Zero-Knowledge Proofs and the Economics of Verification

5 min read Keywords:  cryptography, coordination, trust
A man standing on a rocky precipice gazing into a vast fog-covered landscape
Wanderer above the Sea of Fog, Caspar David Friedrich, 1818

Most progress in science and engineering is incremental: thousands of small improvements made by researchers, engineers, and companies. Every so often a new tool or idea changes the constraints and the whole field jumps, shifting what is practical rather than what is merely possible on paper.

The public usually notices breakthroughs in areas like aerospace, energy, or AI. Cryptography moves more quietly, even when the consequences are just as large. During the COVID years, the field made real progress, especially in zero-knowledge proofs and other primitives that make verification cheaper and privacy easier to preserve. I think these advances will matter well beyond cryptography itself.

One of the most important changes has been practical speed. Zero-knowledge proofs go back to a 1985 paper by Goldwasser, Micali, and Rackoff, but for decades they lived mostly in papers because proving was far too slow. Two things changed that. Zcash shipped zk-SNARKs in production in 2016 and made them genuinely usable with its 2018 Sapling upgrade, which cut proving memory by roughly 97 percent and proving time by about 80 percent. And a newer generation of proof systems pushed the cost down further while keeping the output tiny: a Groth16 proof is only a few hundred bytes and verifies in milliseconds, no matter how large the computation it stands in for.

The financial system still depends on intermediaries: auditors, regulators, accountants, banks, and payment networks. That system works when the institutions inside it are trusted and the surrounding state has enough legitimacy to enforce the rules. Bitcoin introduced a different model: a permissionless monetary network where users can move value without asking an intermediary for access. In places where inflation, capital controls, or institutional weakness are part of daily life, that difference is not theoretical. It is immediate.

As trust becomes more uneven, systems that can be independently verified become more attractive. That does not mean social trust disappears. It means more parts of the stack will be built so they rely on less of it.

Bitcoin was designed primarily as a monetary asset and settlement network, so expressive computation on top of it has always been limited by design. Ethereum expanded that design space by allowing more complex programs, which is why lending, exchanges, and other financial applications grew there first. But blockchains still impose severe constraints. Computation is expensive, throughput is limited, and the cost of moving meaningful value is often too high.

This is where zero-knowledge proofs and related distributed-systems primitives become useful. A zero-knowledge proof lets one party show that a computation was done correctly without revealing the underlying data and without forcing everyone else to rerun the computation. The key asymmetry is that proving is expensive, but verification is much cheaper. That is what makes the technique economically meaningful rather than just mathematically elegant.

At the beginning it’s difficult to grasp, even for engineers, that this technology is possible. The mathematics behind it, until recently, seemed magical, and that’s why it was called moon math. Thanks to ZKPs, transferring money in systems similar to Bitcoin becomes cheaper and much faster because there is no need for every node to re-execute each transaction. In some architectures, one node can process all the transactions and prove them using ZKPs, while the rest simply verify them, saving valuable computing resources. Among other things, ZKPs enable creating a financial system that doesn’t depend on social trust like traditional finance and that doesn’t depend as much on re-executing algorithms as Bitcoin.

This is already how zk-rollups work. A single sequencer executes thousands of transactions off-chain, produces one proof, and Ethereum verifies only the proof instead of re-running the work. StarkEx has done this in production for years behind dYdX and Immutable, and in March 2023 two general-purpose versions, zkSync Era and Polygon zkEVM, launched to mainnet within days of each other. Ethereum is evolving from a slow but secure distributed mainframe, where every node re-executes every program, into a machine that mostly stores and verifies proofs generated elsewhere.

Blockchains are not the only systems that benefit from these primitives. As AI-generated content begins to overshadow human-generated content on the internet, ZKPs become useful for verifying that content came from a specific model, system, or approved pipeline. Proof-of-personhood systems such as Worldcoin already use zero-knowledge proofs so that someone can prove they are a unique human without revealing which human.

More broadly, some industries will face growing pressure to prove they are operating correctly rather than asking users to trust them. Online gaming, ad networks, and other opaque intermediaries are obvious candidates. Fully Homomorphic Encryption, a related primitive that enables computation on encrypted data without exposing it, will play a similar role wherever privacy constraints are binding.

The shift is already visible in the numbers: proving that once took minutes now takes seconds, and a proof a few hundred bytes long can stand in for a computation that would be ruinous to re-run. The systems that benefit most are the ones where the cost of checking, not the cost of doing, has been the binding constraint, and those exist well beyond finance.