Zero-knowledge proofs (ZKPs) are among the most revolutionary technologies in cryptography. The concept emerged in the mid-1980s, but only recently found real-world use. ForkLog recaps how the breakthrough came about, what ZKPs look like in 2024 and what future awaits the projects building them.
What is a ZKP?
A ZKP is a protocol that lets one party (the prover) convince another (the verifier) that a statement is true without revealing any additional information.
The method marked a leap in applied cryptography. Its story began in 1985 with the paper “The Complexity of Knowledge in Interactive Proof Systems,” by MIT researchers Shafi Goldwasser, Silvio Micali and Charles Rackoff.
In 2014 a modified form of the technology was put to work in Zcash. Over time it grew in popularity, outpacing other privacy methods such as ring signatures in Monero and transaction mixing in Dash.
The proof process can be explained with an example that involves confirming citizenship (showing a passport) when one does not wish to hand personal data to centralised repositories. A ZKP lets a verifier check certain properties of the proof and thus be convinced the claim is valid. The person proves citizenship without disclosing anything extra (such as a tax ID or passport details).
This approach has uses wherever confidentiality matters: medicine, law, public administration and journalism. Finance and crypto offer many more applications:
- anonymous payments. Financial monitoring designed to fight crime can threaten law-abiding citizens’ privacy. Projects such as Zcash and Monero hide transaction details, including sender/recipient addresses, asset type, amounts and timestamps. There are also tools that increase privacy on public networks. For example, Tornado Cash uses ZKPs to enable private transactions on Ethereum;
- authentication. Many online services require identity checks and data such as name, email and date of birth. Integrating ZKPs into universal Web3 identifiers like Gitcoin Passport and World ID streamlines authentication for platforms and users alike;
- fair on-chain voting. Even mechanisms like quadratic funding are not immune to corruption: transactions are public, so bribers can audit the activity of users they have paid off. Solutions such as MACI (Minimum Anti-Collusion Infrastructure) use ZKPs to let a “coordinator” aggregate votes and tally results without revealing how each participant voted;
- blockchain scalability. Verifiable computation is used when developers hand results to another network participant. Outputs are accompanied by a proof that the program ran correctly. Verifiable computation is critical to boosting throughput without sacrificing security (rollups, sharding).
Architecture and mechanics
The main ZKP deployments today are layer-2 (L2) networks that speed up, simplify and partly anonymise transactions. There are also L1 solutions that build their own modular blockchains:
- ZK-Rollups. Layered atop a base chain, they batch many transactions into one and publish them on L1 along with a proof attesting to correct computation;
- Validium. This variant couples validity proofs with off-chain data storage, improving scalability. Proofs are still published on the base layer while data live off-chain. That greatly increases throughput and cuts gas costs. Although more efficient and scalable than ZK-rollups, it does not protect against data-availability failures, which can temporarily block withdrawals. Importantly, attackers cannot directly steal users’ funds in such scenarios;
- Volitions. A hybrid that lets users choose between the two scaling modes. Even if an attack succeeds at the Validium level, funds remain safe. Participants willing to pay higher fees for stronger guarantees (ZK-rollups) can still interact with those preferring lower costs (Volition).
Proofs posted on-chain are known as validity proofs. Using them, the ZKP ecosystem is broadly split into two families: projects using zk-SNARKs or zk-STARKs.
Types of ZKPs
Interactive proofs were constrained by the need for constant back-and-forth between the parties. Even if the verifier trusted the prover, the proof could not be independently checked later.
The next breakthrough was non-interactive zero-knowledge proofs (zk-SNARKs). Developed by the Zcash team, they later appeared in an Ethereum upgrade and were modified by JPMorgan staff to protect bank clients’ data.
The new approach dispenses with direct communication between verifier and prover. The former can validate the claim after the fact. Verifiers generate a special secret during a trusted setup, which is destroyed immediately afterwards. If it were to persist, data on the network could be forged, undermining the protocol’s benefits.
Non-interactive proofs unlocked today’s ZKP systems. Notable zk-SNARK projects include:
Loopring (LRC). The first ZK-rollup, launched in 2017 with a focus on building a DEX. It enables trading directly from wallets, ensuring full non-custodial control and transaction anonymity, making activity more secure and private. One of the dapps on Loopring is the DEX DeGate.
Scroll. A zkEVM-based project that launched mainnet in October 2023 after a test phase of more than 15 months, including extensive audits. A token airdrop is expected soon.
Linea. A testnet launched in March 2023 by the creators of the MetaMask wallet, ConsenSys. It lets developers build scalable dapps and port existing ones without changing code or rewriting smart contracts. The team is preparing for mainnet launch with points-earning activities — Linea Voyage XP.
Taiko (TAIKO). After the sixth and final testnet, Katla (Alpha-6), launched in January 2024, the team announced mainnet for its ZK-rollup, following two years of development. Taiko uses a Based Contestable Rollup — a configurable rollup design with multiple proofs.
Mina Protocol (MINA). Enables dapps with ZKP privacy on one of the lightest blockchains, with a block size of just 22 KB. To achieve scalability and high throughput Mina employs the Ouroboros Samasika mechanism on a modified PoS consensus. On the next layer Mina uses an advanced SNARK and the Kimchi proof system. It works as follows: SNARK validators open the SnarketPlace, where they publish proofs; block producers place bids. The most competitive offer wins the auction and shares part of the block reward with validators.
Dusk Network (DUSK). An L1 with a focus on privacy, digital assets and RWAs. The blockchain supports the Confidential Security Contract standard for financial applications built on confidential smart contracts using ZKPs. Dusk Network can be applied to securities and other asset trading, supply-chain management to track and verify provenance and authenticity of goods, and to secure private in-game transactions in GameFi.
To incentivise participation, Dusk Network uses a consensus mechanism called Segregated Byzantine Agreement, designed to provide fast, secure block confirmations. Token holders must stake their assets; in return for validating blocks and participating in governance they earn additional DUSK.
Aztec Network. A sizeable startup that raised over $100m at early stages. Its PLONK standard enables a two-tier transaction-processing system, improving on zk-SNARKs. The solution offers “verifiable privacy” by hiding sender, recipient and amount.
In March 2023 the project said it was shutting down the Aztec Connect L2, leaving the code open-source. The team outlined plans to develop a new variant of the protocol — Noir — based on the language of the same name. As of June 2024, the project offers developers the Aztec testnet with an improved smart-contract framework, Aztec.nr.
ZKsync (ZK). One of the largest ZKP developers, it is the first EVM-compatible L2 based on ZK-rollups built atop Ethereum. The implementation uses zkEVM to scale smart contracts by combining ZKPs with the Ethereum Virtual Machine.
To ease integration and help other projects build ZKP solutions, Matter Labs created the ZK Stack. It already underpins projects such as DeSoc platform Lens Protocol, a next-generation DEX GRVT, and applications PlayChain, Sophon and Space and Time. The Cosmos blockchain has also signalled its intention to join the ecosystem.
Polygon zkEVM (MATIC). An L2 developed by Polygon using ZK-rollups. The virtual machine is deployed over Polygon PoS while inheriting Ethereum’s security and decentralisation. zkEVM offers compatibility with existing Ethereum smart contracts and dapps, allowing deployments without major code changes.
zk-STARK (Zero-Knowledge Scalable Transparent Arguments of Knowledge). A validity-proof protocol that improves on SNARKs — more scalable and with no trusted setup.
This cryptographic mechanism was developed by Israel’s StarkWare Industries, creators of the StarkNet L2 ZK-rollup. Among the founders is cryptographer Eli Ben-Sasson, a co-author of STARKs who also worked on Zcash.
In February 2024 the team conducted an airdrop of the STRK token. The same month, StarkNet developers from Herodotus, in partnership with StarkWare, introduced Cairo Verifier — a proof-verification system for scaling L3 networks in the Cairo language.
In March 2024 the company announced a new ZKP prover called Stwo, an implementation of the Circle STARK protocol.
StarkWare has also built an analogue to ZK Stack for scaling and privacy in dapps — StarkEx. Projects running on it include: dYdX, rhino.fi, Sorare, Immutable zkEVM, ApeX, Canvas.
Infrastructure
Expanding the ZKP ecosystem requires making the technology usable and intelligible not only to developers but also to everyday users. Many projects are improving user experience and helping businesses adapt to an anonymous Web3 with DePIN, cross-chain bridges, decentralised cloud services and data-availability layers.
Notable examples include: Ankr (ANKR), Marlin (POND), PolyHedra Network (ZKJ), Avail (AVAIL), Snarkify, Dmail, zkBNB Chain, ENS.
Drawbacks of ZKPs
For all their virtues, ZKPs and the projects advancing them have downsides:
- verification costs. Proving and verification require complex computation, raising gas costs for developers;
- hardware overhead. Generating zero-knowledge proofs is computationally heavy and best performed on specialised machines. Such hardware is costly and largely confined to commercial use;
- quantum risk. zk-SNARKs rely on elliptic-curve cryptography, and advances in quantum computing could one day weaken this security model. zk-STARKs are considered resistant to such threats because they rely only on hash functions resistant to collisions, which are harder to break;
- trust assumptions. In zk-SNARKs, public parameters are created via a trusted setup ceremony whose participants are assumed honest, with no way to prove it. Researchers are working on setup-free variants to strengthen safety of proof mechanisms.
Conclusion
Together with L1s, ZK-rollups and architectural innovations, ZKPs are poised to reshape the industry, enabling highly scalable, cost-efficient and advanced dapps while preserving user privacy. By hiding information, however, they can also abet illicit activity, complicating regulation and compliance.
Other L2s may offer better architectures for specific applications, but ZK-rollups, Validiums and Volitions are likely to attract many users — both retail and enterprise — as the industry moves toward mass adoption. According to CoinGecko, as of June 14, 2024 the total market capitalisation of the ZK category stood at $18bn.
Text: Sergey Golubenko