Zero-knowledge proofs (ZKPs) have long been seen as a breakthrough in cryptography—a way to prove something is true without revealing any of the underlying information. Among these, zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) stand out for their compactness and efficiency in verification. But there’s a catch: while verifying a zk-SNARK is fast, generating one—especially for complex computations—is anything but. It often takes hours of processing and massive memory, putting real-world applications out of reach for most.
This problem has persisted even as zk-SNARKs have become critical to a growing number of use cases: private cryptocurrency transactions, verifiable machine learning, and secure outsourced computation, to name a few. If you want to prove that an AI model made a prediction based on legitimate data, without actually revealing that data, you need a zk-SNARK. But if generating the proof means tying up a high-end server for hours, you’re stuck.
That’s where this new research comes in. A team of cryptographers tackled the core bottleneck: the difficulty of distributing proof generation across multiple machines while preserving the privacy that makes zero-knowledge valuable in the first place. The result is a breakthrough approach they call scalable collaborative zk-SNARKs, a method that evenly splits the heavy lifting of proof generation across many servers, all without exposing any sensitive data. This shift could unlock truly scalable and private proof delegation, and it opens the door to new kinds of secure computing services that were previously impractical.
The Crux: Outsourcing Without Exposure
In theory, outsourcing the zk-SNARK proof generation should be simple: just divide the work among many machines. But in practice, if a client hands over its sensitive input—called the witness—to a bunch of servers, it risks leaking private data. The challenge is to get the performance benefits of parallel processing without compromising privacy.
A previous attempt, zkSaaS, used multi-party computation (MPC) to split the witness into secret shares distributed among servers. This preserved privacy, but came with a major limitation: it required a powerful “leader” server to handle a disproportionate chunk of the computation. That meant you still needed a supercomputer in the mix, and scalability hit a hard ceiling.
This new work reimagines the entire setup. By combining a specific class of zk-SNARKs based on multivariate polynomials, such as Hyperplonk, with a brand new set of MPC primitives, the team created a framework where all servers share the workload equally. No leader. No bottleneck. Just real, practical parallelization.
New Math, New Tools
Why focus on multivariate polynomial zk-SNARKs? Because earlier systems like Plonk, which use univariate polynomials, rely on fast Fourier transforms (FFTs)—operations that are notoriously hard to parallelize securely across many machines. By contrast, the structure of multivariate polynomials lends itself more naturally to distributed computation in an MPC setting.
Building on this structure, the team developed a set of collaborative MPC tools for three critical zk-SNARK components:
- Collaborative Sumcheck – Used to prove the sum of polynomial evaluations across binary inputs.
- MPC-friendly Permcheck – Used to construct the permutation check protocol, a crucial component in proving the wiring consistency of zk-SNARKs, while ensuring both computational and communication efficiency in an MPC setting.
- Collaborative Polynomial Commitment – Used to cryptographically commit to a polynomial and later prove specific evaluations.
Each tool is tailored to operate on secret shared data; meaning no server ever sees the full input; and is optimized for even workload distribution and low communication overhead. Perhaps most importantly, these protocols are designed to operate with sublinear round complexity, meaning the number of communication steps does not grow with problem size. This is crucial for performance when servers are distributed across a network.
A Closer Look: Making the Math Work
The collaborative sumcheck protocol uses a clever trick called packed secret sharing, enabling servers to compute multiple values in parallel—much like SIMD instructions on a CPU. For the permcheck, the team introduced a clever technique that transforms a permcheck over secret shared data into one over public data, thereby avoiding the inefficiencies of the former while enabling efficient distributed computation.
When it comes to polynomial commitments, a key component in zk-SNARKs, the researchers avoid traditional division-based methods, which are hard to distribute, by exploiting the properties of multilinear polynomials. This allows them to compute commitments and evaluation proofs efficiently, even with data split across multiple servers.
The result is a toolkit that replaces each step of zk-SNARK generation in Hyperplonk with a distributed, privacy-preserving equivalent. Not only does this eliminate the need for a leader server, but it also scales gracefully with more servers and handles much larger problems than a single machine ever could.
Real-World Proof: Implementation and Results
This isn’t just theory. The team built and tested their approach using standard AWS cloud instances—each with only 4GB of RAM. In one benchmark, they used 128 such machines to generate zk-SNARKs for circuits with over 16 million gates. Hyperplonk saw a 24x speedup, shrinking from 1.5 hours to 4 minutes.
What’s more, this setup could handle circuits 16 times larger than a local machine could manage—without running out of memory. These kinds of gains aren’t just impressive; they’re transformative. They show that secure, scalable zk-SNARK outsourcing is no longer a luxury reserved for institutions with specialized hardware.
Robust Against Network Latency and Curious Servers
The protocols are also resilient. Even when run over slower WAN connections (as opposed to fast local networks), performance stayed strong—particularly for Hyperplonk, thanks to its sublinear-round design. And in terms of security, the approach uses a semi-honest adversary model, which assumes that some servers might try to infer secrets but will still follow the protocol. The system remains secure even if up to half the servers behave this way.
What This Means for the Future
This work fundamentally changes the cost and accessibility of zk-SNARKs. Here’s why that matters:
- Verifiable AI in the Cloud: As AI models become more complex and are deployed in more sensitive settings (healthcare, finance, defense), being able to prove that a model made a decision correctly, without revealing its internal weights or the input data, becomes crucial. Collaborative zk-SNARKs could make this proof generation fast and cheap enough to run on demand.
- Scalable Privacy for Blockchains: Blockchain platforms that want to support private transactions without trusting a central party could outsource zk-SNARK generation securely. This could reduce gas costs and bring private smart contracts into the mainstream.
- Trustless Data Markets: In emerging markets for data and computation, where users want to sell access to data or computation without exposing it, fast, private zk-SNARKs enable proof of correct execution. This could help build trustless APIs or marketplaces where proof of processing integrity is built in.
- Auditable Government Systems: Systems that need to verify compliance with laws or policies without exposing sensitive citizen data, such as voting systems or tax compliance tools, can benefit from these advances, especially when scaled across cloud infrastructure.
- Lightweight Proof-as-a-Service Platforms: The ability to generate zk-SNARKs with low-spec machines makes it feasible to launch cost-effective platforms that offer proof generation as a service. This lowers the barrier for developers to integrate privacy-preserving proofs into everyday applications.
Final Thoughts
By removing the leader bottleneck and designing a fully collaborative, efficient framework for zk-SNARK generation, this research represents a significant step toward making zero-knowledge proofs truly practical at scale. The core idea – share the load without sharing the secret – is powerful, and it’s executed with a combination of deep cryptographic insight and careful systems design.
As privacy and trust become more central to the future of computing, tools like these will form the foundation of secure, verifiable systems. This work doesn’t just speed things up; it widens the playing field, making advanced cryptography accessible to anyone with a few cloud machines and a need to prove without revealing. That’s a shift with real consequences—and serious potential.
Further Reading: Liu, X., Zhou, Z., Wang, Y., Pang, Y., He, J., Zhang, B., Yang, X. and Zhang, J. (2025) “Scalable Collaborative zk-SNARK and Its Application to Fully Distributed Proof Delegation,” 34th USENIX Security Symposium, August 13-15, Seattle: WA.
