Aztec Network
30 Aug
## min read

AZTEC: How the Ceremony Works (Advanced Version)

Learn all the technical details about Aztec's Ceremony, how it works, and some other nuances.

Share
Blog
>
Aztec Network
>
AZTEC: How the Ceremony Works (Advanced Version)
Written by
Edited by

Advanced Version | Switch to Basic Version

Approach

We’ll first explain how AZTEC Notes get validated — in other words, how our range proof works.

That should help explain why we need a ceremony — in particular, why we require a register of points known as the AZTEC Codex.

References

AZTEC White Paper

Motivation

AZTEC’s Core Transaction is a confidential UTXO — given an input note of size k₁ we wish to spend money by generating output notes size k₂ and k₃ — for example, k₂ might be the amount you’re sending a counterparty, and k₃ may be the spare change you want to keep.

  1. k₁ = k₂ + k₃ —encryption via sigma protocols allows this to be easily checked — details in our White Paper
  2. k₂ and k₃ are both within a fixed range, and therefore the wrap-around attack (e.g. 10 = 11 + -1) is not available to the attacker

To achieve (2), the range proof, AZTEC instead deploys a proof of set membership — i.e. that the encrypted forms of k₂ and k₃ sit inside a proscribed set 1, 2, 3, …, Max.

How to Prove (2) — the Range Proof

AZTEC’s range proof extends a set membership technique of Camenish et al, using Boneh-Boyen signatures.

Suppose, somehow, there exists a register of encrypted numbers k, of the following form:

The AZTEC Codex, built on generator point h

Note that to the observer these are just points — they can’t explicitly ‘see’ y. So it’s nice to rewrite these as:

The Codex again, but neatening up the notation

Suppose further that another generator g₂ is raised to the power of y, and that the result of this has been published somewhere for all to see:

The AZTEC Reference Point

Well, it turns out that there’s a clever construction allowing a prover / spender to ‘wrap’ one of these numbers (we call this a ‘note’), and prove to a third party that either he / she knows the number y, or else that the note was formed from this register — in other words, that the number j is in the range.

This construction requires a fresh random number v (the viewing key) for each note, and is formed as follows:

An AZTEC Commitment — creating a note of value k, and viewing key v — please note that in the AZTEC White Paper this is actually denoted as the variable a

Note that this can be formed without knowledge of y. But magically, we have constructed two points with a special relationship — the right-hand argument can be rewritten as follows:

Rewriting the right-hand argument of the AZTEC Commitment — and out drops y

So, we’ve got a pair of points related by y.

Now, recall that an elliptic curve pairing allows ‘ratios’ of exponents to be compared — well, let’s haul in that Reference Point, and check:

Check that the ratio bedded into the AZTEC Note really is y

If this is true, what can we deduce?

Well, either:

  1. The spender had access to y, or
  2. The spender must have used one of the points from the AZTEC shelf (codex) — otherwise, generating a ‘ratio’ of y between these points would have been impossible

We need to stop (1) being an option.

That’s where the AZTEC Ceremony comes in — to avoid y ever being explicitly created.

The Mathematics of the Ceremony

We know what we need to do — we need to build that Codex of points, without y ever being explicitly constructed.

As a reminder, we need to construct Boneh-Boyen signatures for each k as follows:

The k’th Codex Point

Here’s the first observation — those Boneh-Boyen signatures are just expressions in y. How could we construct this not knowing y? Well, we can certainly do it if we know the following ‘monomials’ in y:

The monomials in y, in the exponent of h

If we could construct these, then the task of building that Codex is pretty simple — define two polynomials (we’ll be evaluating both of these at y):

Now notice that we can divide these to get:

In other words, we can find the k’th point of the Codex with the following computation:

And even better, we can do it without ever knowing y.

How?

Well, we just need to know Mon(y) (i.e. the monomials evaluated as elliptic curve points) and then compute all those coefficients — expensive and painful, yes.

But we only need to go through this once.

A Rotation Trick

Dividing in elliptic curve world is pretty hard work.

So here’s a trick. Let’s actually do everything base g, and then define h as:

Shifting the base point

We’ve essentially rotated the whole curve around by a factor of Γ(y), to avoid a nasty division!

Those Monomials — How Did You Make Them?

Fortunately, that’s the simplest bit of all — we have a relay.

Participant 1 takes the generator point h (computed from g as already seen), and then generates some toxic information z₁. Finally, they form Transcript 1 as follows:

Next, Participant 2 receives these points and rolls in their toxic information to form:

Note that Participant 2 does this just by exponentiating Participant 1’s points — never knowing what number z₁ was used to form them.

If there are (say) 100 participants, then the number y is in fact:

But, unless every single participant colluded with its neighbours, this number will never be known .

And We’re Done

Now to reattach names to the maths:

  1. The Relay — The process of forming Mon(y) by producing the Transcripts one after the next
  2. Post Processing — The process of computing those coefficients, and working out the Codex of Boneh Boyen signatures

So now you know what’s going on under the hood.

Read more
Aztec Network
Aztec Network
22 Jan
xx min read

The $AZTEC TGE Vote: What You Need to Know

The TL:DR:

  • The $AZTEC token sale, conducted entirely onchain concluded on December 6, 2025, with ~50% of the capital committed coming from the community. 
  • Immediately following the sale, tokens could be withdrawn from the sale website into personal Token Vault smart contracts on the Ethereum mainnet.
  • The proposal for TGE (Token Generation Event) is now live, and sequencers can start signaling to bring the proposal to a vote to unlock these tokens and make them tradeable. 
  • Anyone who participated in the token sale can participate in the TGE vote. 

The $AZTEC token sale was the first of its kind, conducted entirely onchain with ~50% of the capital committed coming from the community. The sale was conducted completely onchain to ensure that you have control over your tokens from day one. As we approach the TGE vote, all token sale participants will be able to vote to unlock their tokens and make them tradable. 

What Is This Vote About?

Immediately following the $AZTEC token sale, tokens could be withdrawn from the sale website into your personal Token Vault smart contracts on the Ethereum mainnet. Right now, token holders are not able to transfer or trade these tokens. 

The TGE is a governance vote that decides when to unlock these tokens. If the vote passes, three things happen:

  1. Tokens purchased in the token sale become fully transferable 
  2. Trading goes live for the Uniswap v4 pool
  3. Block rewards become transferable for sequencers

This decision is entirely in the hands of $AZTEC token holders. The Aztec Labs and Aztec Foundation teams, and investors cannot participate in staking or governance for 12 months, which includes the TGE governance proposal. Team and investor tokens will also remain locked for 1 year and then slowly unlock over the next 2 years. 

The proposal for TGE is now live, and sequencers are already signaling to bring the proposal to a vote. Once enough sequencers have signaled, anyone who participated in the token sale will be able to connect their Token Vault contract to the governance dashboard to vote. Note, this will require you to stake/unstake and follow the regular 15-day process to withdraw tokens.

If the vote passes, TGE can go live as early as February 11, 2026, at 14:00 UTC. TGE can be executed by the first person to call the execute function to execute the proposal after the time above. 

How Do I Participate?

If you participated in the token sale, you don't have to do anything if you prefer not to vote. If the vote passes, your tokens will become available to trade at TGE. If you want to vote, the process happens in two phases:

Phase 1: Sequencer Signaling

Sequencers kick things off by signaling their support. Once 600 out of 1,000 sequencers signal, the proposal moves to a community vote.

Phase 2: Community Voting

After sequencers create the proposal, all Token Vault holders can vote using the voting governance dashboard. Please note that anyone who wants to vote must stake their tokens, locking their tokens for at least 15 days to ensure the proposal can be executed before the voter exits. Once signaling is complete, the timeline is as follows:

  • Days 1–3: Waiting period 
  • Days 4–10: Voting period (7 days to cast your vote)
  • Days 11–17: Execution delay
  • Days 18–24: Grace period to execute the proposal

Vote Requirements:

  • At least 100M tokens must participate in the vote. This is less than 10% of the tokens sold in the token sale.  
  • 66% of votes must be in favor for the vote to pass.

Frequently Asked Questions

Do I need to participate in the vote? No. If you don't vote, your tokens will become available for trading when TGE goes live. 

Can I vote if I have less than 200,000 tokens? Yes! Anyone who participated in the token sale can participate in the TGE vote. You'll need to connect your wallet to the governance dashboard to vote. 

Is there a withdrawal period for my tokens after I vote? Yes. If you participate in the vote, you will need to withdraw your tokens after voting. Voters can initiate a withdrawal of their tokens immediately after voting, but require a standard 15-day withdrawal period to ensure the vote is executed before voters can exit.

If I have over 200,000 tokens is additional action required to make my tokens tradable after TGE? Yes. If you purchased over 200,000 $AZTEC tokens, you will need to stake your tokens before they become tradable. 

What if the vote fails? A new proposal can be submitted. Your tokens remain locked until a successful vote is completed, or the fallback date of November 13, 2026, whichever happens first.

I'm a Genesis sequencer. Does this apply to me? Genesis sequencer tokens cannot be unlocked early. You must wait until November 13, 2026, to withdraw. However, you can still influence the vote by signaling, earn block rewards, and benefit from trading being enabled.

Where to Learn More

This overview covers the essentials, but the full technical proposal includes contract addresses, code details, and step-by-step instructions for sequencers and advanced users. 

Read the complete proposal on the Aztec Forum and join us for the Privacy Rabbit Hole on Discord happening this Thursday, January 22, 2026, at 15:00 UTC. 

Follow Aztec on X to stay up to date on the latest developments.

Read more
Aztec Network
Aztec Network
6 Dec
xx min read

$AZTEC TGE: Next Steps For Holders

The TL;DR: 

The $AZTEC token sale was conducted entirely onchain to maximize transparency and fair distribution. Next steps for holders are as follows:

  1. Step 1: Create your Token Vault on the sale website. Your Token Vault will keep your tokens secure on Ethereum, keep them non-transferable until TGE, allow you to stake/delegate/participate in governance, and then withdraw them to your wallet after TGE.
  1. Step 2: Staking and Earning Block Rewards. If you have more than 200,000 tokens, you can start staking today on the staking dashboard
  1. Step 3: Token sale participants can vote for TGE as early as February 11th, 2026, at which 100% of tokens from the sale become transferable, and a Uniswap V4 pool goes live. 

The $AZTEC token sale has come to a close– the sale was conducted entirely onchain, and the power is now in your hands. Over 16.7k people participated, with 19,476 ETH raised. A huge thank you to our community and everyone who participated– you all really showed up for privacy. 50% of the capital committed has come from the community of users, testnet operators and creators!

Now that you have your tokens, what’s next? This guide walks you through the next steps leading up to TGE, showing you how to withdraw, stake, and vote with your tokens.

Step 1: Creating a Token Vault 

The $AZTEC sale was conducted onchain to ensure that you have control over your own tokens from day 1 (even before tokens become transferable at TGE). 

The team has no control over your tokens. You will be self-custodying them in a smart contract known as the Token Vault on the Ethereum mainnet ahead of TGE. 

Your Token Vault contract will: 

  • Keep your tokens secure on the Ethereum mainnet.
  • Ensure tokens remain non-transferable until TGE.
  • Allows you to stake, delegate, and take part in governance.
  • After TGE, you can withdraw your tokens to your wallet.

To create and withdraw your tokens to your Token Vault, simply go to the sale website and click on ‘Create Token Vault.’ Any unused ETH from your bids will be returned to your wallet in the process of creating your Token Vault. 

Step 2: Staking and Earning Block Rewards 

If you have 200,000+ tokens, you are eligible to start staking and earning block rewards today. 

You can stake by connecting your Token Vault to the staking dashboard, just select a provider to delegate your stake. Alternatively, you can run your own sequencer node.

If your Token Vault holds 200,000+ tokens, you must stake in order to withdraw your tokens after TGE. If your Token Vault holds less than 200,000 tokens, you can withdraw without any additional steps at TGE

Fractional staking for anyone with less than 200,000 tokens is not currently supported, but multiple external projects are already working to offer this in the future. 

Step 3: TGE 

TGE is triggered by an onchain governance vote, which can happen as early as February 11th, 2026. 

At TGE, 100% of tokens from the token sale will be transferable. Only token sale participants and genesis sequencers can participate in the TGE vote, and only tokens purchased in the sale will become transferrable. 

How does the voting process work? 

Community members discuss potential votes on the governance forum. If the community agrees, sequencers signal to start a vote with their block proposals. Once enough sequencers agree, the vote goes onchain for eligible token holders. 

Voting lasts 7 days, requires participation of at least 100,000,000 $AZTEC tokens, and passes if 2/3 vote yes.

What happens when the vote passes? 

Following a successful yes vote, anyone can execute the proposal after a 7-day execution delay, triggering TGE. 

At TGE, the following tokens will be 100% unlocked and available for trading: 

  • All tokens in Token Vaults that belong to token sale participants.
  • Accumulated block rewards for anyone staking.
  • Uniswap V4 pool. This pool will have 273,000,000 $AZTEC tokens and a matching ETH amount at the final clearing price. 

Join us Thursday, December 11th at 3 pm UTC for the next Discord Town Hall–AMA style on next steps for token holders. Follow Aztec on X to stay up to date on the latest developments.

Read more
Aztec Network
Aztec Network
13 Nov
xx min read

The ticker is $AZTEC

We invented the math. We wrote the language. Proved the concept and now, we’re opening registration and bidding for the $AZTEC token today, starting at 3 pm CET. 

The community-first distribution offers a starting floor price based on a $350 million fully diluted valuation (FDV), representing an approximate 75% discount to the implied network valuation (based on the latest valuation from Aztec Labs’ equity financings). The auction also features per-user participation caps to give community members genuine, bid-clearing opportunities to participate daily through the entirety of the auction. 

How to Check Eligibility and Submit Your Bid 

The token auction portal is live at: sale.aztec.network

  • This is the only valid link to the $AZTEC token auction site. Be cautious of phishing scams. No one from the Aztec team will ever contact you directly for seed phrase or private keys. 
  • Visit the site to verify your eligibility and mint a soul-bound NFT that confirms your participation rights. 
  • We have incorporated zero-knowledge proofs into the sale smart contracts by using ZKPassport's Noir circuits to ensure compliant sanctions checks without risking the privacy of our users. 
  • Registration and bidding for early contributors start today, November 13th, at 3 PM CET, with early contributors receiving one day of exclusive access before bidding opens to the general public.
  • The public auction will run from December 2nd, 2025, to December 6th, 2025, at which point tokens can be withdrawn and staked.

Why Are We Doing This? 

We’ve taken the community access that made the 2017 ICO era great and made it even better. 

For the past several months, we've worked closely with Uniswap Labs as core contributors on the CCA protocol, a set of smart contracts that challenge traditional token distribution mechanisms to prioritize fair access, permissionless, on-chain access to community members and the general public pre-launch. This means that on day 1 of the unlock, 100% of the community's $AZTEC tokens will be unlocked.

This model is values-aligned with our Core team and addresses the current challenges in token distribution, where retail participants often face unfair disadvantages against whales and institutions that hold large amounts of money. 

Early contributors and long-standing community members, including genesis sequencers, OG Aztec Connect users, network operators, and community members, can start bidding today, ahead of the public auction, giving those who are whitelisted a head start and early advantage for competitive pricing. Community members can participate by visiting the token sale site to verify eligibility and mint a soul-bound NFT that confirms participation rights. 

To read more about Aztec’s fair-access token sale, visit the economic and technical whitepapers and the token regulatory report.

Discount Price Disclaimer: Any reference to a prior valuation or percentage discount is provided solely to inform potential purchasers of how the initial floor price for the token sale was calculated. Equity financing valuations were determined under specific circumstances that are not comparable to this offering. They do not represent, and should not be relied upon as, the current or future market value of the tokens, nor as an indication of potential returns. The price of tokens may fluctuate substantially, the token may lose its value in part or in full, and purchasers should make independent assessments without reliance on past valuations. No representation or warranty is made that any purchaser will achieve profits or recover the purchase price.

Information for Persons in the UK: This communication is directed only at persons outside the UK. Persons in the UK are not permitted to participate in the token sale and must not act upon this communication.

MiCA Disclaimer: Any crypto-asset marketing communications made from this account have not been reviewed or approved by any competent authority in any Member State of the European Union. Aztec Foundation as the offeror of the crypto-asset is solely responsible for the content of such crypto-asset marketing communications. The Aztec MiCA white paper has been published and is available here. The Aztec Foundation can be contacted at hello@aztec.foundation or +41 41 710 16 70. For more information about the Aztec Foundation, visit https://aztec.foundation.

Read more
Aztec Network
Aztec Network
28 Oct
xx min read

Your Favorite DeFi Apps, Now With Privacy

Every time you swap tokens on Uniswap, deposit into a yield vault, or vote in a DAO, you're broadcasting your moves to the world. Anyone can see what you own, where you trade, how much you invest, and when you move your money.

Tracking and analysis tools like Chainalysis and TRM are already extremely advanced, and will only grow stronger with advances in AI in the coming years. The implications of this are that the ‘pseudo-anonymous’ wallets on Ethereum are quickly becoming linked to real-world identities. This is concerning for protecting your personal privacy, but it’s also a major blocker in bringing institutions on-chain with full compliance for their users. 

Until now, your only option was to abandon your favorite apps and move to specialized privacy-focused apps or chains with varying degrees of privacy. You'd lose access to the DeFi ecosystem as you know it now, the liquidity you depend on, and the community you're part of. 

What if you could keep using Uniswap, Aave, Yearn, and every other app you love, but with your identity staying private? No switching chains. Just an incognito mode for your existing on-chain life? 

If you’ve been following Aztec for a while, you would be right to think about Aztec Connect here, which was hugely popular with $17M TVL and over 100,000 active wallets, but was sunset in 2024 to focus on bringing a general-purpose privacy network to life. 

Read on to learn how you’ll be able to import privacy to any L2, using one of the many privacy-focused bridges that are already built. 

The Aztec Network  

Aztec is a fully decentralized, privacy-preserving L2 on Ethereum. You can think of Aztec as a private world computer with full end-to-end programmable privacy. A private world computer extends Ethereum to add optional privacy at every level, from identity and transactions to the smart contracts themselves. 

On Aztec, every wallet is a smart contract that gives users complete control over which aspects they want to make public or keep private. 

Aztec is currently in Testnet, but will have multiple privacy-preserving bridges live for its mainnet launch, unlocking a myriad of privacy preserving features.

Bringing Privacy to You

Now, several bridges, including Wormhole, TRAIN, and Substance, are connecting Aztec to other chains, adding a privacy layer to the L2s you already use. Think of it as a secure tunnel between you and any DeFi app on Ethereum, Arbitrum, Base, Optimism, or other major chains.

Here's what changes: You can now use any DeFi protocol without revealing your identity. Furthermore, you can also unlock brand new features that take advantage of Aztec’s private smart contracts, like private DAO voting or private compliance checks. 

Here's what you can do:

  • Use DeFi without revealing your portfolio: trade on Uniswap or deposit into Yearn without broadcasting your strategy to the world
  • Donate to causes without being tracked: support projects on Base without linking donations to your identity
  • Vote in DAOs without others seeing your choices: participate in governance on Arbitrum while keeping your votes private
  • Prove you're legitimate without doxxing yourself: pass compliance checks or prove asset ownership without revealing which specific assets you hold
  • Access exclusive perks without revealing which NFTs you own: unlock token-gated content on Optimism without showing your entire collection

The apps stay where they are. Your liquidity stays where it is. Your community stays where it is. You just get a privacy upgrade.

How It Actually Works 

Let's follow Alice through a real example.

Alice wants to invest $1,000 USDC into a yield vault on Arbitrum without revealing her identity. 

Step 1: Alice Sends Funds Through Aztec

Alice moves her funds into Aztec's privacy layer. This could be done in one click directly in the app that she’s already using if the app has integrated one of the bridges. Think of this like dropping a sealed envelope into a secure mailbox. The funds enter a private space where transactions can't be tracked back to her wallet.

Step 2: The Funds Arrive at the DeFi Vault

Aztec routes Alice's funds to the Yearn vault on Arbitrum. The vault sees a deposit and issues yield-earning tokens. But there's no way to trace those tokens back to Alice's original wallet. Others can see someone made a deposit, but they have no idea who.

Step 3: Alice Gets Her Tokens Back Privately

The yield tokens arrive in Alice's private Aztec wallet. She can hold them, trade them privately, or eventually withdraw them, without anyone connecting the dots.

Step 4: Alice Earns Yield With Complete Privacy

Alice is earning yield on Arbitrum using the exact same vault as everyone else. But while other users broadcast their entire investment strategy, Alice's moves remain private. 

The difference looks like this:

Without privacy: "Wallet 0x742d...89ab deposited $5,000 into Yearn vault at 2:47 PM"

With Aztec privacy: "Someone deposited funds into Yearn vault" (but who? from where? how much? unknowable).

In the future, we expect apps to directly integrate Aztec, making this experience seamless for you as a user. 

The Developers Behind the Bridges 

While Aztec is still in Testnet, multiple teams are already building bridges right now in preparation for the mainnet launch.

Projects like Substance Labs, Train, and Wormhole are creating connections between Aztec and major chains like Optimism, Unichain, Solana, and Aptos. This means you'll soon have private access to DeFi across nearly every major ecosystem.

Aztec has also launched a dedicated cross-chain catalyst program to support developers with grants to build additional bridges and apps. 

Unifying Liquidity Across Ethereum L2s

L2s have sometimes received criticism for fragmenting liquidity across chains. Aztec is taking a different approach. Instead, Aztec is bringing privacy to the liquidity that already exists. Your funds stay on Arbitrum, Optimism, Base, wherever the deepest pools and best apps already live. Aztec doesn't compete for liquidity, it adds privacy to existing liquidity.

You can access Uniswap's billions in trading volume. You can tap into Aave's massive lending pools. You can deposit into Yearn's established vaults, all without moving liquidity away from where it's most useful.

The Future of Private DeFi

We’re rolling out a new approach to how we think about L2s on Ethereum. Rather than forcing users to choose between privacy and access to the best DeFi applications, we’re making privacy a feature you can add to any protocol you're already using. As more bridges go live and applications integrate Aztec directly, using DeFi privately will become as simple as clicking a button—no technical knowledge required, no compromise on the apps and liquidity you depend on.

While Aztec is currently in testnet, the infrastructure is rapidly taking shape. With multiple bridge providers building connections to major chains and a dedicated catalyst program supporting developers, the path to mainnet is clear. Soon, you'll be able to protect your privacy while still participating fully in the Ethereum ecosystem. 

If you’re a developer and want a full technical breakdown, check out this post. To stay up to date with the latest updates for network operators, join the Aztec Discord and follow Aztec on X.

Read more
Participate
Sequencers

Sequencers

Provers

Provers

Projects

Projects

Engage
Media

Media

Discord

Discord

Youtube

Youtube

X

X