Aztec: From Requirement Calculator to Practical Implementation of Programmable Privacy on Ethereum

Ethereum as the “world computer” established secure, trustless value settlement, but its radical transparency became an obstacle to mass adoption. Every user transaction, capital flow, or social relationship remains visible in an immutable, eternal digital panopticon. However, 2025 marked a turning point: Vitalik Buterin clearly stated that “privacy is not a feature, but a foundation of security.” Just as the internet transitioned from unencrypted HTTP to encrypted HTTPS, Web3 is at a similar critical juncture. Aztec Network, supported by approximately $119 million in funding, through the Ignition Chain ecosystem and the Noir language, is realizing the vision of “programmable privacy”—an infrastructure that not only protects data but also enables verification of its validity without revealing content.

Three-layer defense: from standards to hardware

The concept of privacy in Ethereum has evolved from single mixing protocols to “holistic privacy” encompassing network, hardware, and application layers. This paradigm shift dominated discussions at Devconnect 2025.

Standardization at the wallet level: Kohaku and stealth addresses

Kohaku, developed by the Ethereum Foundation’s Privacy & Scaling Explorations (PSE) team, represents a move from “experimental add-ons” to “standardized infrastructure.” It’s not just an SDK—it’s a fundamental rearchitecture of account systems.

The “stealth meta-address” mechanism in Kohaku allows recipients to reveal only a single static public key, while senders generate a unique, one-time on-chain address for each transaction. To network observers, transactions appear as if sent to random destinations, preventing linkage to real identities. Kohaku elevates privacy capabilities from add-ons to standardized wallet infrastructure, creating reusable integration components around stealth address mechanisms.

Quantum-resistant security: ZKnox as the last line of defense

If Kohaku protects the software layer, ZKnox—a project funded by the Ethereum Foundation—focuses on deep key security and future threats. As zero-knowledge applications proliferate, more sensitive data (potentially containing key materials or identity info) must participate in client-side proof processes, increasing the risk of leaks if devices are compromised.

ZKnox aims to make quantum-resistant cryptography “useful and affordable” on Ethereum—e.g., by promoting precompilations that reduce lattice computation costs. Facing the threat that quantum computers could pose to elliptic curve cryptography in the 2030s, the project prepares for migration to post-quantum signature schemes (PQ). The EIP-7885 proposal adds an NTT precompile to lower lattice verification costs (including Falcon) on-chain.

Aztec architecture: defining the “private world computer”

Aztec occupies a unique niche in the evolution of blockchain privacy. Unlike pseudonymous mechanisms from the Bitcoin era or single “transaction privacy” offered by Zcash or Tornado Cash, Aztec aims for Turing-complete “programmable privacy.”

The Aztec team includes co-creators of the zero-knowledge proof system PLONK, giving the project deep cryptographic expertise. Its main challenge was building a platform for private smart contracts, especially managing state—a problem Aztec addressed with a hybrid state model.

Hybrid state model: breaking the trilemma

Traditional blockchains have either fully public state (Ethereum) or fully private (Zcash). Aztec introduced an innovative hybrid model:

At the private layer, Aztec uses a UTXO-like model similar to Bitcoin, storing assets and user data as encrypted “notes.” These notes generate corresponding nullifiers that signal “spent/expired,” preventing double-spending and preserving privacy of content and ownership relations.

At the public layer, Aztec maintains a publicly verifiable state, updated via public functions in the network’s execution environment. This architecture allows developers to define both private and public functions within a single smart contract. A decentralized voting app, for example, can publicly reveal the “total votes” as a global state but keep “who voted” and “how” secret.

Dual execution model: collaboration between layers

Execution in Aztec is split between the client layer and the network. Private functions run locally in the PXE (private execution environment) of the user, generating proofs and commitments related to private state. State transformations to public data are performed by a sequencer, which generates validity proofs verifiable on Ethereum.

All private data operations occur locally within the user’s PXE—private keys and data never leave the device. PXE runs circuits and generates zero-knowledge proofs locally.

On the network side, the sequencer verifies the private proof during block packing, re-executes part of the public state in the AVM (Aztec Virtual Machine), and the logic of public contracts is incorporated into the final validity proof. This separation—“private inputs on the client side, public state transformations for verification”—compresses the privacy-verifiability trade-off.

Portals: cross-layer communication without compromise

Aztec does not treat Ethereum as just a “background execution engine,” but builds an L1↔L2 communication abstraction via Portals. Private execution requires prior “preparation and proof” on the client side, and state modifications must be performed by the sequencer.

Cross-domain calls in Aztec are designed as a unidirectional, asynchronous message passing model. L2 contracts can initiate intent to call L1 (or vice versa), and messages become consumable in subsequent blocks via rollup mechanisms. Applications must explicitly handle errors and rollbacks. The rollup contract maintains the state root, verifies transformation proofs, and manages message queues, enabling interaction with Ethereum while respecting privacy constraints.

Noir: democratizing zero-knowledge development

If Ignition Chain is Aztec’s body, then Noir is its soul. For a long time, zero-knowledge application development was limited by the “two-brain problem”: developers had to be both experienced cryptographers and skilled engineers, manually translating business logic into low-level circuits.

Abstraction and backend independence

Noir was created to end this “Tower of Babel.” As an open-source domain-specific language (DSL), Noir uses a modern Rust-like syntax, supporting loops, structures, and advanced features. According to Electric Capital, coding complex logic in Noir requires only about one-tenth of the lines compared to traditional circuit languages (e.g., Halo2 or Circom).

The Payy privacy payment network, after migrating to Noir, reduced its main codebase from several thousand lines to around 250. More importantly, Noir’s “backend independence” allows code compiled into an intermediate representation (ACIR), which can connect to any proof system supporting that standard. In Aztec’s stack, Noir defaults to Barretenberg, but outside the chain, it can be converted to Groth16 and other backends.

Exponentially growing ecosystem

Data confirms the success of the Noir strategy. In Electric Capital’s annual report, the Aztec/Noir ecosystem ranked among the top five fastest-growing developer ecosystems for two consecutive years. Currently, over 600 projects on GitHub are built with Noir, including authentication (zkEmail), games, and comprehensive DeFi protocols. Aztec, hosting the global NoirCon conference, not only consolidates its technological edge but also fosters an active ecosystem of native privacy applications.

Ignition Chain: decentralization from the start

In November 2025, Aztec launched Ignition Chain on the Ethereum mainnet. Since then, the network has gradually opened additional functionalities, and by early 2026, full transaction and contract execution capabilities were live. This is not only a technological milestone but a radical fulfillment of the Layer 2 decentralization promise.

Challenge of sequencer centralization

Most current Layer 2 solutions (Optimism, Arbitrum) initially relied on centralized sequencers. Aztec chose a different path: Ignition Chain has operated from inception within a decentralized validator committee architecture. The network launched its genesis block after reaching 500 validators, and soon attracted over 600 validators participating in block production and finalization.

This is not unnecessary effort but a necessity for privacy network survival. If the sequencer is centralized, authorities could censor certain private transactions, rendering the network useless. A decentralized setup removes single points of censorship and greatly enhances resistance to censorship.

Performance optimization

While decentralization enhances security, it poses performance challenges. Aztec has gradually reduced block times from initially 36–72 seconds toward a target of 3–4 seconds (planned for late 2026), aiming to approach Ethereum’s user experience.

zkPassport: integrating identity and privacy

Technology itself is cold until applied to solve real problems. zkPassport is an identity/compliance tool in the Noir ecosystem; Aztec uses its circuits to check sanction lists, offering “minimal disclosure” in compliance proofs.

From data collection to fact verification

Traditional KYC processes require users to upload passport photos to centralized servers, which is cumbersome and risky for data. zkPassport reverses this logic: it uses NFC chips and digital signatures in modern e-passports, enabling local reading and verification of identity data via phone contact with the passport.

The Noir circuit generates a zero-knowledge proof locally. Users can prove they are “over 18,” “their citizenship is on an approved list,” or “not on a sanctions list”—without revealing full birth date or passport number. This not only protects privacy but also requires regular verification of conditions, indirectly introducing a validity timer—indicating whether the proof remains current.

From single verification to Sybil-resistant systems

zkPassport provides “Sybil resistance” for DAO governance and airdrop distribution, ensuring “one person, one vote” without tracking identities. Verifiable, minimally disclosed compliance signals can reduce regulatory friction for on-chain financial institutions. Institutions can prove compliance via zkPassport, participating in finance without revealing trading strategies or asset sizes.