Aleo: Achieving Privacy and Scalability through zk-SNARKs

Aleo is a privacy-focused blockchain project that achieves greater privacy and scalability through (ZKP) zero-knowledge proof technology. The core idea of the project is to enable users to authenticate and process data without revealing personal data.

This article will introduce the project overview and latest developments of Aleo, and provide a detailed interpretation of its newly launched puzzle algorithm.

Project Summary

privacy

At its core, Aleo is zero-knowledge proof (ZKPs) technology, which allows transactions and smart contract execution to take place while maintaining privacy. The user's transaction details, such as the sender and the transaction amount, are hidden by default. This design not only protects user privacy, but also allows for selective disclosure when necessary, making it ideal for the growth of DeFi applications. Its main components include:

1. Leo compilation language: Adapted from Rust language, it is specially used to develop zero-knowledge application (ZKApps), which reduces the requirements for cryptography knowledge for developers.

2. snarkVM and snarkOS: snarkVM allows off-chain execution of computations, with only verification of the computation results on-chain, thereby improving efficiency. snarkOS ensures the security of data and computations, and allows permissionless functionality execution.

3. zkCloud: Provides a secure and private off-chain computing environment, supporting programming interactions between users, organizations, and DAOs.

Aleo also provides an integrated development environment (IDE) and a software development kit (SDK) to support developers to quickly write and publish applications. In addition, developers can deploy applications in Aleo's program registry without relying on third parties, which reduces platform risk.

scalability

Aleo adopts an off-chain processing approach, where transactions are first computed on the user's device to generate proofs, and then only the verification results are uploaded to the blockchain. This method greatly improves transaction processing speed and system scalability, avoiding network congestion and high fees similar to Ethereum.

consensus mechanism

Aleo has introduced AleoBFT, a consensus mechanism with a hybrid architecture that combines the instant finality of validators with the computational power of provers. AleoBFT not only improves the level of decentralization of the network but also enhances performance and security.

1. Fast block finality: AleoBFT ensures that each block is confirmed immediately after it is generated, improving node stability and user experience.

2. Decentralization guarantee: By separating block production from coinbase generation, validators are responsible for generating blocks, and provers perform proof calculations, preventing a few entities from monopolizing the network.

3. Incentive Mechanism: Validators and provers share block rewards; provers are encouraged to become validators by staking tokens, thereby enhancing the decentralization and computational power of the network.

Aleo allows developers to create gas-free applications, making it ideal for long-running applications such as machine learning.

Latest Developments

Aleo will be launching an incentivized testnet on July 1st, and here are some important updates:

1. ARC-100 voted to pass: ARC-100( "Compliance Best Practices for Aleo Developers and Operators" proposal, the vote on the compliance, security measures such as locking and delayed arrival of funds on the Aleo network ) has been closed and passed. The team is in the process of making final adjustments.

2. Validator Incentive Program: The program will be launched on July 1 to validate the new puzzle mechanism. The program will run until July 15, during which time 1 million Aleo points will be distributed as rewards. The percentage of points generated by a node will determine its reward share, and each validator will need to earn at least 100 tokens to receive the reward. The specific rules have not yet been finalized.

3. Initial Supply and Circulating Supply: The initial supply is 1.5 billion tokens, with an initial circulating supply of approximately 10%( yet to be finalized). These tokens mainly come from Coinbase tasks(7.5 million), which will be distributed over the first six months and include rewards for staking, running validators, and validating nodes.

4. Testnet Beta Reset: This is the last network reset, and after completion, no new features will be added. The network will be similar to the mainnet. The reset is to add ARC-41 and new puzzle features.

5. Code freeze: The code freeze was completed one week ago.

6. Validator Node Expansion Plan: The initial number of validator nodes is 15, with a target to increase to 50 within the year, and ultimately reach 500. To become a delegator requires 10,000 tokens, and to become a validator requires 10 million tokens, with these amounts gradually decreasing over time.

Interpretation of the Synthesis Puzzle Algorithm

Aleo recently updated the latest version of the puzzle algorithm. The new algorithm no longer focuses on the generation of zk proof results, removing the calculations of MSM and NTT, and emphasizes the generation of intermediate data witness before producing the proof.

! Interpretation of Aleo's latest algorithm Synthesis Puzzle: Leading the Web3 Privacy Revolution

Consensus process

On the consensus protocol level, in the process, the prover and validator are responsible for generating the computation result solution and producing blocks while aggregating and packaging the solution, respectively. The process is as follows:

1. Prover computes the puzzle, constructs solutions, and broadcasts them to the network.

2. Validator aggregates transactions and solutions for the next new block, ensuring the number of solutions does not exceed the consensus limit (MAX_SOLUTIONS).

3. The legitimacy of the solution needs to verify that its epoch_hash conforms to the latest_epoch_hash maintained by the validator, and the calculated proof_target conforms to the latest_proof_target maintained by the valiator in the network, and the number of solutions contained in the block is less than the consensus limit

4. A valid solution can earn consensus rewards.

Synthesis Puzzle in detail

The latest algorithm core is called Synthesis Puzzle, which focuses on generating a common EpochProgram fixed for each epoch. By constructing R1CS proof circuits for the input and the EpochProgram, it generates the corresponding R1CS assignment (, namely witness ), and uses it as a leaf node of the Merkle tree. After calculating all leaf nodes, it generates the Merkle root and converts it into the proof_target of the solution. The detailed process and specifications for constructing the Synthesis Puzzle are as follows:

1. Each puzzle calculation is called a nonce, which is built by the address that receives the mining reward, the epoch_hash and a random number counter, and a new nonce can be obtained by updating the counter every time a new solution needs to be calculated

2. In each epoch, the EpochProgram that all provers in the network need to calculate is the same, and the random number generated by the current epoch_hash is sampled from the instruction set, and the sampling logic is:

   • The instruction set is fixed, and each instruction (instruction) contains one or more computational operations, and each instruction has a preset weight and operation count
   • A random number is generated based on the current epoch_hash during sampling, and instructions are obtained from the instruction set in conjunction with weights based on that random number and arranged in order, stopping the sampling after accumulating the operation count to 97.
   • Combine all instructions into EpochProgram

3. Use nonce as a random seed to generate the input for EpochProgram

4. Aggregate the R1CS and input corresponding to the EpochProgram, and perform the witness( R1CS assignment) calculation.

5. Once all witnesses have been calculated, they will be converted into a sequence of leaf nodes corresponding to the merkle tree, which is an 8-element K-ary Merkle tree with a depth of 8

6. Calculate the merkle root and convert it to the solution's proof_target, determine if it meets the current epoch's latest_proof_target. If it does, the calculation is successful. Submit the reward address, epoch_hash, and counter needed to construct the input as the solution and broadcast it.

7. In the same epoch, the input of the EpochProgram can be updated multiple times for solution calculations by iterating the counter.

Changes and Impacts of Mining

After this update, the puzzle has changed from generating proof to generating witness. The calculation logic of all solutions within each epoch is consistent, but there are significant differences in the calculation logic between different epochs.

This update completely abandons the GPU optimization methods that were widely used in the previous testnet. Meanwhile, since the process of generating witnesses occurs by executing a program that changes with each epoch, there will be some dependencies for serial execution among the instructions, making the implementation of parallelization quite challenging.