Криптография в блокчейне | Privacy-first блокчейн Алео

Transcript

1. Aleo: privacy-first L1 blockchain Powered by ZK-SNARKs Max Sultakov Yona

   Labs 2025

2. CTO @ Yona Labs x.com/0xMaxSoul t.me/maxslt

3. Why another blockchain?

4. How classic L1 works Every node receives the same transaction

   and executes it getting the same result Smart contract code is public On-chain data is public

5. I. Privacy II. Scalability Two issues.

6. Pseudonymity Every user has a long-term consistent pseudonym (e.g. wallet

   address). Link to real-world identity will leak over time. Anonymity User’s transactions are unlinkable. No one can tell if two transactions are from the same address.

7. public private non-programmable programmable

8. What is ZK? Proving knowledge about data without revealing the

   data itself.

9. SNARK: a succinct proof that a certain statement is true

   Example statement: “I know an m such that SHA256(m) = 0” The proof is “short” and “fast” to verify zk-SNARK: the proof “reveals nothing” about m
10. None

11. Autonomous Ledger Execution Off-chain Scalability: thousands transactions per block. Privacy:

    transactions reveal no user data for the executed transactions. Succinctness: transactions can be validated in poly(k) time.

12. Validators snarkOS A decentralized operating system for Zero Knowledge Applications

    Provers Developers snarkVM A Distributed Virtual Machine for Zero-Knowledge Executions Leo A Programming Language for Zero-Knowledge Circuits Aleo allows users to run zero-knowledge applications on the web Open Source, Decentralized, and Permissionless.
13. None

14. Transaction User 0x1…123 Typical Account Model Transaction 0x8…999 value data

    fee signature Block Transaction Global State Account balance code storage Account balance’ code’ storage’ Simple. Not private.

15. Transaction Attempt 1: Extending the account model Transaction 0x8…999 commitment(value)

    encrypted(data) fee proofs Transaction Account balance code storage Account commit(balance) predicate(code) encrypted(storage) Transaction 0x8…999 value data fee signature Commit to the value, encrypt the data, and use ZKP to attest to each state transition Commit to the balance, encrypt the data, represent code as predicate that checks state transitions

16. Transaction Attempt 1: Why it doesn’t work good Concurrent access

    to a program state leads to failed transactions User 1 User 2 Account 1 State Tx 1 proves correct state update Tx 2 tries to prove outdated state update Transaction Not enough privacy User 1 Account 1 State Everyone can see that user 1 updated Account 1 state

17. Attempt 1: properties No more ledger re-executions ✅ Data privacy

    ✅ Account privacy ❌ Efficient concurrent state updates ❌

18. Attempt 2: Record Model (Aleo) A record is a data

    structure that represents ownership over some unit of data. Records can be created or consumed to update the global state of the distributed protocol. A record is created when its commitment cm is posted to the ledger as part of a transaction, and consumed when its serial number, or nullifier, sn appears on the ledger as part of a later transaction.

19. Aleo Record Model owner: aleo1..001 microredits: 123 data: … visibility:

    … owner: aleo1..002 microredits: 123 data: … visibility: … owner: aleo1..002 microredits: 123 data: … visibility: … • Each record is stored independently and can be encrypted • A record can be consumed by transition and created by transition • The state of a user account is a set of unspent records belonging to the account (similar to UTXO)

20. Attempt 2: properties No more ledger re-executions ✅ Data privacy

    ✅ Account privacy ✅ Efficient concurrent state updates ✅

21. Transaction (Deployment) A Programming Language for Zero-Knowledge Circuits Step 1

    — Deploy an Aleo program on-chain Validators Aleo Program Compiled Opcodes Program Registry Consensus admits Proving & Verifying Key Synthesizer Produces

22. User Request A Programming Language for Zero-Knowledge Circuits Step 2

    — Execute an Aleo program off-chain Prover Aleo Program Compiled Opcodes Program Inputs Program Proving Key Caller authorizes Transaction (Execution) Prover Outputs

23. Transaction (Execution) A Programming Language for Zero-Knowledge Circuits Step 3

    — Finalize program state on-chain Validator Aleo Program Compiled Opcodes On-chain code execution Program state update Encrypted state update Consensus Checks Block Network Produces

24. Aleo Core Concepts Account Record Program Transaction Transition Block includes

    includes creates and consumes is described in owns

25. Account Address Private Key View Key

26. Private Key Generated randomly Base58 string, 59 characters Prefix: APrivateKey1

    Used for signing transactions

27. View Key Derived from Private Key Base58, 53 characters Prefix:

    AViewKey1 Used for decrypting account records

28. Address Derived from View Key Base58, 53 characters Prefix: aleo1

    Used for interaction with an account

29. Aleo Virtual Machine A stack machine that executes specific functions

    Constructs a complete arithmetic circuit (R1CS) from each instruction in the function The proofs are generated using the Marlin algorithm

30. Global State in AVM Global State Root The global state

    is represented by the Merkle root of the block header’s Merkle tree Block Hash Block Header Transaction Transaction Root Transition

31. Block Consists of transactions stored in a blockchain Block header

    summarizes the state of the block and the whole ledger

32. Transaction Represents a change of the ledger state Consists of

    transitions Types: - Execute (call program) - Deploy (publish program) - Fee (for failed txs)

33. Transition Represents a state change in transaction Creates and consumes

    records Described in a program function

34. Program Represents application logic and application state Described by the

    code in Aleo Instructions and/or Leo languages Program ID Program Input Program State Program Output

35. Aleo Record Model owner: aleo1..001 microredits: 123 data: … visibility:

    … owner: aleo1..002 microredits: 123 data: … visibility: … owner: aleo1..002 microredits: 123 data: … visibility: … • Each record is stored independently and can be encrypted • A record can be consumed by transition and created by transition • The state of a user account is a set of unspent records belonging to the account (similar to UTXO)

36. Programming Language: Aleo Instructions Low-level Not for typical dApp programmers

    Might be needed for fine-grained control

37. Programming Language: Leo High-level Not for typical dApp programmers Might

    be needed for fine-grained control

38. Aleo Cryptographic Primitives BLS12337 Pairing-friendly for fast Proof verification Edwards-BLS12

    E cient Pedersen hashes and commitments Merlin A universal setup for Aleo programs Elliptic Curves SNARK
39. None

40. Thank you! Max from Yona Labs x.com/0xMaxSoul t.me/maxslt