What Makes a Proof Useful
Before we get to zero knowledge proofs specifically, we need to understand what makes any cryptographic proof valuable in the first place.
Think about how you verify things in the physical world. If someone claims they solved a complex math problem, you can check their work step by step. If someone says they own a house, you can look at the deed. If a company reports their revenue, auditors can examine the books. Verification usually requires seeing all the underlying data and retracing the steps.
This works fine in the physical world where verification happens occasionally and involves trusted parties. But it breaks down completely in blockchain systems where:
- Hundreds of thousands of nodes need to verify every operation
- Verification happens constantly, not occasionally
- Gas costs make complex verification prohibitively expensive
- You can’t trust any single party to do verification for everyone else
So we need a different kind of proof. One with specific properties that make it useful for blockchain systems:
Correctness – The proof must actually demonstrate that the claim is true. False claims can’t produce valid proofs (or at least, it should be computationally infeasible to fake one).
Efficiency – Checking the proof should be dramatically cheaper than redoing the original computation or examining all the original data. Otherwise, what’s the point?
Non-interactivity – The proof should stand alone. You shouldn’t need back-and-forth communication with the prover to verify it. One proof, one verification, done.
Public verifiability – Anyone with the proof should be able to verify it, not just specific parties with special information. These properties let us do something powerful: separate the cost of computation from the cost of verification. Someone can perform an expensive operation off-chain, generate a proof, and everyone else can verify that proof cheaply on-chain.
The Verification Problem in Distributed Systems
This brings us to the core tension blockchain systems face.
You want to enable complex operations (heavy computation, processing large datasets, accessing historical data). But you need every validator on the network to verify that these operations were performed correctly. And you can’t just trust one party to do the work honestly.
The naive solution is: everyone does everything. Every validator executes every computation, examines every piece of data, verifies every step. This is what blockchains do today for simple operations, and it’s why they’re so expensive and limited. The entire network is redundantly recomputing the same things to ensure correctness.
This doesn’t scale. If you want to process a million data points or run a complex algorithm, you can’t ask a million validators to each independently redo that work. The gas costs would be absurd. The time requirements would make real-time applications impossible.
The alternative is to introduce trust: have one party do the work and everyone else just believes them. But this defeats the entire purpose of blockchain. You’re back to trusting intermediaries.
Cryptographic proofs offer a third path: one party does the work and produces a proof that the work was done correctly. Everyone else verifies just the proof, which is magnitudes cheaper than redoing the work. No trust required, because the proof itself is verifiable evidence.
But here’s the critical question: how do you make that proof small enough and cheap enough to verify on-chain? If the proof is as big as the original data, or if verifying it costs as much as redoing the computation, you haven’t actually solved anything.
Succinctness: Small Proofs for Large Computations
This is where succinctness becomes the most critical property for blockchain applications. A proof is succinct if it’s dramatically smaller than the thing it’s proving.
Consider these scenarios:
Scenario 1: You processed 100,000 Ethereum transactions to calculate some aggregate statistic. The naive approach would be to send all 100,000 transactions on-chain so a smart contract can verify your calculation. This would cost a fortune in gas and probably wouldn’t even fit in a single block.
Scenario 2: You produce a succinct proof that you correctly processed those 100,000 transactions. The proof might be a few kilobytes. Verifying it on-chain costs a fixed, small amount of gas regardless of how much computation went into generating it.
Succinctness is what makes the whole model viable. Without it, you’d still need to send all the underlying data on-chain for verification, and you’re back to square one with massive costs and no scaling improvement.
But there’s more to it than just proof size. There’s also magic in the cost structure of how these proofs work:
Proving > Execution >> Verification
Generating a proof is actually more expensive than just running the computation. It requires additional cryptographic operations on top of the execution itself. But verifying the proof is dramatically cheaper than either proving or executing.
This cost asymmetry is exactly what blockchains need. Think about it:
In a blockchain with a million validators, the naive approach is: all million validators execute every computation. Total cost: execution × 1,000,000.
With cryptographic proofs: one party does the proving (which is expensive), and the other 999,999 validators just verify the proof (which is cheap). Total cost: proving + (verification × 999,999). Since verification is orders of magnitude cheaper than execution, this is a massive improvement.
The prover pays a premium to generate the proof, but the network as a whole saves enormously because verification is so cheap. You only need to prove once, but you can verify that proof as many times as needed with minimal cost.
This is the unlock. One party (or a decentralized network of provers) can do the heavy lifting off-chain where computation is cheap. They produce a small proof. Everyone else just verifies that small proof on-chain where computation is expensive. Expensive computation can happen off-chain. Complex data processing can happen off-chain. But verification happens on-chain, and it’s cheap enough to be practical.
Verifiability Without Trust
Now we can see how all these pieces combine to solve the problem we started with.
Traditional systems rely on trust at some level. You trust the auditor reviewed the books honestly. You trust the certificate authority verified someone’s identity. You trust the server returned accurate data. Even in blockchain systems without cryptographic proofs, you often trust oracles to provide correct off-chain data, or trust bridges to honestly relay cross-chain information.
Cryptographic proofs eliminate this trust requirement. The proof itself is evidence. You don’t need to trust that someone executed a computation correctly because you can verify the proof of correct execution. You don’t need to trust that data is accurate because you can verify the proof of data integrity.
This matters enormously for blockchain applications. It means:
- Smart contracts can use data from outside sources without trusting those sources
- Complex computations can happen off-chain without trusting whoever performed them
- Historical blockchain data can be accessed without trusting an indexer or archive node
- Cross-chain information can be verified without trusting a bridge operator
- Private information can be verified without revealing what that information is
The proof is the trust. More precisely, the proof replaces the need for trust with mathematical certainty (or as close to certainty as we get in cryptography, where “breaking” the proof would require computational resources that don’t exist).
This is the foundation. Cryptographic proofs that are correct, efficient, succinct, and publicly verifiable let us build systems that escape the limitations of on-chain computation while maintaining blockchain’s core security properties.
Now we can talk about a specific, powerful type of cryptographic proof: zero knowledge proofs, which add one more remarkable property to everything we’ve discussed. They let you prove things without revealing the underlying information at all.
Brevis Network© 2023 