ZK Proofs on Tenzro

Three properties matter most: transparent setup (no trusted ceremony, no per-circuit CRS), post-quantum-conjectured soundness (FRI-based commitment scheme over a small prime field is plausibly safe under quantum adversaries), and fast verification (~5–20ms on commodity hardware).

Groth16 has tiny proofs but requires a trusted setup per circuit. PLONK improves on universal setup but still requires a ceremony. Bulletproofs are transparent but verification is O(n). Plonky3 STARKs hit all three properties at once, at the cost of slightly larger proofs (~64–128 KB).

KoalaBear (2^31 − 2^24 + 1) is the field. 31-bit prime, two-adicity 24 (large enough for practical AIR sizes), hardware-friendly arithmetic. Combined with Poseidon2 for hashing and FRI for polynomial commitment, the construction is the same one Polygon zkEVM and others have settled on for production STARKs.

InferenceAir — proves that an inference request was executed correctly against the registered model, with bounded resource consumption. Used in combination with TEE attestation to anchor inference results.

SettlementAir — proves the correctness of a settlement state transition: balance arithmetic, fee computation, signature checks. Used to compress high-volume channel state updates into a single succinct proof.

IdentityAir — proves credential validity without revealing the credential's full claims. Useful for KYC-tier-gated access where the verifier learns only the tier, not the underlying issuer evidence.

log_blowup=1, num_queries=64, query_pow=16, commit_pow=8. Plonky3 source pinned at git rev 32079474b1d31d9221656ae774afb322d2597db0. Wire format: Proof { proof_bytes, public_inputs, proof_type=Plonky3, circuit_id, … }. proof_bytes is bincode-serialized p3_uni_stark::Proof; public_inputs is a Vec<Vec<u8>> of 4-byte little-endian KoalaBear field-element chunks.

Verifying a full Plonky3 proof on-chain inside the EVM would be slow and gas-expensive. Tenzro takes a different approach: validators run the full Plonky3 verifier off-EVM, then record a 32-byte SHA-256 commitment of the proof in the ZkCommitmentRegistry. The EVM ZK_VERIFY precompile (at 0x1004) becomes an O(1) HashSet lookup against that registry.

Commitment hash: compute_zk_commitment(circuit_id, proof_bytes, public_inputs) = SHA-256(circuit_id || proof_bytes || Σ(len_le(pi)||pi)). 4-byte LE length prefix per public input.

Result: smart contracts can gate execution on Plonky3 proofs without paying the cost of in-EVM verification. The trust anchor moves from “this proof verifies” to “consensus accepted this proof” — which is the same trust model any settlement-grade chain implicitly accepts.

For settings that need both privacy and verifiability, Tenzro composes TEE attestation with Plonky3 proofs. The enclave produces the AIR witness, runs the prover inside, and signs the commitment hash with either a classical Ed25519/Secp256k1 key or a PQ-hybrid composite signer (Ed25519 + ML-DSA-65). bind_external_attestation_result cross-binds an externally-verified attestation result to the TeeZkProof.

Use cases: verifiable AI inference over confidential prompts, sealed-data computation with public proof of correctness, custody operations with both hardware-rooted and cryptographically-rooted trust.

tenzro_zk::verify_proof_envelope(&Proof) matches on circuit_id ("inference" | "settlement" | "identity") and runs the right AIR's Plonky3Verifier against the pinned testnet config. Single entry point used by web/MCP/RPC handlers and the settlement engine's DefaultZkVerifier.

Non-Plonky3 proof types (Groth16, Plonk, generic Stark) on the ProofType enum are rejected at every verifier with WrongProofType.