zkReddit
Our submission to the Reddit Scaling Bake-Off
TL;DR
- ✨ Aztec has built zkReddit
- ⚡ Current submission exceeds Reddit throughput requirements by 4.6x
- 💰 Compatible with all wallets
- 🔒 Transaction & user privacy is preserved and compliant with data legislation, GDPR et al
- ⏳ Will achieve 144x throughput by next release
Who are you?
We’re Aztec — your security shield for the internet of money.
Aztec provides wallet-level privacy to ensure that in this new open, transparent world of Web3, the days of predatory data collection are consigned to history.
What have you built?
In June 2020, Reddit announced a Scaling Bake-Off, to transfer responsibility for the management of Community Points to Web3 — specifically, to Ethereum.
We’ve built a fast privacy service, so that Reddit can safely do this without leaking user data. The current submission allows you to:
- Handle 100,000 point claims, 25,000 subscriptions, 75,000 one-off points burning, 100,000 transfers every 30 hours
- Preserve transaction information and keep it private
- Preserve user information and keep it private
- Stay compliant with all data and regulation laws
- Work within the current Ethereum tools and ecosystem
Our current submission achieves 3.2 transactions/second and 27,500 gas per transaction while preserving user and transaction privacy.
Excuse me, this is a scaling competition
Yes, we know.
Privacy’s expensive — so scaling is core to our technology.
We’re using recursion of ZK proofs to build privacy at scale — and it shows in our gas costs. Today, we can already achieve almost 2x Ethereum’s gas performance with our 32-rollup.
Privacy brings with it mighty barriers — private transactions are usually very expensive.
Our February 2021 release will exceed 100tps, privately on Ethereum mainnet, further reducing verifier costs to 10,000 Gas
You’re forgiven — show us how it works
1. zkReddit architecture
The design in a nutshell:
Our prover technology is built on Barretenberg, Aztec’s custom ECC library This codebase gives us a hyper-optimised WASM build for in-browser proof construction, and a native binary for rollup proofs.
All elliptic curve operations live within the BN-254 curve.
As demand increases, we add more and more layers of rollup, going from 2-rollups to 1,024-rollups — each time we multiply by 2, we add around 10s to the prover time.
2. Cost Estimates
So, here they are — the costs of transacting privately on Aztec:
3. Can I Get a Demo?
You can get started with zkReddit if you have a MetaMask account — then go straight to https://reddit.aztecprotocol.com/ and log in — give yourself a username and start sending CryptoChillies privately.
We’ve built three main flows:
- claiming
- sending to friends
- spends for flairs / other swag
Importantly, while users retain full custody over their tokens, all of their actions are fully private. Reddit will obviously still know the amount which was initially earned by the user (and therefore total supply) — after all, the grant is handled off-chain.
However, no third party will be able to read this data from Ethereum.
4. Trade-Offs
- Latency (our 32-rollup takes 3 minutes to settle)
- Client prover times at 12–40s (time for user to compute private transaction), due to naïve circuit construction — Plookup will help us bring this down
Reddit, your lawyers will like us
- On Web3, your users’ entire financial histories, including earning and sending Reddit tokens, are linked and visible in perpetuity on Ethereum
- In the United States, state privacy laws are tightening
- And if you’re a blockchain business anywhere in the world with European users — GDPR applies to you — ‘privacy by design’ is your responsibility
- And remember the Right to Erasure — on immutable public blockchains, most dApps forfeit that right on behalf of their users
Us & our cryptography
Fundamental to any privacy service is its cryptography.
Ethereum fans will know us as the creators of PLONK, the latest standard in superfast universal SNARKs.
PLONK has been widely adopted as a major standard bringing privacy and scaling to Ethereum. We’re thrilled that Dusk Network, Matter Labs, and Mir Protocol are already integrating PLONK, and we look forward to welcoming more companies to our ecosystem in 2020.
Want to join the discussion? Pull up a chair at the PLONK Café.
Which wizards built this?
The Aztec team behind this is as follows:
- Ariel Gabizon, Chief Scientist — authored PLONK and Plookup. Howler-finder-in-chief, he catches everything from security flaws in Zcash to subtle grammatical errors in in Aztec’s company literature
- Charlie Lye, Principal Engineer — produced our highly optimised WASM build, built our rollup server, and made everything work together — and he spun up that globe in our 2019 Ignition Ceremony
- Joe Andrews, Chief Product Officer — master-juggler, led design of everything the user and engineer touches — notably the Aztec 1.0 SDK, the Aztec 2.0 Wallet SDK, and zk.money
- Leila Wang, Senior Engineer — made “moon math” user friendly. Built the front-end and zk.money, extended the rollup server for zkReddit. Veteran of the all-nighter. Coined r/CryptoChilli™
- Tom Waite, Engineer — wrote the smart contracts powering zkReddit, and made claiming chillies scalable with a custom PLONK proof. Built our continuous integration pipeline. Aztec’s nocturnal debugger
- Zac Williamson, CTO — built and designed Barretenberg, built and designed the Aztec Cryptography Engine (ACE), and co-authored PLONK
Actually, they mostly worked on most things.
Thanks are due to Arnaud Schenk, who meticulously led sprint-planning and built the mightiest Gantt charts.
Join the Team
We’re on the lookout for talented engineers and applied cryptographers. If joining our mission to bring scalable privacy to Ethereum excites you — get in touch with us at hello@aztecprotocol.com.