This is epicenter episode 405 with guests, Joe Andrews and Zach Williamson. Hi, welcome to epicenter of the podcast where we interview crypto Founders, Builders and thought leaders. My name is Sebastian quechua, and I'm here with Dave Ocha, who's a new co-host on the epicenter team. So Dave is the co-founder of Osmosis. So he works very closely with Sonny's been working with Sonny for several years on like Sitka and other projects, so Dave welcome, welcome to the
epicenter host roster. He tell us a little about yourself and introduce yourself to the audience. Thanks Sebastian. I'm Dave. The as Josh mentioned. I'm a co-founder of Moses with Sonny. Yeah.
There's also another collab Center hosts, which probably know I also like run the proof, stick validator sicko which McNeely validates Cosmos trains and that's why I've been working with Sonny for a number of years that I used to work on Tanner McCoy and calls us DK. And I guess now working both these actively N+ Moses prior to us, Moses.
I was like doing a lot of research on how to improve snark, recursion and like, how to build starts with a Alessandra Piazza and like, my other, great Folks. At UC Berkeley. So privacy is starts acting a very near and dear to my heart. So, uh, I'm pretty excited to the podcast today with plastic. Yeah, it's I think it's really fitting that you're here because today we're speaking with Joe Andrews and Jacque Williamson head of product and CTO at a
search protocol. And so we had Zach and Tom. Another team member on the podcast in March of last year. And so we're here for an update today. Thanks for joining us, guys. This is the pleasure to be here. Yeah. Thanks for having us. So before we talk Joe and Zach about Aztec and the evolutions for that project since lat we last had the bond. I'd like to tell you what our sponsors for this week with Paris pop. You can beat the bear market
price with every single block. It's fast and highly liquid, and they've just integrated with ledger. So if you're like me, and if you're using a ledger device, you can now swap directly in The Ledger Live app. So this makes it really easy to do swaps without having to connect your ledger to the browser. So, check them out at Paris, swap the io, Are your assets, sitting idly in your wallet? You can start earning rewards and contribute to network security by staking.
With course, one as it's taking provider, securing over a billion dollars in assets. On over 25 decentralized networks, including Solana Cosmos and ethereum is one of the most trusted staking providers in the ecosystem. If you're interested in running your own branded notes, they have a managed white label node as a service offering which leverages courses highly available improving infrastructure. Enable you to participate
directly. We in decentralized networks at over to chorus dot one, to start your staking Journey today. So since last time we had you on, how is the company grown? And you know, what's been the evolution of Aztec in the last year, or so? Yeah, it will quite quite, a lot, has happened in the last year. I believe the last time we chatted, we just published our latest picture overview, search plunk.
And since then, we put it into practice by releasing the first private layer to, on ethereum, using that research. It's a network that allows users to Shield the theory of another tokens and send it privately and that's been the Main, the main focus of the company for the last year and now we're now that that's done. We really want to bigger and slightly more ambitious, things that we yeah happy to dig into
as well. Yeah, I mean, last time you were on, we talked a lot about, you know, how the Sheila transactions contract worked and like, how that works for the user and also under the hood, but we did talk about defy little bit and I think that, you know, looking at what you guys are doing now, that's definitely like more on your radar. How has the growth in defy in the last year?
Or so like help shift your focus has it, you know was it Wizards an accelerator and shifting your focus more towards defy or where are you? Already sort of on that track. Tell us about that Journey. Yeah, definitely said. I think the explosive growth of defy, really shifted our Focus from focusing on kind of more web to use cases and it's created a market for previously. On web 325 was only kind of low
tens or hundreds of millions. There wasn't that much of a need for privacy, but now we're in their kind of fifty to a hundred billion of Market Capital locked inside defy. There's a huge need for privacy there. So it's definitely shifted our focus and the product offering as well and the networks capable. That is the focus. Pretty much entirely on D5 with
the upcoming release. Cool. So for people who are not familiar with a stack, give us the high-level overview of what you guys are working on and we can kind of go from there. Show these plastic, he's is state-of-the-art. Cryptography to enable users to hide their identity when transacting on etherium right
now. One of the main, probably one of the main problems with transacting on blockchains, is the fact that everything is public, which means that's everything that you do. Everything every transaction that you make is viewable by the entire world. Now this this isn't a necessarily he's much of a problem and people that are standing around with cryptocurrency, but one when we Been moving to a world where more and more financial transactions are being moved on
chain. Because if its value in the settlements, there it started. Bigger problem is going to be in our opinion, the problem over the next few years, with regards to blockchain. And so, and we're here to solve it. We use a niche market ography called the zero dollars, proofs to enable users to prove the correctness of their transactions without having to actually critical information. Summation to The Wider World. Things like the identity of the amounts are transferring the
assets. They're transferring. We're yeah, we're steadily building out our technology and architecture to support more and more use cases. What kind of use cases? This is a this is open that because like Sheila transactions are cool, you know? And there's lots of in people be working on that recently. We had terminated cash although they've gotta think like a quite different approach. But you know, what does a zero knowledge, like a ZK, ZK, roll-up effectively.
What is what does that enable in terms of new types of use cases? I think this culminated in March with the release of CK money and zk- the front end on top of ZK. ZK, roll up, and it enables for the first time. Let the rim transaction to exist fully privately. So, you have Ironclad privacy guarantees, very similar to the Z cash protocol. The circuit is going to use a similar underlying kind of set of nullifiers to get strong privacy guarantees.
But for the first time that transaction is actually cheaper than a layer one bathroom transaction, so, For us it's the seismic shift where users don't have to choose between privacy and kind of being on a theorem and being kind of in a world where lots of people are building applications. You can have kind of your cake and eat it. So to speak. You can have privacy. But on the Chain whether it's the most developer activity. I can expand a little bit as well with regards to the zkc.
Karela at the core of approach. This section is the idea that well, instead of sending to the little chain, like the basic information about your transaction. You know who you are, who you're sending has sending cryptic to, instead you serve, you send a signal screw. So, basically say, well, here's my old encrypted banners. And here's my new kept the balance.
And I can prove to you mathematically that I follow the rules of the blockchain, you know, I've deducted something for my balance and added it to somebody else's pants, but I'm not going to tell you who I am. Who I'm sending my money to or how much my Was however, zero has proved a very expensive, computationally expensive to check requires a lot of like dich cryptographic operations, which means that it costs a lot
of gas. So the question one of the questions is how you get well in general, how to get cheap transactions on a theory. But for us, the question is, how
to get cheap relatives. I can slowly filling and the solution is is a little bit of inception ask, but you you go wonderful deeper, instead of sending zeros, proofs to to the blockchain, which represent private transactions you Create a zero knowledge proof, which proofs of correctness of a large number of materials proofs, and allows you to send one kind of Mega transaction to the ethereum blockchain. That proves the correctness of hundreds.
If not thousands of individual private transactions. That's what a ZK, ZK. Roll-up is we taken to calling it a private roll up because it rolls off the tongue a little easier. It's like you're doing 100 proof of a bunch of transactions, but those transactions are themselves, like using zero knowledge proof still like be valid or like get privacy. Exactly. Correct yet. It'll set the The Entity creating that meta magazine has proved doesn't need to know any
secret special information. So isn't this process like starts, it's really expensive. So, how is this being done or house? Like this? Our Gator is sequencer doing, like be able to do without a high fees. Well, that's being this being a, that's the question and the something that we've been spending the last two to three years, focusing pretty intently on them. And we had to make several relatively significant advances in the state of the art.
When it comes to use kinds of criticisms to get there, specifically we needed a great as urinals proving system. That was fast enough that you could make these gargantuan proofs because yeah, generally if you want to create a zero. North proof of a computation, the act of making that proof is going to be about a hundred thousand to a million times slower than the original pre-construction.
So so actually verifying journals, Prix inside as well as previous one of these kind of computation like mares. One of the one of the advantages that we have is as a company is what we are chief scientist is alright that was like, he's one of the best in the one of those photographers in the industry
and together. We've not just published the plant cryptosystem which was one of the which is one of the Extremely fast, Zs knock, but we've been able to modify and update and and mold operating system to, to engineer it, to be to be tailored towards our specific needs. And so that meant that we have a lot of agency to make the previous term, particularly good for things like verifying zeros, proofs and doing very quite Advanced too difficult
computations. And that's that's really why we've been able to create this kind of construction on the theory, but you currently do. It's the this District as going to be have as the only one. That's actually very viable on the theorem blockchain given the limited cryptography. You can do inside a smart contract. Super cool. I've never been following the story of plunk. I remember when the paper first came out and made like such huge waves during a snark temper of
that year. Yeah. What's the story of the name clock? Like it's such an interesting name inches is one way of putting it. Yeah, so it was originally it was a placeholder name. So we really live a struggling to come up with a decent over the name for the paper and, and I suggested function as a bit of a laugh partially, because As you said it was this this month's not temper like over the last few months in that in that year 2019 and quite a lot of
seminal cryptography. Papers have been released and welcome had like big ambitious names, you know, like powerful names things like, you know, Sonic could dark some stocks and Marlon and and and I just I felt like it would be I thought basically our thought be funny. So it's an electron.
It's British slang for cheap, low quality wine, and I feel like there's a lot of similarity because You know, I understand, you know, get getting getting to the bottom of funk requires making questionable Life Choices bit like bit like, you know, real Plank and and and, you know, it gives you a headache. If you spend too much time with it. So basically, okay. So basically we call the plot be published at your prints generally. Print takes like a week or so that you press this big like
this website. That is a repository of cryptography papers generally takes about a week or so, so to approve a paper for Elites who thought and it says publishing now deal with the name later. A publicist, whatever night. And then people started tweeting about it and say, hey, what's this Punk thing? And so basically the kind of work that I do about it, and we figured it was a bit chilly to change it and, you know, it's kind of funny.
So, here we are today. But it got kind of like backwards name right there because I do yes. Yes, it's quite obvious. So yes, I think one of the only useful well not useful. One is one of the one of the main skills that I picked up from a degree in particle. Physics was elaborately named acronyms that stands for permutations over the branch base. That's the opinion. The L4 EG medical with me. All day canvassing, non-interactive arguments of knowledge, and the a is silent. That's great.
I love it. I hope it can push for Snorks as Edwardsville Starks. I don't know. We've lost this one though. Okay, medical and scared. It's eight. I mean, it's me, it would be nice, wouldn't it? Yeah, we got a few years of inertia to push back against unfortunately. So last time you were on, we talked about defying before, we did this interview, I listen to that episode. And one of the things that we talked about was, you know,
privacy and defy. And, you know, you mentioned that privacy makes defy paranoid. And the way you described that is by by using a, by using maker as an example. Could you elaborate on what you meant there? And you know how privacy you do more? Idly are at least privacy Technologies, break certain applications in defy. Yeah, absolutely. So so yeah to expand on that parrot, Paradise. So what basically the question, what are the questions which is relevant when it comes to
privacy protections? Action is how in the blazes? Do you make a private defense protocol? Because it'd be really nice to have a private version of make a double, you can make a CD p and nobody knows how much it is. And you'll be nice to do things like have a privately privately centralized exchange where you have a private order book, but you can still match trades, but the Problem with these approaches, is that in a private world?
You can't have public State because modifying a public very public State variable leaks information about what you're doing. For example, things like, you know, swap you for your sort, you need to understand the total amount, the total Supply. You have a bit of an asset to perform such an established liquidity, you have. And so, if you deposit into a liquidity pool, then you're changing the total metal liquidity. That's public variables. So people can see what you've
deposited. That's not private. Similarly, for make a deal if you create a collateralized debt position that's private. That means it's encrypted. And so how in the blazes is anybody supposed to figure out if you're becoming undercapitalized? And if they are how they're supposed to liquidate your position because it's encrypted only only, the CB Creator knows how to decrypt it, and they're not going to help you liquidate
their position. So that's one of the fundamental problems with with privacy and the parent icons. For example, you could create a private, make a dowel where, you know, you have a CD P where the weather's ubiquitous. Constantly kind of scent effectively, Chris of Life.
They have to continuously prove that their CDP is over collateralized, because they're the only person who can create this proofs, and if they don't save the proof, there is proof of life in the, you know, like a day or two, then they get then there's the bad happens to their position. And so they're always getting around this, we wouldn't be doing what we're doing. If we didn't think that we could, we could provide practical and valuable privacy
to defy. The the Holy Grail solution is to use multi-culti computations where, for example, if you want it, If you want a, for example, a decentralized exchange with a private order book, but you can still match trades. Amongst people in theory. You can do that through multi-part computations where you have, like a ring of
individuals. They will have their own orders and prices that are all encrypted and they slowly engage in these NPC's with one another to kind of drip feed information about their orders to counterparties that have matching orders and innovate. You can, you can achieve very high quality high quality ability of its kind of
approaches. However, the Texture of these approaches is is absolutely enormous and we're nowhere near the point today where you can, you can bootstrap you kinds of these kinds of protocols, you know, hardly hardly anybody in the world who can, who can develop them to be efficient enough to work. And and so you don't.
You don't have that kind of that Mass Appeal that you have a theory where you know, anyone can code up a smart contract, but we do have a much simpler solution for privacy when it comes to defy which we could expand on. That would be a I don't know. Preempt any questions, then, please go ahead. Let me explain. So yeah, so, how do you get? So how do you, how do you, how do you get private defy? Well, the the the simple answer
is you don't basically you. Leave you make you keep the default protocol public, you know, you know swap. Make it out. You leave them where they are. Yeah, hang out, on layer 1, completely public. Everyone can see what's going on. And what you do is you make the assets private, you ensure that individuals have that their Holdings of various cryptochrome. Is anonymous. So if, for example, let's consider the make it up addition again, imagine, you know, you know, make those public.
So you can see, when I see the piece created, you can see its value. You can see what it comes on the colors liquidated, but you don't know who upholds it. And that's very high quality previously because at that time, it could be anybody. And so, the most important thing isn't to an opera need to make that the the D5 protocols private. It's not to make the the effectively, like the sites, which interact with the value private import things, to make the value holders private and
give them an anima anonymity. And and that's how we're planning on doing a non on achieving privacy. So it's like a you have you hide all the addresses then you kind of public hearing when you do a trade. It's what's public. Is that a this amount is going from some a dress that has some the right thing does public action and it goes back to a new like price.
Exactly. Yeah, so you can see in the video, you can see like, you know, 10/10, for example, like, you know, 10 teeth is gone from my dress question mark question, mark, question mark is going to you to swap got a bunch of doing that's going back to address question mark question mark, question mark. And so That kind of quite we think quite effectively solves a problem. You know, these these protocols can still exist in all the little their magnificent complexity, without having to
kind of re white V, right. Themselves to be private, but you still get the benefits of privacy that users care about. I've got an analogy of it. Be helpful for the listeners. We internally, we call it the D5 bus, so you kind of see that the Aztec roll up contractors being like a bus station and there's all these buses that have kind of tinted windows and you can
see the front of the bus. It says I'm going to use Up to swap if die and people can get on the bus and you can't see who's getting on the bus, but it will go to UNI swap. Take the F. Do you need to open? It will bring back a load of died on the return journey of the bus, and give it back to the users in the asset Network. And so, so I think is a good analogy for kind of showing how this network interacts with the rest of the, the defy ecosystem.
And whilst most giving strong privacy guarantees to everyone who's on that bus or in that transaction. So from a user perspective, I just want to like walk us as I understand it, walk through the transaction flow here. I want to trade on you swap, in order to do that. Let's say I want to trade like, eat for die. I send the eith to the Aztec contract. I get into the bus effectively then that tree gets made. And then I'll get say die back at some point.
Couldn't someone just be watching my address and see that I interacted with the contract? I Acted with, as you call it, this, you know, swap bus and just deduct that. I've just made a trade on. You just swap. I mean says a bit more. It's a bit kind of AP to direct deposit like that in the same transaction. That would be kind of a way to link your lair one address to to that trait, but the floor actually is a bit more.
It's going to one more step so users have funds already on the Aztec Network. So they're already shielded. So you would have in a separate transaction, your teacher, even yours. Make it as you get you. And then you have these encrypted, you txo notes on Aztec and you can use those to interact with any L1 smart contract through our defy Bridge. As in this case, you're choosing trap interact with the uni swap
each dipole. So you kind of send a transaction that says, I want to put one equally into the next bus. Going to the that ball and the owner of that teeth could be anyone who's ever deposited e to the Aztecs Park on track. See identity is completely hidden throughout that process. The roll-up provider will then bundle all those transactions with any other user who wants to do the same trade. So, say Zach also wants to trade to Rican. A few other. People are also getting on the bus.
So we'll send an aggregate then transaction from the role of contract out to UNI swap say five even total and we'll bring back die to the Aztec roller contract, and that will then be dispersed in zero-knowledge notes. To the holders who participated kind of in that transaction. So you're actually not getting the proceeds at the Depot interaction on layer one. You're getting it in encrypted form on there too, which is how the strong privacy guarantees
kind of maintained through that. Think it's quite an interesting way of doing it and that can talk about the actual cryptography because it was a bit of a breakthrough moment for us to actually get their identities hidden through the process. Hmm. Okay, so it uses the same note system as like the previous version. I think that's what I miss. The new systems actually not graded Forum because the old Aztec just had confidential note. So here, both the balance and the owner is encrypted.
So that's what gives us kind of the anonymity. What we need to do these transactions. I was looking like from user perspective, you know, right now as a connect better, masking yourself website and just press about to do a transaction. So is it? Like I said, it's still pretty similar. We're on on like the Aztec site. There's still a fact, my wallet and just do the trade that the transaction like does all these three steps like go to L1 Swap and go back to L2.
Yes, sir. So we have a kind of we call it CK money, and it's kind of like a Showcase of what's possible with drastic SDK. And so the next kind of three months, the, the main venue for these trades will be seeking money and you'll be able to connect metal mask. Kind of, it will show you either. If you have aleurone or if you've already kind of use the Aztec Network, it will show you as you can eat, and you'll be able to kind of do these various default interactions.
And yet, all of that will be abstracted from the user. Via SDK the kind of three to six-month goal is the sdks integrated on a lot of these L1 front-end protocols. So you can actually just go directly to UNI swap or are they or some of those protocols and perform have the option to perform the interaction privately? Very cool. I feel like this General approach is like the future of a practical privacy for a D5
things. It's often like, you know, if you want public information like, you know, constant Park market makers, our cost function, then you have to have this false in public. And I'm saying, yeah, I think it's kind of The Best of Both Worlds because you get the kind of the transparency of layer 1 D Phi, which is what made it grow to be so popular, but you also don't have to sacrifice. What a lot of people take for granted in the web to world is just basic transaction. Percy.
No one can see my Robin Hood account. No one can see kind of my Revenue accounts. I think this allows new types of kind of user experiences that give you the best of I think our one defy, but also strong user. Crt's. Yeah. Sorry. I just want to like, stay on this defy topic a bit. So in that case, then you need to create a me like UNICEF. We need to add a like a sty Keith Aztec die pair I suppose. And if you wanted to trade those assets. That's one of the one of the key
parts of our precious. That's, we're looking at the lick, the the kind of evolving layer to landscape in right now. Kind of the the impetus is on having strict liquidity because if you want to benefit from the fee reductions that you get from where operational are to, you've got to move that it - will defy protocol into the layer 2 and it has a principal balance earlier liquid asset, pairings Etc. But for us we felt we wanted it
to be very much help. Users want is to leave the the actual source of the pyncheon layer 1 because that's where they're going to get their the best prices, but interact with the cheaply. And so even if you have shielded Aztec assets and you're using our defy bridge to interact with it that the male element smart contract, like, units, of, you're still talking to the Unis. Swaps layer. One liquidity pool. So the E to die pairing that you're getting and the
associated price. It's still, you'll see it's still based on the global unit circle. So in order to perform a name like Performing integration with that steak. You you you need a facility did some kind of facility ability to Shield user funds using the Aztec network, but that won't be tearing affect the prices that getting from using our protocol. Okay, interesting. What about collateralization? How would collateralization work using Aztec? First cdp's to me.
Yeah, like make like like a CDP. For example, yea, it says 2 because 2 methods ready. You can have a sack kind of mentioned earlier on like a unique. CDP for you where you don't really benefit from huge gas savings, but you have a strong privacy guarantees, or you could have kind of TSE DPS. So you can kind of have a system where we all agree with a load banded other users that we want to enter into a three month term CDP.
And the LTV ratios can be kept at a certain amount and then everyone's kind of doing the same thing. So you can get really strong gas savings as well as prophecy savings from doing that. So, it depends on kind of the end-user product. We're starting to see a lot more fixed rate, kind of protocols come online in defy. So, I think that's where I think the kind of retail users will end up, is kind of on, on more Structured Products rather than
wildly slowly swinging. Pause, but that's kind of a I think your approach to we take with a transition of blends. I didn't click all like, are you imagining that the collateral is held, like can just like one big collateral pool held by the contract or imagine that there's some out like a and like my share of the pool is private but Hannibal on the role of side. Yeah, so you could have like Aztec q4e CDP and you could have different characterization ratios.
So this will be the hundred and hundred fifty percent cloud rotation ratio. We all enter on a certain date and it will be a three month term and kind of that would be one approach to doing it. And then, in that case, you get like a much better gas cost per user. Actually taking out that form of that form of debt. You could have the case where, if you're a large user and you don't mind paying kind of the L1 cache, fees yourself.
You can just have free flexibility by entering in kind of any CDP of your choosing but you wouldn't get any batching in that circumstance. You'd still get batching on the cost of privacy. So you'll go to have your transaction backed with other zero knowledge snarks that are doing different things that you would pay the full cost of the entering the CDP position. So you get kind of a bit of scaling in terms of privacy. Those are but still find, like, hold the collateral in this or sorry.
You have the loan amount being, it's private as cycle to us, but just collateral has got to be on chain since. Yep, you need liquidations, go to see it or yeah. So, in that case, it would be like, in a single user case. It would be like smart contract would end up position and that's what control be like a crate to opcode. So you have kind of a and use my contract for every kind of CDP
that. Ratings, when I was just one user kind of behind that, CDP just the source of funds that do. The initial characterization are coming from the state network, not from kind of a tainted one address. Very cool on this like, privacy idea. So I don't really see caps. There's a problem of people would go from the transparent pool into the shielded pool and then it can almost immediately go from shielded pull back to transparent.
Or in this case would be like shielded pool to, you know, salt trade the exact same balance. I would, how are you thinking of, like, mitigating like the link ability their of exact amounts? You know, it's like, he's a full amount, you know, it's a big problem in a synod positivism. Location issue in part of it, as ux and design issue because what because the discrepancies tank is still relatively new.
I think a lot of users don't fully understand how it works and that you'd be effectively your by when you Shield your tokens your, the active that of deposit against the Shield, it was public. So they can see for example, that, you know, Dave puts anything to Aztec and but, and then. And so, if you then immediately, withdraw, its very easy, what's happened? You know, you see, you see, there's the positive. Teni interesting. And then in the next block it
was just any traffic tickets. I mean, yeah, it's kind of obvious. But what you really need to do is deposit your value into Aztec. Wait a little bit and then withdraw to a different address. Your is the one you originally deposited from because let's say, because we try to encourage through our through our ux UI people to deposit and relatively fixed amounts like once anyth.
So the way we would ideally work, like if you're if you're for an educated, Is you deposit anything to ask Tech, you know, you wait a few hours and then to a different dress, you withdraw
the 20th nest egg. And that's how youth could have come from anybody who like, you know, from from now to the dawn of the process, start start the protocol deposited teeth into a state called or acquire teeth within the asset Network somehow perhaps 255. But most of it I think it's just making sure in the in the in the user interface that the user is
informed of what they're doing. And so that if they're if they do this this fluid humidity deposit withdraw in the UI goes, you know, hey you sure you want to do this and Joe, I think you can you can expand on that a bit. Yeah, there's a few cases but we're kind of touting this idea
of privacy school. So kind of just really helping to inform the user of how private a transaction are about to do is an exact was saying that can be anything from a your your unshielded to the same address you deposited from. That's that's not private. And or there's a high link ability risk there or things. Like if you're kind of and shielding to a very large significant number of decimal places, and then there's also So kind of can add to the link
ability of those transactions. The great thing about the kind of the default bridge and it doesn't fix all of these things, but it's the first step in the road is the Privacy kind of starts to become by default not opt in. And I think they're that the issue was some like other privacy systems. Is that when you have to choose between privacy and not having it traditionally, the user experience has always been worse or always been more expensive.
So it's always been the incentives is to get out of the Privacy shield and What we're trying to do with the next couple of versions of Aztec is change that flip it on its head. So that users should be comfortable keeping their funds in the Aztec Network. And then those kind of opportunities for a privacy breach should become a bit more reduced, but you still have to kind of be a bit careful when you're interacting with the depot bridge.
If you kind of deposit, I don't know, 90% of one token to the Aztec Network and then there's a defect which trade for 90% of that that token. You can kind of start to. Pick figure out what's happening, but where the defect, which I think comes into his own as if you have kind of smaller trades that have drip fed into the market over time. If that trade, is kind of pretty homogeneous compared to, like the normal size of a transaction on the network for that asset
pair. You have great privacy, and and that's what the you. I will kind of enforce and try to guide the user around, where the Privacy School. Post, very cool. So you're like, detecting these cases, where you think it's easy to I can link back and then giving a warning, right? Then saying look this transaction is likely linkable. Maybe you want to break it up or wait some more time. Yes, that's the idea. And I think, like, on day one. It may be kind of just like on
this possible indicators. It's kind of like strong weak or kind of extra strong, but we're working on kind of the metrics to put into it right now, but I think that's because the easiest way that to identify the user of a potential issue because a lot
of this is just user experience. It's you haven't had to think about this in a web to world because you have kind of privacy from everyone except your service provider, but in a web three World, there are kind of these different cases where you do need to kind of be notified and users have to kind of accept different norms. And I think it's on that some applications to start to think of better user experiences to notify what data is public and As you can see what.
And this is just one thing. We're trying very cool. And I guess there's also sort of thing where the amount of warnings you get really goes down over time as more assets or more historical records. Are there to be selecting from definitely. Yeah. Yeah. As the kind of privacy set grows. You should see that's a mess warnings. And yet the, the kind of network effect around previously announced a network or stronger and I think also the amount of times you want to kind of leave.
The Aztec network will also Kind of shrink. So you should kind of have less of these these opportunities to accidentally break a privacy think we can we can talk a bit more about like how we get past kind of defy and and the longer term goal and that would kind of explain a bit more about kind of how Noir fits into all of this and how long term we think a lot of lot more applications will happen within the network. So they'll be less and less chances for those privacy
breaches. Yeah, sure. I guess John talked about how you're imagining nor and more privacy or more applications on the private side. Yeah, so this is this. This kind of default bursting were building is is merely the stepping stone to our of kind of a grander aspirations. And it's an architecture that we're calling is like the working title. Is that step 3. Well right now with will be released in March, you can Shield cryptocurrencies.
You can still run privately in the Universal way, which is, it's useful, but it's doesn't really tap into the massive ecosystem of innovation. That's happening in the blockchain space, which is where The defect which comes in but even that only provides it provides.
Good access to publicly one protocols, but where we think privacy really starts to shine is that it opens up a whole new category of interactions that just can't exist today on a blockchain because of the, because so many so many applications in for example, like traditional Finance or payments, or like the kind of use cases. I like it. Everyday individuals, desire, require. Strong user privacy guarantees.
And so what we want to do is effectively, recreate the etherium, smart contract ecosystem inside Aztec, but where privacy is preserved, so that to give developers Engineers users, the ability to write their own smart contracts that have privacy baked into the core so that you can just sooo, not just so you can. It's not just that you can have a private token, but you can decide how it's transferred who can own at how to meant it. However, subtle.
It. Because what this really enables, what was what really excites us is that this is the first time that you can meaningfully put your identity on shame and Link it to your crypto currency accounts. Without splashing your personal information all over the Internet. It means that you can condition you prove Parts about yourself without revealing at to anybody
else in the wider world. For example, you know, you can have you know, an identity token that you that you can have some some Cryptocurrency that's condition but holding its conditional having one of these identities, infants, or if it's more like more, it also opens up like more other Innovative spaces, like for example, private entities where you can have some data fields that are private, but you can like prove Parts about your private entity to other people under certain
conditions. You can have it opens up a whole Innovative tranche of blockchain based games where you can. Eating for you can actually have information asymmetry.
So, you know, the players of the game, actually, you can not know things about their about their counterparts which isn't really the case with with a fully transparent setting, but all of these things require programmability requires the community to decide how they best want privacy to be used in their applications and to be, and to have the tools and ability to program it themselves. And that's where you on a 6-3 comes in, nor is our highly
efficient. See, it's not very Language spearheaded by by us, but by I kept quite a bit about them and it's, it's a rust based on text language that compiles directly to a highly optimized clock seconds. And we're planning on using that in that in, in a, in a, in a kind of the next iteration of our protocol design where instead of our kind of zeeky zeeky roll-up, verifying the same transaction, type over and over again. There's this dislike private transaction.
It's private owners of Brothers directions. Instead what the role of verifies is a zero, knowledge proof. That's Work has come from a, from a one of these circuits that's been written into our and upload it into our Network by anybody. Basically, it's the Gnostic Eastern technology, which allows us to create a fully permissionless, private programmable. Cryptocurrency Network. And that's, yeah, that's pretty much once once, where once we
put out the defy pitch. That's where that's where we're heading with all our energy and attention and resources. Well, very cool. But I'm packing this is that there's a bunch of grown-ups. They're soaked for the
programmability ideas. Like I want to be able to put my, its kind of, is it like the sexy model where I guess, you know, a couple of things try to do that where you have a public or you have like a program on chain or on the Ambassador chain that users can interact with and sort of a private manner, where this, the contract can maintain both a public State and private State and you every interactions updates both of these. Yes, exactly. But where were things?
Things differ is the fact that we've been very much trying to structure this architecture to look a lot more like a systems platform. That would be more very familiar to software Engineers. So it begs it's a kind of eight familiar, blotching Concepts. Like you have a video questions actually, have a concept of a call stack of contract. I can call the contract, you can have one contract with multiple functions and You can kind of have a reasonably, like somewhat
arbitrarily transaction depth. So you can have, you know, contract past people, call. It conscious call each other countries called by the contracts over and over and over again, you don't have the some of the restrictions that other systems have, like, sexy, because of the well, their restrictions come down to the fact that the the protocol was designed for this kind of limited recursion technology that was available at the time and think things have moved
along a bit like a little bit. Like there's been a lot of Development on these like Don cycles of elliptic curves with this Halo recording system with the stuff and a 16, which means you can get this kind of arbitrary deaf recursion, where where you can have, you know, zika, Forest aggregate, verifies, you give your surroundings. You can press all the way down and this enables.
Yeah, it enables your, you will see, case knock circuit to encode an algorithm, which starts to look a lot like VM base cryptocurrency protocol, where you don't have to like learn new and like kind of a diff. Oblique different types of transaction, semantics. In order to program it. Oh cool. So it's like starting to look more like basically Reef where it's solving, the old problem of, really only impact.
One contractor, like small set in one transaction because we're limited proving tech for some curves, but now, it seemed like, with the aspect, Unbound, recursion in this is like fixed you can. Now, in theory, I'm gonna throw my hands. Okay, we've not built yet. So that the, the mission for our company is putting this in practice over the next 12 months. Poor I guess a question. Maybe this is a bit technical for folks. But like, how does the proving
work here? We're essentially you're having a this will give us like large something on multiple transactions. Interacting the same contract per block, but they all affect state. Do you have some like out off chain? Aggregator like bundle these together and make one proof or is are some parts that are like available to the block or opposer for them to do the proofs to get many transactions to 1. On track for vlog.
Now, it's a good question because you do run into some some circle decreased conditioners. When you're dealing with these kind of off chain aggregation Services, particularly, with the private, with, when protecting privacy, where if you have multiple individuals, who wants to talk to the same contract, then they're kind of that.
They want to update their Factory, modifying the steam database and you can kind of get into problems with in a lot of people kind of it's bit like lost people wrestler over the same, the over a single piece of cake and And I will just kick out a mistake. I don't know. That's a great way of describing a race condition. But there's a fairly simple straightforward way of solving that which is basically to have this aggregated, be the entity
performing State updates. So that when individual centers actress Tara Gator, they they request State updates to be made on their behalf. And if they're private, that they'll be encrypted at the public. They won't be but it's actually the the aggregator he's doing them at during the mechanical process. Of putting these variables inside eight inside a database modifying, this database values. So yeah, I think I think at this point it's a relatively soft problem.
Okay, so suddenly privacy leak, in that era Gator already access, the private database sort of like a private state. So that's like there's no new information are getting exactly that. I mean, if they agree that you'll basically when you create your privacy proof, that that proof will spit out a bunch of variables, but they're all
encrypted and those variables. Not in the database, but the the abrogation doesn't have like doesn't know anything about those those variables to them if they just look like random numbers. So if they don't need to know these random the actual data entries to handle State conflicts. Well, the idea is basically you don't you don't have a steak conflict. So well, this may be getting into the weeds but dealing with private State and public States, they need to be treated
differently. So, with private, the way that the way, one handles private State modifications is Are you? Well using this kind of this Bitcoin? So I'm spent transactional check. The idea is instead of having an act like a like an accounts where you, you have a like something like a balance, which you can modify over time you instead have these notes, that you cannot be created or destroyed.
And so the base. So this makes the the state model quite simple because the note can either exists or doesn't exist. It can't change value. And so, if you want to perform a state update for if there's a Is easier to get some privacy variables. Then you basically you basically you want to create a bunch of these you to Excellence and you want and you want to delete a bunch of existing utx sentence. And so, basically, you go down.
If you get a, hey I want to make these you txo notes and I want to delete this. These other like you take Senate but the key thing here is that they're all encrypted the, the notes you'll be in created an encrypted and then it's, you're destroying. They are, they're encrypted to, but they're encrypted, but that this is really going to use the reason I think maybe it is, I'm going to struggle to explain this properly in the time you have available.
But the basic idea is when you want to destroy a note in Aztec. The way we might be recorded as being destroyed uses, a different encryption algorithms the way that we recorded a being created. So basically the Mark and I are in our kind of Ledger, which says I noticed be destroyed is a different gription algorithm to the mahkum ayat, which says a note has been created. So you can't ever link it like a destroy notification to accrete its application.
Oh cool. So it's like you're making everyone has to you to EXO's these private contracts defined like literally predicates to eat EXO's, but then when you do a transaction the new utensils to get created, but you break the linkage like intra batch between inputs and outputs. Yeah, exactly. I mean it's a very it is extremely submissive. So to how easy catch handle this. I think they were there very much kind of Trail Blazers on this with as regards.
Cool, so, okay. So then like nor spin into this, by making this like DSL for folks, to be able to write these contracts that aren't in this cute Excel model, compiled programs. Exactly. So no I was going to have quite a lot of layers to it because like the first the first thing that 9 is to solve is that these programs that people are creating you to be turned into extremely efficient journalist proofs because one of the main problems with xenos cryptography is constructing.
His proofs is generally quite. So as I said, it's like early Factor hundred K to a million times slower than running a computation. Now, one of the ways that this is can be sold is by delegating. Roof construction to third parties. So a lot of scaling solutions that don't that aren't private take this approach because it's a bit of a no-brainer, you know, it's hard. Copy is usually will just send it off to. So, you know, hundred thirty-two kws machines and it'll, you'll
get it done in a few seconds. But because we'd had we're dealing with private transactions. You can't Delegate pre-construction for third party because then you're leaking information and secrets to that third party. So in so effectively all of these programs that have been created and while they're all took been tend to 0 as proofs, that will accrue construction is happening. Be Directly by the user. You know, I people with old laptops crummy phones.
And so you're very constrained in how much horsepower you have available, which is why you need to be efficient, which is why we developed a ton of like advance of the with our printing systems and then, so not. But then you've also got to make this thing easier to program, which means you've got it, have the abstract kind of smart contracts, semantics State, modifications semantics, you know, and all of that Associated paraphernalia. That's easy to understand to the
user. And so there are two like, to be crisp and that is still very much a work in progress. I'm not going to, I'm not going to be arrogant enough to see, we've solved that problem yet. But but I have every confidence that we will let me know. I think, the first step is, is abstract in their cryptography from from the developer, and then the second step is kind of baking and more functionality, and that's where the kind of the bit were working on.
But at the moment, you can kind of used more to just kind of write a snark. But it doesn't really fit in with the rest of the kind of Aztec roll up ecosystem. So that's kind of the next focus of the company. Post, Devo Bridges to build that, that part of things that they're the actual language kind of early syntax is written, and we're actively getting feedback on it right now. As kind of a new way to write snack or prompt circuits.
How important is is that all this to I mean it's sort of broader adoption of zero knowledge Technologies, you know, in and outside of crypto. I guess like privacy-preserving Technologies. Like I think if you take the average web developer like or even iPhone developer or whatever. Oh, I think a lot of these developers have very little understanding of how the zero knowledge Technologies work and how did Implement them?
And so how important you think this this work is to Broadening the scope of use cases for, for zero-knowledge deck. May, I think it's foundational? I mean, we just just have to be asked us to look at why if they're in became so successful. It was because anyone could write a smart contract, you know, you have this incredibly powerful technology.
This just just just do it a letter that has suddenly stopped becoming, it wasn't this kind of this, this, this incredibly difficult concept to wrap your head around it, difficult to, to interact with. But instead went it went from that to going like, you know, his how you make a cryptocurrency token, in three lines of solidity code or have it. However many watts. And it was very easy to access and I think it's absolutely essential to propagate zero knowledge proof Sanders.
Kind of good trick photography to a wider audience. You gotta you gotta explain it in terms that people understand that are familiar to them and you got to extract the cryptography away. As you said people, most people are probably quite ready, like incredibly intimidated by this comment ography. And, you know, there's the very comment on that, as, you know, General different group to control your own crypto, it'll end badly, and I see it as a photographer. So creating an Action layer,
which presents very complicated. Drip systems as easy as some programming languages with clearly understandable. Semantics where the where, you know that whatever you produce the cryptography behind, it will be sound. And secure is absolutely essential for the, for the Westfield adoption of this technology. And what are the risks here? Because I, you know, we've seen in in crypto that, you know, the bugs can be catastrophic.
We've also seen so the cascading effects of, you know, layers upon layers of dependencies, you know, breaking large-scale applications on the web like recently with like all this npm kind of stuff that stuff happened around there. If for a developer, I'm speaking mostly like developers outside of crypto, but even the people coming into crypto and who are like some background of development.
How do we ensure that? They use cryptography responsibly, and that they're using the write that using libraries, that are vetted and audited? And even if there are developing at a higher level of abstraction, but that, you know, someone doesn't use like a cryptography library and like to build. I don't know, some kind of messaging app. Example and exposes everyone's messages or like something
catastrophic like this, right? Like what's the, what's the right balance of like expertise to General availability or that? We're looking for here? It's a good question. And I'm not sure it's one without with that particular easy answer. Because like the risks are real and not going to try and trivialize what we're doing. I mean, the complexity, the amount of complexity involved in these Advanced cryptosystems is absolutely astronomical.
And then if you add on the, the complexity of a very complicated systems level architecture that someone's building using tools that have been developed to turn it into a creek into it, like, into a journalist proof. Then there are certainly risks there, but I think that It's going to be an evolving process. You know, I do think that it's obviously there are set there are some basic things you can do right now.
I mean, like you can make sure that at every layer your technology stack has been fully audited and that, you know, it's been written by the people who are the experts in their fields, you know, like we're very lucky as to have our elbows on his like, you know, to be able to like tables and but to help us with like internal audits, which to be honest before we released at our primary objective, reveal, several security.
Issues that we've done the resolved because this is complicated beating a stuff and it's very, very, very easy to get it wrong. So I do think that there's going to have to be about a bit over a period of time.
Where once these kind of these Advanced abstraction layers, is these programming languages start to become easy to use easy to use and will widespread that they will need to be approached with caution because I think like we see with the adoption of cerium, sometimes the only the only cure is time but like a lot
of like I don't think I'm being. Unfair, when I say that like the solutely smoke entrepreneur in which is widely considered to be, you know, somewhat insecure like it's not, if you were to do that, if you're going to rewrite a three more layering of them scratch, you would design Selena very different way to make it a lot more secrets program, but obviously back in 2015, you know that the government was doing this for the first time, you
know, so it's so nobody was aware of the issues that would result but that being said today in 2021. I would argue that if you're going to write a smart contract, so that is the best language to a certain because it's been battle tested and he's barbecues exports is problems that have been, you know, found out unfortunately sometimes through through, through hacks and attacks, but it means that you have this, this large kind of ethology of security practices
and principles of drawn. Now, we don't have those for fers, you can start creating languages because they're completely new in their infancy and that book will have to be written. And there's a question about like how many how much of that book is going to have to be written is going to be written ahead of time through thoughtful
and careful, too. My hand is up assistance the built and how much of that book is going to be written effectively in cash from people, losing money through hacks and exploits. And yeah, it's something that's
very much one on mind. But I think the only thing you could do is what everything develop things Star Eddie may be very, very considerate about the technique about the what changes you're making to your cryptographic architecture and you're getting the best people, the industry to work on it, you know, sometimes even auditing isn't good enough or it's questionable a because for example People like with the kind of cryptography but developing, you know, like cute,
who can who can audit Advanced Auto plant site. Because I mean like, you know, I can count the number of people. I trusted you that on the fingers of both my hands and they're all busy with their own projects. So, you know, I think it's I think it's one of the point of this issue sets that can only be solved with time and attention.
I got one thing as well. It's about the, the amount of the protocol for kind of it. If you take the iPhone, developer example, like how much of what they're building needs to be in Noir and requires those kind of fundamental principle guarantees. Like how much of it is can be written a letter, one, kind of sin, in terms of like, this person is allowed to see and it's about assembling that kind
of stack of that. I guess different kind of languages and different pieces of technology to get the The end product that the users need, I think trying to do that all in kind of modern-day one would probably lead to a lot of catastrophic bugs, but doing bits of it in water, to give the Privacy, that's required bit, slow to see, bits of it, don't
need to be on chain. And I think there's a lot of kind of learnings in the space generally from 2017, where people were planning on putting social networks on chain and all these things that were meant to be built on a blockchain that don't need to live there. So I think it's about kind of careful design of What needs to live where, and in the stock and that will kind of evolved over time and more things will be in
the private end. That's kind of all that but it's about making sure the right things are in the right place to kind of do damage, limitation in case something does go wrong. Oh, cool, like trying to mitigate the foot guns a year where like, you know, but little make it harder to make an accident that the, I guess. Such a question of this about that appears long like the snark dsls. Is that? How much do you expose like snark optimizations? Like in the language?
Like, do you expect just want the big ones like non-determinism or like if I know the answer to? And if statement dude, I just have how can I use that? Sort of computing. The answer or but I guess in your case. It's actually a lot. More like with all the turbo clunk and lookup table work.
So it's a general approach that you want to hide this complexity, or you want to like, give it as available to like, Advanced Developers. The first step is to hide it away because it produces a simpler language. We can then move now to the next phase, which is to gradually exposed the some of the inner workings to to Advanced developers who want to play around with it.
The first that we currently taking is in-house, we're writing for the common algorithms that people use marks for so, you know, things like binary arithmetic, Insurance mistake, you know, hashing algorithms that have to cover with my tech digital signatures that kind of thing. We're writing our own highly. Optimized gadgets that use the latest trunk and lookup table techniques that have a very, very small number of constraints.
And then those are getting exposed in the language as primitive of like like primitive up kids. So, you know like in why you can you can do a shot of a succession of another string and that shot. If x is called will go be plugged directly into our optimized widget. And so that's that's kind of how we abstract away the complexity. But by giving people these common building blocks that are already got pre-optimized.
And the idea is then that the all of the Plex heavy lifting is done by they optimize widgets and what's actually programmed into our is more is closely for you logic. That ties these components together. Oh, cool. That make sense. Then like yeah, hiding is complexity by you building. The expensive components of people are tempted to rewrite themselves. Exactly.
Yeah, we saw it a lot. I mean, a lot of projects, kind of put have their own, hash implementations, and kind of itself wondering the same work and having a reference implementation. I think longer term is definitely the the right approach here, but it needs to be open source and needs to be kind of reviewed by everyone. And we're beginning to that step for it to be kind of clustered. So what's your call to action to your audience?
And where can people find you? Yeah, I think right now if you want to do private transactions head-to-head Tzatziki money and over the coming six eight weeks. We'll be upgrading UI to enable you to do all of your favorite device interactions with strong privacy guarantee. So we're looking for kind of feedback on the early version of that over the coming months and
for developers. We've also got a test that if you want with your Keen to write out your own defy Bridge contracts then head over to our Discord. Links in the description after and we can kind of provide you with some docs to help build some of these defy Bridges to make these private interactions possible. If it would be curious and I could beside, you know, had I had to, I just go ahead. So I get 1/2. Check out nor play around with it. We're always searching for more feedback.
Thanks a lot for coming on and we look forward to you. Having you guys on again, at some point in the future to dive deeper into how things are progressing. Thanks a lot. It's been a pleasure. Thank you very much for having us. It's been great and Dave. Congratulations on your first on your first interview. How did you like? It Banks was really fun. I mean aspects, one of my favorite projects. I was a very cool to learn more of the details of how they're getting private any threat.
Now. It's fun being on the side of the podcast. Yeah. Well you did an excellent job. So hopefully we will do this many more times. Thank you for joining us on this week's episode. We release new episodes every week. You can find And subscribe to the show on iTunes Spotify, YouTube SoundCloud or wherever you listen to podcast. And if you have a Google home or Alexa device, you can tell it to listen to the latest episode of
the epicenter podcast. Go to epicenter dot TV /, subscribe for a full list of places where you can watch and listen, while you're there, be sure to sign up for the newsletter. So you get new episodes in your inbox as they're released if you want to interact with us guests or other podcast listeners, Or you can follow us on Twitter, and please leave us a review on iTunes helps people find the show, and we're always happy to read them.
But thanks so much and we look forward to being back next week.