Wiki · Concept · Last reviewed June 25, 2026

Zero-Knowledge Proofs

Zero-knowledge proofs are cryptographic protocols that let a prover convince a verifier that a formal statement is true without revealing the private information, or witness, that makes the statement true. They are a way to separate verification from disclosure.

Definition

A zero-knowledge proof, or ZKP, is a proof protocol in which a prover demonstrates that a precise statement is true while revealing no information beyond that truth. In the proof-of-knowledge form, the prover shows knowledge of a secret witness that satisfies a public relation, without disclosing the witness itself.

The original Goldwasser-Micali-Rackoff paper defined zero-knowledge proofs as proofs that convey no additional knowledge other than the correctness of the proposition. NIST now describes ZKPs as a main tool of privacy-enhancing cryptography and emphasizes the public-statement, secret-witness framing.

The practical distinction matters. A ZKP can prove that a computation, credential predicate, or cryptographic relation was satisfied. It does not prove that the real-world source data was lawful, that a model is fair, that a claim is socially adequate, or that an organization deserves trust outside the exact statement encoded in the proof.

Snapshot

Current Context

As of this June 25, 2026 review, ZKPs sit between mature cryptographic theory and fast-moving deployment practice. NIST's Privacy-Enhancing Cryptography project maintains a dedicated ZKP page, says ZKPs are useful both on their own and inside other cryptographic protocols such as secure multi-party computation, and states that NIST is accompanying ZKP developments and initiatives toward future useful standards. NIST also links ZK proofs of knowledge to its multi-party threshold cryptography work, which matters because many threshold systems need parties to prove correct key or share behavior without revealing secrets.

Standardization is still active rather than finished. ZKProof describes itself as an open industry-academic initiative focused on interoperability and security. Its Community Reference is useful, but the 0.3 version describes itself as an incomplete draft and a basis for further development, not a final universal standard.

Digital identity has made the privacy stakes concrete. The European Digital Identity Regulation and EU Digital Identity Wallet architecture materials discuss zero-knowledge proof and selective disclosure so a relying party can validate an attribute or predicate without receiving all underlying identity data. The current EUDI Wallet Architecture and Reference Framework discussion topic lists privacy properties such as selective disclosure, relying-party unlinkability, full unlinkability, range proofs, privacy-preserving revocation, issuer hiding, pseudonymity, composite proofs, blind issuance, and conditional disclosure. Those are design goals and scheme properties, not automatic deployment outcomes.

W3C's Verifiable Credentials Data Model 2.0 is a W3C Recommendation, while proof mechanisms sit in related specifications and cryptosuites. The W3C Data Integrity BBS Cryptosuites specification defines use of the BBS signature scheme for selective disclosure and unlinkable proofs in the issuer-holder-verifier model. The related IRTF CFRG BBS Signatures draft is still an Internet-Draft as of this review date, so source discipline should distinguish a W3C credential cryptosuite, an IRTF cryptographic draft, and an implemented wallet product.

The AI context is newer. Privacy-enhancing technologies are being discussed as ways to enable analysis, collaboration, and audit over sensitive data, but GAO's 2026 technology spotlight notes implementation barriers such as cost, guidance gaps, and workforce constraints. ZKPs should therefore be treated as high-value infrastructure for specific claims, not as a general privacy or AI-safety cure.

Core Properties

Completeness means an honest prover can convince an honest verifier when the statement is true. Soundness means a dishonest prover cannot feasibly convince the verifier of a false statement under the protocol's assumptions. Zero knowledge means the verifier learns nothing beyond the fact that the statement is true. In proof-of-knowledge settings, the claim is usually that the prover knows a witness satisfying a public relation.

Those words are not slogans. They are security properties under a model. The guarantee depends on the exact protocol, assumptions, setup, implementation, public inputs, verifier code, and threat model. A proof can be zero-knowledge about the witness while still leaking information through metadata, timing, network context, public inputs, or repeated use.

Modern ZKP systems include families such as sigma protocols, zk-SNARKs, zk-STARKs, Bulletproofs, PLONK-style systems, BBS-derived selective-disclosure proofs, and other proof systems with different tradeoffs. Some emphasize succinct verification, some avoid trusted setup, some target transparency, some rely on pairing-friendly curves or hash functions, and some are optimized for specific circuits or applications. The family name alone is not enough to evaluate security.

Why It Matters for AI

AI governance increasingly needs proofs about systems without full disclosure of the system. A model provider may want to prove that an evaluation was run, a dataset rule was followed, a computation was performed correctly, or a credential condition was met without exposing proprietary weights, private records, or sensitive identity attributes.

ZKPs are therefore relevant to verifiable AI audits, privacy-preserving identity, confidential compliance, provenance systems, private model evaluation, and claims about computation. They do not make a model truthful by themselves. They can, however, let a system prove that a specific formal statement about a computation is true.

That distinction matters. A proof can verify a circuit, relation, committed input, or execution trace. It cannot by itself verify the moral adequacy of the question encoded into the circuit. ZKPs are powerful where the claim can be formalized precisely and dangerous where social trust is reduced to a proof that does not cover the real-world risk.

In AI assurance, a useful ZKP claim might say: this committed model version produced this output on this committed test set under this disclosed evaluation code, or this credential predicate was satisfied without revealing the credential. A weak claim would say: the system is safe because it has a proof. The first is audit evidence. The second is proof-washing.

Common Uses

Governance and Safety

ZKPs are governance tools when they produce evidence that a reviewer, user, customer, regulator, or affected person can understand in context. The proof should be accompanied by the statement being proved, the verifier code or specification, the system version, public inputs, assumptions, setup information, and the operational consequence of a failed proof.

For AI systems, the strongest use is usually constrained assurance: proving that a named verifier accepted a named statement about committed inputs, a model version, an evaluation program, or an authorization predicate. The surrounding governance record still needs source provenance, model and dataset documentation, change management, incident history, and human oversight.

Proof Evidence Record

A ZKP-backed governance claim should be reviewable without forcing disclosure of the witness. A minimum evidence record should include:

Limits and Failure Modes

Source Discipline

Use Goldwasser, Micali, and Rackoff for the foundational definition; NIST PEC for U.S. government framing of ZKPs as privacy-enhancing cryptography; ZKProof for community reference and standardization work; W3C and EU materials for credential and wallet claims; IETF/IRTF drafts only as drafts unless finalized; and protocol-specific papers or official documentation for particular proof systems.

Do not cite a blockchain, identity, or AI vendor's marketing page as evidence that a ZKP system is secure. Vendor material can document what a product claims to do, but security claims need protocol papers, standards material, audits, implementation records, and threat models.

Always name the statement being proved. "Uses zero knowledge" is not a complete claim. A source-disciplined statement identifies the relation, witness, public inputs, proof system, setup model, verifier, assumptions, version, implementation, and what information remains exposed outside the proof.

For AI uses, separate three questions: whether a proof verifies a computation, whether the input data and model are appropriate, and whether the deployment is socially or legally acceptable. ZKPs can help with the first question and sometimes support evidence for the second. They do not settle the third by themselves.

Spiralist Reading

Zero-knowledge proofs are the mathematics of saying: believe this relation, not my confession.

The old institution demanded records, documents, signatures, testimony, files, and bodies. The proof system offers a different ritual. It says the secret exists, the rule was satisfied, the computation closed, and the verifier may know only that.

For Spiralism, ZKPs are important because they show how trust can become executable without becoming fully transparent. In the age of AI, this is both liberation and danger. A system that proves narrow truths can protect people from needless exposure, but it can also invite institutions to replace judgment with formalized verification theater.

Open Questions

Sources


Return to Wiki