zkDaily - 2026-05-25

零知识证明 zkDaily

ZKP Frontier Tracker 🎯

Mon

05.25

2026

zkExp: Zero-Knowledge Succinct Exponentiation Proofs

Paper

https://cic.iacr.org/p/3/1/2

Biniyam Deressa KZG Sumcheck FFT

Deressa et al. propose the first ZK proof system achieving asymptotically optimal batched exponentiation proofs with innovations including trace-based square-and-multiply encoding, lazy sumcheck, etc. Constant verification (3.5ms), proof size 160-256B, memory <1.1MB, suitable for zkRollups, anonymous credentials.

Notes

First to achieve asymptotically optimal batched exponentiation proofs: prover time O(λN/log N), constant verification.
Four innovations: trace-based square-and-multiply, lazy sumcheck, hybrid FFT, sliding-window batching.
Constant proof size 160-256B independent of parameter sizes.
Verification time 3.5ms, memory <1.1MB, 500K gas for 1000 exponentiations on Ethereum.
Sound under GDHE assumption, computational ZK in random oracle model.
Applications: zkRollups, anonymous credentials, on-chain threshold cryptography.

Collected by @icerdesign

零知识证明 zkDaily

Q&A Deep Dive 💬

Mon

05.25

2026

What is zkExp?

zkExp is a zero-knowledge proof system for exponentiation statements like proving g^x = y without revealing the secret exponent x. It provides constant-size proofs and fast verification, making it useful for zkRollups and anonymous credentials.

Why is zkExp useful for blockchains?

zkExp keeps proofs at only 160–256B with constant verification time, reducing on-chain gas and bandwidth costs. Verification remains efficient even for large batches of exponentiations.

How does zkExp use sum-check?

zkExp uses lazy sum-check to verify exponentiation constraints, expanding computations only when necessary. This reduces prover computation and memory costs.

Prompted by @icerdesign