ZeraLabs logo

Pre-migration documentation. This site reflects the pre-migration state of the protocol. It’s mostly current, but a few edges may not match ZERA at launch. We’re finalizing the new, detailed ZERA docs now. Thanks for your patience.

Zero‑Knowledge Proof Protocol

Protocol Design and Verification Systems

Zero‑knowledge proofs ensure transactions are provably valid while revealing no information beyond the validity of the statement being proven.

5.1 Protocol Definition

Given relation R(x, w) (e.g. "C opens to m, r"), the prover and verifier run:

pi <- Prove(x, w)
b  <- Verify(x, pi)

Such that the following hold:

Security Properties

  • Completeness: Honest prover convinces honest verifier
  • Soundness: Cheating prover succeeds with negligible probability
  • Zero‑Knowledge: Simulator produces pi indistinguishable from real

5.2 Recent Protocol Advances

Recent protocols (Libra, deVirgo, Orion, Pianist) achieve linear‑time proving and sub‑kilobyte proofs, enabling:

  • Efficient proving for complex statements
  • Compact proof sizes for blockchain deployment
  • Fast verification for real‑time applications
  • Scalable zero‑knowledge systems
Completeness
If the statement is true and the prover follows the protocol honestly, the verifier accepts with overwhelming probability.
Soundness
If the statement is false, no cheating prover can convince an honest verifier to accept, except with negligible probability.

Protocol Implementation

Proof Generation

The prover constructs a proof pi that demonstrates knowledge of witness w without revealing information about w.

Proof Verification

The verifier checks the proof pi against the public statement x to ensure the claimed relation holds without learning the witness.

Zero‑Knowledge Property

A simulator can generate proofs computationally indistinguishable from real proofs, ensuring no information leakage.

Transaction Chain Validation

A user transfer from value v to v' proceeds as follows:

  1. Create C_in = C(v, r)
  2. Compute delta d = v' - v and form C_out = C_in · C(d, r')
  3. Produce ZK proof pi of knowledge of v, r, r' and non‑negativity constraints
  4. Broadcast (C_out, pi)
  5. Validators check Verify(C_out, pi) = 1 and include in epoch T_(i+1)

Performance Considerations

  • Linear‑time proof generation for practical deployment
  • Sub‑kilobyte proof sizes for efficient transmission
  • Fast verification for real‑time validation
  • Scalable systems for high‑throughput applications

Mathematical Components

Mathematical Foundations

Algebra, groups and fields underpinning the protocol

Learn more
Algebraic Entropy

Entropy, randomness beacons and unpredictability

Learn more
Perpetual Genesis

Unending ceremony and evolving base points

Learn more
Homomorphic Evolution

Balance updates that preserve hidden amounts

Learn more
Commitment Layer

Commitments, openings and security properties

Learn more
Security Analysis

Threat models, assumptions and guarantees

Learn more