This article is the second in a series introducing zero knowledge primitives and Aleo’s solution to private, programmable applications. Read the introduction to ZK primitives.
Recently, we introduced ZK primitives, the fundamental components of a programmable zero knowledge application. We defined these primitives to be shielded transactions and shielded identities. In this post, we’ll explore the environment where these primitives interact in Aleo, which we refer to as zkCloud.
zkCloud is an off-chain, trustless computing environment, where programs are executed privately, securely, and cheaply, and with unlimited runtime.
With these features, zkCloud solves one of the most challenging problems facing blockchains to date: The Privacy Dilemma.
Solving “The Privacy Dilemma.”
An ongoing challenge for blockchain protocols has been the tradeoff between privacy and programmability. Most projects that have come to market so far fall along two axes as follows:
Most blockchains either prioritize programmability at the expense of privacy, or the other way around. So far, no project has been able to offer both, which is why the top-right quadrant is empty. Aleo is filling that need for programmable privacy through what we call zkCloud.
How zkCloud works.
In a typical public blockchain, program execution happens on-chain in a global “virtual machine” (VM) run by every network node. This means that each node in the network must re-compute (and collectively agree on) each step of a given program. Not only is this inefficient, it reduces speed and increases costs for the end-user. And because this VM must have access to the relevant information, options for privacy are limited.
Through zkCloud, Aleo overcomes these limitations by separating the application runtime from the state maintained by the blockchain. Combined with the power of zero knowledge proofs, this allows Aleo to enable full programmability and privacy, as well as high transaction throughput relative to the model of an on-chain VM.
zkCloud is an off-chain, trustless execution environment where individual entities, or shielded identities, interact with one another through shielded transactions.
These transactions, whether a simple P2P transfer or a complex financial application, hide the details of the interaction (i.e. the participants, the amounts, the smart contracts, etc.) via a recursive series of zero-knowledge proofs (described in Zexe). The outer proof is the final result of this process, and the only “evidence” that a transaction (or series of transactions, as in a complex application) ever took place in zkCloud.
Shielded transactions link zkCloud to the Aleo blockchain. They consume and create records on-chain to modify/update the state of a given application or program. Nodes (and other users) verify the zero-knowledge proofs within the shielded transactions and can be convinced of their veracity without learning the precise details.
We can visualize the interaction between zkCloud and the Aleo blockchain as objects casting “shadows.”
When you see a shadow, you know that something created that shadow, but it is hard to make out details or identify precisely what it is. Similarly, even though programs run on zkCloud with varying degrees of complexity, the only thing ever visible to the nodes on the Aleo network are “shadows” cast by the shielded transactions executed within zkCloud. Because zero-knowledge proofs reveal nothing about their contents, when these nodes (or other third parties) see a shielded transaction submitted to the chain, they can tell that something is happening. But they cannot determine anything specific about that interaction unless some data is deliberately revealed.
As a consequence of separating computation from state, zkCloud provides unlimited application runtime.
Programs that run in zkCloud can take a second, a minute, a day; it doesn’t matter as long as the shielded transaction is submitted at the end of the computation. This opens up the door to a far greater variety of applications than are possible with an on-chain execution model like Ethereum, in which program runtime is limited by “gas.”
In addition, off-chain execution in zkCloud means greatly improved privacy for users interacting with applications.
Since only proofs are submitted on-chain, it becomes technically impossible for anyone to see or exploit the knowledge of any transaction details. Furthermore, transaction throughput can be significantly higher, since Aleo nodes are only verifying proofs as opposed to running programs.
Even with these additional benefits, Aleo’s approach doesn’t compromise on security because the zero knowledge proofs that are part of a shielded transaction cryptographically guarantee correct program execution. This stands in contrast to other blockchains and many layer-2 solutions, which only provide cryptoeconomic guarantees that a state transition occurred correctly. But in Aleo, a proof shows that a program either ran correctly or it didn’t run at all, removing the need for additional trust assumptions from the user or smart contract developer.
zkCloud is designed to help developers build private, scalable projects.
By separating execution from state, and submitting only the proofs to the blockchain via shielded transactions, zkCloud enables Aleo to achieve the goal of a private, programmable, performant network.
As our digital lives become increasingly important, we should demand greater control over what we reveal through our online interactions. In that light, zero knowledge cryptography represents the next digital revolution. And exposing the primitives of shielded transactions and shielded identities within zkCloud, Aleo provides building blocks needed to build these applications and upend the way we currently think about scalability and privacy for blockchains.