Zero-knowledge proofs (ZKPs) are shaping out to be a fundamentally transformative technology for the next decade. ZKPs are finding applications within and outside Web 3. In Web 3, the technology is already addressing major bottlenecks in scalability and privacy; two major pain points in exciting blockchains. On the scalability front, several zk rollups, aka validity rollups, are launching to scale Ethereum by 10–100x while improving UX by reducing transaction costs. On privacy, ZKPs are expanding beyond private transactions and transaction mixing era into more complex and useful areas such as private on-chain trading, identity, and verified credentials.

There is a lot of content on ZKPs including our own vision of how the ZKP space will evolve in the future and what startups are needed for this future to materialize. However, there is still a gap in builder education on how to benefit from ZKPs and where to start. This article strives to fill this gap by aggregating important resources to guide developers to understand how ZKPs work in practice and how to use ZKPs in their applications.

At Alliance, we are particularly excited about the new use cases enabled by ZKPs. We encourage builders in this space to reach out to discuss their ideas and apply to the Alliance program.

How ZKPs work in practice

The standard definition of ZKPs is that it’s a process for a party, called the prover, to prove to another party, the verifier, that they know specific information without revealing it. In practice, at least in Web 3, ZKPs are often used differently. Most applications don’t use ZKPs to show ownership of proprietary data. Instead, ZKPs are used to improve trust though verifiability. We expect ZKPs to be the standard trust model between entities in the future. The reason is that the two main components of ZKPs, proving and verification, are separated in a way that enables a unique interaction scheme between a trust-seeking entity and its users.

The main components of running ZKP are proof generation and proof verification. Proof generation involves running heavy computations to generate a proof of executing a process. This proof serves to eliminate the need to trust the prover. Instead, anyone can run a simple process on the proof to verify the integrity of the process run by the prover. This mental model allows a business to run a process, often a complicated one and allows the customers to trust the execution of said process without repeating it. Let’s consider an example. Let’s say you subscribed to OpenAI’s paid plans to use one of their large language models (LLMs) such as chatGPT. You have to trust OpenAI to indeed run the specific model that you requested and not replace it with a simpler less-efficient model. What if OpenAI can send you a small amount of data that proves that it has indeed run the specific model you requested? Further, imagine if every proprietary SaaS product can deliver such a guarantee for its consumers.

This trust minimization is the promise of ZKPs. For instance, in Web 2 ZKPs can guarantee fair credit worthiness evaluation or fair insurance claim processing just by insuring that the same algorithm is used for all customers. The zk tech is not there yet as running a ZKP process is still relatively expensive. However, we are seeing companies such as Modulus Labs building a technology that uses ZKPs to prove AI inference.

Technical requirements for efficient ZKPs

On a technical level, an efficient ZKP system requires achieving the following goals simultaneously:

1. Reducing the computational complexity and latency of the proving system, i.e., enabling the prover to generate the proofs efficiently and communicate them to the verifiers with minimal delay.
2. Achieving a small proof size
3. Achieving efficient verification, i.e., minimal verification cost

In addition to these main goals, some secondary goals may be needed depending on the use case such as:

• Privacy of data in privacy-focused applications which means that the proving system can handle private inputs that are not leaked in the generated proof.
• Avoiding trusted setups whenever possible to simplify security assumptions
• Achieving proof recursion to further reduce verification cost, i.e., a single verification can verify multiple proofs, and amortize the cost between different proofs.

It’s challenging to achieve all these goals simultaneously. Depending on the use case, ZKP systems prioritize some of these goals. For instance, SNARK proving systems can produce succinct proofs but the proving complexity increases. STRAKs, on the other hand, have efficient provers but the proof size can be 100x bigger than SNARKs. zk researchers continuously strive to advance the forefront of the technology and improve the three metrics simultaneously by inventing new proving mechanisms.

Comparison of different proving systems

An important question to consider for developers building ZKP-related products is how to select the underlying proving system. There are several ZKP prover implementations, with more in the R&D phase. The ZKP backend selection doesn’t only depend on technical aspects but also depends on the target product. Take as an example selecting a proving system for rollups. The key features of the rollup, e.g., withdrawal time, transaction costs, and even decentralization, will be mainly decided by the ZKP proving architecture as discussed in the following table.