Interpretation of Aleo's latest algorithm Synthesis Puzzle: Leading the Web3 privacy revolution

Aleo is a blockchain project focused on privacy protection, achieving higher privacy and scalability through zero-knowledge proof technology (ZKP). The core idea of ​​Aleo is to enable users to authenticate and process data without revealing their personal data. This article mainly introduces the Aleo project outline and latest progress, and provides a detailed explanation of the puzzle algorithm update that the market is very concerned about. Preview of the latest algorithm;) The TLDRAleo network randomly generates a ZK circuit every hour; miners need to try different nonce as the input of the circuit during this hour to calculate the witness (that is, all variables in the circuit, this calculation process is also called synthesisize) , after finding the Merkle root for the witness, determine whether it meets the mining difficulty requirements. Due to the randomness of the circuit, this mining algorithm is not GPU-friendly and has great difficulty in computing acceleration. Financing Background Aleo completed a US$28 million Series A financing led by a16z in 2021, and a US$200 million Series B financing in 2024. Investors include Kora Management, SoftBank Vision Fund 2, Tiger Global, Sea Capital, Slow Ventures and Samsung Next, among others. The funding round values ​​Aleo at $1.45 billion. Project Overview Privacy The core of Aleo is zero-knowledge proofs (ZKPs) technology, which allows transactions and smart contract execution to be performed while maintaining privacy. User's transaction details, such as sender and transaction amount, are hidden by default. This design not only protects user privacy, but also allows selective disclosure when necessary, which is very suitable for the development of DeFi applications. Its main components include: Leo compiled language: adapted from the Rust language and specially used to develop zero-knowledge applications (ZKApps), reducing developers' requirements for cryptography knowledge. snarkVM and snarkOS: snarkVM allows calculations to be performed off-chain and only the calculation results are verified on-chain, thus improving efficiency. snarkOS ensures the security of data and computation and allows permissionless function execution. zkCloud: Provides a secure and private off-chain computing environment, supporting programming interactions between users, organizations and DAOs. Aleo also provides an integrated development environment (IDE) and software development kit (SDK) to support developers to quickly write and publish applications; in addition, developers can deploy applications in Aleo's program registry without relying on third parties, which is convenient Reduced platform risk. Scalability Aleo adopts an off-chain processing method. Transactions are first calculated on the user device and then only the verification results are uploaded to the blockchain. This approach greatly improves transaction processing speed and system scalability, and avoids network congestion and high fees similar to Ethereum. Consensus mechanism Aleo introduces AleoBFT, a hybrid architecture consensus mechanism that combines the instant finality of the verifier and the computing power of the prover. AleoBFT not only increases the decentralization of the network, but also enhances performance and security. Fast block finality: AleoBFT ensures that each block is confirmed immediately after generation, improving node stability and user experience. Decentralization guarantee: By separating block production from coinbase generation, the verifier is responsible for generating blocks and the prover performs proof calculations to prevent a few entities from monopolizing the network. Incentive mechanism: Verifiers and certifiers share block rewards; certifiers are encouraged to become verifiers by pledging tokens, thereby improving the decentralization and computing power of the network. Aleo allows developers to create applications that are not gas bound, making it particularly suitable for long-running applications such as machine learning. Current Progress Aleo will launch an incentivized testnet on July 1st, here are some important latest information: ARC-100 Voted passed: ARC-100 ("Compliance Best Practices for Aleo Developers and Operators" proposal, involving compliance In terms of regulations, security measures such as locking and delayed arrival of funds on the Aleo network, the voting has ended and was passed. The team is making final adjustments. Validator Incentive Program: This program will launch on July 1st to validate new puzzle mechanisms. The program will run until July 15, during which time 1 million Aleo points will be distributed as rewards. The percentage of points generated by a node will determine its share of rewards, with each validator needing to earn at least 100 tokens to receive rewards. Specific details have not yet been finalized. Initial Supply and Circulating Supply: The initial supply is 1.5 billion tokens and the initial circulating supply is approximately 10% (not yet finalized). The tokens, primarily derived from Coinbase missions (75 million), will be distributed over the first six months, along with rewards for staking, running validators, and validating nodes. Testnet Beta Reset: This is the last network reset, no new features will be added when completed and the network will be similar to mainnet. Reset to add ARC-41 and new puzzle functionality. Code Freeze: The code freeze was completed a week ago. Validation node expansion plan: The initial number of validating nodes is 15, with the goal of increasing to 50 within the year and eventually reaching 500. It takes 10,000 tokens to become a delegator and 10 million tokens to become a validator, and these amounts will gradually decrease over time.

Interpretation of algorithm update

While Aleo recently announced the latest testnet news, it also updated the latest version of the puzzle algorithm. The new algorithm no longer focuses on the generation of zk proof results, and has removed MSM and NTT (both of which are heavily used in zk proof generation). The calculation module (previously used by testnet participants to optimize the efficiency of the algorithm to increase mining revenue), focuses on the generation of intermediate data witnesses before generating proof. We will give a brief introduction to the latest algorithm after referring to the official puzzle spec and code.

Consensus process

At the consensus protocol level, the prover and validator in the process are respectively responsible for generating the calculation result solution and generating the block, aggregating and packaging the solution. The process is as follows:

1. Prover calculates puzzles to construct solutions and broadcasts them to the network
2. Validator aggregates transactions and solutions into the next new block, ensuring that the number of solutions does not exceed the consensus limit (MAX_SOLUTIONS)
3. The legality of the solution needs to be verified The epoch_hash conforms to the latest_epoch_hash maintained by the validator, and its calculated proof_target conforms to the latest_proof_target maintained by the validator in the network. At the same time, the number of solutions contained in the block is less than the consensus limit
4. Effective solutions can obtain consensus rewards

Synthesis Puzzle

The latest version The core of the algorithm is called Synthesis Puzzle. Its core is to generate a common EpochProgram for each epoch. By constructing an R1CS proof circuit for the input and EpochProgram, the corresponding R1CS assignment (that is, the witness mentioned by everyone) is generated and used as a leaf node of the Merkle tree. , after calculating all leaf nodes, the Merkle root is generated and converted into the proof_target of the solution. The detailed process and specifications for building Synthesis Puzzle are as follows:

1. Each puzzle calculation is called nonce, which is constructed from the address that receives the mining reward, epoch_hash and a random number counter. It can be updated every time a new solution needs to be calculated. The counter obtains a new nonce

2. In each epoch, the EpochProgram that all provers in the network need to calculate is the same. It is sampled from the instruction set by the random number generated by the current epoch_hash. The sampling logic is:

   • The instruction set is Fixed, each instruction contains one or more calculation operations. Each instruction has a preset weight and operation count. When sampling, a random number is generated based on the current epoch_hash, and the random number is obtained from the instruction set combined with the weight. Instructions are arranged sequentially, and sampling is stopped after the cumulative operation count reaches 97
   • Compose all instructions into EpochProgram
   Use nonce as a random number seed to generate the input of EpochProgram
3. Aggregate the R1CS and input corresponding to EpochProgram, and perform witness (R1CS assignment) Calculate
4. After all the witnesses are calculated, these witnesses will be converted into the leaf node sequence of the corresponding merkle tree. The merkle tree is an 8-element K-ary Merkle tree with a depth of 8
5. Calculate the merkle root and convert it into a solution The proof_target of the current epoch is judged whether it meets the latest_proof_target of the current epoch. If it is met, the calculation is successful. Submit the reward address, epoch_hash and counter required to construct the input above as the solution and broadcast
6. In the same epoch, the EpochProgram can be updated by iterating the counter. Enter multiple solution calculations

7. Changes and impacts of mining

After this update, the puzzle has changed from generating proof to generating witness. All solution calculation logic in each epoch is consistent, but the calculation logic of different epochs is Big difference.

From the previous test network, we can find that many optimization methods focus on using GPU to optimize MSM and NTT calculations in the proof generation stage, thereby improving mining efficiency. This update completely abandons this part of the calculation; at the same time, because the process of generating a witness is generated by executing a program that changes with epoch, the instructions in it will have some dependencies on serial execution, so it is not a small challenge to achieve parallelization.

The above is the detailed content of Interpretation of Aleo's latest algorithm Synthesis Puzzle: Leading the Web3 privacy revolution. For more information, please follow other related articles on the PHP Chinese website!