Post-Quantum Risk in Deployed Zero-Knowledge Architectures: A Layered Analysis
Andreas Renz
Abstract
Zero-knowledge proof systems are now deployed widely in production cryptographic protocols, yet many rely on assumptions (discrete logarithms, pairings, or structured reference strings) that a fault-tolerant quantum computer would break via Shor's algorithm. This systematization of knowledge (SoK) presents a four-layer decomposition (L1 to L4) that separates where quantum risk enters a proof system: arithmetization, polynomial commitment, protocol logic, and non-interactive compilation. Using a two-axis taxonomy that crosses cryptographic impact (structural break, modularly replaceable break, or quantitative degradation) with deployment migration feasibility, we classify the major proof-system families, derive a modularity test for evaluating upgrade paths, and introduce collect now, forge later (CNFL) as the proof-system analogue of harvest-now-decrypt-later. Case studies of Zcash, zkSync Era, and StarkNet show that practical post-quantum outcomes depend on deployment governance and upgrade architecture as much as on cryptographic primitives. The scope covers IOP/PCS-based and algebraic proof families; MPC-in-the-Head constructions are excluded.
Zero-knowledge proof systems are now deployed in production, from Zcash to zkSync Era and StarkNet, yet many rest on discrete-log or pairing assumptions that a fault-tolerant quantum computer would break via Shor's algorithm. "Post-quantum ZK" is not a single property. Modern proof systems are layered constructions, and their quantum resilience depends on which layer carries security.
This paper introduces a four-layer decomposition (L1 to L4: arithmetization, polynomial commitment, protocol logic, and non-interactive compilation) that separates where quantum risk enters a proof system. It crosses cryptographic impact (structural break, modularly replaceable break, or quantitative degradation) with deployment migration feasibility, derives a modularity test for evaluating upgrade paths, and introduces "collect now, forge later" (CNFL) as the proof-system analogue of harvest-now-decrypt-later.
The framework is applied across the major proof-system families and grounded in three case studies (Zcash Sapling, zkSync Era, and StarkNet). These show that practical post-quantum outcomes depend on deployment governance and upgrade architecture as much as on the underlying cryptographic primitives.
This is a systematization of existing deployed systems. It does not propose new cryptographic constructions.
Source and LaTeX: github.com/Encryptorium/post-quantum-zk-risk
A shorter, informal treatment of the core idea is in the blog post Post-quantum ZK is an architecture problem.