Privacy of Transactions

So if I understand it correctly, private transactions have proofs created locally and then are submitted to the sequencer - but for the sequencer to update the state, it must have a way of learning what the transaction is no?

SO on aztec is the privacy limited to at most the sequencer knowing what my transaction is?

If not, and the sequencer does not see individual transactions, at the least it should now the state change right?

Could it then not infer qualities about the included transactions from this state change and thus reduce privacy?

i.e. only one tx affecting “uniswapETHUSDpool” contract, would reveal info?

69 Likes

The sequencer actually doesnt update the state. They update commitments to state and nullifiers (which cant be linked to previous commitments) that invalidate old state (since commitments cannot be deleted without revealing info).

Users must be able to provide correct inputs to commitments and nullifiers to update state.

63 Likes

To add to the response of Josh, the note commitments are stored in an append-only tree and the commitments themselves are never modified. So to update some state variable you “delete the value” by emitting a nullifier and then you create a new note representing the modified state.

That way the sequencer only sees that some new commitments (append only tree) and nullifiers (sparese tree) got appended/inserted and it can’t determine which txs are related by because indices of leaves do not reveal anything (which would be the case if the commitments were updated and not appended).

68 Likes