Architecture

ZKNetwork's architecture separates into two interdependent layers: an encrypted privacy substrate (Lunar Layer) and a public-facing application layer (Solar Layer).

Layer 0: The Privacy Substrate

Layer 0 is the encrypted foundation beneath all applications, chains, and agents — routing, verifying, and coordinating without exposing metadata. Content encryption alone is insufficient when metadata (who communicates with whom, when, how often, from where) remains exposed. Layer 0 protects content, metadata, identity, and intent.

Dual-Layer Architecture

☽ Lunar Layer — Privacy Infrastructure

Privacy-preserving protocols that route, verify, and coordinate beneath the public-facing layer.

Katzenpost Echomix Mix Networks — Post-quantum metadata-private mix network with memoryless mixing, Sphinx packets, and exponential delay distributions
Zero-knowledge trust systems for privacy-preserving authentication, credential verification, and data provenance without identity exposure
Noir-powered ZK circuits for privacy-preserving computation and verification
Aztec integration for confidential on-chain transactions and shielded computation
Cryptographic agility across the full protocol stack for post-quantum resilience
Decentralized coordination primitives for anonymous node discovery, peer routing, and encrypted application-layer communication

☉ Solar Layer — Applications & Physical Infrastructure

Public-facing applications, sovereign hardware, and coordination tools.

ZK-Edge Secure Edge Devices — Secure compute nodes running local mix-nodes, private AI inference, and DePIN operations
Privacy-first applications including WalletShield RPC privacy, metadata-private group chat, and developer SDKs
Community-owned DePIN infrastructure for distributed civic resilience and real-world coordination
Open governance interfaces and ecosystem participation tools

The Lunar Layer is foundational: mixnets anonymize communication, ZK proofs verify claims without exposing underlying data, and post-quantum cryptography protects against future threats. The Solar Layer activates this substrate through applications, hardware, and coordination tools. Its openness is survivable because the encrypted layer beneath is decentralized and resistant to capture.

Dual-Layer Architecture Diagram

The diagram above illustrates the symbiotic relationship between the Solar Layer (public-facing applications and physical infrastructure) and the Lunar Layer (encrypted privacy substrate). The Symbiotic Interface connects them: the Solar Layer's openness is secure because the Lunar Layer beneath is decentralized and capture-resistant. Architectural properties of antifragility, adaptability, and regeneration emerge from this layered design.

Aztec & Noir Integration

ZKNetwork leverages Aztec's privacy layer and Noir's ZK programming language as the foundation for its zero-knowledge infrastructure:

┌─────────────────────────────────────────────────────────────┐
│                    SOLAR LAYER                              │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
│  │  zk Apps    │  │   DePIN     │  │   DAO Governance    │  │
│  │    RPC      │  │  Hardware   │  │   (zk voting)       │  │
│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
├─────────────────────────────────────────────────────────────┤
│                    LUNAR LAYER                              │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
│  │ Mix Networks│  │   Noir ZK   │  │   Aztec Privacy     │  │
│  │   (Katzen)  │  │   Circuits  │  │      Layer          │  │
│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
└─────────────────────────────────────────────────────────────┘

Aztec Protocol

Confidential ERC20 — Privacy-preserving token transfers with full shielding
Aztec Connect — Private bridging to Ethereum and other L1s
Selective Disclosure — Compliance-ready privacy with proof of balance without revealing amounts

Noir Language

ZK-PKI — Privacy-preserving public key infrastructure built in Noir
ZK-Firewall — Zero-knowledge access control proofs
ZK-BOM — Verifiable supply chain provenance using recursive Noir proofs

Katzenpost Echomix: Quantum-Secure Mix Networks

ZKNetwork implements the Echomix protocol — a state-of-the-art mix network based on Katzenpost — providing strong metadata privacy with post-quantum security guarantees.

Sphinx & SURBs (Routing Layer)

Every message that enters the mixnet is a constant-length Sphinx packet: an onion-encrypted header plus an encrypted payload. A sender chooses a k-hop route, wraps the packet in k layers of public-key encryption, and attaches a Single-Use Reply Block (SURB) — another onion header that encodes a return path, encrypted such that neither the recipient nor any intermediate hop can link it back to the sender.

Pigeonhole Storage (Service Layer)

On top of Sphinx, Echomix offers a stateless courier API: clients deposit or fetch opaque blobs at replica servers through echoes. Each blob sits in a "Pigeonhole" identified by a pseudorandom 32-byte string, its Box-ID. Uploads, downloads, and replica-to-replica gossip are all ordinary Sphinx packets, so a global passive adversary sees nothing but cover traffic.

BACAP Vanilla (Cryptographic Core)

BACAP (Blinding-And-Capability) deterministically turns one 256-bit seed into an infinite one-way chain of storage locations and keys. Each piece of data that lands in a Pigeonhole is the signed triple: Box-ID, ciphertext, and signature — produced using Ed25519 elliptic curves.

Memoryless Mixing & Exponential Delay

Each message delay is independently sampled from the exponential distribution: f(x) = λe^{-λx}. This memoryless property means that at any point in time, each message has the same probability distribution of remaining delay, regardless of how long it has already been waiting. This provides mathematical guarantees against traffic analysis.

Security Objectives

Sender-Receiver Third-Party Unlinkability (SRTU) — Global passive adversaries cannot distinguish communication patterns
Input-Output Unlinkability (IO-U) — Even storage boxes containing inputs and outputs cannot be linked
Sender/Receiver Unobservability — Adversaries cannot determine whether any participant is communicating
Computation-Time Unlinkability — Correlation between input-dependent compute cost and observable timing is negligible

Layer 0 Privacy for ZK Stack

Every component of the ZKNetwork stack inherits Layer 0's metadata privacy guarantees, making privacy the default — not an opt-in feature:

ZK-PKI over Mixnets — Anonymous node identity verification without exposing which nodes you're querying or trusting
ZK-Firewall (Access Control) — Zero-knowledge access control proofs travel via mixnet routing
ZK-BOM (Provenance Tracking) — Recursive Noir proofs for supply chain integrity traverse mixnets
WalletShield RPC Privacy — Blockchain interactions route through Katzenpost mixnets with sender-receiver unlinkability

Decentralization Through Proof of Useful Work

Mixnet nodes are incentivized through ZKN's Proof of Useful Work system — rewarding operators for providing real network value: bandwidth, compute, data integrity, and uptime.

Unlike proof-of-work that burns electricity for artificial scarcity, or proof-of-stake that centralizes around capital, ZKN's model rewards useful work that strengthens the privacy network. Node operators stake ZKN, earn stablecoin rewards from the Yield Vault, and build reputation through verifiable performance.

See also: AI & Edge Inference | Tokenomics

Layer 0: The Privacy Substrate​

Dual-Layer Architecture​

☽ Lunar Layer — Privacy Infrastructure​

☉ Solar Layer — Applications & Physical Infrastructure​

Dual-Layer Architecture Diagram​

Aztec & Noir Integration​

Aztec Protocol​

Noir Language​

Katzenpost Echomix: Quantum-Secure Mix Networks​

Sphinx & SURBs (Routing Layer)​

Pigeonhole Storage (Service Layer)​

BACAP Vanilla (Cryptographic Core)​

Memoryless Mixing & Exponential Delay​

Security Objectives​

Layer 0 Privacy for ZK Stack​

Decentralization Through Proof of Useful Work​