Client-side proving is essential to preserve privacy and decentralization. It allows computing ZKPs locally on user device without the need to outsource the computation to a third party which can compromise privacy. 1. Team Members Alex Kuzmin (team lead) Brechy Guorong Du 2. Q3 Objectives The primary objective is to map the current ZKP systems and zkVMs that are feasible to run on mobile and obtain concrete benchmarks of their performance; The secondary objective is to explore in detail the most promising existing ZKP systems and their potential enhancements.

Structure Why inner product? How is inner product equivalent to a polynomial evaluation? Can we just run one big sumcheck to evaluate the inner product? What would be the disadvantage? How is Ligerito improving on that (on a very high level, because the detailed explanation will follow)? Explain multilinear evaluation, the equivalenece of a vector-vector product and matrix-vector product to a full and partial evaluation ($vr$ vs $Mat(v)r$) Matrix-Vector product protocol Partial sumcheck protocol Batching and Gluing Matrix-vector product with partial sumcheck Full Ligerito protocol

A summary of the June 2025 PSE retreat from the CSP perspective # Cluster Where client-side proofs appear today Does the user device actually build the proof? How much would CSP advancements move the needle? 1 Key Management

Work scope We would benchmark 3 main categories, necessary for zkID project. Hashing We would benchmark 3 popular hash functions - Keccak(256), SHA256 and Poseidon2. Also, we would set the input data as variance - 512bytes, 1kB, 2kB, 4kB and 8kB of random string. The reason behind variant input data is that we want to obtain the data necessary for client side proving, e.g., what is maximal input for hash function proving in mobile device/web browser. Keccak(256)groth16/circom or this one binius(wasm)

Latest progress in transparent SNARKs improved their performance enough so they can be considered as an option for end-user applications that run on commodity hardware. However, there currently is a gap between the application developer skillset and the requirements to use the implementations of these SOTA schemes. Lowering this entry-level barrier and removing trusted setup requirements can make the development of zero-knowledge applications simpler, boosting the explorations on new privacy related applications. Background CSP ZKP Stack Needs setup? Is PQ-Secure? Is verifiable on-chain? DevEx

Goal Basically, we want to build the comprehensive benchmarks. This should be helpful to anyone who wants to explore the popular and SOTA proving systems from the perspective of the client side proving. Existing zkID-Benchmark Proving systems CriteriaTransparent(no trusted setup) Small proof size Fast proving Post-quantum soundness

SHA256 hash of a 1KB input message. Circom (witnesscalc+rapidsnark)[^2] Plonky2[^3] 723.6+-12 ms[^1] 4033.8+-48 ms[^1] Benchmarks run on iPhone 13 Pro.

Motivation The demand for mobile proving is increasing across the industry, driven by applications in ZK identity, anonymous online collaboration, and voting. Some examples of such applications are Anon Aadhaar and zkEmail. They involve computationally intensive client-side proving, primarily due to the need to prove conventional, ZK-unfriendly cryptography (ECDSA signature verification, SHA-256 hashing) coming from credential issuers. Projects like mopro have made significant progress in optimizing existing ZK frameworks for mobile use. Traditionally, benchmarking efforts have focused on measuring performance improvements relative to unoptimized versions, independent of hardware (e.g., comparing a native binary to a WASM/JS prover running in a mobile browser). The upcoming client-side proving research project within PSE aims to implement ZK proving systems on mobile that are particularly well-suited for client-side proving. Understanding mobile platforms' limitations is crucial to determining a range of suitable proving systems and frameworks. This survey aims to determine the most average consumer mobile hardware globally to serve as a reference for benchmarking purposes. Challenges