Programming Zero Knowledge Proofs: From Zero to Hero

Original Article ↗ Hacker News Discussion ↗

What Zero-Knowledge Proofs (ZKPs) Are, in Practice

  • Often framed as “signatures on computations”: you can prove “I ran this program with some inputs and got this output” more cheaply to verify than to recompute.
  • Zero-knowledge adds the ability to hide some inputs while still proving the computation was done correctly.

Illustrative Use Cases (Non-Blockchain + Blockchain)

  • Privacy-preserving checks

    • Prove age > 18 (or other attributes) from an ID without revealing name, DOB, address, or issuer; can also support richer logic (“over 18 and resident of X” or more complex predicates).
    • Prove loan/creditworthiness or income thresholds using bank/transaction data without exposing full history.
    • KYC/compliance: institutions encode rules, keep only proofs that rules were satisfied, potentially deleting raw data.
    • Prove membership in a group/org (or that you’re “some employee” or “a senator”) without disclosing which one.
    • Anonymous voting and credentials, whistleblower authentication, blacklist/abuse filtering without deanonymizing users.
    • Anonymous cash-like systems and mixers (e.g., Tornado Cash-style designs).
    • Location proofs (inside a zone) and image-processing provenance chains.

  • Verifiable outsourced computation

    • Prove huge computations (compilation, scientific workloads, zkVM execution) were run correctly; verifier does milliseconds of work regardless of original cost.
    • Layer-2 blockchains use ZKPs to prove batches of transactions are valid instead of every node re-running them.

Debates vs. Simpler Cryptography (Hashes, Signatures, VCs)

  • Some argue many examples (age checks, credentials) could be done with standard signatures, verifiable credentials, or blind signatures; see ZKP as overkill.
  • Others counter that ZKPs allow arbitrary predicates over attributes, unlinkability across sites, and issuer-agnostic logic without issuers anticipating every use.
  • Ongoing back-and-forth on whether password hashing and standard auth already solve many cited scenarios.

Performance, Setup, and Practicality

  • Proving is currently very expensive (often ~1000x or more overhead vs. native execution), though improving via specialized VMs and ASICs.
  • Some schemes require a “trusted setup”; others (e.g., STARK-like, logarithmic proofs) avoid this but may have slower verification or larger proofs.
  • Strong skepticism remains about “real” non-crypto deployment today; many see current usage as mostly blockchain-driven research funding with future potential.

Developer Tools Mentioned

  • zkVMs and compilers (e.g., Powdr, Noir, Risc Zero, Sunscreen, noname) are cited as ways to write normal code and get ZK circuits/proofs without hand-building polynomials.