By now you understand the fundamentals: what ZK proofs are, how they work, and which properties matter for different use cases. You’ve seen how the same underlying technology can serve completely different purposes depending on whether you need privacy, succinctness, or speed.
Now let’s survey the landscape. How are ZK proofs actually being used across crypto today? What problems are they solving, and which properties matter most for each application?
This isn’t meant to be comprehensive as the ZK ecosystem is exploding with new projects and use cases. But by understanding the major categories and how they leverage different ZK properties, you’ll have the framework to evaluate any ZK application you encounter.
Privacy Applications: Zcash and the Encrypted Money Movement
The original use case for zero knowledge proofs was privacy. If you can prove something without revealing the underlying information, you can have private transactions where validators confirm correctness without seeing who sent what to whom.
Zcash pioneered practical zero knowledge proofs for cryptocurrency. Launched in 2016, it uses zk-SNARKs to enable “shielded” transactions where sender, receiver, and amount remain completely private. The network validates that transactions are legitimate (no double-spending, amounts balance) without seeing the transaction details.
In 2024-2025, Zcash experienced a renaissance. The network surged over 700% to overtake Monero as the largest privacy coin by market capitalization. About 20-25% of circulating ZEC now sits in shielded addresses, up from under 5% in 2017. The Zashi wallet made privacy the default, and upgrades like Halo 2 eliminated the trusted setup concerns that plagued earlier zk-SNARK systems.
Why this matters: Zcash exemplifies the zero knowledge property being used exactly as intended. Financial privacy for individuals who don’t want their entire transaction history public and analyzable. Bitcoin showed money could move without borders. Zcash shows it can move without surveillance.
The regulatory tension: Privacy coins face serious headwinds. Tornado Cash, an Ethereum privacy mixer, saw its developers prosecuted and the protocol sanctioned by the U.S. Treasury (though sanctions were later removed). Multiple exchanges delisted privacy coins throughout 2024-2025 due to regulatory pressure. The technology works, but the legal landscape remains uncertain.
Aztec’s approach: Rather than a privacy coin, Aztec is building a privacy-focused ZK rollup on Ethereum. It encrypts transaction data at the protocol level while bundling transactions for Ethereum verification. This enables “private DeFi” where you can use lending protocols, DEXs, and other applications without exposing your strategy or balances. Aztec also developed Noir, a programming language for writing privacy-preserving smart contracts.
Which properties matter: Privacy applications need the zero knowledge property actively. Completeness and soundness ensure the system works correctly and securely. Succinctness helps but isn’t the primary driver. These applications sacrifice some performance (encryption and proving add overhead) to achieve their privacy goals.
ZK Rollups: Scaling Ethereum with Validity Proofs
While privacy applications use ZK for confidentiality, rollups use the same technology for an entirely different purpose: scaling.
ZK rollups batch thousands of transactions off-chain, execute them, and post a small cryptographic proof to Ethereum that everything was computed correctly. Instead of every Ethereum validator re-executing every transaction, they just verify one small proof. This dramatically increases throughput while maintaining Ethereum’s security guarantees.
The major players in 2024-2025:
Linea leads ZK rollups with around $478 million TVL. Built by Consensys (the team behind MetaMask), it’s fully EVM-compatible and integrated with popular tools developers already use. Linea launched its LINEA token on September 10, 2025, distributing 9.36 billion tokens to 749,000 eligible wallets through its LXP and LXP-L points programs. The integration with MetaMask gives it distribution advantages that pure-play rollups lack.
zkSync Era, built by Matter Labs, was a frontrunner with its zkEVM (ZK Ethereum Virtual Machine) making it easy for developers to port existing Ethereum contracts. However, it struggled post-airdrop, with TVL dropping to around $100 million by late 2024. The team continues developing with the Atlas upgrade improving performance, but faces intense competition. Despite the challenges, zkSync maintains around $542 million market capitalization and is positioning for Ethereum’s upcoming Fusaka upgrade expected December 2025, which will enhance ZK-SNARK implementations and improve data throughput for ZK rollups.
Starknet takes a different approach, using zk-STARKs (not SNARKs) to avoid trusted setups. It maintains around $940 million market capitalization and has made significant technical progress with upgrades enabling concurrent transaction execution. Starknet requires developers to use Cairo, its custom programming language, which creates a barrier compared to EVM-compatible alternatives but allows for optimization specific to STARK proving systems.
Polygon zkEVM leverages Polygon’s existing ecosystem and brand. With around $1 billion TVL, it’s one of the largest L2s on Ethereum. Polygon’s billion-dollar commitment to ZK technology shows serious long-term investment in the space.
Scroll experienced rapid growth in 2024, reaching nearly $1 billion TVL before its October airdrop. Post-airdrop, activity declined significantly as is common with airdrop farming. It focuses on being developer-friendly with strong EVM compatibility and aims to be a “type 1” zkEVM with full Ethereum equivalence.
Why this matters: ZK rollups solve Ethereum’s scalability problem without compromising security. The Dencun upgrade in March 2024 (especially EIP-4844 introducing “blobs”) reduced L2 fees by 75-90%, making rollups dramatically more cost-effective. Ethereum’s upcoming Fusaka upgrade in December 2025 will further improve ZK rollup performance, focusing on enhancing zero-knowledge technology and refining ZK-SNARK implementations.
Which properties matter: ZK rollups primarily leverage succinctness and efficient verification, not privacy. Most rollup transactions are public. The “ZK” in “ZK rollup” remains more of a historical leftover at this point. What matters is posting small proofs that are cheap to verify on-chain, regardless of how much computation happened off-chain. The zero knowledge property isn’t being used at all in most cases.
The competitive landscape: ZK rollups face fierce competition from Optimistic rollups like Arbitrum, Optimism, and Base, which currently dominate L2 market share. ZK rollups offer faster finality and don’t require week-long withdrawal periods, but Optimistic rollups had earlier adoption and simpler technology. As ZK technology matures and costs decrease, the advantages of instant finality and cryptographic security (versus fraud proofs) may shift the balance.
ZK Bridges: Cross-Chain Verification Without Trust
Blockchains are isolated by design. Ethereum can’t natively read what’s happening on Solana, BNB Chain, or even Ethereum L2s. Bridges solve this by enabling cross-chain communication and asset transfers.
Traditional bridges rely on trusted intermediaries (multisig committees, validator sets) or optimistic assumptions that introduce security risks. ZK bridges use cryptographic proofs to verify cross-chain state without trust.
LayerZero dominates cross-chain interoperability with 75% of bridge volume, processing around $293 million daily across 132+ blockchains. It uses a messaging protocol with Ultra Light Nodes and decentralized verifiers (DVNs). LayerZero isn’t purely a ZK bridge (it uses multiple verification methods), but its modular architecture lets applications choose ZK proof verification when needed. Applications can select different DVNs per message, including Polyhedra Network for ZK-based verification of privacy-sensitive transfers.
Axelar operates as a proof-of-stake blockchain with 75+ validators providing cross-chain message passing and asset transfers. It connects Ethereum to dozens of other chains including Cosmos-based networks and rollups. Users must pay fees in AXL tokens, unlike LayerZero’s permissionless approach with no mandatory token requirement.
Wormhole uses 19 guardian validators to facilitate cross-chain transfers across 20+ chains. Like Axelar, it’s not purely ZK-based but provides critical infrastructure for cross-chain applications with a fixed validator set model.
Polyhedra Network (zkBridge) takes a fully ZK approach, using zk-SNARKs to generate concise cross-chain verification proofs. As of May 2025, zkBridge supports asset and data transfers across 25+ major chains including Ethereum, Solana, and Bitcoin, with over 12 million transactions processed. The Expander proof system (released in 2025) achieves 3,000 transactions per second verification with proving costs under $0.50 and 15-second finality. Polyhedra recently partnered with Google Cloud, raised $75 million at a $1 billion valuation, and integrated with LayerZero as a decentralized verifier network (DVN), bringing ZK security to LayerZero’s extensive ecosystem.
Union represents the next generation, applying ZK technology specifically to cross-chain consensus verification. Instead of oracles or validator committees, it directly proves cross-chain state using zero knowledge proofs, supporting diverse environments including Solidity, Move, Cosmos, and even BitVM for Bitcoin interoperability.
Why this matters: Cross-chain interoperability is essential as the blockchain ecosystem fragments into hundreds of networks. Users need to move assets and data between chains without trusting bridge operators. ZK proofs provide cryptographic security rather than security through validator honesty or economic incentives.
The security challenge: Despite technological advances, bridges remain high-value hacking targets. Over $2 billion was stolen from bridge exploits in 2022. Even well-designed bridges face smart contract risks, validator failures, and implementation bugs. ZK bridges reduce certain attack vectors (you can’t fake a valid proof), but don’t eliminate all risks.
Which properties matter: Cross-chain bridges need soundness (can’t fake proofs about chain state), succinctness (small proofs to verify on-chain), and efficiency (verification must be cheap). Privacy isn’t relevant here since blockchain data is public. Some bridges add privacy layers separately, but the core cross-chain verification doesn’t require the zero knowledge property.
ZK Identity and Credentials: Prove Without Revealing
One of the most promising emerging applications is using ZK proofs for identity and credentials. The concept: prove you satisfy some requirement (you’re over 18, you hold a specific credential, you’re a member of a group) without revealing your actual identity or the underlying data.
Semaphore enables anonymous signaling and voting. You can prove you’re a member of a group and cast a vote without revealing which member you are. This unlocks anonymous polls, whistleblowing systems, and reputation mechanisms where participation doesn’t require doxxing. Worldcoin uses Semaphore extensively in its World ID system to enable privacy-preserving identity verification. When users verify with World ID, Semaphore generates ZK proofs that confirm unique humanness without linking actions to biometric data or tracking users across applications. The system runs on Optimism and uses zk-SNARKs with different tree sizes (from 16 to 32, with size 30 currently in production) to handle varying anonymity set requirements.
zkPass lets users prove credentials without revealing personal information using zkTLS (three-party TLS with multi-party computation). Prove you’re over 18 without showing your birthdate. Prove you have a bank account without revealing which bank or your balance. Prove you’re a resident of a specific country without showing your passport. zkPass raised $2.5 million in seed funding from Sequoia China, OKX Ventures, and Binance Labs, demonstrating strong backing for privacy-preserving credential verification. The protocol works by intercepting standard HTTPS connections, generating ZK proofs locally on the user’s device, and enabling selective disclosure of attributes without exposing underlying documents.
Why this matters: Most Web3 applications either operate with complete transparency (everyone sees everything) or require trusted intermediaries to verify credentials. ZK identity systems enable selective disclosure where users control exactly what information they reveal.
The use cases:
- On-chain KYC: Prove you passed KYC without revealing your identity to every smart contract you interact with
- Reputation systems: Build reputation across protocols without linking all activity to a single identity
- Sybil resistance: Prove unique humanness or membership without creating a central identity database
- Compliance: Satisfy regulatory requirements while preserving privacy (accredited investor verification using bank statements or tax filings without disclosing full documents)
Which properties matter: Zero knowledge is essential here. The entire point is proving something without revealing the underlying data. Soundness prevents fake credentials. Succinctness and efficiency enable practical on-chain verification. This is one of the few application categories that truly needs all the ZK properties working together.
The challenge: ZK identity systems need widespread adoption to be useful. Standards must emerge for credential issuance and verification. Regulatory frameworks must recognize ZK proofs as valid compliance mechanisms. The technology works, but the ecosystem infrastructure is still developing.
Verifiable Computation: The Expanding Frontier
The four categories we’ve covered represent established domains in ZK. privacy protocols like Zcash, rollups like zkSync, bridges like Polyhedra, and identity systems like Semaphore each carved out their specialization.
Early ZK applications followed a pattern. You either built one of these specialized things yourself, or you migrated your entire application onto specialized infrastructure to gain ZK benefits. Want privacy? Build on Aztec. Want scaling? Deploy on a ZK rollup. Your whole protocol lived within that infrastructure.
Something different is emerging now. ZK technology can augment existing applications without requiring architectural migration. The shift is fundamental as instead of asking “which specialized ZK chain should I build on,” the question becomes “how can my existing application gain computational capabilities it couldn’t have before?”
This is verifiable computation as a category. Any application, on any chain, can now access off-chain computation with on-chain verification. The new paradigm isn’t building specialized infrastructure, but proving that computation happened correctly, regardless of what that computation is.
What Verifiable Computation Enables
Remember from Part 1 the constraints smart contracts face. They exist in an eternal present, unable to efficiently access their own history. Heavy computation runs into gas limits quickly, and cross-chain data simply doesn’t exist from a contract’s perspective. Since every on-chain application is built on smart contracts, these limitations affect everything from DEXes to lending protocols to social platforms. Verifiable computation changes what’s possible by moving the heavy lifting off-chain while keeping verification on-chain.
Historical Data and Complex Analytics
Take historical data access as an example. A decentralized exchange wants to offer volume-based fee discounts, but checking if an address traded $100K this month requires scanning thousands of blocks. The gas cost makes this completely impractical on-chain. With verifiable computation, that analysis happens off-chain and the result gets proven on-chain. The dapp gains a capability it couldn’t have before, without migrating anywhere or building specialized infrastructure.
This pattern works across different types of applications. Lending protocols can calculate complex time-weighted rewards based on months of position history. Yield aggregators can process historical vault participation to determine fair distributions. Governance systems can weight votes based on verified historical engagement. Each needs different data and different computations, but the underlying mechanism is the same: scan whatever historical data is needed off-chain, prove the computation was done correctly, verify the proof on-chain.
AI Agents and Verifiable Inference
The verification problem shows up differently as AI moves on-chain. Payment protocols like x402 let AI agents transact autonomously in real-time using HTTP status codes and stablecoins. Agent A needs data, Agent B provides it, payment happens automatically. This works fine for simple exchanges, but becomes problematic when the work itself needs verification.
Consider an AI agent paying another agent to run medical diagnostics using a specific model. How does the paying agent verify the work happened as specified? With human oversight, you can audit the process. With autonomous systems operating at scale across healthcare diagnostics, financial analysis, or legal assessment, you can’t rely on trust. As these systems handle higher-stakes decisions, the verification gap becomes critical.
ZK proofs solve this by letting agents prove which model ran, what compute was used, and that inference occurred exactly as specified. The result comes with cryptographic evidence of the work performed. Brevis works in this space through partnerships like Pieverse, where every x402b payment on BNB Chain includes zero-knowledge verification. Each gasless payment comes with a timestamped receipt that can be privately checked and audited. Users and AI agents can confirm prior activity without compromising underlying data, whether that’s validating yield generation, verifying spending within constraints, or proving attribution.
Verifiable Computation Everywhere
These examples show verifiable computation working across different domains. Social platforms need to verify user reputation that spans multiple chains without exposing transaction details. Perp DEXes want to calculate trader rebates based on cumulative volume over time. RWA protocols distribute rewards based on participation metrics that require complex historical analysis. The specific computations vary widely depending on what each application does, but they all follow the same approach: move the heavy computation off-chain, generate a proof, verify it on-chain.
This is how Brevis approaches ZK infrastructure. Rather than building for one specialized vertical, the architecture supports applications across different domains that need computational capabilities smart contracts can’t provide directly. We’ll explore how this works in Part 6.
The bigger picture here is that privacy, scaling, bridges, and identity remain important established categories, each with specialized infrastructure serving specific needs, but verifiable computation represents something broader. It opens ZK technology to any application that needs capabilities beyond what smart contracts allow. As on-chain applications work to match what users expect from Web2 experiences, being able to access historical data, perform complex analysis, and verify off-chain work becomes fundamental infrastructure rather than a specialty feature.
Understanding the Systems
The ZK landscape we just walked through shows clear specialization. Zcash focuses on privacy, zkSync on rollup throughput, Polyhedra on cross-chain finality. This creates a fragmented ecosystem where applications needing multiple capabilities face integration challenges across incompatible systems.
Verifiable computation introduces even more complexity. Unlike the established categories with defined boundaries, verifiable computation spans infinite potential use cases and workloads. Historical data queries need different optimization than AI inference verification. Real-time proving has different requirements than batch reward calculations. The heterogeneity is fundamental to the category itself.
Brevis chose to tackle this space directly. Building for verifiable computation means contending with diverse workloads from day one, which requires architecture that can handle heterogeneity rather than optimize for a single use case. We’ve developed approaches to this challenge that we believe point toward a more unified path forward. More on this later
Before we can understand what makes Brevis’s approach work, we need to look at how ZK systems are actually built. In Part 3, we covered proof system fundamentals: SNARKs versus STARKs, their properties, the basic trade-offs, and that established what’s theoretically possible.
Now we need to understand the implementations. What is a zkVM and how do different architectures work? When teams build systems optimized for specific workloads, what are they actually optimizing and what are they sacrificing? The architectural choices determine what’s practically possible to build and where the real performance boundaries are. That’s Part 5: ZK Systems and zkVMs.
Brevis Network© 2023 