Skip to content

CONCEPT Cited by 2 sources

Zero-knowledge proof

Definition

A zero-knowledge proof (ZKP) is a cryptographic protocol by which a prover convinces a verifier that a statement is true without revealing any information beyond the fact that it is true — in particular, without revealing the witness that makes it true. The three foundational properties:

  • Completeness — if the statement is true, an honest prover convinces an honest verifier.
  • Soundness — if the statement is false, no cheating prover can convince an honest verifier except with negligible probability.
  • Zero-knowledge — the verifier learns nothing beyond the truth of the statement; in particular, cannot derive the witness.

Introduced by Goldwasser / Micali / Rackoff (1985). The canonical toy example is the cave-and-magic-door narrative; real systems use SNARK / STARK / Bulletproof / Groth16 / Plonk / Halo constructions.

Range of applications

  • Private transactions — Zcash (2016) uses zkSNARKs to prove a transaction is valid without revealing sender, recipient, or amount.
  • Scalability rollups (zkRollups) — Ethereum L2s publish a concise ZKP that a batch of transactions was validly executed, collapsing many-transactions verification to one proof.
  • Identity proofs — prove "I am over 18" / "I am a US citizen" without revealing date of birth or passport number.
  • Secure enclaves attestation — prove a specific program ran in a TEE without revealing the program's internal state.
  • Responsible disclosure of cryptographic capabilities — the novel 2026 use documented below.

The "proof of capability without disclosure" shape

The Cloudflare 2026 post documents a practically significant deployment shape that is less commonly taught: ZKP as a responsible-disclosure mechanism.

In early 2026, Google announced it had drastically improved the quantum algorithm to break elliptic-curve cryptography. They did not reveal the algorithm. Instead, they published a zero- knowledge proof that they possessed one:

They did not reveal the algorithm, but instead provided a zero-knowledge proof that they have one. (Source: sources/2026-04-07-cloudflare-targets-2029-for-full-post-quantum-security)

The operational logic:

  • Community needs to know the capability exists so defensive migration timelines can accelerate. If nobody published, the wider industry would still be planning against pre-2026 Q-Day estimates.
  • Adversaries must not get the algorithm itself. Publishing the algorithm hands it to any nation-state actor that didn't independently derive it. ZKP resolves this tension: the statement "we have this capability" is provable; the algorithm itself remains secret.

This is architecturally a disclosure primitive — a way to communicate cryptographically-verifiable existence without communicating the dangerous content. It is the cryptographic analogue of "we have evidence but cannot show it for operational security reasons."

Producer-side statement of the pattern

Google Research's 2026-03-31 post — the producer-side companion to the Cloudflare consumer-side post above — states the pattern explicitly as a two-part disclosure for trust-sensitive substrates (cryptocurrencies):

We substantiate our resource estimates without sharing the underlying quantum circuits by publishing a state-of-the-art cryptographic construction called a "zero-knowledge proof", which allows third parties to verify our claims without us leaking sensitive attack details. (Source: sources/2026-03-31-google-safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsibly)

The full Google disclosure wraps the ZKP in two FUD-reduction moves (see concepts/fud-attack-surface):

  1. Scope clarification"clarify the areas where blockchains are immune to quantum attacks."
  2. Defensive-progress highlighting"highlight the progress that has already been achieved towards post-quantum blockchain security."

Together the three components (ZKP + scope + progress) form patterns/zkp-capability-disclosure — the canonical pattern for disclosing a dangerous capability to a trust-sensitive public without either hiding its existence (→ defender under-investment) or revealing its details (→ adversary gain) or stating it unsubstantiated (→ FUD attack).

The Google post also acknowledges this is new policy territory: "we welcome further discussions with the quantum, security, cryptocurrency, and policy communities to align on responsible disclosure norms going forward" — the pattern is not yet a community standard.

Trust implications

The community-wide timeline compression that followed Google's disclosure is contingent on trusting the zero-knowledge proof:

  • The proof itself is a mathematical artifact — verifiable by anyone with the public parameters.
  • But the construction of the statement being proven requires trust: Google chose what they proved, and chose the granularity (e.g. "we have an algorithm that reduces the qubit cost of breaking P-256 by factor X" rather than the full algorithm).
  • Observers cannot evaluate the algorithm's correctness, only the proof of its existence under Google's chosen statement.

The epistemic position the rest of the industry now occupies: "Google has proven it has a capability meeting specified criteria; we cannot verify the algorithm independently; we must plan as if the capability exists at the claimed performance envelope."

This is new territory for cryptographic policy. Prior acceleration of Q-Day estimates was driven by publicly-auditable hardware benchmarks and peer-reviewed algorithmic papers. The 2026 timeline acceleration is driven by trust in a proof of a secret.

Contrast with alternatives

  • Full disclosure — peer-reviewed paper describing the algorithm. Gives competitors / adversaries the capability.
  • Private notification under NDA — specific labs / governments told privately. Does not drive industry-wide migration; trust is non-verifiable outside the loop.
  • Responsible disclosure with coordinated patch window — the CVE model; doesn't apply to basic-research breakthroughs where there is no specific vulnerable product to patch.
  • Publish-a-ZKP — this novel deployment shape. Asymmetric benefit: credible signal to defenders + zero signal to attackers.

Seen in

  • sources/2026-03-31-google-safeguarding-cryptocurrency-by-disclosing-quantum-vulnerabilities-responsiblyproducer-side canonical instance of ZKP as a responsible- disclosure primitive. Google Research publishes the philosophy and methodology of using a ZKP to substantiate quantum resource estimates against ECDLP-256 without publishing the underlying quantum circuits: "we substantiate our resource estimates without sharing the underlying quantum circuits by publishing a state-of-the-art cryptographic construction called a zero- knowledge proof, which allows third parties to verify our claims without us leaking sensitive attack details." Introduces the FUD-attack-surface framing that motivates verifiability: on cryptocurrencies, an unsubstantiated claim is itself an attack. Pairs with the Cloudflare post for the full producer-consumer arc — see patterns/zkp-capability-disclosure for the pattern write-up.
  • sources/2026-04-07-cloudflare-targets-2029-for-full-post-quantum-security — canonical wiki instance of ZKP as a responsible-disclosure primitive for cryptographic capabilities. Google's April 2026 use: prove possession of a major P-256 quantum-attack speed-up without publishing the algorithm. Community-wide timeline compression (including Cloudflare's pull-forward to 2029) depends on trust in the proof.
Last updated · 200 distilled / 1,178 read