Post-quantum security of zero-knowledge proof systems
Andreas Renz
Abstract
Zero-knowledge proof systems are now deployed in production cryptographic protocols, yet many rely on discrete-log-based or pairing-based assumptions that a fault-tolerant quantum computer would break via Shor's algorithm. We present a four-layer decomposition (arithmetization, polynomial commitment, protocol logic, and non-interactive compilation) that separates where quantum risk enters a proof system. Using a two-axis taxonomy that crosses cryptographic impact (structural break, modularly replaceable break, or quantitative degradation) with deployment migration feasibility, we classify the major proof-system families, derive a modularity test for evaluating upgrade paths, and introduce collect now, forge later (CNFL) as the ZK-specific analogue of harvest-now-decrypt-later. Case studies of Zcash, ZKsync Era, and Starknet show that practical post-quantum outcomes depend on deployment governance and upgrade architecture as much as on cryptographic primitives.
This is a working paper. A preliminary discussion of the four-layer framework and its application to deployed ZK systems is available in the blog post Post-quantum ZK is an architecture problem.
The full paper is planned for submission to the IACR ePrint Archive when complete.