Table of Contents
Fetching ...

ZK Coprocessor Bridge: Replay-Safe Private Execution from Solana to Aztec via Wormhole

Jotaro Yano

TL;DR

The paper presents a formal specification for a Solana→Aztec ZK coprocessor bridge that uses Wormhole VAAs to delegate private computation to Aztec L2 via Ethereum. It defines a normative Portal interface that parses the VAA payload as $\textsf{payload}=\textsf{secretHash}\\parallel m$ and derives a domain-separated field commitment $c=toField(\text{Keccak-256}(\mathsf{dom}\\parallel m))$ with $\mathsf{dom}=\text{Keccak-256}(\"ZKCB/v1\"\\parallel emitterChainId \\parallel emitterAddress \\parallel sequence)$. The work provides state machines and invariants for replay-safety and single-consumption, plus proof sketches covering parameter binding, origin authenticity, finality alignment, privacy, idempotence, and liveness, along with migration guidance and a reproducibility note. It positions the bridge as a targeted, replay-safe offload mechanism that supplements Solana privacy efforts by dispatching private tasks to Aztec, with receipts enabling end-to-end traceability. The reproducibility section pins toolchains and provides a practical blueprint to replicate a public-testnet run, facilitating adoption and evaluation in real-world environments.

Abstract

We formalize a cross-domain "ZK coprocessor bridge" that lets Solana programs request private execution on Aztec L2 (via Ethereum) using Wormhole Verifiable Action Approvals (VAAs) as authenticated transport. The system comprises: (i) a Solana program that posts messages to Wormhole Core with explicit finality; (ii) an EVM Portal that verifies VAAs, enforces a replay lock, parses a bound payload secretHash||m from the attested VAA, derives a domain-separated field commitment, and enqueues an L1->L2 message into the Aztec Inbox (our reference implementation v0.1.0 currently uses consumeWithSecret(vaa, secretHash); we provide migration guidance to the payload-bound interface); (iii) a minimal Aztec contract that consumes the message privately; and (iv) an off-chain relayer that ferries VAAs and can record receipts on Solana. We present state machines, message formats, and proof sketches for replay-safety, origin authenticity, finality alignment, parameter binding (no relayer front-running of Aztec parameters), privacy, idempotence, and liveness. Finally, we include a concise Reproducibility note with pinned versions and artifacts to replicate a public testnet run.

ZK Coprocessor Bridge: Replay-Safe Private Execution from Solana to Aztec via Wormhole

TL;DR

The paper presents a formal specification for a Solana→Aztec ZK coprocessor bridge that uses Wormhole VAAs to delegate private computation to Aztec L2 via Ethereum. It defines a normative Portal interface that parses the VAA payload as and derives a domain-separated field commitment with . The work provides state machines and invariants for replay-safety and single-consumption, plus proof sketches covering parameter binding, origin authenticity, finality alignment, privacy, idempotence, and liveness, along with migration guidance and a reproducibility note. It positions the bridge as a targeted, replay-safe offload mechanism that supplements Solana privacy efforts by dispatching private tasks to Aztec, with receipts enabling end-to-end traceability. The reproducibility section pins toolchains and provides a practical blueprint to replicate a public-testnet run, facilitating adoption and evaluation in real-world environments.

Abstract

We formalize a cross-domain "ZK coprocessor bridge" that lets Solana programs request private execution on Aztec L2 (via Ethereum) using Wormhole Verifiable Action Approvals (VAAs) as authenticated transport. The system comprises: (i) a Solana program that posts messages to Wormhole Core with explicit finality; (ii) an EVM Portal that verifies VAAs, enforces a replay lock, parses a bound payload secretHash||m from the attested VAA, derives a domain-separated field commitment, and enqueues an L1->L2 message into the Aztec Inbox (our reference implementation v0.1.0 currently uses consumeWithSecret(vaa, secretHash); we provide migration guidance to the payload-bound interface); (iii) a minimal Aztec contract that consumes the message privately; and (iv) an off-chain relayer that ferries VAAs and can record receipts on Solana. We present state machines, message formats, and proof sketches for replay-safety, origin authenticity, finality alignment, parameter binding (no relayer front-running of Aztec parameters), privacy, idempotence, and liveness. Finally, we include a concise Reproducibility note with pinned versions and artifacts to replicate a public testnet run.
Paper Structure (37 sections, 3 equations, 1 figure, 1 table)