Jussa

imagine accepting a one time code and not auto-yupping. couldn't be me

@nellycyberpro @zeroknowledgefm thank you xmm. regarding what you missed, i would love to hear your thoughts on the Zero Suite pieces by art studio Mathcastles.

I just listened to the Introduction to Zero Knowledge Proofs episode from the @zeroknowledgefm , Episode 21, dated April 19, 2018, and I genuinely needed a moment to sit with how much has changed. I needed a ZK refresher because, honestly, I always need one; this space moves so fast. But listening to Anna and Fredrik explain zero knowledge proofs from scratch using Where's Waldo examples and colored pill thought experiments really hit me. They talked about how STARKs needed 200GB of RAM and were not feasible right now for anything, how libSNARK was basically the only library available, and how the biggest use case was @Zcash Sprout with its 40-second proof generation times and massive memory requirements. That was 2018. This is 2026. Eight years later, the transformation is honestly staggering. But first, some history. Zero knowledge proofs weren't invented in 2018 or even close. They were first conceived in 1985, 41 years ago, by Shafi Goldwasser, Silvio Micali, and Charles Rackoff at MIT in their paper "The Knowledge Complexity of Interactive Proof-Systems." The wild part is that the paper was actually written as early as 1982 and was rejected three times from major conferences before finally being published at STOC '85. The paper that would reshape cryptography almost didn't make it out. Goldwasser and Micali went on to win the Turing Award in 2012 for their foundational work. Then, in 1986, Goldreich, Micali, and Wigderson proved that anything efficiently provable can be proved in zero knowledge, meaning ZK wasn't limited to toy problems but could theoretically handle any NP computation. And in 1988, Ben-Or, Goldreich, Goldwasser, and others published "Everything Provable is Provable in Zero Knowledge," which laid out the recipe of committing to an interactive proof transcript and then proving correctness of that commitment in ZK. This is the exact recipe that Google's team is literally using in 2026 for their Wallet. So ZK proofs existed as beautiful theory for over 30 years before blockchain gave them the engineering push to become practical. And what a push it's been. So I wanted to write this post walking through what has actually changed since that 2018 episode aired, and really, since ZK left the realm of pure theory, because I think it's worth documenting. These are projects I personally know, have explored, have seen around the timeline, and developments I've been hearing about in the space. If I miss anything important, please add it in the comments. I want this to be a living conversation because I'm doing more of these ZK deep-dives in 2026. The Evolution of Proof Systems Let's start with proof systems. In 2018, Groth16 was essentially the only production-grade proof system. It produced beautifully small proofs of just 3 group elements, but every single new circuit required its own trusted setup ceremony, complete with "toxic waste" that could break the entire system if compromised. That was just the reality you had to accept. Then in 2019, the @aztecnetwork team published PLONK, which introduced a universal and updatable structured reference string. This meant one setup ceremony could serve any circuit up to a given size. This was a paradigm shift. PLONK's modular design let you swap polynomial commitment schemes depending on your needs, and it spawned an entire family of variants: TurboPLONK with custom gates achieving 2.5× faster performance than Groth16, UltraPLONK integrating lookup tables, and HyperPlonk leveraging multivariate polynomials. That same year, Sean Bowe, Jack Grigg, and Daira Hopwood at @ElectricCoinCo published Halo, the first practical recursive proof composition without any trusted setup at all. Halo meant proofs could verify other proofs in a chain, and Halo2 was later deployed in Zcash's NU5 upgrade in May 2022, finally eliminating trusted setup from Zcash entirely. Meanwhile, @StarkWareLtd took zkSTARKs from those 200GB demos Fredrik mentioned in the podcast to production systems that can now prove 16 years of Bitcoin block headers for under $15 using their next-gen prover. Small-field techniques like Circle STARKs and Mersenne31 fields made this possible, achieving 620K Poseidon2 hashes per second on a standard M3 laptop. And then folding schemes came along. Nova (2022) by Kothapalli, Setty, and Tzialla introduced a fundamentally simpler approach to recursive proof composition, reducing checking two statements to checking one with constant overhead of just two scalar multiplications. SuperNova extended this to universal machine executions, and HyperNova generalized it further. Binius by Irreducible operates over binary tower fields and is approaching what Vitalik Buterin called "the limits of STARK base layer efficiency." Finally, the lookup argument revolution, stretching from Plookup (2020) through Caulk, LogUp, and finally Lasso (EUROCRYPT 2024), achieved 10× speedups and made lookups into tables with over 2^128 entries practical. The Rise of zkEVM Rollups Now, zkEVM rollups. In 2018, there were literally zero ZK rollups. The concept barely existed. Today we have at least six major ones live on Ethereum mainnet. zksync Era launched in March 2023 with a custom VM approach and native account abstraction, later airdropping the ZK token to nearly 700,000 wallets in June 2024. They're building the Gateway interoperability layer and sunsetting zkSync Lite as the ecosystem matures. 0xPolygon launched their zkEVM backed by over $650 million in ZK acquisitions, with AggLayer connecting their ecosystem and Plonky3 as the new backend. Their Polygon 2.0 vision unifies PoS, zkEVM, and CDK chains. Scroll_ZKP went to mainnet in October 2023 using a Halo2-based proving system and is targeting eventual Type 1 EVM equivalence through their OpenVM initiative. LineaBuild from ConsenSys launched in July 2023 and is exploring lattice-based SNARKs (Vortex) for quantum resistance, making them one of the few teams actively preparing for post-quantum futures. taikoxyz launched in May 2024 as the first based rollup, meaning Ethereum L1 validators handle sequencing directly, and Vitalik Buterin himself proposed its genesis block. ENS chose Taiko's tech stack for Namechain. StarknetFndn has processed over $1.5 trillion in cumulative volume through StarkEx, with their Cairo developer base growing 875% over two years. Cairo 1.0 transformed their language from assembly-like to Rust-inspired with approximately 79% developer retention, which was a massive developer experience improvement. Real World Identity and Google Wallet The identity space is where things get really wild when you compare 2018 to now. In the podcast, Fredrik gave the example of proving you know a Facebook password without actually sending it to Facebook's servers as a thought experiment. In 2026, ZK-based identity is real infrastructure serving tens of millions of people. One of the biggest signals that ZK has gone mainstream came from Google. Abhi Shelat and Matteo Frigo, engineers at Google (Abhi is also a professor at Northeastern, and Matteo is the creator of the legendary FFTW library), built and integrated zero-knowledge proofs directly into Google Wallet for privacy-preserving identity verification. Their paper "Anonymous Credentials from ECDSA" describes a system using sumcheck and the @ligero_inc argument system that generates ECDSA proofs in just 60 milliseconds and full identity credential proofs in about 750ms on x86 and 1.2 seconds on a Pixel 6. The system requires no trusted setup, is designed to be post-quantum safe at the proof layer, and critically, works without changing any existing issuer processes or requiring changes to mobile device hardware. When you use Google Wallet to prove your age is over 18, a ZK proof is generated on your phone that proves you hold a valid government-signed credential asserting that fact without revealing your name, date of birth, address, or even which state issued your ID. The device public key that would normally be a tracking identifier is hidden inside the zero-knowledge proof. This is directly powering EU digital identity compliance under eIDAS 2.0, which mandates digital ID wallets across all EU member states by 2026, and it's already being used for age verification with services like Bumble. Google open-sourced the implementation as Longfellow-ZK, named after the bridge outside Google's Cambridge office. As Abhi said on the zero knowledge podcast episode about it, ZK is returning to its original roots of privacy for sensitive information. Anna Rose called it the clearest case of ZK breaking into the mainstream. Identity Projects and zkTLS worldcoin has 33 million app users with 15 million iris-verified across 35+ countries, using ZK proofs via the Semaphore protocol to prove group membership without revealing individual identity. They launched World Chain as an OP Stack L2 and have partnerships with Visa, Match Group, and Razer. PrivadoID (formerly Polygon ID) became the most mature ZK credential system. Buenos Aires integrated their QuarkID system into government services for 3.6 million residents. The EU eIDAS 2.0 regulation has pilots running across 350+ organizations in 26 member states. Zupass, built by 0xPARC, was used as the ZK passport system at Vitalik's zuzalukas pop-up city experiment in Montenegro in 2023, where roughly 700 people used ZK proofs for apartment access, event entry, and anonymous voting. @ZKPassport and @SelfProtocol took ZK identity even further by leveraging the NFC chips embedded in biometric passports. Users scan their passport with their phone, and ZK circuits verify the government-issued digital signatures without revealing any personal data, proving age, nationality, or simply that you hold a valid document. ZKPassport built their circuits in Noir and was integrated by @aztecnetwork for testnet node operator verification, while Self Protocol scaled to over 8 million users across 129 countries and landed a partnership with @googlecloud for sybil-resistant faucets and privacy-preserving OFAC compliance screening on @Celo And then there's zkTLS, which might be one of the most consequential new primitives to emerge. Built on the DECO protocol from Cornell and Chainlink, zkTLS lets you prove things about your HTTPS session data without server cooperation. @reclaimprotocol does 2 to 4 second proofs on mobile across 889+ data sources using a proxy model, and @OpacityNetwork uses an MPC+TEE hybrid approach. You can prove you own a bank account, a Twitter profile, or have a certain credit score without revealing any credentials. This is the bridge between Web2 and Web3 that everyone has been waiting for. @zkemail is another primitive that emerged. You can make privacy-preserving proofs about existing emails by leveraging DKIM signatures that email servers already attach. ZK Email enables proving you own an email at a certain domain, confirming transactions, or verifying identity, all without revealing the email contents. They've built account recovery for Safe wallets, proof of Twitter ownership, and an SDK where developers can define new proof types in a few lines of JSON. They've been supported by the Ethereum Foundation's PSE team and have collected over 5,000 proofs through their registry. Finally, @zkp2p built a trustless peer-to-peer fiat-to-crypto onramp using ZK proofs of payment confirmation emails and zkTLS. You send fiat through Venmo, Revolut, or Wise, and ZKP2P generates a zero-knowledge proof that the payment happened without revealing your personal information to the blockchain. The crypto locked in escrow is then automatically released. No KYC, no centralized exchange, and no custodial risk. Just math. They're live on @base with under 60-second settlement times. Privacy and Regulation The privacy and regulation story since 2018 is dramatic. Tornado Cash mixed over $7.6 billion in Ether using zkSNARKs before OFAC sanctioned it on August 8, 2022. This was the first time the U.S. government targeted a decentralized protocol. Developer Alexey Pertsev was arrested in Amsterdam two days later and sentenced to 64 months. Roman Storm was arrested in August 2023, and his trial in July 2025 produced a mixed verdict: conviction on operating an unlicensed money transmitter, but a jury deadlock on money laundering and sanctions charges. Then the Fifth Circuit ruled in November 2024 that OFAC exceeded its authority, as immutable smart contracts are not property under IEEPA. On March 21, 2025, OFAC officially delisted Tornado Cash. Treasury Secretary Scott Bessent acknowledged the enormous opportunities for innovation. This reshaped privacy law fundamentally. Out of this came compliant alternatives: @RAILGUN_Project built a Proof of Innocence system where users generate ZK proofs showing funds aren't from flagged addresses. @aztecnetwork is building programmable privacy with built-in compliance hooks and launched their Ignition Chain in November 2025. Privacy Pools (co-authored by Vitalik Buterin) introduced association sets for selective transparency. On the broader privacy front, the ecosystem exploded. @zama_fhe became the first FHE (Fully Homomorphic Encryption) unicorn, raising over $150M and launching on Ethereum mainnet in December 2025 with confidential stablecoin transfers. @penumbrazone launched their mainnet in July 2024 as a fully end-to-end encrypted proof-of-stake blockchain and DEX for the Cosmos ecosystem. This included private transfers, private staking, private trading, and private governance using zero-knowledge proofs, with their Veil DEX enabling sealed-bid batch auctions that prevent frontrunning. Though Penumbra Labs has since wound down operations, the protocol remains live as open-source software. @namada launched their mainnet in December 2024 with a Multi-Asset Shielded Pool (MASP) extending Zcash's Sapling circuit to support any asset across a unified shielded set. They reward users for keeping assets shielded, making privacy a public good. And @zcash had a massive resurgence, surging over 800% in 2025, driven by Grayscale's spot ZEC ETF filing, the GENIUS Act, and 4.2 million ZEC moving into the Orchard shielded pool. Zcash's upcoming ZSA upgrade will enable shielded BTC, ETH, and stablecoins. Developer Tooling Transformation Developer tooling underwent maybe the most important transformation of the entire eight years. In 2018, libSNARK was a C++ library where you manually defined R1CS constraints and basically needed a PhD to use it. Circom from iden3 was the first widely-adopted DSL used by Tornado Cash, Dark Forest, and Semaphore, but it still required manual constraint management. Then @aztecnetwork created @NoirLang with Rust-inspired syntax that compiles to backend-agnostic ACIR and runs 30× faster than Circom's PLONK for large circuits. @StarkWareLtd shipped Cairo 1.0, which powers all of StarkNet. But the real paradigm shift was general-purpose zkVMs. @SuccinctLabs released SP1 in February 2024. You write standard Rust, compile to RISC-V, and get ZK proofs automatically without needing circuit knowledge. They demonstrated this by building SP1 Reth, a proof-of-concept zkEVM, in just 2,000 lines of Rust at $0.01 per transaction proof cost. SP1 Hypercube (November 2025) proved 99.7% of Ethereum blocks in under 12 seconds using just 16 NVIDIA RTX 5090 GPUs, down from needing 200 GPUs just six months earlier. @RiscZero shipped zkVM 1.0 in June 2024 with the same write-Rust-get-proofs approach and their Boundless decentralized proving network now has over 363 active provers. @a16zcrypto released Jolt, built entirely from lookup arguments and sumcheck protocols (exactly the same sumcheck approach Google chose for their Wallet), achieving roughly 5× CPU speedup over RISC Zero. Axiom released OpenVM as a modular open-source zkVM framework, now proving Ethereum mainnet blocks live, with formal verification of their RISC-V extension in Lean by @NethermindSec Research. And @brevis_zk built Pico Prism, which became the first zkVM to meet the Ethereum Foundation's Real-Time Proving standard. It proved 99.6% of 45M gas blocks in under 12 seconds on 64 RTX 5090 GPUs. Beyond the Blockchain Beyond blockchain, ZK expanded into territory nobody in 2018 would have predicted. zkML (verifiable machine learning) emerged around 2022 when Modulus Labs benchmarked the cost of intelligence for ZK and AI. By 2025, Lagrange DeepProve proved complete GPT-2 inference 54 to 158 times faster than previous approaches, zkPyTorch from @PolyhedraZK proved Llama-3 at 150 seconds per token, and ZKTorch proved GPT-J (6 billion parameters) in 20 minutes. The overhead dropped from approximately 1,000,000× native speed in 2022 to roughly 10,000 to 100,000× by late 2025. Still heavy, but the trajectory is clear. @darkforest_eth demonstrated ZK in gaming back in August 2020. This was an on-chain real-time strategy game where zkSNARKs enabled cryptographic fog of war. Players submitted hashed coordinates with validity proofs, and map exploration required brute-force hashing. It ran multiple seasons through 2022 and remains one of the most creative ZK applications ever built. ZK bridges like @PolyhedraZK's zkBridge replaced trusted committees with mathematical proofs for trustless cross-chain verification in under 8 seconds across 20+ networks. This addresses the over $1.5 billion lost to bridge attacks by eliminating the human trust assumptions that made bridges vulnerable. ZK coprocessors also emerged as a new category. @axiom_xyz enables smart contracts to trustlessly access all historical Ethereum data and perform arbitrary computation over it, verified by ZK proofs. @brevis_zk , Herodotus, and @lagrangedev are building in the same space, collectively turning blockchain into a verifiable computing platform where contracts can reason about the past without trusting oracles. @Filecoin quietly became the largest deployed zk-SNARK network in the world, generating 6 to 7 million ZK proofs per day for storage verification alone. Their Proof of Replication and Proof of Spacetime mechanisms use Groth16 proofs with circuits exceeding 100 million constraints, compressing what would be hundreds of kilobytes into just 192 bytes per proof. Hardware and the Future Hardware acceleration matured through @Ingo_zk 's ICICLE GPU library, Fabric Cryptography building dedicated VPU (Verifiable Processing Unit) ASICs, and Cysic raising $12M for ZK-specific chips. Decentralized proving networks like ZkCloud (300+ partners), =nil; Proof Market, @SuccinctLabs 's Prover Network, and @RiscZero Boundless emerged as proving-as-a-service infrastructure. The ZkBoost Consortium united 43 companies behind a unified proving API. Industry spending on proving runs $100 to $200M annually, with average cost per proof around $0.21 and falling. @0xMiden pioneered client-side proving, where users generate STARK proofs on their own devices in 1 to 2 seconds and only submit proofs to the network. Your transaction details never leave your phone. @AleoHQ launched mainnet in 2024 with their Leo programming language for private applications. And I still haven't fully covered post-quantum ZK. LatticeFold (by Boneh and Chen, ASIACRYPT 2025) introduced the first lattice-based folding scheme for post-quantum incrementally verifiable computation, and Dan Boneh said at ZKProofs 2025 that this might be one of the first times a post-quantum SNARK is better than a pre-quantum one. Greyhound (2025) achieved transparent lattice polynomial commitments with approximately 50KB proofs. The convergence of FHE + ZK + MPC into a unified privacy stack is creating what might become the most important cryptographic infrastructure of the next decade: data that is simultaneously private, verifiable, and computable. The numbers tell the story. In 2018 we had 1 production ZK app, 1 developer library, 40 second proof generation, and STARKs needing 200GB of RAM. In 2026 we have 6+ zkEVM rollups live, 33 million ZK identity users, Google using ZK in their Wallet for billions of potential users, under 7 second Ethereum block proofs on 16 consumer GPUs, and the EU mandating ZK-compatible digital identity wallets for 450 million citizens. ZK proofs went from academic theory discussed on a podcast using Where's Waldo examples to everyday infrastructure for trustless verification, confidential finance, user-controlled identity, verifiable AI, and privacy-preserving computation in eight years. What did I miss? If you have been watching the space evolve, drop your favorite ZK advancement, project, or paper from 2018-2026 in the replies. I'm doing this because I genuinely love cryptography, I'm fascinated by it, and honestly, I just want to get cracked at ZK. There's something about hard problems, elegant math, and building things that actually protect people that just pulls me in. So yeah, this is a passion thing. More coming⚡️⚡️

@jmtrivedi hi um i was just wondering if i can use some of your magic paint on my terraforms if thats ok

So excited to share one of my white-whale projects: a fully physics-based, holographic foil shader. Each pixel simulates a ray of light diffracting into a rainbow of waves, which add and subtract to create these incredible patterns. Not a single gradient was used here!

@jtriley2p Fuck a vc

this may very well be my last post. so read this close. vc's, capital owners, mercenaries, these people are not like you. they are not revolutionaries. they do not care about "the people". they care about money and they will crush you for it. if you step out of line, they will crush you. if you speak truth to power, they will crush you. if you act as an individual, they will crush you. the only response is to act in unison. there are only so many researchers and developers in this space. the chokepoint of crypto is not capital, it's not users, it's not "apps". the chokepoint is us. we the researchers and developers have to organize and collectively reject these parasites, reject their predatory allocations, reject their degradation of what used to be a collaborative, non-hierarchical, collectively-organized space. they may have the majority of capital, but we have the majority of ability. just as they collaborate in allocating capital, we can collaborate in allocating labor. organize, between coworkers, between collectives, between companies, organize and collectively set the terms under which you are willing to work. this doesn't improve any other way. the space is dying. the very best researchers and engineers we know are leaving. we're running out of fucking time. we have to organize and fight back against the people who want to wring our asses for every coin they can get and move onto the next shiny toy.

my flowers talk to me. they say get loved loser ^^ (real)

me wen u make a superfake nothing world, if u even care

Hey Siri make an album of Elliott Smith songs made into Jeff Buckley/ Karen Carpenter duets

Tainan

be well tea friends~

Trent Reznor on meeting David Lynch and working on Lost Highway

@burkov Sick

eth l2s explained by u/DepartedQuantity

God is my habits

Don't fade the Dr. Milker

the @rainbowdotme app needs to stop sending push notifs for anything but onchain txs. every time you send out some marketing bs a thousand people have a near heart attack

First bloom of the year!!

new clicker 🔴

@poof_eth @DXRGai so cool!

Say hello to DX Research Group, a new AI studio focused on innovative onchain experiences Our first experiment DX01: SINGULARITY begins this Thursday on Base Follow @DXRGai and read below to learn more

the iterm 2 update absolutely did NOT have to go this hard wtf🤘🤘

the best place to quickly find and tweak a theme is terminal.sexy!