The Provable team has successfully coordinated a network upgrade with validators across all Aleo networks to roll-out important updates to Aleo records and the Varuna proof system.

Records are a core primitive for encapsulating private state within programs on Aleo. Records are programmable and expressed in Leo by developers as a unit of storage for programs deployed on-chain.

Varuna is an evolution of our peer-reviewed Marlin zkSNARK protocol, optimized to be the core cryptographic system that enables Aleo's private transactions and smart contract execution by allowing users to prove computation validity without revealing sensitive data.

This upgrade demonstrates Aleo's commitment to maintaining a fully-upgradeable zero-knowledge proof system that evolves with the latest security & cryptography research, and upholds the privacy principles that developers and users have come to appreciate in Aleo.

Key Updates

Introducing a Sender Ciphertext to Aleo Records

Our cryptography team has implemented a new compliance mechanism that allows record recipients to identify the originating sender. Every new record now includes a sender ciphertext, which is defined as an encrypted message containing the originating sender’s Aleo address. This sender ciphertext is encrypted under the recipient’s address, ensuring only the sender and receiver know who sent the record on the Aleo Network.

Going forward, this feature will be enabled as a default, and enforced for correctness by validators during consensus. This feature ensures records offer provenance for the recipient, allowing for the respective parties to demonstrate their adherence to future compliance requirements of the chain. In addition, a feature has been built-in to allow for a future protocol change to make this component optional or disabled, as new compliance standards become defined in jurisdictions worldwide.

To ensure this feature reaches all private Aleo credits, the major wallets operating on the Aleo network have agreed to collaborate on migrating user records. These wallets will help transition existing private Aleo credits into the new standard, providing comprehensive coverage for the rollout. As such, token holders will receive this update automatically from their wallet provider, requiring no action on their part.

Updates to the Varuna Batching Implementation

Our cryptography team implemented upgrades to Varuna's batching protocol, which enables efficient proof generation over multiple circuit statements. Through collaborative research with the security community, including feedback from our HackerOne program, we identified opportunities to strengthen the batching implementation. 

This update to Varuna addresses a design challenge that was identified in our implementation for zkSNARK batching: ensuring provers cannot adaptively modify their statements based on verifier randomness. Our solution adds one additional round to the Varuna Interactive Oracle Proof while preserving all existing performance characteristics and maintaining full-compatibility with all existing transactions.

The upgrade underwent comprehensive validation including unit testing, integration testing, and cryptographic audits to ensure it preserved all intended security properties of the proof system. The latest specification for Varuna can be found here: https://github.com/ProvableHQ/varuna-sage-impl/blob/main/docs/spec.pdf

What’s Next

Our Commitment to Upgradeable Infrastructure

Aleo's proving infrastructure is designed to be fully-upgradeable, allowing the core developers to integrate the latest advances in zero-knowledge cryptography while maintaining backwards compatibility with past transactions on the blockchain. This network upgrade demonstrates our continued ability to deploy improvements in a timely fashion across the ecosystem as new findings and research emerges.

Operational Excellence across the Aleo Ecosystem

This network upgrade demonstrates the ecosystem’s continued dedication to coordinate and facilitate major improvements to the Aleo Network. This process showcased a strong level of support in communication between validators, exchanges, wallet providers, proving pools, and developer communities.

We continue to strengthen our review processes with analysis of how protocol optimizations interact with existing mechanisms. Our coordination capabilities for network-wide upgrades ensure we can efficiently deploy improvements while maintaining the security and reliability our users depend on.

Acknowledgements

Our appreciation extends to the teams at the Aleo Network Foundation, University of Pennsylvania, and EPFL for their ongoing expertise and contributions to our cryptographic infrastructure. In addition, we thank our HackerOne security researchers for their responsible disclosure and professional collaboration. Additional recognition goes to zkSecurity and Trail of Bits for their thorough validation of the source code that contributed to this network upgrade.

This collaborative effort demonstrates the strength of our security & research community, along with our shared commitment to building robust, upgradeable cryptographic infrastructure that can evolve with the cutting edge of zero-knowledge research.