$Proo\varphi$: A ZKP Market Mechanism

TL;DR

The paper addresses the challenge of outsourcing ZKP generation by formalizing a ZKP market model and introducing Proo, an auction-based mechanism that matches high-value ZKP tasks with low-cost provers in batched rounds. It proves core properties including budget balance and incentive compatibility for both users and provers, establishing UDSIC and PDSIC guarantees. To address practical security concerns, the authors add system-level designs such as collateral slashing, fixing prover capacity across rounds, and sealed-bid auctions to mitigate misreporting, Sybil attacks, and collusion, with analyses under risk-averse assumptions. The work also discusses limitations and outlines future directions, including Bayesian extensions and non-myopic welfare considerations, aiming to bridge theoretical guarantees with real-world ZKP marketplaces.

Abstract

Zero-knowledge proofs (ZKPs) are computationally demanding to generate. Their importance for applications like ZK-Rollups has prompted some to outsource ZKP generation to a market of specialized provers. However, existing market designs either do not fit the ZKP setting or lack formal description and analysis. In this work, we propose a formal ZKP market model that captures the interactions between users submitting ZKP tasks and provers competing to generate proofs. Building on this model, we introduce $Proo\varphi$, an auction-based ZKP market mechanism. We prove that $Proo\varphi$ is incentive compatible for users and provers, and budget balanced. We augment $Proo\varphi$ with system-level designs to address the practical challenges of our setting, such as Sybil attacks, misreporting of prover capacity, and collusion. We analyze our system-level designs and show how they can mitigate the various security concerns.