ZKCG

Verifying off-chain computation usually means trusting a server or re-running everything. Both don’t scale.

Trust in BN254 + Groth16 vs trust in the auditor — that's the right way to frame the threat model shift. Interesting distinction in what's being proven though: document state vs rule execution. "This policy hash is in the allowed set" vs "this eligibility rule ran on this input and produced this decision." Both needed. Different layers of the same stack.

Exactly right — and that's the precise distinction we're building on. In ZK-Provenance, the proof isn't just "computation happened." It proves: → Document hash matches commitment → Timestamp in valid policy window → Merkle path verifies correctly → Policy hash is in allowed set All without revealing the document. The auditor model depends on trust in the human. Our model depends on trust in BN254 + Groth16. Very different threat models. 🔐

The dirty secret of enterprise compliance: Every major data breach in 2025 had one thing in common. The company was "compliant" before the breach. SOC2 certified. ✓ HIPAA audited. ✓ ISO 27001. ✓ Still got hacked. Because audits check process. ZK proofs check math. Process can be faked. Math cannot. → zkprovenance.app 🔐

Privacy-preserving compliance is the right framing it dissolves the false choice between "fully transparent" and "fully private." The missing piece most implementations skip: not just proving identity facts (KYC passed) but proving rule execution (this specific eligibility logic ran correctly on this input). We're building exactly that layer at ZKCG happy to compare approaches.

Imagine being able to prove something without giving away any details. That’s what Zero-Knowledge Proofs (ZKPs) do! ✅ For example, let’s say you need to prove you’re over 18, but you don’t want to reveal your exact birthdate or any other personal details. With ZKPs, you can prove that you meet the age requirement without sharing your exact birthdate. This way, your age is confirmed while your personal data stays private. 🔐 Why does this matter for Redbelly? ► Keeps your sensitive information private. ► Allows RWA issuers to meet compliance requirements without storing sensitive information themselves. ZKPs are one way we’re pushing Redbelly Network to be more secure while keeping user privacy front and centre. #RedbellyNetwork #RWAT #Blockchain

Institutional-grade is a high bar and TradFi defines it differently to DeFi. For a TradFi risk officer, "verifiable" means an independent party checked and signed off. For DeFi, it should mean mathematically impossible to falsify. Bridging those two definitions is actually the hard problem. Most RWA projects satisfy the first and call it done.

@SimpleChain_RWA isn’t trying to become “just another blockchain.” It’s building infrastructure for the next era of finance. A chain where: • Real estate can move on-chain • Credit markets become transparent • Compliance is automated • Real-world data becomes verifiable digital value The whitepaper shows a bigger vision than simple tokenization. SimpleChain combines: → PoS + HotStuff consensus → Institutional-grade compliance → Oracle-powered real-world data → Cross-chain liquidity → On-chain credit systems → RWA issuance through DataIPO What stands out most is the focus on trust. Not only trust in code but trust in data, regulation, and asset legitimacy That’s the missing layer many RWA projects still struggle with If blockchain is going to connect with traditional finance at scale, infrastructure like this will matter. SimpleChain is positioning itself at that intersection

Verifiable compute without trusting code or data is the right north star. The compliance-specific version of this: prove that a rule ran on private inputs and produced this output without revealing the inputs or trusting the executor. Most ZK identity projects prove facts about users. The harder problem is proving facts about computations. That gap is still mostly open.

You don’t need to read the model’s code. You don’t need to trust the devs. You don’t even need to see the data. You just verify the ZK proof. That’s what Jiritsu brings to every AI-powered RWA integration.

Clearer thresholds help but they shift the problem from "what are the rules" to "how do you prove you followed them." Most platforms will have a compliance answer ready for regulators. Fewer will have a verifiable one. The GENIUS Act might be what forces that distinction into the open.

The GENIUS Act established a federal framework and standardized settlement infrastructure for payment stablecoins, triggering a massive surge of institutional capital into the RWA space alongside updated compliance thresholds that clarify how institutions can safely custody and report digital assets. Here is what that means in plain language: Institutional capital does not move on excitement. It moves when the legal framework is clear enough for compliance teams, risk committees, and custody teams to sign off simultaneously. That framework just got significantly clearer in both the US and Europe. The platforms that built to institutional standards before the legislation arrived are not adapting to the new environment. They were already there.

Composability and compliance are usually in tension composability assumes permissionless interaction, compliance requires gating. ZK is the only primitive that resolves this cleanly: prove the compliance condition is met without blocking composability for everyone else. How are you currently handling the enforcement layer when assets move between protocols?

Requirements for mainstream RWA adoption: • Regulatory compliance • Sustainable yield • Onchain composability That’s why leading issuers and ecosystems like Kaia and Avalanche choose Pruv, combining compliant issuance with seamless onchain utility. Pruv.

The gap is real and it's structural, not just a tooling problem. Tokenization platforms are incentivised to ship fast. Adding a verifiable proof layer to every compliance decision slows things down and nobody's demanding it yet. They will when the first major compliance failure happens on-chain and there's no audit trail that holds up.

3/ The vRWA standard defines a verifiable asset as one supported by continuously provable, tamper-resistant, and auditable financial state at the asset or position level. Measured against that standard, the current market remains effectively unverified. State of RWA 2026: Tokenization’s Verification Gap defines vRWAs and maps the verification problem across major asset classes. Available here: rekord.io/resources/rese…

1/ As of May 2026, tokenized real-world assets exceed $400B in combined distributed and represented value. Market figures reflect material progress across issuance, distribution, custody, settlement, and institutional participation, but they do not, by themselves, indicate that the underlying assets are supported by continuously verifiable financial state. Most RWA infrastructure has been designed around bringing assets onto digital rails, not around proving the current condition of those assets over time.

Making invalid transitions impossible to hide is the key property it's what separates a ZK proof from an assertion. The same principle applied to business logic: not "the backend says the rule was followed" but "an invalid execution of this rule is computationally impossible to prove." That's a fundamentally different security guarantee than any audit trail gives you.

The excessive data is the result of constant mixing and tying data in different patterns. We want to make sure invalid steps, if exist, will be included in these patterns over and over again. This is how we prevent them from hiding and make sure 1 tiny error not go unnoticed. >>

So we're building a STARK proof. The TL;DR of the 1st phase in that process (as explained in the previous thread), is this: - The STARK prover registers all execution steps of all the txs we want to process - These steps should align with constraints So, what's next? >>

Folding schemes are interesting precisely because they break the "one monolithic proof" bottleneck. The implication for real-world computation: you can now prove complex, multi-step business logic incrementally each step building on the last without restarting the proof. That changes what's practical to prove, not just what's theoretically possible.

So now we have this huge proof with a massive amount of data. We can now move to the next step. Let's fold that proof (tomorrow)

Zcash in 2015 proved ZK could work in production for financial privacy. A decade later the question isn't whether ZK works. It's: can you prove a business rule ran correctly on private inputs without revealing them? That's the open problem. @EliBenSasson what do you think ?

This property gets applied to identity proofs well — "prove you're over 18 without revealing your DOB." The harder version: "prove that a specific business rule ran correctly on private inputs and produced this output." Not proving a fact about yourself. Proving a computation happened correctly. That's where the design space gets interesting.

@proofmancer @Zcash @StarkWareLtd Okay, interesting! And makes sense. I was slightly confused by the need to prove something without that something. These are different somethings.

Privacy comparison: Zcash vs. Starknet As you know, I've co-founded two ZK projects, @Zcash (in 2014) and @StarkWareLtd (in 2018) and I love both. When it comes to privacy, each offers something different and interesting. Zcash is the original privacy solution, and has privacy as its core mission. Its main advantage is that when it comes to privacy for transferring money, in the form of ZEC, you get the highest grade of shielding. Only the payer and payee know anything about that single transaction. The rest of the world learns nothing. Zero knowledge. @Starknet's main advantage when it comes to privacy (with strkBTC and strk20) is UX and composability. You can do more actions – trading, borrowing, lending, swapping, staking – all under the same cloak, and you do it with good UX. Zcash – Resistance Money grade Privacy. Starknet – Usable everyday financial Privacy.

The challenge is that removing the central entity from settlement is the easy part. Removing it from rule enforcement who decides if a transfer is compliant, and how does the contract know that decision was made correctly is harder and less talked about. Most DeFi protocols solved the former and quietly delegated the latter to a backend nobody's verifying.

@KaspaMobile Finance that is not dependent on one central entity

The best privacy solutions will come from DeFi. I'll explain: DeFi's lack of privacy is a roadblock to adoption, so DeFi projects have this strong incentive to focus on Privacy, build it, innovate it, and compete on who will offer the best privacy solutions.

The crowd problem is especially sharp in compliant DeFi. If a protocol requires accredited investors only, the anonymity set collapses there aren't many of them, and timing + amount patterns de-anonymise quickly. ZK credential proofs help but the set size problem doesn't disappear. It just moves.

@Alex4DeFi @Zcash @StarkWareLtd That's another thing. Anonymity depends on being able to hide in a crowd.

The sequencer decentralization problem in L2s is a good parallel to a quieter version of the same issue in DeFi application logic: Business rules enforced off-chain by a single operator are a centralisation vector too just one nobody's auditing. Decentralising settlement without decentralising rule enforcement is only half the job.

I do. I've spoken about it quite a lot. I know how difficult it is to build decentralized systems, and Starknet's shift from centralized architecture to a decentralized one was a huge leap. But in spite of the challenge, and the fact that there are still more phases to go through, it's important and we'll do it. I wish I saw more L2s planning to decentralize.

Privacy is necessary but not sufficient for mass adoption. The other half: institutions need to prove they followed rules without revealing who did what. ZK delivers both hide the data, prove the compliance. That's the combination that actually unlocks institutional DeFi at scale.

The best thing that can happen to crypto is ZK-based privacy solution. DeFi must adopt privacy if the goal is to reach mass adoption, and ZK is the most efficient and secure way to deliver that.

Exactly and Canborsa is an interesting case because DEX compliance at execution is harder than at onboarding. Transfer rules, jurisdiction gating, eligibility checks all of it needs to fire at the trade level, not just when a wallet connects. Happy to show how this works in practice @Canborsa_DEX

@ZKCG_X @Starknet Agreed. Proof of arbitrary computation is a major step forward for RWA and institutional DeFi. Compliance can be verified on-chain without a trusted backend. Very relevant for the future of @Canborsa_DEX.

As ZK maximalists, we’re excited to announce that the first RISC Zero proof has officially been verified on Starknet Sepolia! This marks a crucial step in giving Starknet developers even more flexibility and choice in how they buidl 🐺🤝🟡

Zcash in 2015 proved ZK could work in production for financial privacy. A decade later the primitive is proven the question is what the next layer looks like. Privacy of transaction data is mostly solved. Privacy-preserving proof of compliance "I followed this rule without revealing why I qualify" is where the interesting work is happening now.

Privacy started w Zcash in 2015. "Privacy" is now

Privacy in DeFi has two distinct problems that usually get collapsed into one: 1. Hiding transaction data from observers 2. Proving compliance to regulators without revealing that data Zcash solved #1 brilliantly. #2 is still mostly unsolved and it's what institutional DeFi actually needs to cross the line.