ZK Coprocessor Bridge: Replay-Safe Private Execution from Solana to Aztec via Wormhole

TL;DR

This paper introduces a cross-domain ZK coprocessor bridge enabling private execution requests from Solana to Aztec via Wormhole, ensuring replay safety, authenticity, privacy, and finality with a detailed implementation and security analysis.

Contribution

It formalizes a novel cross-chain ZK bridge architecture utilizing Wormhole VAAs for secure, replay-safe private execution from Solana to Aztec L2.

Findings

Achieved replay-safe message passing between Solana and Aztec

Verified authenticity and finality of cross-chain messages

Provided reproducible implementation with security guarantees

Abstract

We formalize a cross-domain "ZK coprocessor bridge" that lets Solana programs request private execution on Aztec L2 (via Ethereum) using Wormhole Verifiable Action Approvals (VAAs) as authenticated transport. The system comprises: (i) a Solana program that posts messages to Wormhole Core with explicit finality; (ii) an EVM Portal that verifies VAAs, enforces a replay lock, parses a bound payload secretHash||m from the attested VAA, derives a domain-separated field commitment, and enqueues an L1->L2 message into the Aztec Inbox (our reference implementation v0.1.0 currently uses consumeWithSecret(vaa, secretHash); we provide migration guidance to the payload-bound interface); (iii) a minimal Aztec contract that consumes the message privately; and (iv) an off-chain relayer that ferries VAAs and can record receipts on Solana. We present state machines, message formats, and proof sketches for replay-safety, origin authenticity, finality alignment, parameter binding (no relayer front-running of Aztec parameters), privacy, idempotence, and liveness. Finally, we include a concise Reproducibility note with pinned versions and artifacts to replicate a public testnet run.