A zkVM, or zero-knowledge virtual machine, generates cryptographic proof of proper execution of a program without re-running the computation, opening the door to trustless verification, greater throughput, and more scalable applications. Verifiable computation’s long-term goal is to become the standard for integrating the broader internet with blockchain, aligning with Ethereum founder Vitalik Buterin’s vision of cost-effective and frequent validity proofs. Users may be able to leverage their collateral without bridging, improving liquidity and capital efficiency, when Ethereum embraces zero-knowledge proofs.
Buterin envisions the ability to aggregate proofs from multiple rollups into a single proof, submitted once per slot, centralizing settlement activity on the base layer, reducing reliance on bridge operators, and enabling almost instant cross-rollup asset movement through Ethereum.
The progress in reducing hardware demands and enhancing performance
A recent breakthrough has tempered skepticism surrounding the current state of ZK technology. Brevis, an infrastructure provider powering smart, verifiable applications with zk proofs (ZKPs), has announced that its Pico Prism zkVM has achieved record proving coverage of 99.6% (below 12 seconds) and real-time proving coverage of 96.8% (below 10) for Ethereum blocks with a 45M gas limit.
Among Pico Prism’s other improvements over existing solutions are $128,000 hardware cost vs $256,000, 64 RTX 5090 GPUs vs 160 RTX 4090 GPUs for comparable performance, 6.9-second average proving time for 45M gas blocks and 6.04 seconds for 36M gas blocks vs 10.3 seconds, and a performance improvement of 3.4x using combined cost efficiency and speed metrics.
Pico Prism has moved to production-ready infrastructure, doing away with a critical bottleneck in Ethereum’s transition to base-layer zero-knowledge verification. GPU hardware costs are reduced by 50%, rendering real-time proving economically feasible for large-scale production deployment.
Existing issues with scalability and economic viability
Zk rollups like StarkNet, zkSync Era, and Polygon zkEVM compress thousands of Ethereum transactions into a single ZKP that proves their correctness, and generating one proof for a full Ethereum block (around 45M of gas) can take 10–20 seconds or longer, even on clusters with hundreds of GPUs or ASICs. Zk rollups depend on provers to generate state-transition proofs with multiple steps, under strict availability and finality constraints.
These steps require GPUs and other expensive hardware, and the process reaches finality only after all stages are completed and results are posted on the blockchain. As rollups scale, it becomes harder to remain economically viable due to dynamic resource needs, demands for fast finality, and rising throughput. A recent study based on Halo2 proving systems demonstrated these challenges, identifying finality time, average gas usage, and transactions per second as leading cost drivers.
Researchers proposed a cost model capturing rollup-specific limitations and ensuring provers keep up with transaction loads to address these drivers. They formulated a model as a constraint system and found cost-optimal configurations using the Z3 SMT solver.
Memory constraints
Many existing zkVMs still require at least ten seconds per proof and face memory and scaling constraints, with some requiring up to 82 seconds. Proof generation times increase more or less linearly with input size, with corresponding increases of the Fibonacci input from the 10th to the 100,000th term. GPU implementations tend to demonstrate reduced host memory use (CPU) but consume significant GPU memory, with the benchmarked GPU-accelerated projects requiring VRAM of at least 24GB.
Improvements in memory efficiency frequently result from implementing continuation and similar techniques, using smaller cryptographic fields, and adopting more efficient memory-checking arguments, such as polynomial IOPs. Depending on the specific zkVM, memory constraints can be due to the lookup table multivariate polynomial extension and Merkle Tree construction. When it comes to CPU limitations, constraints involve polynomial commitment schemes and proof recursion.
Performance and security tradeoffs
Another concern with optimizing zkVMs exclusively for performance involves security guarantees. Some zkVM projects lack comprehensive security validation because they are still in development or for other reasons. Evaluations of zkVMs should incorporate security maturity, including rigorous safety proofs, completed third-party audits, and formal verification efforts, to provide a comprehensive analysis. Brevis leverages ZKPs to transfer expensive blockchain computations to a more affordable off-chain environment, maintaining L1 security assumptions while allowing Web3 apps to scale faultlessly.
ZKPs’ road to simplicity, efficiency, and scalability
Proofs are created in multiple stages, including elliptic curve operations, calculating hash functions, intermediate proofs, and more. Given the myriad ZKP techniques with distinct qualities, the ideal approach depends on system specifications and the application in question. ZK-STARKs and ZK-SNARKs are examples of different ZKP system variants. The former are more suitable for complex applications, while the latter tend to work better for private transactions.
Moreover, cryptographic standards evolve over time, and ZKP systems should be able to adapt to these changes without major functional disruptions. On the subject of elliptic curve operations, schemes that rely on BN254 or other elliptic-curve pairings are not quantum-secure. It’s necessary to replace the underlying elliptic curve with a post-quantum alternative, such as hash- or lattice-based constructions.
Scaling problems arise in systems with large query or transaction volumes as complicated computing procedures are used to create and verify ZKPs. A prominent example of a scaling problem goes back to the launch of Zcash, when each private transaction required generating a zk-SNARK proof on a personal computer.
A single proof could take tens of seconds to generate and use over 3GB of RAM; many devices couldn’t handle the computation, and most transactions remained non-private because shielded transactions were too slow, running counter to the cryptocurrency’s nature. Pico makes zero-knowledge cryptography more scalable, efficient, and adaptable by allowing developers to customize their proving mechanisms.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.