ZK Proofs: Has privacy become cheap enough to be mainstream?

CN
Techub News
Follow
5 hours ago

Written by: Castle Labs

Translated by: Block unicorn

Zero Knowledge (ZK), as the name suggests, is like a kind of magic: it can prove a statement to be true without revealing the underlying information itself. You do not need to have absolute mastery of that information to verify its existence. ZK was first proposed in 1985, answering the question: "Can a prover convince a verifier that a statement is true without revealing the identity of the witness?"

This question laid the foundation for today's developments. From 1985 to the 2010s, ZK remained a research topic in the field of cryptography.

In 2013, blockchain provided a practical, market-oriented reason for ZK: to achieve privacy and scalability of public ledgers by proving correctness without the need to replay computations.

Early proposals, such as Zerocoin, and later projects like Zerocash, demonstrated how to prove ownership and validity without exposing identities or balances. Zcash deployed this concept on a live network in 2016.

By 2018, the focus shifted from privacy to throughput. Ethereum's scaling solutions made the verification costs of many workloads lower than re-execution, and zero-knowledge proofs (ZK) became a means to compress large computations into small proofs. This trend propelled the development of ZK Rollups and privacy systems by supporting concise proofs of many state transitions, rather than forcing each verifier to re-execute every step. Thus, in Rollups, execution occurs off-chain. Validity proofs are published on-chain so that Ethereum can accept new states without replaying every transaction.

We now have protocols like Aztec and general Rollups such as ZKsync, Starknet, and Scroll, all driving this development.

By the mid-2020s, the adoption of ZK shifted from single-use circuits to general proof infrastructure.

In other words, we once had zero-knowledge virtual machines (zkVM) capable of proving arbitrary programs, coprocessors that could prove on-chain state-specific queries, and proof networks that could industrialize supply proofs. These technologies were developed by teams such as Brevis, Axiom, Lagrange, Succinct, RISC Zero, and Cysic.

Today, ZK is no longer just a single function but more like a utility layer applicable to systems that need to verify statements without disclosing underlying data. We now have proof of personhood and membership proofs, private group signaling and voting, as well as authentication mechanisms similar to "verify email," which can provide authentication for existing Web2 systems without disclosing additional information.

Wallets utilize ZK for private membership and qualification checks, prediction markets use ZK for verifiable settlement of hidden positions, and many other systems leverage ZK to achieve a core goal: making statements verifiable while ensuring the privacy of sensitive inputs.

Worldcoin ID uses zero-knowledge proofs to ensure users can prove their uniqueness without revealing their identity, and it supports both off-chain and on-chain verification. On SuiNetwork, wallets can submit transactions using OAuth login (via zkLogin) while preventing observers from associating addresses with OAuth identifiers. For example, Surf Wallet is one of the best zkLogin mobile wallets on Sui. Similarly, ZK Email uses proofs to verify signed email claims (such as DKIM verification emails) without disclosing the actual content of the emails.

As 0xjyjonathan pointed out: "Zero-knowledge proofs are increasingly transcending the realm of academic theory. In Web 2.0, they have been used for privacy-preserving authentication, such as proving age or eligibility without disclosing personal data, and for data validation, verifying specific conditions without exposing the underlying dataset.

In the blockchain space, zero-knowledge proofs have traditionally been associated with scalability, such as zero-knowledge proof-based Layer 2 solutions and privacy-focused blockchains. Zero-knowledge proofs provide an efficient method for data compression and verification, but compared to early scalability methods like optimistic systems, they often have higher upfront costs and greater implementation complexity.

Over time, zero-knowledge proofs are likely to complement existing technologies. For example, there is active exploration of applying zero-knowledge systems to trust-minimized cross-chain bridge designs, including using optimistic SNARK-style constructions for Bitcoin bridges."

Zero-knowledge proofs have expanded from privacy primitives to general proof tools, leading to a split in the entire technology stack into multiple specialized layers.

The following image provides an overview of the current ZK technology stack:

Figure 1: The ZK technology stack has expanded into an ecosystem with numerous specialized layers.

Cost of Proofs

In the past, verifying anything on-chain typically required significant manpower and financial resources. However, these costs have shifted to the proof layer. In other words, people no longer need to expend manpower; they can simply use ZK proofs to verify these facts. Thus, the proof layer has become the new verification mechanism, as costs have been transferred to the proof layer.

The process is as follows:

  • The verifier performs a quick check,
  • then the prover completes the heavy computation,
  • the computation results are transformed into a proof,
  • and the costs are transferred to hardware, energy, and latency.

Ethereum has explicitly articulated this trade-off. In July 2025, the Ethereum Foundation announced the "real-time proof" goal for L1 zkEVM, aiming to complete proofs for at least 99% of mainnet blocks within 10 seconds on open-source software, while limiting local hardware costs to around $100,000 and power consumption to 10 kilowatts.

By December 2025, the foundation reported significant progress toward achieving this goal: proof latency decreased from about 16 minutes to 16 seconds, costs were reduced by 45 times, and under the target hardware configuration, zkVM was able to complete proofs for 99% of blocks within 10 seconds.

Figure 2: Proofs allow the chain to verify work without re-execution, thus avoiding redundant execution.

Cost Stack

The cost of proofs is decreasing as multiple cost centers decline simultaneously, but at different rates.

To better understand, we can categorize the cost stack into three types of expenses:

  • Verification costs: the costs required to verify proofs on-chain.
  • Prover costs: the costs associated with generating proofs, including hardware, energy, orchestration, and uptime.
  • Publication costs: the costs required to publish data and the costs associated with linking state transitions.

Verification Costs

On Ethereum, verifying a Groth16-style proof typically requires about 200,000 gas, and the costs increase with the number of public inputs. Ethereum reduced the gas cost of pairing precompiled contracts through EIP 1108, which is one of the reasons modern on-chain verification is possible.

Verification has a relatively fixed base cost. However, by aggregating multiple proofs into a single proof, the base verification cost can be distributed among multiple users, thereby reducing the risk of the chain bearing high pairing costs.

Prover Costs

Proofs are a major component of the operator's cost curve, but from the user's perspective, they do not always constitute the bulk of the total aggregated costs. In many aggregation designs, the primary variable cost is publishing data to the L1 layer (calldata or blob), while proofs represent a significant computational expense borne by the operator. Which cost dominates depends on the aggregation's data model, traffic levels, batching efficiency, and proof system.

A practical way to understand aggregation costs is: the execution costs on the L2 layer, plus the costs of publishing data to the L1 layer, plus the operator's proof overhead. Performance competition primarily focuses on the proof stage, while the publication stage is where L1 layer fee markets penetrate user pricing.

Even with low throughput, powerful proof hardware may be required, as proofs are computationally intensive even with a small number of transactions. For example, zkSync has published minimum hardware targets for certain prover configurations, while RISC Zero has released a reference path that utilizes larger GPU configurations to shorten proof times.

Publication Costs

Proofs do not eliminate the necessity of publishing the data required by the chain. Rollups still need to pay to publish data, whether it is call data, blobs, or other availability commitments, depending on how the system is constructed.

In practice, this means that if data publication remains a major cost, then proof costs may decrease rapidly, while the overall user costs decrease only slightly. This is because the trends of proof costs and publication costs differ. Proof costs benefit from software optimizations and hardware advancements, while publication costs are constrained by L1 data pricing (call data or blob fees). Therefore, if L1 data remains the primary cost, proof costs may decrease while user fees remain unchanged.

Thus, user fees are a hybrid of proof costs and data costs. Proof costs have been rapidly declining, but data publication is often a larger expenditure, especially during peak demand for block space. This is why even if users still need to pay fees, proof costs can decrease while data costs remain high. When assessing whether ZK is more cost-effective for users, the right question is not just how low proof costs are, but whether total fees are primarily composed of data publication costs.

Therefore, when people talk about ZK "becoming cheaper," they usually refer to some combination of the following three metrics declining:

  • The cost of each proof check decreases
  • The cost of generating proofs decreases
  • The cost of publishing data required by Ethereum decreases

What is Driving Down Proof Costs?

If proof costs are high, Rollups will subsidize users and increase operational costs; when proof costs are low, fees can decrease without harming profit margins. This section will explain the sources of proof costs, how teams measure progress, and why the fastest improvements do not always translate directly into lower user fees. The goal is to connect benchmarks with actual unit economics.

When examining public benchmarks, the frontier is shifting between various teams and hardware, which can indicate whether verification is moving from "specialized lab work" to "commercialized infrastructure."

Ethproofs tracked the proof latency and cost estimates of various zkVMs and prover configurations. In its 2025 review, Ethproofs reported that from late January 2025 to mid-December, the average latency across the site decreased from 16 minutes and 44 seconds to about 60 seconds, and the average cost dropped from $1.69 to $0.0376. They used a hardware price index to estimate the GPU workload and approximate costs required for proofs. This is a way to compare how proof efficiency changes over time.

Ethproofs Site Overview

Figure 3: Ethproofs Site Overview

The following image illustrates a scenario where the engineering and hardware efficiency of a hypothetical proof system continue to improve, explaining why various teams are competing to commercialize proofs if these assumptions hold true.

Figure 4: Proof cost trajectory based on simplified assumptions.

zkVMs vs. zkEVMs

zkVMs make arbitrary programs provable, making them central to Ethereum's direction of "verification rather than execution." Vitalik Buterin recently pointed out that zkEVM has reached the alpha stage, meaning its performance has reached production-level standards, with the remaining major work focused on security. He mentioned that zkEVM, along with PeerDAS on the mainnet, is part of Ethereum's transition to higher bandwidth decentralized consensus in the coming years. Therefore, the development of zkVMs is increasingly focused on reliability and practical deployment, rather than just faster proof speeds.

A practical way to track the proof layer is to observe which zkVMs are actively being released, their optimization directions, and how their proof stacks are evolving. The following table is based on the list of zkVMs tracked by Ethproofs and explains their significance.

Figure 5: Ethproofs Classification and Tracking of Networks

What Should ZK Focus on in 2026?

Progress is easiest to track when metrics are hard to manipulate. Several noteworthy advancements include:

  • The median and tail proof latency for Ethereum scale workloads.
  • The cost per proven block under a clear cost model, along with the underlying hardware assumptions.
  • The proportion of proof capacity that can operate outside of a single vendor or single data center-level hardware.
  • The number of production systems relying on zkVMs for actual work (rather than just for marketing), including coprocessors and cross-chain bridges.
  • Privacy adoption measured by actual private user behavior, not just the rollout of protocols.
  • The allocation of fees between proof and data publication, as proof costs can decrease while users still need to pay for data.

The cost of proofs is decreasing to the point where they can serve as a default tool.

They are no longer exclusive features for users with ample budgets. When proof costs drop significantly, teams can prove more frequently, release more proof-based products, and rely on zkVMs and coprocessors to handle actual workloads. This is why the application of zero-knowledge (ZK) is becoming increasingly widespread, such as in Rollups, wallets, qualification checks, verifiable cross-chain logic, and applications that need to prove certain things without exposing inputs.

Vitalik Buterin's roadmap outlines the future direction of development:

  • Early 2026: Use of zkEVM nodes and broader scaling
  • 2026 to 2028: Deeper security and structural transformations
  • A path for zkEVM to become the primary method of block validation over the next decade

The next phase is the operational phase. It focuses on the reliability of prover operations, the degree of decentralization in proof supply, and whether pricing will continue to converge towards commodity computing as more applications and networks rely on proofs.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarTechub News
5 minutes ago
The clarity bill is set for another key meeting; can it break the deadlock and even change the market situation?
avatar
avatarTechub News
55 minutes ago
Analyzing Goldman Sachs' views and strategies on cryptocurrency
avatar
avatarOdaily星球日报
1 hour ago
The KOL Mr. Beast, who is the best at "spreading coins," has set his sights on teenagers' digital wallets.
avatar
avatarTechub News
1 hour ago
China's RWA regulatory framework officially announced, analysis and outlook from various parties
avatar
avatarAiCoin
1 hour ago
Bithumb mistakenly issued 620,000 bitcoins, a regulatory storm is coming!
APP

X

Telegram

Facebook

Reddit

CopyLink