on
Hashing it out: coSNARKs at TACEO
Let’s Start with Programmable Cryptography
“It shifts the balance of digital power. It moved from the governments, to big tech, and now to the people. It helps us build trust, networks, and communities; a whole new internet. It’s also just ~neat.“ —Trust Infra Gang
At a recent ‘Hash It Out’ workshop, the TACEO team participated in discussions about programmable cryptography—a space where new technologies allow to build secure, scalable, and private solutions. As the MPC / encrypted compute delegates in the room, our focus was very much on coSNARKs, a collaboration, if you will, of zero-knowledge proofs and MPC.
In this blog, we’ll set some context and describe how zero-knowledge proofs have evolved from solving scalability issues, to enhancing privacy, and now, with MPC, to enabling private, collaborative computation. We’ll also give an overview of the tooling that exists, some performance benchmarks, and our plans for the future.
ZK ♥️ Blockchains: From Scalability to Privacy to Computation
Zero-knowledge has become a cornerstone of modern cryptography, and set the scene for programmable cryptography to emerge. While ZKPs were initially used for their zero-knowledge property—as in Zcash, which leveraged them for anonymous transactions—they gained much more traction when applied to the scalability problem. By allowing blockchains to verify computation succinctly, ZKPs give systems the possibility to maintain security and integrity without overwhelming participants with computational burden. This is where SNARKs shine, helping blockchain networks handle more transactions without requiring every node to verify every detail.
But we’ve seen that ZKPs and SNARKs are not just built for scalability, and projects are now increasingly leveraging the zero-knowledge property of ZKPs to create ZK-SNARKs that allow users to prove the correctness of a statement without revealing the underlying data. ZK-SNARKs are the key to enhancing privacy in blockchain ecosystems—making it possible to protect sensitive information in everything from financial transactions to private smart contracts.
However, despite their power, SNARKs have limitations that must be addressed if we want to realize the next generation of privacy-preserving computation:
-
Single-Prover Dependency. In producing traditional SNARKs, a single entity (the prover) must know the witness—the data that proves the validity of a computation. This creates challenges, particularly in privacy sensitive or constrained environments. For instance, generating a SNARK can exceed the memory (RAM) capacity of devices like smartphones or tablets, making it difficult to run zero-knowledge proofs on-the-go. Moreover, including large ZK libraries in mobile apps can bloat the application’s package size, making it impractical for developers to integrate ZKPs in resource-limited settings.
-
Limited Flexibility in Collaborative Environments. SNARKs work well for proving single-party computation, but they fail when multiple entities need to collaborate on computation over private shared state. For use cases like multi-party transactions, secure voting, or any application where private state must be maintained across different participants, traditional SNARKs don’t provide the flexibility needed. The challenge is to ensure privacy while allowing multiple participants to compute on shared state collaboratively and securely.
By addressing these limitations, we can push ZKPs beyond their current capabilities—enabling more practical, private, and collaborative computation. This is programmable cryptography at its finest.
Collaborative-SNARKs
CoSNARKs are an evolution of SNARKs that directly address the limitations of traditional zero-knowledge proofs by lifting them to the Multi-Party Computation setting. By combining properties of both MPC and ZKPs, coSNARKs allow multiple parties to jointly compute and generate a proof, without requiring any one party to know the entire witness.
Here’s how coSNARKs can solve the challenges that traditional SNARKs face:
- Private Proof Delegation. CoSNARKs enable the delegation of proof generation across multiple parties, distributing the responsibility in environments where it would be impractical or insecure for a single entity to handle sensitive data alone. This is particularly beneficial in resource-constrained settings (e.g., mobile devices) or when security demands that no single party manage the entire secret data.
- Joint Computation on Private Shared State. In collaborative environments where multiple entities need to compute on shared private data, coSNARKs allow for secure, privacy-preserving computation. This allows participants to contribute to the proof generation without revealing their individual inputs, making coSNARKs ideal for multi-party use cases such as defi, gaming, healthcare, and voting systems.
CoSNARKs represent the next stage in zero-knowledge technology, offering not only privacy but full private computation in collaborative environments where trust is distributed across multiple entities.
If you’d like to discuss more about coSNARKs, there’s a telegram group!
What Have We Built?
So far, we’ve developed coSNARK tooling for circom, a widely-used framework for building zero-knowledge circuits. Our tools allow developers to "MPC-ify" circom circuits, bringing them to the MPC setting giving the added benefits of privacy and distributed trust. This makes it easier for developers to integrate advanced cryptography into their applications without needing to become experts in both MPC and ZK.
Our tooling supports two of the most used proof systems in the zero-knowledge space: Groth16 and Plonk. Each of these systems has distinct advantages:
- Groth16 is known for its speed and efficiency, providing fast and lightweight proofs with minimal computational overhead. This makes it ideal for applications where performance is critical, even when multiple parties are involved.
- Plonk, on the other hand, offers greater flexibility and robustness by removing the need for a per-circuit setup. This makes Plonk ideal for use cases with evolving or complex circuits. However, this flexibility does come with a trade-off in efficiency, as proof sizes and verification times tend to be larger compared to Groth16.
If you’re interested to read more about coCircom, you can find our developer documentation here, and the coCircom tooling repo here. Feedback is very welcome and we’re always happy to discuss.
Now, we’re working on optimizations to make our coSNARK tooling even more efficient and adding support for additional proof systems. Our goal is to expand the possibilities for developers, giving them the tools they need to build ZK-applications across a range of blockchains and languages.
Sounds Great, but How Much Overhead Are We Introducing?
One of the first questions we often get when introducing our coSNARK tooling is about performance. Understandably, the burning question is: Will the combination of programmable cryptographic tools, like MPC and ZK-SNARKs, introduce significant overhead?
Surprisingly, the results are quite promising. In private proof delegation where we aim to leverage the benefits of MPC in the context of ZK-SNARKs without incurring excessive overhead, coSNARKs nearly match single-prover performance, though the total cost will increase due to the involvement of multiple servers (e.g., three in a 3-party protocol).
To illustrate this, for circom circuits using the Groth16 proving system, coCircom achieves performance comparable to snarkJS. With further optimizations in progress, we are optimistic that coSNARKs will approach the performance levels of rapidSNARK, one of the fastest SNARK provers available, making coSNARKs highly competitive even in performance-critical applications.
Why Is the Overhead So Low?
The reason coSNARKs introduce such little overhead lies in how cryptographic workloads are handled in MPC. The key operations involved in proof generation—such as Fast Fourier Transforms (FFTs) and Multiscalar Multiplications (MSMs)—are linear. This means that these heavier computations can be performed independently by each party on their local shares, without requiring communication or coordination between the parties during this phase. Essentially, the work of each prover remains local and linear, keeping the computational load comparable to that of a single-prover system.
In addition, we use Rust which is blazingly fast 🦀 By using Rust instead of JavaScript, we can achieve significant performance gains, as Rust is optimized for speed and low-level control over resources. Stay tuned for updates soon and see how close we get to rapidSNARKs.
Why coSNARKs Matter Now
As programmable cryptography advances, coSNARKs aim to solve the real-world complexities of secure computation. The emergence of privacy-first blockchains such as Aztec, Midnight, and Aleo, which manage both private and public state, presents a unique challenge: how to enable mediated computation across these distinct states, while preserving privacy, and without compromising verifiability.
Other topics that come to many minds when encrypted compute and blockchains are mentioned together are private DeFi protocols and dark pools. coSNARKs can also support cross-chain interoperability, secure identity systems, and reputation frameworks, opening new possibilities for digital trust, multi-party collaboration, and privacy-focused applications across communities and industries, while still maintaining transparency and accountability.
Looking Ahead: The Future of MPC and coSNARKs
The field of cryptography is moving fast. As we continue to refine and develop coSNARK tooling, we’re also exploring new proof systems and optimizations that will make secure, scalable computation accessible to a wider range of industries.
For us, coSNARKs are just the beginning and a first step towards creating an encrypted compute layer for Web3. Our mission is to create a world where privacy and security are foundational, enabling new commercial use cases that allow organizations to innovate without fear of exposing sensitive data.
Who are TACEO?
We are a team of researchers and developers building MPC solutions for the programmable cryptography landscape, starting with coSNARKs. Here's what sets us apart:
- Deep Expertise. Our team brings years of experience in MPC, zero-knowledge proofs, and secure computation in both academia and industry (old and new).
- Cutting-Edge Tools. From coSNARK tooling to a full encrypted compute layer for Web3, we’re building the infrastructure for the future of privacy-preserving computation.
- Vision for the Future. We’re not just thinking about the next step—we’re building a long-term vision where secure, decentralized computation becomes ubiquitous and normal.
How to get involved. If you’re ready to dive into the world of MPC and coSNARKs, connect with us on discord or X. We’re always happy to discuss and collaborate with others who share our passion for secure, private computation.
Acknowledgements and Thanks
We’d like to thank the organizers and participants of the Trust Infrastructure Hash it Out workshop held at the Aztec HQ in London at the end of Brat Summer ‘24. This is the first of a series of posts that we’ll write to answer questions and address concerns brought up during discussions there.
coSNARK Resources
Experimenting with Collaborative zk-SNARKs
Collaborative SNARKs by Roman Walch
Notes on Collaborative zkSNARKs
ZK Podcast about Collaborative Zero-Knowledge Proofs