason for this progressive decentralization narrative is fundamentally misaligned incentives. If you have a fully transparent layer two, then your value proposition is your transactions are cheaper and they're faster.

Zac:
[53:21] And this creates a bit of a race to the bottom because adding in decentralization, well, it makes your transactions slower and more expensive because you have higher coordination costs. So why decentralize?

Zac:
[53:33] Especially if you're running an L2 in your sequences, collecting all the fees. So there's misaligned incentives that we don't have in Aztec because we're a privacy network. We really need to be a fully neutral network where participation is permissionless, where we're not responsible for forwarding and examining your traffic.

Zac:
[53:52] So the incentives were aligned. And as you said, Ethereum did it back in the day. So it's not impossible. There are never the less fierce technical risks that we need to mitigate. Because we're fully decentralized, we can fix bugs, but it's not the fastest process in the world because we need to get our sequences to upgrade the network. And so this is why we're doing a phased rollout. And when we started with Ignition, but when we turn on transactions early next year, that's going to come up with a lot of health warnings. We're going to be very open and transparent about this, that this network is not, we cannot guarantee it's secure. We will have performed extensive internal audits. We will have performed external audits. We will have done everything we can to ensure that it's secure. But we can't rule out the possibility of bugs. And the only thing that really demonstrates a network is secure is time. time in production where there are no bugs, where it's not being exploited. And so in the early days of the network, we're going to have a very generous bug bounty. We're going to be very open about people saying, hey, this is going to be a dangerous network for a while. So don't go nuts.

Zac:
[54:57] Don't ape in with all your money. It will be at risk. And then when we hit certain security milestones, I believe they are, if we go three months without a critical or serious bug reports and we have 99% network uptime, we'll be like, okay, now we're comfortable calling this something more than just purely experimental. Now we think it's a bit safer.

Zac:
[55:20] We're going to have,

Zac:
[55:20] It's going to be quite a long rollout process before we are probably saying, hey, this network, like we have confidence in it and it is completely safe. You can do whatever you want with it. That's going to take some time.

Ryan:
[55:30] What's nice, I think, from my perspective too, is I don't, I guess as a user, I don't have to start by moving all of my assets essentially to Aztec, right? So the use case, Joe, you were talking about, it's basically I could use kind of private intents to get privacy on a specific transaction. And I'm only at risk of some of sort of, you know, bug, major failure in Aztec for a brief moment of time. That would be different than storing my value on Aztec. So that's a kind of a nice way to start and gives me the privacy effectively I'm looking for as a DeFi user without risking it all inside of an early network like Aztec. Am I understanding that correctly?

Joe:
[56:12] Yeah, that's exactly what I was going to say is that But because we don't have these pools of capital being built on day one, those kind of early users who are kind of bridging funds through and the assets may end up on base or somewhere else as a result, once they're out of Aztec again, they're kind of not at risk. And so you're only at risk kind of for that period whilst assets are in flight. The other interesting side as well, which we haven't talked about yet, is that for private smart contracts, you can't see the funds that are inside them. So the attack surface of a fully private smart contract is actually reduced compared to a public smart contract.

Ryan:
[56:50] And a fully private smart contract, Joe, that would be something that was built natively on inside of Aztec using your VM, your programming language, yes? Yeah, correct.

Joe:
[56:59] So there's kind of two types of applications that are quite safe at Alpha. There's kind of fully private applications where the source of value is either native to Aztec or it's off-chain value or kind of these in-flight kind of privacy requests, like bridging kind of privacy to other L2s. The only thing that's kind of very risky in the early stages is like large public balances inside Aztec because those could be attack services.

Ryan:
[57:27] So I think there's a lot of... But the attacker doesn't know how much is in any of these things, right? so they don't know to prioritize one versus the

Ryan:
[57:34] other would be much more difficult for them to tell?

Joe:
[57:36] Correct. I mean, if there was a bug, they could potentially do this on lots of private smart contracts.

Zac:
[57:40] But the key

Joe:
[57:41] Thing about Aztec native assets or off-chain assets is that if the source of truth is off-chain, then it's a bit like the USDC kind of situation with Ethereum. Like if there was a bug on Ethereum, USDC can kind of choose where the funds are. And so it's only kind of assets that are Ethereum backed that are very susceptible to kind of bugs in the early days. So there's ways to also work around this is.

Zac:
[58:06] Kind of where I

Joe:
[58:06] Was trying to get with this. And I think for the basic DeFi use cases as well, you should be able to use this for kind of small to medium kind of like DeFi transactions. Payment has a great use case, like the age old, hey, we've been to DevConnect and I want to pay you for dinner. We can suddenly start to do that without leaking my entire wallet history to everyone who is incredible. So those ones I think we should be fine with in the early days.

Ryan:
[58:31] Other stats on the rollup itself. So this is, it's using ZK for privacy, but it's also a ZK rollup as well. So it's using, it's not an optimistic rollup. So it's all ZK proofs,

Joe:
[58:40] Correct? Yeah, correct. So we actually, every user's transaction is kind of a ZK proof. Smart contracts can have private and public components. Developers get to choose. The public component has its own kind of ZK VM. And then those are all aggregated up into one single proof that's submitted on Ethereum. And once that proof's verified, we get kind of the economic and kind of censorship properties of Ethereum for all of the Aztec transactions that were inside that. So yeah, we're a full L2. We inherit all the properties from Ethereum. And that's one of the main reasons we're on Ethereum is that kind of consensus and also the kind of capital and developers that Ethereum brings. So we're very Ethereum aligned here on the Aztec side.

Ryan:
[59:22] In order to provide the privacy blanket for all of Ethereum, of course, you're going to have to support some throughput, but some of these layer twos are getting pretty high in terms of the amount of transactions per second that is available in those ecosystems. What sort of throughput can the Aztec ignition chain support? Are you in the hundreds of transactions per second yet?

Zac:
[59:43] Not yet. So this is one thing where, well, things are going to get much better over time quite quickly because our focus right now is on launching and on security. So we're not at 100 TPS yet, But there's no fundamental reason why we can't scale to that with engineering improvements alone inside the network.

Zac:
[1:00:02] Getting beyond 100 to getting to thousands of TPS,

Zac:
[1:00:05] That will be challenging as an L2 because privacy does increase coordination costs because the data that you're broadcasting is now encrypted, which means it's more of it. The transactions have zero-large proofs, which need to be verified, which makes peer-to-peer coordination a little bit harder.

Zac:
[1:00:22] So we're never going to hit thousands of TPS on the L2, but this is where the Aztec stack comes in, which is something that we are going to be developing with gusto post-launch. And basically, because our network, because of our private state model, if you have a block that just has private transactions, because we're a hybrid system, so you can have private and public stuff. But if you just have private transactions, that block can be commuted with massive parallelism because you don't have any race conditions. You don't have multiple transactions modifying the same state. And so in theory, you can process those blocks extraordinarily quickly, particularly if you get rid of the overheads of sequence of coordination, of data availability and posting to blocks. And so something we're going to be doing is effectively building out an application-specific roll-up stack. So if you are building an app where you have some trust assumptions, like let's say you're doing micropayments or, you know, agentic AI payment systems where, you know, the values are very small, you still want privacy, but you're willing to trust a centralized segment. So you're willing to like let somebody handle data as a third party. The idea is that you can build your application with Aztec's tooling, but when you deploy, you don't deploy to Aztec, you deploy to some locally hosted entity as an effective in L3. And then you settle your all-out blocks onto Aztec. And so you kind of get the best of all worlds. You get full privacy, you get very fast transactions, very fast transactions, but also you can get private on and off-boarding into your network via the Aztec L2.

Zac:
[1:01:50] Which if you need privacy, you probably care about. And so that's our plan for tackling like the very high throughput application use case.

Ryan:
[1:01:57] So will that be the main constraint? Let's say this is maximally successful, right? So 12 months from now, there is that button inside of my favorite crypto wallet to send this transaction or execute this trade with privacy and it uses Aztec, right? I imagine that that could be very popular if this is across all of Ethereum. And if transactions per second are not yet measured in the hundreds, there could be some congestion there. And as we've seen on other chains, congestion, of course, increases fees. I imagine maybe a similar thing would happen with Aztec where, okay, if it's a $10 transaction over dinner, I don't necessarily want to care about paying a dollar to Aztec for privacy of this transaction. But if it's $10,000, maybe that matters a lot more to me and I'm willing to pay a few dollars. And so my transaction goes through because I'm willing to pay more fees. This would be a similar situation that Ethereum has found itself in, which is it's kind of a victim of its own success and what it has to do is scale. Is that similar to how you expect things to play out on Aztec in a success type of scenario?

Joe:
[1:03:09] It's exactly the same. So like on the fee model we've implemented, it's the same EIP-1559. So, you know, the base fee will increase once we get above a certain kind of congestion limit for each block. And under the hood, you know, the token is burnt as a result to try and regulate kind of supply and demand of kind of Aztec transactions. But yeah, if we, you know, if it turns out that 50% of all of L2 users want privacy on their transactions, then we need more expensive. But that's kind of, I think, is a good problem to have. And, you know, we'll be able to scale that in different ways as we start to kind of address that. I think right now, I think actual, like... It's unclear how much of the L2 transaction volume is real transactions versus kind of just like random transactions. And so I think we could also see Aztec as like a proxy for like, where are the real users on Ethereum actually transacting, doing things that require privacy. And so, yeah, I think we could run into that limit, but I think it's probably more than we think it is right now.

Ryan:
[1:04:13] Right. So that limit could be, this could mean just high value privacy transactions or the thing that goes through Aztec. So the Aztec layer two as well, it's not EVM, correct? It's something that you guys have developed from the ground up. So maybe talk about that for a moment. It's not as simple as if I was to take sort of existing Aave code on the EVM. I wouldn't be able to redeploy that as a smart contract developer. I'd have to rewrite this in Noir. Is that the programming language effectively? Can you talk about the VM?

Zac:
[1:04:43] So you're right, you would have to rewrite it in Noir. And so this very much influences who we're targeting as our first users, developers of the platform. Basically, people who are building applications that need privacy. Because the thing about privacy is that the model for programming a blockchain changes radically because you have private states and encrypted information that you need to work with. And you need to be sensitive about what gets broadcast, what doesn't get broadcast. And so the mental model has already slightly shifted. And so I don't believe that requiring to learn a new language is actually that much of an additional barrier to inertia because it's Rust-like, it's pretty, it's very easy to use. And it's just a mental model of like, oh, it's private now, requires a bit of thinking about.

Zac:
[1:05:29] So with Aztec, for private parts of transactions, we don't actually have a VM at all. What happens instead is that your program that you're writing in NOR gets directly converted into a zero-knowledge circuit. And then that gets like when you're executing a transaction, right? Like your smart contract address is derived from that circuit verification key. And so yeah, you don't actually need a VM for the private stuff. And that's a choice you made to maximize speed and efficiency, because these proofs that contain all the sensitive data, you need to make them locally on your device. So we're talking about potato hardware and VMs add overheads that we didn't want to pay. So, yeah, it's a very different design architecture to other LTs.

Ryan:
[1:06:16] Well, what are some of these totally private native applications that you guys are working with at launch? Well, of course, the big value proposition for everyone listening who uses crypto and uses Ethereum and uses DeFi is Aztec is through kind of private intents, potentially able to provide privacy for all of your transactions, everything you do. And then also there will be some Aztec native applications that you're talking about that are just full stack privacy. What types of things can you imagine here and what types of things are maybe people working on?

Joe:
[1:06:50] The mental model I have is, you know, what we have on public Ethereum was designed in a pure public execution environment. And when you add privacy, you get a much larger and very different design space. And so the types of applications we're seeing that kind of, you know, require privacy, they can't exist on other chains. So they look a bit different to perhaps what you see on Ethereum or other L2s because it's just not possible to make them there. The ones I'm most excited about are I think both in the trading side, so dark halls and OTC desks. Those are kind of types of like DEXs that, you know, if you were to build a DEX that requires privacy, you may not be able to build a constant product market maker like UD swap. Like that's a fantastic mechanism for a public kind of execution environment. But if you have kind of complete privacy, you can do things very differently. And OTC desks and kind of traditional financial kind of order book style exchanges work very well in that context. So we have a few teams building different types of decentralized exchanges where, you know, either you're hiding the participants of your trade or you're hiding kind of the total flow going in and out of an exchange or just recreating kind of OTC desks. That's one area.

Joe:
[1:08:06] Underclass-trained lending and consumer finance is the one I'm most excited about, though. I think for a long time on Ethereum, we haven't had proper consumer finance. Some teams have tried this, but it hasn't really taken off because what I can do in most Western financial ecosystems is get a loan based on who I am, like the inflows and outflows of my bank account. And in order to do that on Ethereum, I have to put that information onto the blockchain. As Zach was saying earlier, that's a credential. Like I want to be able to create a credential which says my income is above 5k, my outgoings below 2k, and I have a certain credit worthiness. And you can start to do that on Aztec by feeding kind of bank statements into a zero knowledge proof, proving information about them. And then as a result, you can do under-clutterized lending, like a loan based on me being Joe, not alone based on me overclasserizing ETH into a CDP like we get with kind of traditional DeFi. So yeah. It's just a different mental model, and I think one that's more centered on around either information asymmetries or kind of identity being a core part of the transaction. So those are the two I'm most excited about. There's.

Zac:
[1:09:20] Also a lot of

Joe:
[1:09:20] Games being built as well, which are really exciting.

Ryan:
[1:09:23] Part of the power of the ZK technology as well is, as we were talking about in the ZK Passport use case earlier, is the ability for me to selectively disclose some of my information. And this could come into play with financial transactions as well. So I'd imagine if I did do that trade from ETH to USDC, and years later, let's say, the IRS and I had some dispute that said, had different numbers than what I was declaring maybe in my income statement. Be very nice for me to be able to say, nope, I have ZK proofs. I can selectively disclose that this was the trade amount on this date, and you could see I'm right, IRS. Does that ability exist within the Aztec ecosystem? Can I disclose things for compliance reasons or to third parties for whatever reason? Is that fairly easy?

Zac:
[1:10:10] It's possible. We still need to build out the tooling to make it easy, but it's possible. And the intention is to... There's no reason why it shouldn't be easy. The hard part is then getting the IRS to go, oh, yes, I accept this proof. And not saying, what is this random junk you've given me? I don't care about this. I needed a balance sheet. So that's going to be the real battle. You know uh because you can do so much like better than the existing financial system with blockchains with privacy where you can do basically do preemptive compliance so normally the way the financial world works is you want to do a transaction you perform your transaction and then you gather up all your paperwork to say oh yes i'm not a terrorist i'm allowed to do this and then you send it off to the after the regulator and that is a terrible model doesn't work um because you know it does like there's loads of illicit activity happening in the real world And on chain, you can do things much better. You can say, by definition, the only way this transaction can be executed is if me and my counterparty are following the rules or compliant, you know, ZK passports or whatever, but using ZK proofs.

Zac:
[1:11:12] The problem is that we don't

Zac:
[1:11:14] Live in a world where that's actually accepted as being valid regulation. The regulator will be like, no, I want to see everything. I don't care about these proofs. So we've got to get that to change. But building applications and demonstrating this tech works is step one. To slightly cycle back, Ron, you asked earlier about an example transaction flow for how this works. And I'd like to just highlight one because this podcast is called Bankless. So let's talk about how a d-bank might work on Aztec. So let's say there is an organization that is putting, say, I don't know, like mortgages or equities or some kind of real asset, they're putting it on the chain.

Zac:
[1:11:47] And issuing liquid tokens that are being traded in a dark pool in Aztec. And I want to use my dbank app to buy some. I have some private USDC and I want to buy it. So what would happen on chain, right, is the entry point would be my account contract. And because we have account abstraction, this account contract, instead of having a public private key and checking a signature, it could say, check the Google authorization flow. So basically I'm signing in with my google account and you know google gets a request that you want to log on which is a slight centralization factor but nobody on chain looking at your transaction could see that this account is linked to a google account once that happens your transaction gets forwarded to the dark pool contract which will then trigger trades between your usdc contract and this um let's say this like real asset contract and then that real asset contract will say well hmm who's this person are they allowed to hold this asset like they need to be they need to prove their america for example so then that contract would make a call out to an identity contract like zk passport which would just say hey does this person have an nft that that that gets issued if if they have a us zk passport proof and then you'll be like yep they do that gets returned all back to the dark pool the dark pool then call like triggers the token contracts to execute the trade

Zac:
[1:13:03] You you lose your usdc you gain your real world asset token and then the transaction ends and that is all an atomic singular transaction for the user, right? Where the proofs of all is being generated client-side and just executed in one shot. And sorry for rambling, but the one last thing is, what does an observer see looking at the blockchain? What do they see from all this? They don't know who you are. They don't know the smart contracts you're interacting with. And they don't know what data you've modified. So they see absolutely nothing. Very cool.

Ryan:
[1:13:35] Zach, since you were talking about kind of regulators and this being actually in many ways an improvement from the existing system of regulation, both for users, but potentially for

Ryan:
[1:13:46] Compliance officials and regulators as well. We talk about this for a minute. They don't yet understand privacy in crypto. And there have been many cases that we've seen recently. You guys were referring to the Tornado Cash developers. There's some privacy devs in the Bitcoin community who are actually facing prison time. I know it's a different model, completely different sort of thing that we're doing here. But even Tornado Cash, I mean, there's intense regulatory scrutiny at the nation state level for anything involving privacy and financial transactions. How about you guys? Are you concerned about this? I mean, is there a level of like, we live in fear that regulators and the nation states might not understand what we're trying to do here and might persecute us, prosecute us in some way? And have you ever considered like giving up this project as a result of that? I just, from my perspective, I do not yet see any bright lines. And maybe you guys do, but it feels like nation states are very much trying to figure this out. And even those that bend in the direction of freedom and civil liberties may make mistakes on the way to getting there. And it could be catastrophic for crypto privacy developers involved. How do you guys think about that?

Joe:
[1:15:07] I think the bright lines we have is that privacy on blockchain should be the same as privacy on the internet. We take that for granted today, but that was a battle that was fought and won by in the last privacy wars around SSL and Netscape were kind of pioneers in that regard. Getting the privacy we enjoy that powers most of the internet was not just a kind of walk in the bark exercise. It was something that was fought for. And so I think as a result, we now can enjoy card payments on the internet, like accounts that have passwords. Most of the internet under the hood is powered by a form of encryption under SSL certificates. And so...

Joe:
[1:15:48] I view it very similarly to kind of that debate. And there's always going to be push and pull with regulators. I think the reason why things got kind of dicey and kind of people were kind of prosecuted when we first had this technology is because we had a very weak form of it. We had a very small sprinkling of privacy. All we could do was encrypt a balance and basically hide it from the world. And that in its own is actually quite dangerous because you can't do the important thing which is tie your identity to that cryptocurrency account so i think now that we've got to kind of like hopefully a a higher degree of functionality we've we've kind of gone to like a hopefully a local minimum or maximum in terms of what you can do i think it's actually more useful to be able to convince regulators that you know this is actually a force for good not a lot of force for for bad And, you know, teams like ZK Passport can help convince them. Ultimately, it's going to be up to application developers, though. Some apps will require very strong degrees of compliance and regulation based on what they're building. And others may not. Like if you're building a low-value game that's just kind of, you know, crypto kitties, like you need a very different compliance tool chain than if you're kind of trading kind of equities on a public blockchain. And so the goal with Aztec is just to make a kind of neutral infrastructure layer.

Zac:
[1:17:14] Powers all those

Joe:
[1:17:15] Use cases and gives developers the tooling they need to make those decisions. And so I think that making it be neutral and kind of not compromising on that fact that we don't control the network is hopefully how we win because it means

Joe:
[1:17:29] that the nexus point is on the application developer, not the network. And I think that's how Ethereum survived all these years as well with teams like Tornado Cash. Like Ethereum wasn't the target. It was the application.

Zac:
[1:17:41] Well, yes, but also we want to make sure that, you know, application developers can build in the tools and resources to protect themselves, you know, ultimately. Yeah, 100%. To directly answer your question, you asked basically, are we worried that regulators won't understand the technology we're building and come after us? When we answer that as no, I'm actually worried that regulators do understand what we're building and they come after us. Because I think the last few years have shown us something is that regulators can often act in extraordinarily bad faith, that you have the de jure mandate of a regulator, which is to protect consumers, which is very legitimate. Then you have the de facto mandate of the regulator, which is, in my opinion, to protect incumbent economic and financial elites. And this is why the Genza regime was so hostile to crypto. It's because of the threat. I mean, you can even see with the Genius Act, right, where banks were doing their absolute damnedest to try and make that stablecoins unable to pass on treasury yields to the stablecoin holders. And they're absolutely incensed that products that achieve the same outcome are being developed.

Zac:
[1:18:47] If Aztec succeeds, you know,

Zac:
[1:18:48] It's creating a network where the barriers to entry for providing financial services crush through the floor. You know, you no longer need these giant information notes, enormous pools of capital, access to elite networks of knowledge and privilege. Instead, you can build these decentralized financial systems on Aztec that compete directly with the centralized versions, where you can get your equity from the blockchain network. You can get your market from the blockchain network. You get distribution, basically, without having to kowtow to financial elites. And I think if we're successful, they're not going to like it. And they're going to dress up their concerns in the language of privacy and safety, when in reality, what they're upset about is that they're losing money. That's my concern.

Ryan:
[1:19:32] Are you guys prepared? So if that concern is strong enough, I mean, I think there's... It's a scary time for open source privacy developers. I mean, does that ever keep you up at night, Zach? It makes me

Zac:
[1:19:44] More angrier than scared, to be honest. I think that's, you know, we're doing, we have, unfortunately, we have a lot of precedents we can observe to guide our actions, very unfortunately. So I think that, you know, we are, like, it is going to be a very, very tough battle for anybody to come after Aztec because we're doing everything right. and you get some really dark precedents set. If some judge wants to claim that there's no legitimate use case for something like Aztec, you can very, very easily extend that to saying there's no legitimate use case for the internet. I'm not worried personally. I just think that this is, I said this years ago, that this is going to be a long grinding battle of attrition where there's too much value on the table to destroy this technology, to destroy blockchain, to destroy privacy. There's too much value on the table. and the first trusted environment that actually embraces us is going to generate so much economic advantage that all the other jurisdictions will have to fall in line. And so this is basically

Zac:
[1:20:48] This is golden

Zac:
[1:20:49] Goose then golden eggs on the table that incumbents will try to destroy. But it only takes one of them to pick it up and go, actually, I'm going to start using this for myself and make mine myself and everybody else will have to fall in line. And the question is what is the collateral damage going to be until that happens? Our job is to make sure that both ourselves, the network, and our networks, users and builders stay out of it. We'll see how successful we are over the next five years.

Ryan:
[1:21:15] Completely agree. Well said and well done. As we maybe draw this to a close, I'm sort of interested in a lot of things about the Aztec journey. But one of the things that intrigues me the most is how long you guys have been doing this. So this has been really an endurance race. And I think we're in a world right now in crypto that feels somewhat jaded by short termists. Like it's kind of like where have all the cypherpunks gone right i thought this thing was about rebuilding something new zach you are an x particle physicist i believe joe you were a primary formerly a material science scientist right so you got into crypto i think from other fields for a reason you've been working on this project for seven to eight years on aztec and And we haven't gotten into all the components of the tech stack, but there's so much here that is net new and huge advances in the area of cryptography and ZK in particular that I know you guys have built yourselves. But this has been almost a decades-long journey already, and we're just getting to the starting line now with the Aztec ignition chain. I guess my question to both of you is, what's kept you going? And like what keeps you here now? Maybe Zach, you first.

Zac:
[1:22:37] Honestly, what else is there? What else is there? You know, like if I left the space or pivoted into some random piece of junk that I didn't believe in, then it's like, what's it all for? You know, this project is like, I don't have a lot of meaning and purpose for this project because I can see a world that could exist that needs to be pulled into reality. And I feel like we're so close and we've been so close for years. As in, why would I give up? As in, to do what? Like, what else would I do? This is the opportunity of a lifetime. I wouldn't trade it for anything. Yeah, the way I see it, it's do or die. Do or die.

Joe:
[1:23:15] Yeah, I think about it similarly, but a bit differently as well. I mean, I kind of view it as like the promise of this technology, like bringing the world on chain without strong privacy, is something that terrifies me. And I think we have a real chance at preventing that future, like this dystopia where, you know, an MEV bot or some kind of AI agent knows what you're about to do before you've done it because they've seen all your future and previous transactions and they can just predict every move. Like if we're going to try and like meaningfully try and onboard like all of the unbanked people in the world to use crypto rails and we're going to take away something we enjoy in the western world which is basic privacy like I can't see your bank account like when I go to a shop and pay for something they can't see how much money I have or like what I did last week I think if we're going to, If we're going to do that, and that's the world we're trying to kind of put into existence here, and we do it without privacy, like, what are we doing? And I feel like compelled to protect that and try and kind of protect the people who are ultimately going to be users of those chains who may not know the difference in the short term.

Zac:
[1:24:27] But will have their

Joe:
[1:24:28] Data kind of, you know, extracted in mind if something like Aztec doesn't exist. So I think it's more kind of, you know, there's a lot of scope to have a lot of impact with this project, but also I think I feel compelled to kind of try and do something about that because too many projects just put their users' data on chain. And, you know, we'll see in five, 10 years when it's all hoovered up, you know, what the effects of that are. I think that's just not a world I really want to see exist. So that's what keeps me going.

Ryan:
[1:24:55] Crypto without privacy is actually a scary proposition and we certainly wish you well. There are many ways to get involved with this project. One of the ways right now is there's, I believe, a token sale going on. If people want to actually participate in that, get involved in the network, they can also use those tokens to become sequencers. As we draw this to a close, can you talk about how that works effectively? So let's say I want to learn a bit more about this. Maybe I want to participate in the token sale. Maybe I want to, I don't know, run some infrastructure, become a sequencer. What do I do, Joe?

Joe:
[1:25:30] Yeah. So we looked at the ways to kind of bootstrap this network and not many of them kind of were fit for purpose. So we ended up partnering with Uniswap on a new kind of distribution auction model. It's called a continuous clearing auction and it's designed to kind of prioritize fair access to kind of token sales. Like historically with token sales, you know, they can be sniped by whales or they kind of, you know, the price discovery doesn't really exist. So yeah. Uniswap and us have built this new type of auction that prioritizes fair access and it will, at the end of the auction, kind of find a fair price for the Aztec token. It creates a Uniswap v4 pool at that fair price and everything's on chain, fully transparent.

Ryan:
[1:26:13] On Ethereum? The tokens are on Ethereum layer one? Okay.

Joe:
[1:26:16] Yeah, it's C20 on Ethereum mainnet, the allocations, everything happens in smart contracts on Ethereum mainnet.

Joe:
[1:26:23] So you just have to head to our website to take part. You can either do ZK passport proof to prove you're not on a sanctions list or traditional kind of KYC. And then you can send your ETH to a smart contract and place a bid as a result. Once the auction's over you'll be able to claim your tokens out of those smart contracts and you can then stake them you'll need 200,000 tokens to stake if you don't receive that many you can still participate in governance on the network and kind of vote for changes but yeah you'll need 200,000 tokens to stake you can either do that yourself on kind of a home staking machine the hardware requirements are fairly fairly kind of easy on consumer hardware or you can delegate to some of the existing kind of lists of stakers. We have about 200 Genesys kind of entities who accept kind of deposits from other individuals. And so you can stake that way as well, much like Ethereum staking works. You can either do it yourself or you can kind of delegate to a third party.

Joe:
[1:27:21] And so, yeah, it's all running on Ethereum mainnet. And the goal is to really distribute ownership of the network and governance to the community. And as a result, kind of, yeah, we're doing this token sale. I think one of the other interesting things to note is that the liquidity for the token sale is put into a Uniswap V4 pool and the community actually gets to decide when TGE occurs. So the core team, everyone has a lockup, but the community tokens that are purchased in the sale will be the only tokens that are 100% unlocked.

Joe:
[1:27:53] At TGE and the community gets to vote on that. And so it's kind of doing things the right way, decentralized governance on Ethereum mainnet. So it's been a lot of work, but it's been really cool to partner with like one of the like original DeFi protocols, Uniswap to make a new way of doing token distributions because we don't think the whole airdrop meta was fit for launching a decentralized network, especially when people need skin in the game to stake and run nodes.

Ryan:
[1:28:19] And Joe, I can run these nodes from home. I can run an Aztec sequencer from home?

Joe:
[1:28:24] Yeah, you've got a DAP node. There kind of as a package on the DAP node app store, you can run it alongside your Ethereum validator, which is kind of a great way to do it. So secure Ethereum.

Ryan:
[1:28:34] I got to tell you guys, you know what? Just when I was getting jaded on crypto again, this is the most crypto native project I've seen probably in years. You guys are doing this bottom to top. And I give you a lot of credit for this. like in new territory, new frontiers, just about every particular area, layer twos, privacy, even the ICO and distribution. This is really a unique project. So I'm hoping the best for it and very excited about the launch and then getting finally to, I guess, so this is sort of a beacon chain type of mainnet. And then what are you calling the main ignition mainnet? Is that actual mainnet?

Joe:
[1:29:12] It's going to be called Alpha. And then once we've run that with the kind of security and uptime requirements Zach was talking about earlier, so hopefully three months in. We'll call it Beta.

Zac:
[1:29:21] A bit like how Solano's still in Beta.

Ryan:
[1:29:25] Okay.

Zac:
[1:29:27] Well done.

Ryan:
[1:29:28] Thanks a lot for spending the time with us today. This has been absolutely fantastic. Zach and Joe, we're looking for big things. Thank you so much.

Zac:
[1:29:35] Thanks for having us on. It's been a pleasure.

Joe:
[1:29:36] Yeah, thanks again. We'll see you in five years.

Ryan:
[1:29:40] Oh my God. Hopefully next year. I heard a promise earlier, Joe. Got to let you know, Bankless listeners, of course, none of this has been financial advice. You know, crypto is risky, so it's a frontier of privacy. You could lose what you put in, but we are headed west. This is the frontier. It's not for everyone, but we're glad you're with us on the Bankless journey. Thanks a lot.