Zero-Knowledge Proof (ZKP)

Bulletproofs are short, non-interactive zero-knowledge proofs that do not require a trusted setup. They are particularly efficient for proving statements about confidential transactions, such as proving that a committed value lies within a certain range (range proofs) without revealing the value. Their proof size grows logarithmically with the witness size.

• Key Traits: No trusted setup, efficient for range proofs, logarithmic proof size.
• Common Use: Confidential transactions in Monero and other blockchain protocols for verifying amounts are non-negative.

PLONK (Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge) is a universal and updatable zk-SNARK construction. Its 'universal' trusted setup is circuit-agnostic, meaning a single ceremony can be used for any program up to a certain size, and it can be securely updated by new participants. This simplifies deployment for new applications.

• Key Traits: Universal & updatable trusted setup, efficient for general-purpose circuits.
• Common Use: Foundational protocol for many modern zkRollup implementations and general-purpose zkVM development.

Interactive Proofs require multiple rounds of communication between the prover and verifier to convince the verifier of a statement's truth. They are a foundational concept from which non-interactive proofs (like SNARKs) are derived using the Fiat-Shamir heuristic, which replaces the verifier's random challenges with a cryptographic hash function.

• Key Traits: Multi-round communication, foundational theoretical construct.
• Key Concept: The Fiat-Shamir transform is used to convert many interactive proofs into non-interactive ones, which is crucial for blockchain applications.

A Proof of Innocence is a specific application of ZKPs where a user proves their transaction is not included in a list of banned or illicit transactions (a "cryptographic nullifier" set) without revealing which transaction is theirs. This enables compliance (like OFAC sanctions screening) while preserving user privacy for all other participants.

• Key Mechanism: Proves a secret element is not in a public list.
• Application: Privacy-preserving regulatory compliance in decentralized networks, allowing users to demonstrate they are not interacting with sanctioned addresses.

ZKPs enable confidential transactions where the amount and participants are hidden while ensuring the transaction is valid. Zcash pioneered this with zk-SNARKs, allowing users to shield transaction details. Tornado Cash (on Ethereum) uses ZKPs to break the on-chain link between deposit and withdrawal addresses, providing financial privacy. The core mechanism involves proving that a transaction's inputs and outputs balance without revealing their values.

zk-Rollups are Layer 2 scaling solutions that bundle thousands of transactions off-chain, generate a ZK validity proof (often a zk-SNARK or zk-STARK), and post only this proof and minimal data to the main chain (e.g., Ethereum). This drastically reduces gas costs and increases throughput. Key examples include zkSync Era, Starknet, and Polygon zkEVM. The proof verifies the correctness of all state transitions in the rollup batch.

ZKPs allow users to prove attributes about their identity or credentials without exposing the underlying data. For example, proving you are over 18 without revealing your birth date, or proving membership in a DAO without disclosing your wallet address. This enables self-sovereign identity and compliant access to decentralized applications (dApps). Projects like Worldcoin use ZKPs for privacy-preserving proof of personhood.

Institutions can use ZKPs to prove regulatory compliance without exposing sensitive commercial data. A decentralized exchange could prove it is not facilitating transactions with sanctioned addresses, or a borrower could prove their credit score exceeds a threshold without revealing the exact score. This bridges the gap between on-chain transparency and off-chain privacy requirements, enabling new forms of DeFi and institutional participation.

ZKPs secure cross-chain communication by allowing a light client on one chain to verify the state of another chain efficiently. Instead of trusting relayers, a ZK proof can attest that a specific transaction was included and finalized on the source chain. This creates trust-minimized bridges. Projects like Polygon zkBridge and Succinct Labs are implementing this architecture to reduce bridge hack risks and latency.

ZKPs can verify that a complex computation was executed correctly off-chain, enabling verifiable machine learning or game logic where the result is posted on-chain with a proof. This also applies to oracles: a ZK proof can attest that off-chain data was fetched and processed according to a predefined rule, creating a verifiable oracle without needing to post the raw data on-chain, thus reducing costs and increasing trust.

ZKP protocols are categorized by their communication pattern. Interactive Proofs require multiple rounds of challenge-and-response messages between the prover and verifier. Non-Interactive Proofs (NIZK) generate a single, self-contained proof using a common reference string, enabling verification without further prover interaction, which is essential for blockchain applications.

zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) are a prevalent form of NIZK with three key properties:

• Succinct: Proofs are small and fast to verify.
• Non-Interactive: Requires only one message from the prover.
• Requires a Trusted Setup: A one-time ceremony generates public parameters, introducing a potential trust assumption if compromised. Used by Zcash and many Ethereum Layer 2 rollups.

zk-STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge) offer an alternative to SNARKs with distinct advantages:

• Transparent: No trusted setup required, relying on publicly verifiable randomness.
• Scalable: Prover and verifier times scale quasi-linearly with computation size.
• Post-Quantum Secure: Resistant to attacks from quantum computers. Trade-offs include larger proof sizes compared to SNARKs.

PLONK is a popular zk-SNARK construction that introduced a universal and updatable trusted setup. Unlike earlier SNARKs that required a new setup for each program circuit, a single PLONK setup can be used for any program up to a certain size, and the participant list can be updated over time. This improves practicality and security for decentralized applications.

ZKPs enable two major blockchain use cases:

• Privacy: Hide transaction details (sender, receiver, amount) while proving validity, as used in Zcash and Aztec.
• Scaling (ZK-Rollups): Execute transactions off-chain and post a validity proof to a Layer 1 (e.g., Ethereum), compressing data. zkSync, StarkNet, and Polygon zkEVM use this to achieve high throughput and low fees.

ZKP systems are built on foundational cryptographic primitives.

• Commitment Schemes allow a prover to commit to a value (e.g., a hash) and later reveal it, binding them to their initial choice. This is crucial for constructing proofs.
• Cryptographic Hash Functions (like SHA-256, Poseidon) provide collision resistance and are used within ZKP circuits to represent data succinctly and securely.