Zero-knowledge proofs (ZKPs) have long been regarded as a breakthrough in cryptography — a method to prove something is true without revealing any underlying information. Among these, zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) stand out for their compactness and efficient verification. However, there is a catch: while verifying a zk-SNARK is fast, generating one — especially for complex computations — is anything but. It often takes hours of processing and massive memory, putting real-world applications out of reach for most.
This problem has persisted even as zk-SNARKs have become critical to a growing number of use cases: private cryptocurrency transactions, verifiable machine learning, and secure outsourced computation, to name a few. If you want to prove that an AI model made a prediction based on legitimate data without revealing that data, you need a zk-SNARK. But if generating the proof means tying up a high-end server for hours, you’re stuck.
That’s where this new research comes in. A team of cryptographers, which includes Assistant Professor Zhang Jiaheng, tackled the core bottleneck: the difficulty of distributing proof generation across multiple machines while preserving the privacy that makes zero-knowledge valuable in the first place. The result is a breakthrough approach they call scalable collaborative zk-SNARKs, a method that evenly splits the heavy lifting of proof generation across many servers, all without exposing any sensitive data. This shift could unlock truly scalable and private proof delegation, opening the door to new kinds of secure computing services that were previously impractical.
The Crux: Outsourcing Without Exposure
In theory, outsourcing zk-SNARK proof generation should be simple: just divide the work among many machines. But in practice, if a client hands over its sensitive input — called the witness — to several servers, it risks leaking private data. The challenge is to gain the performance benefits of parallel processing without compromising privacy.
A previous attempt, zkSaaS, used multi-party computation (MPC) to split the witness into secret shares distributed among servers. This preserved privacy but came with a major limitation: it required a powerful “leader” server to handle a disproportionate chunk of the computation. That meant a supercomputer was still necessary, and scalability hit a hard ceiling.
This new work reimagines the entire setup. By combining a specific class of zk-SNARKs based on multivariate polynomials, such as Hyperplonk, with a new set of MPC primitives, the team created a framework where all servers share the workload equally. No leader. No bottleneck. Just real, practical parallelisation.
New Maths, New Tools
Why focus on multivariate polynomial zk-SNARKs? Because earlier systems like Plonk, which use univariate polynomials, rely on fast Fourier transforms (FFTs) — operations notoriously hard to parallelise securely across many machines. By contrast, the structure of multivariate polynomials lends itself more naturally to distributed computation in an MPC setting.
Building on this, the team developed a set of collaborative MPC tools for three critical zk-SNARK components:
-
Collaborative Sumcheck – Used to prove the sum of polynomial evaluations across binary inputs.
-
MPC-friendly Permcheck – Used to construct the permutation check protocol, a crucial component in proving the wiring consistency of zk-SNARKs, ensuring both computational and communication efficiency in an MPC setting.
-
Collaborative Polynomial Commitment – Used to cryptographically commit to a polynomial and later prove specific evaluations.
Each tool is tailored to operate on secret-shared data, meaning no server ever sees the full input, and is optimised for even workload distribution and low communication overhead. Most importantly, these protocols operate with sublinear round complexity, so the number of communication steps does not grow with problem size, crucial for performance when servers are distributed across a network.
A Closer Look: Making the Maths Work
The collaborative sumcheck protocol uses a clever trick called packed secret sharing, enabling servers to compute multiple values in parallel, much like SIMD instructions on a CPU. For the permcheck, the team introduced a technique that transforms a permcheck over secret-shared data into one over public data, avoiding inefficiencies while enabling efficient distributed computation.
For polynomial commitments, a key component in zk-SNARKs, the researchers avoid traditional division-based methods, which are hard to distribute, by exploiting the properties of multilinear polynomials. This allows them to compute commitments and evaluation proofs efficiently, even with data split across multiple servers.
The result is a toolkit that replaces each step of zk-SNARK generation in Hyperplonk with a distributed, privacy-preserving equivalent. Not only does this eliminate the need for a leader server, but it also scales gracefully with more servers and handles much larger problems than a single machine ever could.
Real-World Proof: Implementation and Results
This is not just theory. The team built and tested their approach using standard AWS cloud instances, each with only 4GB of RAM. In one benchmark, they used 128 such machines to generate zk-SNARKs for circuits with over 16 million gates. Hyperplonk saw a 24x speedup, shrinking from 1.5 hours to 4 minutes.
Furthermore, this setup could handle circuits 16 times larger than a local machine could manage, without running out of memory. These gains are not just impressive; they’re transformative, showing that secure, scalable zk-SNARK outsourcing is no longer a luxury reserved for institutions with specialised hardware.
Robust Against Network Latency and Curious Servers
The protocols are resilient. Even over slower wide-area network (WAN) connections, performance remained strong, particularly for Hyperplonk, thanks to its sublinear-round design. Security-wise, the approach uses a semi-honest adversary model, assuming some servers might attempt to infer secrets but will still follow the protocol. The system remains secure even if up to half the servers behave this way.
What This Means for the Future
This work fundamentally changes the cost and accessibility of zk-SNARKs. Here’s why it matters:
-
Verifiable AI in the Cloud: As AI models grow more complex and are deployed in sensitive areas (healthcare, finance, defence), proving decisions were made correctly without revealing data becomes crucial. Collaborative zk-SNARKs could make on-demand proof generation fast and affordable.
-
Scalable Privacy for Blockchains: Blockchain platforms aiming to support private transactions without central trust can securely outsource zk-SNARK generation, reducing costs and enabling private smart contracts.
-
Trustless Data Markets: Emerging markets for data and computation require proof of correct execution without exposing sensitive information. Fast, private zk-SNARKs enable trustless APIs or marketplaces with built-in proof of integrity.
-
Auditable Government Systems: Systems verifying compliance with laws or policies without exposing citizen data (e.g., voting or tax compliance) benefit from scalable, secure proof delegation across cloud infrastructure.
-
Lightweight Proof-as-a-Service Platforms: Low-spec proof generation opens the door to cost-effective platforms offering zk-SNARKs as a service, lowering barriers for developers to integrate privacy-preserving proofs.
Final Thoughts
By removing the leader bottleneck and designing a fully collaborative, efficient framework for zk-SNARK generation, this research marks a significant step towards making zero-knowledge proofs practical at scale. The core idea — share the load without sharing the secret — is powerful, realised through deep cryptographic insight and careful systems design.
As privacy and trust become central to computing’s future, tools like these will underpin secure, verifiable systems. This work not only speeds things up but broadens access, making advanced cryptography available to anyone with cloud resources and a need to prove without revealing. This shift holds profound implications and vast potential.
Further Reading:
Liu, X., Zhou, Z., Wang, Y., Pang, Y., He, J., Zhang, B., Yang, X., and Zhang, J. (2025) “Scalable Collaborative zk-SNARK and Its Application to Fully Distributed Proof Delegation,” 34th USENIX Security Symposium, 13-15 August, Seattle, WA.
