You are now entering
The Next Renaissance
Fueled by Aztec—the bleeding-edge network powering unprecedented projects.
Start Building
Fueled by Aztec—the bleeding-edge network powering unprecedented projects.
Enforced transparency is holding blockchain back. Without end-to-end privacy, real world assets and players will never fully come on-chain.
Today’s privacy is pretend. Centralized sequencers, backdoors, and TEEs will never meet our bar. We don’t need an add-on—we need a real end-to-end system.
Privacy can’t be all or nothing. Builders need to be able to program privacy at the different levels and layers that make sense for their projects.
Privacy has to make sense for developers: easy to code, fast to execute and affordable to scale.
From full frontal transparency to total privacy, now you can target specific layers that make sense for your project. Writing in our Rust-like DSL Noir, builders can easily code privacy at the user, data, metadata, transaction, and code levels.
Keep sensitive data where it belongs—on the user’s machine. With cryptographic proofs generated client-side, rather than on-network, data stays private because it isn’t exposed in the first place.
Now you can maintain end-to-end privacy, even across chains. Build modular, lego-like applications that interact with other networks and systems without ever exposing sensitive information.
Don’t take our word for it—trust the code. Hardcoded directly into Aztec’s base protocol is decentralized 1) sequencing, 2) proving and 3) governance. Privacy is only possible when there’s no central entity with the power to violate it. See for yourself in the base code.
On Ethereum today, each transaction reveals everything publicly. The token you moved, the size, the timing, the wallet it came from, every action you take. Given the limitations of this type of transparent network, the industry is now focusing on bringing privacy onchain as a top priority. The response to this has mostly been to enable private transactions that shield transfers in various ways. But when we look at how privacy works on Web2, it’s clear that users and developers need granular privacy controls: the ability to decide what is public or private and who is able to see different types of data.
Aztec was built so that one transaction can carry two halves. A private half that runs on your own device and never leaves it, and a public half that the network runs in the open. Apps can choose which aspects are private or public, and users can choose what they want to reveal and when.
This article will follow an example transaction on Aztec: a vote in an onchain election built on Aztec, where who you are and which candidate you chose stay private, while the running tally for each candidate stays public for anyone to verify.
Picture the vote you cast in our example as two aspects that seamlessly weave together. In the first step, you act in private: an app records your vote on your device and hands the network a proof that the vote is valid without revealing it. In the second, the network acts in public: it checks that proof, then adds one to the chosen candidate's public tally. It is one transaction: one part stays with you, one part goes to the network. Both parts end up recorded onchain, in two separate state trees, one private and one public. The walkthrough below follows how these two aspects work together and what this means for how your transaction lands onchain.
You open the voting app and connect an Aztec wallet. That first step looks like any onchain app. The difference is inside the wallet. An Aztec wallet carries a private execution environment, the PXE, pronounced "pixie", which runs on your phone or in your browser. The PXE is where the private half of your transaction executes, and where the proof of that work gets made, on your hardware, under your exclusive control.
Every account on Aztec is a smart contract rather than a bare key. That design, account abstraction, allows a wallet to authorize a transaction however its owner chooses without writing an identity onto the network for everyone to read. The wallet is the front door, and on Aztec you can decide if the door is open or closed, who you share your information with.
The voting app is a smart contract with two kinds of functions. The private functions run first, and they run inside your PXE. Your identity and the candidate you picked are the private inputs, and they stay on your device.
The only thing to leave your device is a proof confirming the legitimacy of your vote. Aztec's client-side proving system, Chonk, takes the private execution and produces a zero-knowledge proof: a compact cryptographic receipt that your vote followed the rules, that you are eligible, and have not voted before, while revealing nothing about who you are or who you voted for. Think of it as a sealed ballot the network can confirm is valid without opening it. The network learns only that a legitimate vote happened. It does not learn how you voted, or even which account voted.
This is the part that used to be too slow to be practical. Generating a proof on a phone was the bottleneck every privacy app hit. Aztec’s Chonk is purpose-built for fast proving on low-memory devices, both natively and in the browser, so the private half runs on the device in your hand instead of on someone else's server.
Some elements of a vote should be public. The tally is shared infrastructure, the number everyone relies on to trust the result. Thanks to programmable privacy on Aztec, the app marks that part public. Public functions live on the network and run in the open, the way functions do on Ethereum.
On Aztec, private and public logic live in the same contract, and the developer decides which is which, function by function and variable by variable. Programmable privacy is a dimmer, not a switch. The voting app turns it up on the individual ballot and turns it down on the running tally. That boundary is a design decision written into the contract, and it is the thing no transparent chain and no fixed-privacy chain can offer.
Your vote leaves your device as a bundle: the zero-knowledge proof of the private half, plus the call to the public function that updates the count. It goes to Aztec's sequencers, a decentralized set of thousands of independent operators, with more than 3,500 of them running the network today.
The sequencers do two jobs at once. They verify the proof of your private vote, confirming it is valid and eligible without seeing the choice behind it, and they run the public function that adds one to the chosen candidate and updates the public tally. Your ballot stays sealed. The count goes up by one for everyone to see. The same proof guarantees you cannot vote twice, even though no one learns which ballot is yours.
Aztec has two main state trees, and both live onchain. One holds private state, the other holds public state, so the full record of what happened sits on the network rather than on any one person's laptop. The two trees store each record in two different ways depending on if it needs to be private or public.
The private tree uses a UTXO model, the same note-based design used by Zcash. In this model, state is written as commitments: each entry is a sealed record that a valid vote was cast, with the voter and the choice kept private. Just like with Zcash or Bitcoin, you do not edit a private entry in place. You write a new one, and the design stops the same vote from being cast twice (old state is nullified). The vote stays private, and the record of a legitimate vote happening is onchain for the network to check.
The public tree uses an account-based model, the same shape Ethereum uses: values that update in place, readable by anyone. This is where each candidate's tally lives.
One transaction wrote information to both trees. The private tree recorded that you voted, sealed. The public tree recorded the new totals, in the open. Everything is onchain. The difference between the two trees is how much each one reveals.
Every private app on Aztec writes into that same private tree. A vote, a payment, and a payroll run all land in one shared record of activity, so each user's privacy grows stronger as the network grows, instead of splitting into a separate pool for every app.
Aztec is an L2 on Ethereum, so everything settles to Ethereum L1. A sequencer on Aztec gathers transactions into a proposed block. Other sequencers validate it before it goes to Ethereum's pending chain. At that point the block sits on Ethereum, ordered and recorded, waiting for its proof. The network has agreed on what happened and the proposed block is just waiting a final proof.
Proving a block is its own job, and on Aztec, it belongs to no one in particular. A decentralized, permissionless set of provers competes to take a full epoch, a 32-block stretch of the chain, and compresses it into a single zero-knowledge proof of the entire epoch. Anyone with the hardware can run a prover and bid for the work. There is no privileged operator, no committee you have to trust, no outside network holding a key.
That openness is the whole point of a privacy layer. A system that protects your data but routes it through one trusted server has only moved the exposure rather than removed it. Aztec keeps proving permissionless and your private inputs on your device, thereby avoiding any exposure.
The economics land in the voter's favor too. As an L2 network, Aztec spreads the cost of that one L1 proof across thousands of transactions in the rollup, so a vote costs pennies, not the millions of gas a private proof would cost verified alone on Ethereum.
A prover then posts the epoch proof to Ethereum's proven chain, and the Aztec state is final. Ethereum verifies one proof and inherits the correctness of everything inside it. Aztec extends Ethereum and settles to Ethereum, so your hybrid transaction carries Ethereum's security without carrying Ethereum's enforced transparency.
Anyone can now verify that the result is valid and that every counted vote was legitimate. No one can see how any individual voted. The tally is on the shared ledger where it belongs, and your ballot stayed yours the whole way through.
For the voter, their ballot was never a broadcast. The candidate you chose stayed yours, with no record tying your wallet to a name for anyone to read later, and you can still check that your vote was counted and the result is honest. You took part without your choice becoming data for systems built to act on it.
For a founder, the election app in this walkthrough is easy to implement without needing to build extensive custom code. Secret ballots with a public, verifiable count, in one contract, is a product category that opens up only because the boundary is programmable. You can build governance, elections, and polls where people vote without fear and the result still proves itself. And of course you can build anything that requires both public and private state to work seamlessly together.
For an infrastructure provider, the same machinery serves clients who need a result they can stand behind without exposing the people who produced it. Selective disclosure lets a client prove exactly what a counterparty needs to see, the count and the integrity of the process, and protect everything else, on their own terms. That is a guarantee a transparent chain cannot make.
A real vote needs two things at once: a secret ballot and a count anyone can check. A transparent chain makes you give up the first to get the second. On Aztec, you get both. The tally settled on Ethereum for anyone to verify, and how you voted stayed yours. The infrastructure is in place, what will you create with it?
Crypto is in a long night. It is no secret that the industry is facing challenging circumstances and there has been a clear consolidation of the industry. Right now we are seeing a focus on real traction, demonstrable value projects shipping practical solutions that will meaningfully reach users.
Some of that discipline is overdue. However, in times like these the properties that made crypto structurally different begin to look expendable. Decentralization slows you down. It makes upgrades harder. It makes institutional sales harder. It removes the control surfaces that the existing financial world knows how to buy.
We used to accept those costs as the price of building something durable. But, in a famine, they look like unaffordable affectations. Discarding them wholesale, however, is like selling the land out from under our feet.
Permissionless, uncensorable transaction networks with rich composability - this is the clay from which our industry was grown. The long term commercial health of our industry depends on preserving these properties in an age of privacy and institutional adoption.
These trade-offs become more challenging and pernicious when privacy is involved. Privacy is the narrative for crypto in 2026, and for good reason. It’s the missing piece that will deliver the traction and real use-cases that the industry so desperately needs.
The challenges of decentralization multiply under the constraints of privacy and what we are seeing in the industry is not a pivot, but a complete capitulation of all of the differentiable value that made crypto valuable.
I have spent nearly a decade building a network that marries programmable privacy with decentralization. A network where users keep their data, where applications are composable with one another, where transactions can settle without a privileged party learning everyone’s business or deciding which products are allowed to exist. That required new cryptography, new programming models, new state architecture, new wallets, and a fairly insane number of tradeoffs that are invisible until you try to build the thing yourself. There are easier products to ship.
A centralized privacy service can give institutions something legible quickly, replicating how the existing financial sector works: a responsible operator, a viewing key, a way to block transactions, a way to explain the whole thing to a risk committee. Some of these products will be useful. Some will be good businesses. But they are not the thing we came here to build.
Institutional and enterprise adoption is one of the core growth areas in this crypto-winter and the playbook is simple: use the language of crypto as a skin-suit to sell products and services that pattern match onto existing financial rails, with their need for complete visibility, censorship, centralized network operators and all of the liabilities this incurs.
This is a tempting bargain because it shortens the path to adoption. It gives buyers and regulators a shape they understand. A company. A contract. A switch. But the moment you accept that bargain, the system changes character. It may still be encrypted. It may still contain proofs. It may still call itself private. But, it now behaves like and is an operated service.
There is a party with privileged knowledge and privileged control. Builders must shape themselves around it. Institutions negotiate with it. Regulators may pressure it. Attackers target it. Users ultimately depend on it. By a backdoor I mean something specific: a network or protocol-level viewing key where the product developer does not control who can see their users’ data, especially when paired with network-level controls that can block transactions or ban smart contracts entirely. I do not mean application-level controls. I do not mean user-authorised disclosure. I do not mean a dapp deciding that users must prove something before using it. Regulated applications will need rules. The issue is that the disclosure boundary of your application belongs to somebody else, and the same layer that sees can also decide whether your users are allowed to transact. In short, users lack a platform that has credible neutrality.
Privacy on top of centralized rails is fatal. If one party can see everything and stop anything, that party may be treated as responsible for seeing and stopping.
This compounds into substantial platform risk. If an entity builds on top of such a system they must surrender visibility and control to the network operator to satisfy their liabilities without consideration for yours. Decentralization and ultimately credible neutrality is the difference between whether you own durable infrastructure or are renting a service whose rules can change on a whim. Worse, you cannot “just build things”. For novel transaction flows approval must be sought and granted. Tell me, would Ethereum have grown if every smart contract deployment required approval from the Ethereum Foundation?
Privacy needs the same freedom. A private credit market, for example, touches identity, collateral, repayment history, payment flows, liquidation logic, lender disclosures, auditor access and borrower privacy. If every component lives inside a different permissioned service, each with its own operator and viewing assumptions, that is a bureaucratic friction that negates blockchain’s core value proposition; composability.
A decentralized and credibly neutral privacy network prevents the settlement layer from becoming the single place where all surveillance and censorship obligations naturally accumulate. It allows product developers to scope their code to satisfy their own narrow requirements without consideration for the obligations of a centralized operator.
A lot of today’s privacy narrative treats architecture as if it were a detail. It is not. You cannot take a transparent ledger, staple confidentiality onto the edge, add a viewing key for comfort, and expect to get programmable private infrastructure.
If the state model is not private from the ground up you get wrappers, third party tools, data custodians, ad hoc disclosure paths and a pile of assumptions that every application drags into the next. Developers do not get a normal programming model where private contracts can call private contracts and users keep state on their own devices. They do not get composability.
The difference matters. In a real private execution environment, users generate transactions locally. They do not outsource their intent to a third party who learns what they are doing. Private contracts interact through a state model designed for privacy. The network settles proofs without becoming the party that knows everyone’s business. Privacy is part of the architecture.
This is why Aztec has taken so long. We built something that makes programmable private state and decentralised settlement live inside the same system. That means proving systems that run on consumer hardware, a transaction architecture built around local private execution, and a programming model where privacy is idiomatic and just works out of the box.
A centralized service can skip much of this. It can hold the key, run the prover, approve the flow and call the result privacy. It gets to market faster because it is not trying to arrive at the same place.
Adding decentralization does not make obligations disappear. Applications, issuers, frontends, custodians and regulated businesses will continue to exist in a web of obligations and responsibilities. Anyone pretending otherwise is unserious.
The question is where those obligations live. If they are pushed into the settlement layer, the settlement layer is no longer credibly neutral. It needs visibility into everyone and controls over everyone.
The better answer is selective disclosure. Users and applications should prove specific facts to specific parties for specific purposes. A regulated application may need to know that a user passed a check, that a transaction satisfies a policy, or that an auditor can inspect a particular flow. None of that requires the base network to hold a permanent key into everyone’s activity.
This will be harder to explain to the existing world. New infrastructure always fails to fit the categories built for the old infrastructure. Bitcoin did not arrive as a neatly regulated bank product. Ethereum did not wait for every lawyer to understand smart contracts. Stablecoins and DeFi forced institutions, regulators and users to develop new language around rails that kept existing.
If the standard for privacy infrastructure is to plug into the old world without changing anything, the answer will always be a service with a backdoor. And the result will be to catch crumbs falling from the tables of the old world.
The market we should be building is, well, a market. A private financial system that compounds: assets, liquidity, identity, credentials, credit and applications interacting through a shared settlement layer without forcing users to surrender their data to whoever sits in the middle.
Traditional finance is built out of vertically integrated information silos. Those silos are its moat. Banks, exchanges, custodians, payment processors and data brokers all benefit from controlling the information that flows through them. A global private settlement layer attacks that advantage directly. It lets liquidity and credentials move while outsourcing information custody to neutral cryptographic infrastructure.
A company wants a moat. A settlement layer wants surface area. A permissioned privacy provider can ration access, raise fees, exclude applications, shape disclosure rules and define acceptable use around its own risk tolerance. These are products pretending to be networks, and not durable financial infrastructure. What bothers me is this compounding category confusion. Networks adding protocol-level viewing keys and transaction controls are using the same language as decentralised programmable privacy, and commentators are treating them as variations of the same thing. They are not.
We have spent nine years walking the hard road. Now, just as we are close, the market has lost faith. Everyone is reaching for whatever lifeline looks immediate. Some of those lifelines will be real. Some will make money. But if crypto responds to its long night by rebuilding financial privacy as permissioned services, then we will have survived by surrendering the property that made the industry worth building.
Markets can grow when the platform is removed from the position where it can dictate the rules. It would be perverse to forget that lesson while building privacy, the domain where control over information matters most.
Crypto is in a famine. The land is struggling. We could sell our land for a pittance and survive the season. But the famine will pass, and when it does the land will blossom again. Without the land we are nothing.
We have struggled immensely to create a permissionless network that can marry privacy with decentralisation: an indestructible network whose users cannot be surveilled and whose transactions cannot be censored. This is the soil we have to grow our crops. To surrender a backdoor or a centralized operator for temporary relief is to sell our land for the price of a stablecoin. And we cannot sell the land.
Follow Zac on X to get more insights
Follow Aztec on X for updates & breaking news
Privacy has become a baseline requirement for L1s and L2s who care about bringing real-world users onchain. Users don't want their activity broadcast to competitors or the general public, but applications operating at scale also need some form of auditability, whether for regulators, compliance requirements, or tax reporting. Selective disclosure resolves that tension: privacy by default, with the ability to prove specific facts when required. What separates these networks is not whether they offer that switch, but who gets to hold it.
Aztec, Canton, Starknet, Tempo, and zkSync all offer some form of privacy with selective disclosure, but under the hood they make fundamentally different architectural decisions about who can see your data and who can turn your privacy off. Those decisions determine whether your privacy stays under your own control or sits behind a switch that someone else operates.
Three questions reveal where these networks actually diverge:
The answers determine whether your privacy off-switch is held by a policy, by an operator's good behavior, or by you alone through a cryptographic proof. As you'll see in this post, there are legitimate reasons to use each one with different tradeoffs. Aztec is the only network, however, where that switch stays in the user's hands, answering all three questions without putting a permissioned set of operators or a standing viewing key in control of your privacy. That gives developers the flexibility to build apps that comply with applicable laws while still keeping full privacy under the user's control.
This article will compare the privacy approaches of Aztec, Canton, Starknet, Tempo, and zkSync to give developers insight into the privacy tradeoffs of each network.
Here’s how each network handles the selective disclosure privacy off-switch, and who has control over your privacy:
Each of these networks offers privacy with selective disclosure, but each rests on a different network design with its own tradeoffs. We have ordered them by who holds your privacy off-switch, starting with designs where a third party controls access to your data and ending with designs where that control stays with you. At the top, the switch sits behind a policy promise and an honest operator, and further down it is replaced by proofs that the user generates and controls.
Canton keeps data private by controlling viewing permissions for the various actors on its network. A transaction splits into per-participant views, so each party receives only the sub-transactions that name it, and the parts it is not entitled to never reach it. The sequencer and mediator move those views without reading them, which is real privacy against those roles.
However, the data is still read in plaintext by the participant nodes that host the relevant parties, and in the common regulated-asset pattern where the issuer is a signatory on its own token, the issuer's node sees every transfer. The harder gap is verification, because no third party can reconstruct the global ledger, so correctness rests on the confirming nodes staying honest and their keys staying safe. In practice the off-switch sits with those nodes rather than with you, since you cannot see when your data is read and cannot stop it.
Tempo is designed for payments and uses validity proofs to verify that each zone is executing correctly, while still giving the zone operator full plaintext visibility into every transaction within that zone. Privacy comes from Tempo Zones, which are parallel execution environments connected to the Tempo mainnet.
By design, the zone operator has visibility into all transactions within the zone, while users see only their own and the public sees only a proof that the zone is valid. Token issuers set compliance controls, allowlists, blocklists, and freezes, enforced across zones. The mainnet checks each zone's validity, so execution is verified, while the operator still reads every transaction in plaintext and holds the off-switch over what is revealed. Your privacy is from the public, not from the operator.
zkSync Prividium adds the verifiability piece that Canton lacks. Every batch produces a validity proof settled to Ethereum, so a compromised operator cannot forge state or mint tokens from nothing without also forging a proof, which it cannot do. The tradeoff is that the operator processes every transaction in plaintext and decides who sees what, which means the off-switch stays with the operator and your privacy is from the outside world rather than from the operator itself.
This tradeoff has legitimate uses in high-trust institutional environments. If Bank of America, JPMorgan, and Wells Fargo are transacting on a shared network, a zone where BofA's infrastructure processes BofA-originated transactions satisfies internal control requirements while still delivering genuine ZK privacy from the other banks and the rest of the world. Where this model breaks down is in lower-trust environments where giving an operator full plaintext access and the switch that comes with it holds back product design possibilities.
Starknet's STRK20 breaks from relying on an operator for privacy. It shields ERC-20 balances and transfers in a privacy pool, and every private transaction carries a zero-knowledge proof generated client-side, so no operator sees your plaintext in order to build it.
Disclosure is where STRK20 diverges from Aztec. To join the Starknet Privacy Pool, you register an encrypted viewing key onchain, and it sits there for the life of your participation. On a regulatory request, a designated auditing entity can decrypt that key and trace your complete transaction history, forwards and backwards. StarkWare calls this ‘not a backdoor’ but a carefully scoped access mechanism, and the safeguard is a policy promise that the auditor decrypts only when required. The privacy is cryptographic, but the off-switch is a standing key that someone else holds and can flip whether or not you are watching.
On Aztec your private state lives as encrypted private data that only you can decrypt. The contract developer can choose what state is public and what is private, and whether your encrypted private data is emitted onchain as a private log or shared off-chain instead.
Your transactions get proven client-side on your own device, so no sequencer or operator sees your unencrypted private data. Those proofs settle to Ethereum, which gives the same integrity anchor marketed by Prividium, with every transaction verified and no forged state, but without a single operator who reads your data. The base protocol decentralizes sequencing, proving, and governance, so there is no operator to choose and trust in the first place.
Disclosure is your choice too: you decide who learns your private data, and whether they learn it in encrypted or decrypted form. To grant discovery without readability, you share an app-specific tagging secret that lets an auditor find your data in encrypted form without being able to decrypt and read it. This is enough to prove things calculated from that data, such as a tax basis or a profit and loss figure. Granting permission to actually read the data works differently. There's no per-contract read key you can hand out, because decryption uses your master viewing key, which would unlock all your data across every contract. So instead of sharing a key, you share the data itself, plus a proof that your plaintext is what encrypts to the on-chain ciphertext.
Aztec has true selective disclosure in that you can selectively share it, and nothing else you don’t need to. This is app specific, meaning that private data discoverability access on one app does not grant access on another. Most importantly, the off-switch stays in your hands, and you never need to trust the network to handle access to any of your private data and activity.
This is not just conceptual: here is a working proof-of-concept of this model on Aztec. PrivPNL takes you from private DEX trades through a tagging-key disclosure to a browser-generated ZK proof of your PnL. The auditor verifies a proof while the prover only has to reveal the amount they owe, and your portfolio stays private.
Canton keeps the switch with the participant nodes that read your data in plaintext, so disclosure rests on those nodes staying honest rather than on anything you control. Tempo similarly gives the off-switch to a zone-based node operator, but allows you to verify the correctness of transactions using validity proofs. Prividium hardens that promise with a proof settled to Ethereum, a real improvement, but the operator still reads every transaction and still decides who sees what. This can work well for large institutions, but small to medium sized enterprises are left with the same privacy as their current banks unless they run their own Prividium nodes. STRK20 moves the switch into a standing viewing key and asks you to trust that a designated auditor reaches for it only when needed. In each of these models the real question is not whether your privacy can be switched off, but who gets to do the switching, and whether you would even know it happened.
Aztec takes the operator and the standing key out of the question entirely. You keep the data, you generate the proof, and you disclose the result, one fact at a time and only when you choose to. The off-switch never leaves your hands, and no operator, auditor, or node can reach it on your behalf. This is one of the benefits of a network that offers fully programmable, privacy-preserving smart contracts that put you in control.
Selective disclosure is how privacy survives contact with a regulator, and the model you pick decides who can open your history when you are not looking. On Aztec, that answer is no one but you.
Dive into the technical details: Try a live demo of selective disclosure on Aztec and read the technical article on how it was built.
Integrate with Aztec: Reach out if you are interested in integrating privacy into your project.
