The term "Zero-knowledge" and the cryptographic proofs it refers to have become one of crypto's most abused words. Investors hear it and mentally file it under the heading of "advanced cryptographic tech" then move on, believing that ZK implies under-the-hood functions that only technical people need to care about.
That's a mistake, as ZK is increasingly part of the infrastructure for a diverse bundle of critical tasks including transaction execution, maintaining privacy, and scaling claims.
Quantum computing is another trap, which asks investors what their asset's ZK system is actually built on, and whether that cryptography can be swapped without going through the chaos of a messy migration to post-quantum computing security.
The golden goose to find is an upgradeable, well-audited cryptographic stack that uses ZK proofs today. To help you understand what to look for, it's useful to know a bit more about both ZK and quantum computing, so let's dive in.
Covering ZK & Quantum Computing Is Key For Due Diligence
ZK and quantum computing is worth paying attention to now more than ever because ZK moved from being research-stage to production-ready before the post-quantum security standards were published.
On the standards side, NIST has already finalized primitives such as FIPS 203, and it has framed this as a first wave of standards rather than the end state in its 2024 standards release. On the cryptocurrency side, ZK-rollups often use proofs mainly for validity and compression rather than secrecy. But what really is a ZK proof anyway?
In short, a ZK proof lets a prover convince a verifier that a statement is true while not revealing the witness. That's it; everything else is product design layered on top. In more technical terms, most production systems turn computations into algebra, then prove the algebraic constraints are satisfied.
ZK shows up in crypto in three common patterns:
Shielded transfers in privacy protocols such as Zcash.
Validity rollups that publish data publicly and use ZK mainly as integrity proofs.
zkVMs that attest to program execution, as in the RISC Zero proof-system overview.
So investors should recognize that ZK is a technique which doesn't necessarily guarantee any outcome if it's mis-applied.
Quantum Computing Changes The Assumptions
Quantum computing threatens cryptography unevenly, so it's important to understand the basics of the field.
As you may have heard, Shor's algorithm is why elliptic curve signatures and pairing-based cryptography are considered vulnerable in a post-quantum computing world. If your ZK stack depends on pairings, you will inherit this long-run fragility.
The takeaway from this realization is to appreciate that not all cryptocurrencies claiming to use ZK are going to also automatically be quantum secure. In fact, most probably aren't, and they might not ever be.
Additionally, simply "using ZK" is not something that investors should confuse with a cryptocurrency actually offering a high level of security, privacy, or anything else ( as with most methods and most technologies) there can be many different implementations and executions of a single concept.results vary widely.
Now, let's turn to a related concept, STARKs.
STARKs are hash-based proof systems, and in their standard form they do not rely on elliptic-curve pairings in the way other stacks do. That is why teams often market STARK-style stacks as quantum-resistant. The catch is that this does not automatically mean “the whole system is quantum secure,” because the surrounding layers can still depend on elliptic-curve signatures, bridge and custody assumptions, or other components that remain Shor-exposed.
Additionally, Grover’s algorithm, another algorithm intended for quantum computer-based codebreaking, is meaningfully less dangerous than Shor’s in practice. Shor threatens the public-key foundations behind widely used elliptic-curve signatures and pairings, while Grover delivers a quadratic speedup against brute-force search, which means mitigation requires a parameter increases rather than an algorithm change .
What Investors Should Check Before Trusting a ZK Story
Now let's turn to actionable diligence. Again, the main question to answer is whether the project survives a standards transition without breaking its social contract or governance.
The first move while conducting research on this topic is thus to create a stack map. Determine for a given cryptocurrency investment which arithmetization, which commitment schemes, which curve or hash family, and where is it documented. If the docs cannot answer these basic questions in plain terms, stop taking their ZK claims at face value.
Second, find the upgrade story, and bail out if there isn't one. Trusted setup is a real operational risk, which is why researchers have systematized the topic.
Third, see the ops story, if there is one. zkSync's own documentation describes enabling its prover and choosing CPU or GPU operation, which is a reminder that "decentralized proving" is a hardware and incentive problem.
Here's a short checklist you can use in public docs, governance forums, or diligence calls:
Which proof system is used, and is it described in a first-party reference?
Which commitment scheme is used, and does it depend on pairings?
Is there a trusted setup, and is the ceremony publicly specified?
What is the project's stated post-quantum posture, and does it avoid hand-wavy claims?
Where is recursion used, and what does it buy?
With those questions in mind, the following table should help keep the picture concrete:
Proof system or family | Primary commitment or primitive | Post-quantum at the proof layer? | Quantum pressure to understand | Notes and examples | Diligence focus |
|---|---|---|---|---|---|
Pairing-based SNARK over elliptic-curve groups | No | Shor’s algorithm breaks discrete-log assumptions that underpin pairing-friendly curves | Very small proofs and fast verification, but typically circuit-specific trusted setup; widely used in shielded-transfer designs | Ceremony integrity, curve choice, and a credible plan to replace pairings | |
PLONK with KZG commitments | Pairing-based polynomial commitments (KZG) | No (when KZG is used) | Same Shor pressure on the pairing and curve layer | Often marketed as “universal setup” and very flexible; the commitment layer is the quantum-sensitive choke point | Whether the commitment scheme is swappable without breaking verification contracts |
Halo-style SNARKs with IPA commitments | Inner-product-argument polynomial commitments over EC groups | No | Shor still applies because the commitment scheme lives on discrete-log groups | Removes KZG-style structured reference strings, but does not escape curve assumptions | Whether “no trusted setup” is being confused with post-quantum security |
Plonky2 and similar FRI hybrids | FRI-based, hash-and-Merkle commitments | Yes (plausible) | Grover’s search speedup weakens brute-force margins, so security often means parameter increases | Proof layer avoids pairings, but the cost shifts to larger proofs, prover hardware, and parameter discipline | Prover economics, parameter choices, and whether the network can keep proving decentralized |
Transparent integrity proofs based on FRI and Merkle authentication | Yes (plausible) | Grover-style pressure on hash security, plus the practical cost of heavier proofs | Commonly described as post-quantum at the proof layer because security reduces to hash assumptions rather than discrete log | Whether “post-quantum” is being claimed for the whole chain or only the proof layer | |
Bulletproofs and Pedersen- style range proofs | Pedersen commitments on elliptic curves | No | Shor applies because Pedersen commitments rely on discrete-log hardness | Great for range proofs and privacy systems, but not a post-quantum primitive | If used inside a broader ZK stack, it can become the weak link |
Throughout this entire process, you need to keep returning to the dynamic that if you cannot name all of the assumptions a chain is using in its ZK implementation or its quantum migration plan, you won't be able to price the value of the migration. If you can't price the migration, your investment thesis is a lot closer to a story than an analysis of the future of crypto.
To keep up with the latest in blockchain technology and quantum computing, join us on X and subscribe to our newsletter.
Sources
Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203)
NIST Releases First 3 Finalized Post-Quantum Encryption Standards
Constant-Size Commitments to Polynomials and Their Applications
Pairing-based polynomial commitments and Kate polynomial commitments
Scalable, transparent, and post-quantum secure computational integrity
