You are now entering
The Next Renaissance
Fueled by Aztec—the bleeding-edge network powering unprecedented projects.
Start Building
Fueled by Aztec—the bleeding-edge network powering unprecedented projects.
Enforced transparency is holding blockchain back. Without end-to-end privacy, real world assets and players will never fully come on-chain.
Today’s privacy is pretend. Centralized sequencers, backdoors, and TEEs will never meet our bar. We don’t need an add-on—we need a real end-to-end system.
Privacy can’t be all or nothing. Builders need to be able to program privacy at the different levels and layers that make sense for their projects.
Privacy has to make sense for developers: easy to code, fast to execute and affordable to scale.
From full frontal transparency to total privacy, now you can target specific layers that make sense for your project. Writing in our Rust-like DSL Noir, builders can easily code privacy at the user, data, metadata, transaction, and code levels.
Keep sensitive data where it belongs—on the user’s machine. With cryptographic proofs generated client-side, rather than on-network, data stays private because it isn’t exposed in the first place.
Now you can maintain end-to-end privacy, even across chains. Build modular, lego-like applications that interact with other networks and systems without ever exposing sensitive information.
Don’t take our word for it—trust the code. Hardcoded directly into Aztec’s base protocol is decentralized 1) sequencing, 2) proving and 3) governance. Privacy is only possible when there’s no central entity with the power to violate it. See for yourself in the base code.
Aztec is built on one idea: smart contracts on Ethereum where developers choose what is public and what is private. That doesn't just mean shielded transactions. It means who acts (identity), what they transact (state), and how they execute (computation) can all be private. Aztec makes end-to-end privacy possible; even the contracts themselves can be private.
But privacy also has to be practical. Aztec integrates private and public execution in the same contract, so apps can seamlessly weave together private and public state. Every account is a smart contract, letting users grant granular, revocable access for selective disclosure, which is useful for compliance, tax reporting, or agent permissions.
Finally, Aztec is a decentralized L2, with 3,500+ sequencers participating in the network today. That permissionlessness is what makes Aztec a credible foundation for a global privacy layer.
In this article we’re going to explore the Aztec stack and how we make programmable privacy a reality. We’ll answer questions like ‘what can you do on Aztec?’, ‘how does it all work?’, and ‘what are the core layers of the system that makes it all possible?’
The four layers of the Aztec stack, all live today on the Alpha network:
Aztec smart contracts are written in Noir, a programming language with Rust-like syntax optimized for writing private programs. Noir is an open-source project developed by Aztec and is now the industry-leading language for writing private apps using zero-knowledge proofs. Let’s dive into what Noir is, and why we use it as the building block for writing smart contracts.
Writing zk programs is extremely difficult without a background in cryptography. When developing Noir, our first goal was to create a highly optimized and easy-to-write zk Domain Specific Language (zkDSL) where developers don’t need to know any of the underlying mathematics. As a result, Noir handles all the cryptographic complexities, and will automatically convert your code into fancy zk circuits.
Noir compiles down to the Abstract Circuit Intermediate Representation (ACIR), an adaptable intermediary language that makes it easy to plug in a variety of popular proving backends. These proving backends, such as Aztec’s Barretenberg proving system, take the compiled zero-knowledge circuits and generate proofs attesting to the validity of the program’s execution, all without revealing any private inputs. From authorization systems that keep a password on the user's device, to complex onchain state channels with recursive proofs to verify offchain state; Noir and a proving backend handle everything from compilation to cryptography for you.
In addition to simplifying the developer experience, we also wanted to make it intuitive to specify which elements you want to keep private and which you want to make public. With Noir, privacy is baked in as a default, so all variables and functions are automatically kept completely private, and executed on the user’s device.
If you want to make any part of your code public, you can do so by simply adding a pub attribute.
Noir on its own is great for writing programs that need to execute stateless functions, such as proving that you reside in a specific country based on passport data, or that you hold a certain number of tokens without revealing how many. Projects are already starting to build with Noir outside of Aztec on Base, Scroll, Starknet, and other chains. However, if you are looking to write privacy-preserving apps that store private state data onchain, it’s helpful to utilize a smart contract library that deliberately handles those complexities for you. That’s exactly what we’ve built at Aztec and what we’ll explore in the next section.
Aztec smart contracts leverage Noir to create apps with onchain private and public state. This section covers how smart contracts work on Aztec and how you deploy and interact with your contracts.
An Aztec smart contract is a set of public and private functions written in Noir, deployed on the Aztec Network. They are written using the Aztec.nr framework which handles all the cryptography under the hood for managing private and public state and interacting with other contracts on the network.
To build useful applications, developers need to be able to incorporate both private and public components into their contracts. For example, an onchain voting contract might want to keep the information of the voter private and prevent someone from voting twice, but publicly display how many votes have been cast, and the outcome.
Because contracts are written in Noir, this functionality is as easy as adding a ‘private’ annotation above your function. The following function will be executed privately on the user device, allowing a user to cast a vote without revealing their address:
The output of this private, local execution will be sent to the network, where the correctness of execution is verified and public function calls are executed. The following function is designed to be executed publicly, adding a vote to the total tally without revealing where it came from.
To seamlessly weave together private and public components that can easily interact with onchain state, Aztec smart contracts utilize the Aztec.nr framework to execute private functions on the user’s device and bundle the proofs for these transactions together with the public functions that will be executed by the Aztec Virtual Machine (AVM).
This framework adds the functionality needed to build onchain, privacy-preserving apps, including defining contracts, accessing private or public context, and interacting with the Aztec Network. Similar to how a vanilla Noir program would compile down into zk circuits, Aztec smart contracts are compiled into zk circuits for private functions or AVM bytecode for public functions, and stored in the Aztec contract tree.
Aztec accounts are also written as smart contracts, implementing what is known as account abstraction. Account abstraction allows application developers to create programmable accounts to dramatically improve user experience, including social recovery, sponsored transactions, and multi-factor authentication. It also makes compliance practical, allowing for granular access controls on accounts.
The Aztec Network is the only decentralized L2 on Ethereum. There are currently over 3,500 sequencers running the alpha network. View the live block explorer for the alpha network.
In order for a network to fully protect users and their data, it must guarantee three levels of privacy:
When you write Aztec smart contracts, everything listed above is taken care of for you. As discussed in the previous two sections, you can easily opt into privacy protections at a granular level by weaving together public and private functions.
To understand how all of these components fit together, let’s examine how a transaction is executed on the Aztec Network.
When a user interacts with your application, private functions are executed client-side on the user’s device: a phone, a personal computer, etc. This happens in a private execution environment (PXE) that is able to create highly-efficient zk proofs even on browsers and mobile devices. Any private state updates are added to the state of the network in an append-only database (UTXO tree). Because the proof is generated client-side, no information can be leaked about the inputs, outputs, accounts, or even the functions that were executed.
On the other hand, public transactions are bundled together with the private client-side proofs and sent off to the Aztec Network, powered by a decentralized network of independent community-run sequencers. Sequencers check the validity of private execution proofs, execute any public functions and update the public state, propose blocks, and publish state updates (“diffs”) to Ethereum L1. Sequencers also coordinate with a decentralized network of provers who compute the final proof for every Aztec “epoch” - defined as a contiguous sequence of 32 L2 blocks - and publish it to Ethereum. Any public functions executed by sequencers update an account-based database similar to Ethereum.
Sequencer and prover roles are fully permissionless. Anyone can spin up the required hardware and join the sequencer set or run provers and start bidding to produce proofs of Aztec epochs.
Aztec delivers on a simple but powerful idea: smart contracts on Ethereum where you choose what's public and what's private across identity, data, and compute. The four layers we've walked through are what make that possible.
Noir gives developers a Rust-like language for writing zero-knowledge programs without a cryptography background, with privacy as the default. Aztec smart contracts build on Noir through the Aztec.nr framework, letting you weave private and public functions into a single contract and use account abstraction to unlock granular access controls for compliance, tax reporting, and selective disclosure. The Aztec Network is the only decentralized L2 on Ethereum, with over 3,500 sequencers powering end-to-end programmable privacy across data, identity, and compute. And it all settles to Ethereum, inheriting L1's economic security.
The result is the first practical platform for privacy on Ethereum, and a credible candidate to become the global settlement layer of the future.
Now it's your turn to build. Head to docs.aztec.network to ship your first privacy-preserving app.
Follow Aztec on X for updates on the current state of the network.
Last week, PSE published an insightful and comprehensive user-research piece on private transfers on Ethereum. They interviewed 38 teams in the space and asked what's broken, what's missing, what builders wish they had. The list reads like a wishlist of features every privacy app on L1 is currently trying to engineer towards. It's the kind of rigorous, builder-grounded research the privacy ecosystem has needed.
We read the list. It's the list we've been building against for years.
Aztec solves all of these problems. Every requested feature already lives on Aztec. The proving system, the private contract language, the decentralized network, the privacy wallet architecture, the key model, the snark-friendliness: all of Aztec was built against this list before it was a list.
What follows is a walkthrough. For each of PSE's top technical findings, here's the feature builders are asking for, and how it works on Aztec today.
Ethereum Problem: Proof generation is too slow on user devices, especially mobile. Elliptic-curve pairing operations are a specific bottleneck. Server-side proving is a censorship and privacy leak vector. Sub-second proving was the stated threshold.
Aztec solution: Proving on Aztec runs locally in the PXE (Private eXecution Environment, pronounced "pixie"), so no data ever leaves the user's device. Chonk, our client-side zk proving system, is ruthlessly optimised for fast recursive proving on low-memory devices like phones, native and in-browser. Years of optimization have already gone in, and we're still finding more. It’s best in class and we haven’t even merged-in GPU acceleration yet!
The slow pairing checks that PSE's interviewees called out as a bottleneck aren’t a problem with Aztec; pairings are simply batched together and deferred away from the user's device, handled by the more powerful network instead, without leaking any information. With such a powerful local prover, there’s little need to outsource proving to an untrusted party.
Ethereum Problem: Verifying a ZK proof on Ethereum is prohibitively expensive. A Groth16 proof for a private transfer costs several hundred thousand L1 gas. A Halo2 (KZG Plonk) proof can cost approximately one million gas
Aztec solution: Aztec amortises L1 verification gas across all transactions in the rollup. At current network throughput, that cost is split across roughly 2,000 users per proof. Later this year, it’s slated to be split across ~20,000. Rollup costs are also partially subsidised by Aztec block rewards.
Net result: hundreds of L1 gas per user instead of millions. Plus cheap L2 gas. The user pays pennies for an Aztec transaction.
Ethereum Problem: Wrapping and unwrapping tokens leaks privacy and breaks composability. Smart contracts can't easily interact with encrypted balances. Private state is isolated; contract state is normally shared.
Aztec solution: Private state is not isolated on Aztec. The private state of one contract can be composed with that of another. This can unlock new privacy-preserving DeFi patterns directly on Aztec.
A single private transaction can call a stack of private functions across multiple contracts, with private inputs, private state transitions, and privacy over which functions were even executed and how many. Observers see that a transaction landed. They do not see what happened inside it. Stew on that for a second: a call stack of nested private functions across contracts written by different developers, each causing state transitions, all completely private.
Aztec also runs public functions, similar to Ethereum, inside the same smart contract, so you can build existing DeFi primitives on Aztec.
For Ethereum DeFi specifically, Aztec has a tidy L1-to-L2 messaging layer. Private balances can be unshielded to interact with L1 protocols and shielded back, without leaking who did the interaction and without leaky public gas payments. And for private DeFi primitives that need genuinely shared private state (state nobody knows the value of, but which anyone can mutate), people have built Aztec contracts that compose conventional Aztec private state with co-snark or FHE sidecars.
Private and public state are peers inside a single Aztec smart contract. Builders mix and match.
Ethereum Problem: Entry and exit points are the dominant privacy leak, not the protocol itself. Depositing and quickly withdrawing makes identity analysis trivial.
Aztec solution: The main fix is to stop crossing the boundary so often. (Or even if you do cross the boundary, Aztec has leakage protections).
Imagine if thousands of private smart contracts lived on the same network and could call each other without leaking which contracts were called, which arguments were passed, or what was returned. Imagine they all shared one global note tree and one global nullifier tree. That's Aztec. Once funds are inside, users don't need to keep crossing the private/public boundary to do useful things: Aztec is its own rich environment for composable, private execution of smart contracts.
Even when a private function does need to call a public function – be it an L1 DeFi contract, or a native public function within Aztec – the developer controls the information they reveal; not the protocol. The call can even be "incognito" to hide msg_sender. A single environment for many private apps to thrive also means re-usable tooling for builders.
Ethereum Problem: Privacy features (per-dapp addresses, private transfers) aren't natively integrated into major wallets. Reliance on dapp-specific UIs damages UX.
Aztec solution: Ethereum wallets weren't built for any of this, and they don't need to be: the chain underneath them has no private state to protect. Aztec wallets are an entirely new category of software.
Aztec wallets are able to manage all these new privacy-centric concepts:
Aztec wallets are in active development, and this is an area where we expect many teams to build different wallets that are customized to various user needs. An early wallet is already baked into the protocol for developers to start using today.
Ethereum Problem: Encrypted tokens and many privacy protocols depend on external networks for encryption, decryption, or relaying. Threshold-decryption committees and TEE hardware vendors are added trust assumptions on top of the chain itself.
Aztec solution: Aztec's private and public execution environments are not reliant on external networks. Aztec is its own decentralised network: ~4,000 validators stake on it, block proposers are randomly selected, a random committee attests, and a decentralised set of provers proves the rollup's execution. Validity is ultimately backed by cryptographic proofs settled on Ethereum.
External networks (co-snark networks, TEEs, MPC or FHE sidecars) become an opt-in choice for the specific case of private shared state. The trust tradeoffs there are something the contract developer signs up for explicitly, not a tax every user pays on every transaction by default.
Ethereum Problem: Keccak is inefficient to prove inside ZK circuits. There is no native support for a ZK-friendly hash like Poseidon.
Aztec solution: Poseidon2 is enshrined across the entire Aztec protocol, for rapid proving of every tx. Every Aztec state tree, the proving system, the innards of the protocol; everywhere. Reading and writing state inside a circuit is as cheap as it gets.
Keccak, SHA, and Blake hashes are still available through optimised Noir libraries when contracts need them for L1 interoperability. The default is ZK-friendly; the L1-friendly hashes are there when you reach for them.
Ethereum Problem: Syncing private state (scanning for incoming notes and events) is a client-side bottleneck. Users wait for scans to complete before seeing their balance. Tachyon-style oblivious sync was cited as a path forward.
Aztec solution: Brute-force syncing of private state is rarely needed. Most real-world use cases involve a sender and recipient who can establish a shared secret offchain first.
From that shared secret, both parties can derive a sequence of random-looking “tags”. Each encrypted note log is prepended with the next tag in the sequence. The recipient already knows the next tag, so they know exactly what to query. Note discovery happens in seconds, not minutes. The scheme slots cleanly into PIR or mixnet approaches for extra privacy on the query itself, and smart contracts that don't trust senders to use the correct tag can just constrain it inside the circuit.
That’s not to say that Aztec requires interactivity between all senders and recipients. For genuinely non-interactive use cases (recipient can't talk to the sender before the transfer), Aztec enables devs to customize both their log emission and their note-discovery logic however they like. (Aztec also has ways to speed up the brute-force scanning approach from "scan the whole chain" to "scan a tiny subset of non-interactive handshake txs"
Ethereum Problem: Shielded pools are fragmented across dapps and chains, reducing the effective privacy set for all users. Each new privacy protocol must bootstrap its own.
Aztec solution: There is one global note tree and one global nullifier tree on Aztec, shared by every smart contract on the network. Every private app contributes to and draws from the same privacy set. No per-app bootstrap. No walled gardens.
Private payments, private swaps, lending, payroll, treasury, identity attestations: all of them land in the same global commitment set, by construction.
Ethereum Problem: Ethereum developer tooling lacks support for private transfers and private state. Standards for private tokens, compliance, and wallet interactions are missing. Many privacy teams are small, with short runway and expensive audits.
Aztec solution: Aztec ships the full toolchain for private contracts: Noir for writing private logic, the Aztec smart contract framework with macros that hide the protocol mess so devs can focus on app logic, the PXE for keys / state / syncing / proof generation, a JS SDK, a local node for testing, a CLI, and a real, live, decentralised L2.
The mental overhead of building a privacy protocol on Aztec collapses to "just write the app logic." Here is an example of a complete private transfer function on Aztec:
#[authorize_once("from", "authwit_nonce")]
#[external("private")]
fn transfer_in_private(from: AztecAddress, to: AztecAddress, amount: u128, authwit_nonce: Field) {
self.storage.balances.at(from).sub(amount).deliver(MessageDelivery.ONCHAIN_CONSTRAINED);
self.storage.balances.at(to).add(amount).deliver(MessageDelivery.ONCHAIN_CONSTRAINED);
}
Look at how simple that is.
A two-line function body.
Two lines.
Aztec takes care of the rest.
Behind those #[...] macros, the framework handles: caller authorisation, note syncing, fetching notes from the user's private db, Merkle membership proofs against the global note tree, safe nullifier creation (without leaking master secrets to the circuit), randomness for new notes, encrypted ciphertext generation, log tagging for fast recipient discovery, and public-input population. The PXE handles key management, private state, and proof generation. The smart contract itself contains its own message-processing logic for log discovery, decryption, and storage on the recipient side.
If you want whitelists, blacklists, association sets, custom tx authorisation, viewing-key hierarchies, temporary view access, selective disclosure to specific counterparties, just import a Noir library. Want something more adventurous than private payments? Same toolchain.
PSE's findings are not ten unrelated bugs. They're the same problem refracted ten ways: privacy retrofitted onto a chain that was not designed for it yields bad tradeoffs.
Aztec was designed against this list before it was a list. One global note tree and one global nullifier tree. Private and public state inside the same contract. Compose calls between private contracts without leaking anything. Fast client-side proving on phones via Chonk. Snark-friendliness everywhere. Rollup-amortised L1 gas costs, fractions of a cent per user. Native account abstraction with private fee paymasters. No painfully slow private state syncing: a tagging-based note discovery scheme that runs in seconds. An entirely new category of wallet that treats privacy as a first-class concern. Simple, high-level smart contract syntax that collapses a basic private token transfer function into two lines.
There were 10 privacy features Ethereum devs wanted, all of them live on Aztec. The infrastructure is in place. Build the thing.
Aztec is the blockchain that solved the privacy problem. Start at docs.aztec.network or read the architecture deep-dive on The Best of Both Worlds: How Aztec Blends Private and Public State.
Alpha is live: a fully feature-complete, privacy-first network. The infrastructure is in place, privacy is native to the protocol, and developers can now build truly private applications.
Nine years ago, we set out to redesign blockchain for privacy. The goal: create a system institutions can adopt while giving users true control of their digital lives. Privacy band-aids are coming to Ethereum (someday), but it’s clear we need privacy now, and there’s an arms race underway to build it. Privacy is complex, it’s not a feature you can bolt-on as an afterthought. It demands a ground-up approach, deep tech stack integration, and complete decentralization.
In November 2025, the Aztec Ignition Chain went live as the first decentralized L2 on Ethereum, it’s the coordination layer that the execution layer sits on top of. The network is not operated by the Aztec Labs or the Aztec Foundation, it’s run by the community, making it the true backbone of Aztec.
With the infrastructure in place and a unanimous community vote, the network enters Alpha.
Alpha is the first Layer 2 with a full execution environment for private smart contracts. All accounts, transactions, and the execution itself can be completely private. Developers can now choose what they want public and what they want to keep private while building with the three privacy pillars we have in place across data, identity, and compute.
These privacy pillars, which can be used individually or combined, break down into three core layers:
Alpha is feature complete–meaning this is the only full-stack solution for adding privacy to your business or application. You build, and Aztec handles the cryptography under the hood.
It’s Composable. Private-preserving contracts are not isolated; they can talk to each other and seamlessly blend both private and public state across contracts. Privacy can be preserved across contract calls for full callstack privacy.
No backdoor access. Aztec is the only decentralized L2, and is launching as a fully decentralized rollup with a Layer 1 escape hatch.
It’s Compliant. Companies are missing out on the benefits of blockchains because transparent chains expose user data, while private networks protect it, but still offer fully customizable controls. Now they can build compliant apps that move value around the world instantly.
Developers can explore our privacy primitives across data, identity, and compute and start building with them using the documentation here. Note that this is an early version of the network with known vulnerabilities, see this post for details. While this is the first iteration of the network, there will be several upgrades that secure and harden the network on our path to Beta. If you’d like to learn more about how you can integrate privacy into your project, reach out here.
To hear directly from our Cofounders, join our live from Cannes Q&A on Tuesday, March 31st at 9:30 am ET. Follow us on X to get the latest updates from the Aztec Network.
