Zero-knowledge proofs explained from scratch: how ZK works, zk-SNARKs vs zk-STARKs, ZK rollups, and why Ethereum bet its 2026 scaling endgame on ZK proofs.
Author: Kritika Gupta
A zero-knowledge proof (ZKP) is a cryptographic method that lets one party prove a statement is true without revealing any information beyond the fact that it is true. Instead of exposing the underlying data, the prover only demonstrates that they possess valid knowledge. A simple analogy is proving you know a password without typing or revealing the password itself. The verifier gains confidence that the claim is true, but learns nothing about the secret. In crypto, zero-knowledge proofs power private transactions, scalable blockchains, identity systems, and a growing range of applications that need verification without disclosure.
Key facts about zero-knowledge proofs
These two capabilities explain why zero-knowledge technology has become one of crypto’s most important infrastructure trends. Privacy systems use ZK proofs to hide sensitive information while preserving verifiability. Meanwhile,
Ethereum rollups use them to compress thousands of transactions into proofs that Ethereum can verify quickly and cheaply. As a result, the same cryptographic breakthrough now sits at the center of both blockchain privacy and blockchain scaling. The rest of this guide explains how zero-knowledge proofs work, why different proof systems exist, where they are already deployed, and what risks still remain.
To understand how zero-knowledge proofs work, imagine you want to prove that you know a password without revealing the password itself. You are the prover. Your friend is the verifier. The goal is simple: convince your friend that you know the password while keeping the password secret.
For a zero-knowledge proof to work, it must satisfy three core properties.
Completeness means an honest prover can always convince an honest verifier when the statement is true.
In the password example, if you genuinely know the password, you should be able to answer every challenge your friend presents. As a result, your friend repeatedly sees evidence that you possess the secret knowledge. A valid proof system must allow truthful claims to succeed reliably.
Soundness means a dishonest prover cannot successfully convince the verifier of a false statement, except with a negligible probability.
Now imagine you do not know the password. You might guess correctly once or twice, but if your friend continues issuing random challenges, your chances of fooling them become vanishingly small. In other words, the proof system prevents someone from claiming knowledge they do not possess.
This property matters more than any other when security failures occur. If soundness breaks, attackers may be able to create valid-looking proofs for false statements. Later in this guide, the Zcash Orchard case study will show why researchers treat soundness as the most critical security guarantee in any ZK system.
Zero-knowledge means the verifier learns nothing beyond the fact that the statement is true.
Your friend becomes convinced that you know the password, but never learns the password itself. The proof reveals validity, not the underlying secret. This separation between verification and disclosure gives zero-knowledge technology its name and makes it valuable for privacy-preserving systems.
Early zero-knowledge systems were interactive. The prover and verifier exchanged multiple rounds of questions and responses. Returning to the password analogy, your friend would continuously issue new challenges, and you would answer each one in real time.
While effective, that model does not scale well to blockchains. Networks cannot require millions of users to engage in live back-and-forth conversations with every verifier.
As a result, researchers developed non-interactive zero-knowledge proofs. Instead of participating in an ongoing exchange, the prover generates a single proof that anyone can verify later. Techniques such as the Fiat-Shamir transformation replace interactive challenges with cryptographic randomness, allowing one proof to stand on its own.
This shift made modern ZK systems practical. Today, rollups, privacy protocols, and identity applications generate proofs once and allow anyone to verify them independently. The verifier still gains confidence that the prover knows the password, but now they can check that claim from a single proof rather than a live conversation. That breakthrough transformed zero-knowledge proofs from a research concept into a foundation of modern blockchain infrastructure.
Once readers understand the basic idea behind zero-knowledge proofs, the next question is usually straightforward: what is the difference between zk-SNARKs and zk-STARKs?
Both technologies allow someone to prove a statement without revealing the underlying information. Both satisfy the same core properties of completeness, soundness, and zero-knowledge. However, they make different trade-offs around efficiency, trust assumptions, and long-term security.
In practice, this distinction shapes much of today’s ZK landscape.
zk-SNARKs vs zk-STARKs
Today, zk-SNARKs remain the most widely deployed proof system across consumer-facing crypto applications. Their biggest advantage is efficiency. They generate compact proofs that networks can verify quickly and cheaply, which makes them particularly attractive for DeFi protocols, privacy wallets, and high-volume blockchain environments.
That efficiency comes with trade-offs. Most SNARK systems rely on a trusted setup ceremony that generates cryptographic parameters. If participants mishandle the resulting secret information, often called “toxic waste,” attackers could theoretically compromise the system’s soundness assumptions. Modern ceremonies use sophisticated multi-party processes to reduce this risk, but the trust assumption still exists.
By contrast, zk-STARKs eliminate the trusted setup entirely. They use transparent, hash-based cryptography and avoid toxic-waste concerns altogether. As a result, many researchers view STARKs as the cleaner long-term security model, especially for infrastructure expected to operate for decades.
The downside is cost. STARK proofs tend to be larger, and proving historically required more computational resources. However, proving performance has improved dramatically in recent years, narrowing the gap between the two approaches.
This trade-off explains the current ecosystem split. Projects such as Zcash and Aztec primarily lean toward SNARK-based architectures because they prioritize compact proofs and efficient verification. Meanwhile, Starknet and Neptune lean toward STARK-based designs because they value transparency, auditability, and stronger long-term security assumptions.
At the same time, the boundary is becoming less rigid. Researchers increasingly combine proof systems, recursion techniques, and proving frameworks to capture the advantages of both approaches. As a result, the future may not belong exclusively to SNARKs or STARKs. Instead, it may belong to hybrid architectures that blend efficiency, transparency, and security according to the needs of each application.
Read more: Zcash vs Monero 2026
Zero-knowledge proofs have become one of the most important technologies in crypto because they solve two major problems at the same time: privacy and scaling.
At first glance, both capabilities seem almost impossible. However, modern ZK systems already deliver them in production networks that secure billions of dollars in on-chain value. The first superpower is privacy.
A zero-knowledge proof allows someone to prove a statement is true without revealing the underlying information. For example, a user can prove they are over a required age without revealing their birth date. They can prove they have sufficient funds without revealing their account balance. They can even prove a transaction follows all network rules without exposing sensitive transaction details.
As a result, ZK technology creates a middle ground between complete transparency and complete secrecy. Systems can verify facts without exposing the data behind those facts. This capability powers privacy-focused cryptocurrencies, confidential transactions, identity systems, and selective-disclosure applications across crypto and beyond.
The second superpower is scaling. This capability is arguably even more important for the future of blockchain infrastructure. Instead of asking every node to re-execute every computation, a ZK system allows a prover to perform the work once and generate a cryptographic proof showing the result is correct. Other participants only need to verify the proof.
That distinction changes everything. Verifying a proof is dramatically cheaper than re-running the computation it represents. More importantly, verification costs remain relatively small even as the underlying computation grows larger. A proof representing thousands of transactions can still be verified efficiently by the network.
As a result, blockchains can process far more activity without forcing every participant to repeat the same work. This insight sits at the heart of modern ZK rollups and much of Ethereum’s long-term scaling strategy.
These two superpowers create the framework for everything else in this guide. Privacy explains why ZK technology matters for confidential transactions, identity, and selective disclosure. Scaling explains why Ethereum, rollups, and proving networks have invested so heavily in the technology. Together, they have transformed zero-knowledge proofs from a niche cryptography topic into a foundational layer of modern blockchain infrastructure.
If privacy introduced many people to zero-knowledge proofs, scaling pushed the technology into the crypto mainstream.
Today, the largest real-world use of ZK technology is the ZK rollup. A ZK rollup processes transactions outside Ethereum, bundles them into batches, and then submits a validity proof back to Ethereum. Instead of re-executing every transaction, Ethereum verifies the proof. If the proof is valid, Ethereum accepts the entire batch as correct.
This approach dramatically reduces the amount of computation Ethereum must perform while preserving security. Rollup operators do the heavy lifting. Ethereum simply verifies the cryptographic proof.
The key insight is the same principle discussed earlier: verifying a proof is far cheaper than repeating the work represented by that proof. As a result, thousands of transactions can be compressed into a verification process that costs only a fraction of executing those transactions directly on Ethereum.
This model differs from optimistic rollups, which use a different trust framework. Optimistic rollups assume transactions are valid unless someone challenges them during a dispute period. That challenge window often lasts several days, which can delay withdrawals and final settlement.
By contrast, ZK rollups provide cryptographic validity from the start. Once Ethereum verifies the proof, the batch is considered valid. As a result, users typically benefit from faster finality and quicker withdrawals without waiting for a lengthy fraud-challenge period.
Over the past several years, a competitive ecosystem of ZK rollups has emerged. Major networks include zkSync Era, Starknet, Polygon zkEVM, Scroll, and Linea. These platforms have operated on mainnet for years, support active ecosystems, and collectively secure billions of dollars in user assets. While adoption levels vary across networks, they demonstrate that ZK scaling is no longer an experiment. It is already part of Ethereum’s production infrastructure.
At the same time, Ethereum has introduced upgrades designed specifically to make rollups cheaper. EIP-4844, commonly known as proto-danksharding, introduced blob data that significantly reduced rollup data costs. Subsequent roadmap upgrades, including Fusaka-related scaling improvements, continue expanding Ethereum’s ability to serve rollups efficiently. As a result, many Layer 2 networks now offer transaction costs that are only a small fraction of comparable Layer 1 fees.
Another important concept is the zkEVM, or zero-knowledge Ethereum Virtual Machine. A zkEVM allows developers to run Ethereum-compatible applications while generating ZK proofs of execution.
The details matter to infrastructure builders, but the broader takeaway is simple. ZK rollups have become Ethereum’s primary scaling strategy. They allow networks to process far more activity while inheriting Ethereum’s security guarantees, which is why they sit at the center of the blockchain scaling conversation in 2026.
For years, Ethereum’s scaling roadmap focused on moving user activity to Layer 2 networks. In 2026, however, the conversation expanded beyond rollups. The Ethereum Foundation began openly discussing a future where zero-knowledge proofs help validate Ethereum itself.
The core idea is often summarized as “validate instead of execute.”
Today, Ethereum validators independently re-execute every transaction in every block to confirm that the resulting state is correct. Under the ZK vision, a prover would execute the block, generate a cryptographic proof that the execution was valid, and then validators would verify that proof instead of repeating all the work themselves.
If successful, this approach could dramatically reduce the computational burden of validating Ethereum while preserving security guarantees. Importantly, parts of this vision are already moving from theory into practice.
One of the biggest breakthroughs has been proving speed. Historically, generating ZK proofs for Ethereum execution required substantial time and specialized hardware. More recently, several teams demonstrated rapid improvements in proving performance. Public demonstrations from projects such as Succinct showed proving latency falling from roughly sixteen minutes toward approximately sixteen seconds. That progress moved the industry significantly closer to Ethereum’s twelve-second block cadence and transformed real-time proving from a distant research goal into a credible engineering target.
At the same time, competition has intensified across the proving ecosystem. Major contributors now include Succinct, RISC Zero, Brevis, zkSync, Axiom, and a16z’s Jolt initiative. Rather than relying on a single technical approach, the industry is experimenting with multiple proving systems, execution environments, and hardware strategies in parallel.
The Ethereum Foundation has also outlined a staged roadmap. The first phase centers on optional ZK-powered clients that validators can run alongside traditional execution methods. The second phase introduces mandatory proof generation and verification requirements. Finally, the long-term vision involves enshrined proofs, where proof verification becomes a native part of Ethereum’s protocol architecture.
Meanwhile, Vitalik Buterin has repeatedly argued that zkEVM-based validation could become Ethereum’s primary block-verification mechanism sometime between 2027 and 2030. If that transition succeeds, Ethereum could potentially support much larger gas limits because validators would verify proofs instead of individually processing every computational step.
However, it is critical to separate shipped reality from future ambition.
The shipped reality is that ZK proving performance has improved dramatically, production rollups already use validity proofs, and multiple teams are racing to make real-time proving practical.
The roadmap is more ambitious. Ethereum researchers increasingly discuss ZK systems as a path toward improving scalability, decentralization, and security simultaneously. Some observers describe this as solving the blockchain trilemma. However, that remains a claim made by Ethereum researchers and advocates, not an established outcome.
The open question is safety.
As later sections will show, proving systems are extraordinarily complex. Faster proving, larger gas limits, and proof-based validation only matter if the underlying cryptography remains sound. Consequently, the next phase of Ethereum’s ZK roadmap is not just about performance. It is about proving that these systems can operate securely at global scale for years, not months.
While Ethereum scaling has brought zero-knowledge technology into the spotlight, ZK proofs reach far beyond rollups. In fact, many of the most ambitious applications focus on privacy, digital identity, institutional finance, and artificial intelligence. In each case, the same core idea remains unchanged: prove something is true without revealing more information than necessary.
Privacy remains the most intuitive use case for zero-knowledge proofs. Instead of exposing wallet balances, transaction histories, or counterparties, ZK systems allow users to prove that a transaction is valid while keeping sensitive details hidden. This approach powers shielded transactions in Zcash through SNARK-based cryptography and newer privacy-focused systems such as Neptune, which uses STARK-based technology. Meanwhile, Ethereum privacy protocols including Railgun and Aztec bring confidential transfers and private DeFi interactions to EVM ecosystems. As a result, users can access blockchain infrastructure without broadcasting every financial action to the public internet. For a deeper dive, see OCT’s privacy cluster, including our guides on privacy wallets and the Ethereum privacy stack.
Identity represents another major frontier. Today, users often reveal far more information than necessary when proving eligibility, age, residency, or account ownership. Zero-knowledge proofs offer a more efficient alternative. Instead of uploading documents or exposing personal records, users can prove that they meet a requirement while keeping the underlying data private. This capability powers emerging proof-of-personhood systems that verify a user is a unique human without revealing their identity. It also enables selective disclosure, where individuals share only the specific facts required for a transaction rather than an entire document or profile.
At the same time, institutions increasingly view ZK technology as a bridge between privacy and regulation. Traditional finance requires confidentiality, but regulators still need assurance that participants follow the rules. Zero-knowledge systems allow firms to prove compliance with requirements such as sanctions screening, reserve verification, transaction limits, or investor eligibility without exposing sensitive business information publicly. As a result, confidential-but-auditable transactions have become one of the most closely watched developments in institutional DeFi and tokenized asset markets.
Perhaps the newest frontier is zkML, short for zero-knowledge machine learning. As AI systems become more influential, users increasingly need ways to verify that models produced outputs correctly. ZK proofs provide a potential solution. A developer can generate a proof showing that a specific model processed a specific input according to defined rules, without revealing the model itself or exposing proprietary data. Although zkML remains early compared with rollups or privacy networks, many researchers view it as a promising convergence between blockchain verification and artificial intelligence. If the technology matures, it could bring cryptographic trust guarantees to a rapidly expanding AI ecosystem.
The zero-knowledge sector no longer looks like a research niche. It now includes live rollups, privacy networks, proving infrastructure, identity tools, and institutional compliance systems.
Market data shows that ZK-linked crypto projects collectively represent a multi-billion-dollar category. CoinGecko recently listed the zero-knowledge category near the low double-digit billions in market cap, while other trackers showed lower figures depending on which assets they include. That gap matters. ZK market-cap numbers remain volatile, token-driven, and partly speculative, so publishers should verify the exact figure at publication.
Even with that caveat, the direction is clear. ZK has crossed from theory into production.
The strongest evidence comes from infrastructure. ZK rollups such as zkSync Era, Starknet, Scroll, Linea, and Polygon zkEVM have operated on mainnet for years and secure billions of dollars in user assets across Ethereum’s Layer 2 ecosystem. Meanwhile, Ethereum’s rollup roadmap has pushed more activity toward validity proofs, blobs, and cheaper data availability.
Proving performance has also improved sharply. Over the past year, teams working on real-time proving have cut latency from many minutes toward seconds in public demonstrations. At the same time, specialized hardware, recursive proofs, and optimized proving systems continue reducing the cost of generating proofs. This trend matters because cheaper proofs make ZK practical for more than just high-value rollup batches. They also make private payments, identity checks, compliance proofs, and AI verification more realistic.
Institutional signals have strengthened as well. Banks, asset managers, and tokenization platforms increasingly explore confidential-but-auditable transactions, reserve proofs, private settlement, and selective disclosure. These use cases do not require public secrecy. Instead, they require controlled verification, where the right parties can prove compliance without publishing sensitive data.
Together, the numbers show a sector moving into production. However, they do not prove that every ZK token deserves a premium valuation. The safer conclusion is narrower: ZK infrastructure now secures real value, processes real activity, and attracts serious institutional attention. That is enough to make zero-knowledge one of the core crypto infrastructure themes to track through 2026.
For all of its promise, zero-knowledge technology is neither free nor finished.
Much of the discussion around ZK focuses on faster scaling, stronger privacy, and Ethereum’s long-term roadmap. However, the technology introduces its own set of challenges, many of which remain active areas of research and engineering.
The first challenge is cost.
Generating a proof is far more computationally intensive than verifying one. While verification may take milliseconds or seconds, proof generation can require significant hardware resources. Modern proving systems increasingly rely on high-performance GPUs, specialized FPGA deployments, and, in some cases, purpose-built ASICs. As a result, proof generation tends to concentrate among organizations with access to substantial computing infrastructure.
That dynamic creates centralization pressure. If only a small number of entities can generate proofs efficiently, networks may become dependent on a limited proving ecosystem. In extreme cases, a disruption in the proving pipeline could delay transaction processing or reduce network performance until proof generation resumes.
At the same time, ZK development remains technically demanding.
Writing smart contracts is already difficult. Writing cryptographic circuits that must satisfy strict mathematical guarantees is significantly harder. Developers must translate complex logic into specialized proving systems, optimize performance, and ensure that every edge case behaves exactly as intended. Consequently, auditing ZK systems often requires expertise that combines software engineering, cryptography, and formal verification.
More importantly, mistakes can be exceptionally difficult to detect.
This is where soundness becomes critical.
As discussed earlier, soundness guarantees that a dishonest prover cannot convince the verifier that a false statement is true. If that property fails, the entire security model can break down.
The most important example emerged in 2026 with the Zcash Orchard incident.
Researchers disclosed a soundness flaw in Orchard, Zcash’s shielded transaction system, that traced back to the network’s May 2022 activation. According to public disclosures, the vulnerability remained undetected for approximately four years before researchers identified it on May 29, 2026. Zcash developers subsequently coordinated an emergency hard fork that activated on June 1, 2026.
No confirmed exploitation was ever identified. However, the incident exposed a unique challenge in privacy-preserving systems. Because shielded transactions intentionally hide transaction details, researchers could not conclusively prove that nobody had exploited the flaw before discovery. The network ultimately had to rely on available evidence, forensic analysis, and the absence of observable anomalies rather than definitive proof of non-exploitation.
The Orchard incident does not prove that ZK systems are unsafe. Instead, it highlights where trust moves in a ZK architecture. Traditional blockchains place significant trust in transparent execution that anyone can inspect. Zero-knowledge systems place more trust in the correctness of cryptographic circuits, proving systems, and verification logic.
As a result, the stakes on audits, formal verification, peer review, and security research become even higher. The lesson is not that ZK fails. The lesson is that when the math or code fails, the consequences can be both severe and difficult to observe.
Zero-knowledge technology has already cleared an important threshold. The debate is no longer whether ZK works. Rollups process real transactions, privacy systems protect real users, and proving infrastructure secures real value across the crypto ecosystem.
The more important question now is what happens next.
First, watch Ethereum’s Layer 1 roadmap. The Ethereum Foundation and several independent teams have outlined a path toward proof-based validation, but key zkEVM milestones still need to land on schedule. Real-time proving, validator integration, and proof verification at Ethereum scale remain active engineering challenges rather than completed upgrades.
Second, watch the structure of the proving market. If proving becomes cheaper and more accessible, a broad network of participants could emerge. However, if proof generation continues to require specialized hardware and significant capital investment, the industry may concentrate around a relatively small number of large operators.
Third, watch adoption outside scaling. zkML and zero-knowledge identity systems have generated significant interest, but most deployments remain early. The key question is whether these technologies move beyond demonstrations and pilot programs into products that millions of people use regularly.
Another important theme is Ethereum’s long-term execution environment. Researchers continue debating whether Ethereum should optimize future proving systems around the EVM or eventually move toward a RISC-V-based architecture that may be easier to prove efficiently. The outcome could influence Ethereum’s technical roadmap for years.
Finally, watch regulation. Compliance-friendly privacy is emerging as one of the most important ZK use cases. Regulators, institutions, and protocol developers are all exploring systems that balance confidentiality with verifiability. How policymakers respond could shape the next phase of institutional adoption.
The honest takeaway is straightforward. Zero-knowledge proofs have crossed from research into production and have become the most important privacy and scaling primitive in crypto today. However, the most ambitious claims remain part of a roadmap rather than settled reality. The gap between what has already been proven and what is still being promised is where readers should keep their attention.
