What Are Zero-Knowledge Proofs?

What Are Zero-Knowledge Proofs?

A zero-knowledge proof (ZKP) is a cryptographic protocol that allows one party — the prover — to convince another party — the verifier — that a statement is true without revealing any information about why it is true. The concept was first formalized by Goldwasser, Micali, and Rackoff in 1985, but it has found its most transformative applications in blockchain technology over the past decade.

In the context of crypto, zero-knowledge proofs solve two critical challenges simultaneously: scalability (processing more transactions at lower cost) and privacy (proving things without exposing underlying data). These properties make ZKPs one of the most important cryptographic primitives in modern DeFi.

The Core Concept

The Classic Analogy

Imagine a cave with two paths that meet at a locked door deep inside. Alice wants to prove to Bob that she knows the secret to unlock the door — without revealing the secret itself.

Bob waits at the entrance while Alice enters through a random path. Bob then shouts which path he wants Alice to emerge from. If Alice knows the secret, she can always come out the correct side (unlocking the door if needed). If she does not know the secret, she has only a 50% chance of emerging correctly. After 20 rounds, the probability of faking it drops to less than one in a million.

Alice has proven knowledge of the secret. Bob has learned nothing about the secret itself. This is a zero-knowledge proof.

Three Properties of ZKPs

Every zero-knowledge proof must satisfy three properties:

1. Completeness: If the statement is true and both parties follow the protocol, the verifier will be convinced.
2. Soundness: If the statement is false, no cheating prover can convince the verifier (except with negligible probability).
3. Zero-knowledge: The verifier learns nothing beyond the truth of the statement. They gain no additional information that they could not have computed independently.

Types of Zero-Knowledge Proofs

Interactive vs. Non-Interactive

Interactive ZKPs require multiple rounds of communication between prover and verifier (like the cave analogy). Non-interactive ZKPs use a single message from prover to verifier, making them practical for blockchain applications where you cannot have a back-and-forth dialogue on-chain. The Fiat-Shamir heuristic converts interactive proofs into non-interactive ones by replacing the verifier's random challenges with a hash function.

zk-SNARKs

Succinct Non-interactive Arguments of Knowledge (zk-SNARKs) are the most widely deployed ZKP system in blockchain:

• Succinct: Proofs are small (a few hundred bytes) and fast to verify.
• Non-interactive: Only one message from prover to verifier.
• Argument of Knowledge: The prover demonstrates they possess the underlying data.

The main drawback is the trusted setup — an initial ceremony that generates public parameters. If the secret randomness from this ceremony is not properly destroyed, it could be used to forge proofs. Multi-party computation (MPC) ceremonies involving hundreds of participants mitigate this risk: as long as one participant is honest, the setup is secure.

zk-SNARKs are used by Zcash, many ZK-rollups, and various DeFi privacy protocols.

zk-STARKs

Scalable Transparent Arguments of Knowledge (zk-STARKs), developed by Eli Ben-Sasson and StarkWare, offer different tradeoffs:

• No trusted setup: Parameters are publicly verifiable, eliminating the trusted setup risk.
• Quantum-resistant: Based on hash functions rather than elliptic curve cryptography, making them secure against quantum computers.
• Larger proofs: STARKs generate proofs that are orders of magnitude larger than SNARKs (tens to hundreds of kilobytes vs. hundreds of bytes).
• Scalable: Proof generation time scales quasi-linearly with computation size.

StarkNet and StarkEx use zk-STARKs for their ZK-rollup infrastructure.

PLONK and Other Proving Systems

The field evolves rapidly, with newer systems offering improved tradeoffs:

• PLONK: A universal, updateable trusted setup that works for any circuit — meaning one ceremony covers all applications.
• Halo/Halo2: Recursive proof composition without a trusted setup, used by Zcash and Scroll.
• Groth16: Extremely efficient verification but requires per-circuit trusted setups.
• KZG commitments: Polynomial commitment schemes that underpin many modern proving systems and are now part of Ethereum's EIP-4844 (proto-danksharding).

ZK-Rollups: Scaling the Blockchain

How ZK-Rollups Work

ZK-rollups are the most impactful application of zero-knowledge proofs in blockchain today. They work by:

1. Collecting transactions off-chain in batches.
2. Computing the new state resulting from these transactions.
3. Generating a validity proof (ZKP) that attests: "these transactions, applied to the previous state, produce this new state."
4. Posting the proof and compressed data to the L1 (e.g., Ethereum mainnet).
5. L1 verification: A smart contract on L1 verifies the proof, which is computationally cheap regardless of how many transactions the batch contains.

This achieves dramatic throughput improvements. Instead of Ethereum processing 15–30 transactions per second, ZK-rollups can process thousands — with the L1 only needing to verify a single compact proof per batch.

ZK-Rollups vs. Optimistic Rollups

Both are Layer 2 scaling solutions, but they differ fundamentally:

ZK-rollups offer faster finality and stronger security guarantees, while optimistic rollups have historically been easier to build with full EVM compatibility. This gap is closing rapidly as ZK-EVM technology matures.

Major ZK-Rollup Projects

• zkSync Era: A ZK-rollup with EVM compatibility, using LLVM-based compilation.
• StarkNet: Uses zk-STARKs and Cairo, a custom language optimized for provable computation.
• Scroll: A zkEVM-based rollup aiming for bytecode-level EVM equivalence.
• Polygon zkEVM: An open-source ZK-rollup from Polygon with EVM equivalence.
• Linea: ConsenSys-built zkEVM rollup.

These rollups are increasingly relevant for DeFi applications. Lower gas fees on ZK-rollups make lending and borrowing operations more accessible, and platforms like Borrow may integrate with these networks to offer users cheaper transactions when managing their collateralized positions.

Privacy Applications

Confidential Transactions

ZKPs can prove that a transaction is valid — inputs equal outputs, no negative values, no double-spending — without revealing the amounts or addresses involved. This is how Zcash's shielded transactions work, and protocols like Aztec bring similar privacy to Ethereum.

Private DeFi

Privacy in DeFi goes beyond simple transfers. ZKPs can enable:

• Private lending: Proving your collateral ratio meets protocol requirements without revealing your exact position size.
• Confidential voting: DAO governance where votes are verifiable but individual choices remain secret until the vote concludes.
• Selective disclosure: Revealing only what is necessary — for example, proving you are over 18 without revealing your exact age, or proving your credit score meets a threshold without revealing the score itself.

Identity and Compliance

ZKPs are transforming how identity verification works in crypto:

• ZK identity proofs: Proving KYC compliance to a protocol without revealing your actual identity documents.
• Soulbound credentials: Verifiable credentials that prove attributes (creditworthiness, accredited investor status) without exposing underlying data.
• Regulatory compliance: Enabling DeFi protocols to satisfy regulatory requirements while preserving user privacy.

This technology could eventually enable undercollateralized lending in DeFi — a borrower could prove their creditworthiness through ZK-verified off-chain data without compromising privacy. For lending aggregators like Borrow, this opens the possibility of expanded loan options beyond the current overcollateralized model.

How Zero-Knowledge Proofs Work (Technical Overview)

Arithmetic Circuits

To prove a computation using ZKPs, the computation must first be expressed as an arithmetic circuit — a series of addition and multiplication gates over a finite field. Any program can theoretically be converted to an arithmetic circuit, though the conversion can be complex.

R1CS and QAP

The circuit is transformed into a Rank-1 Constraint System (R1CS) — a set of equations that the valid computation must satisfy. This is then converted to a Quadratic Arithmetic Program (QAP), which allows the proof to be checked by evaluating polynomials at a secret point. The polynomial identity testing is what gives zk-SNARKs their succinctness.

Proof Generation and Verification

The prover generates the proof by performing cryptographic operations (elliptic curve pairings for SNARKs, hash-based commitments for STARKs) that demonstrate knowledge of a valid witness — the secret input that satisfies all constraints.

Verification involves checking a small number of pairings or hash evaluations, which is computationally cheap. This asymmetry — expensive proving, cheap verification — is what makes ZKPs practical for blockchain: the L1 only needs to do the cheap verification step.

ZKPs and the Future of DeFi

Cross-Chain Verification

Zero-knowledge proofs can enable trustless cross-chain bridging. Instead of relying on multisig validators or optimistic fraud proofs, a ZK bridge proves that a transaction occurred on the source chain by verifying the source chain's consensus and state transitions cryptographically. Projects like Succinct, Polymer, and zkBridge are pursuing this approach.

ZK Coprocessors

ZK coprocessors allow smart contracts to verifiably access historical blockchain data and perform complex computations off-chain, posting only the proof on-chain. This enables on-chain applications that are orders of magnitude more data-rich and computationally complex than is currently feasible.

Proof Aggregation and Recursion

Recursive ZK proofs — proofs that verify other proofs — enable massive scalability. A proof of 1,000 transactions can be combined with another proof of 1,000 transactions into a single proof, which can then be combined again, and so on. This recursive composition is the foundation for future scaling architectures that could process millions of transactions per second.

Hardware Acceleration

ZK proof generation is computationally intensive, creating demand for specialized hardware:

• GPU acceleration: Proof generation leverages massively parallel GPU computation.
• FPGA-based provers: Field-programmable gate arrays optimized for the specific mathematical operations in ZK proving.
• ASIC provers: Application-specific chips designed solely for ZK proof generation — potentially making proving as cheap as verification.

As hardware improves, the cost and latency of ZK proof generation will decrease, making ZK-rollups even more competitive with optimistic rollups and L1 execution.

Key Takeaways

Zero-knowledge proofs are a foundational cryptographic technology reshaping how blockchains handle scalability and privacy. Through ZK-rollups, they enable dramatic throughput improvements while maintaining L1 security guarantees. Through privacy applications, they enable confidential transactions and selective disclosure without sacrificing verifiability.

For DeFi users, ZK technology translates to lower costs, faster finality, and new possibilities like privacy-preserving lending and trustless cross-chain operations. As the technology matures, platforms like Borrow stand to benefit from deploying on ZK-rollups that offer cheaper transactions for collateral management, liquidation monitoring, and cross-protocol operations.