# Client-Side Proving Across Retreat Problem Clusters
*A summary of the June 2025 PSE retreat from the CSP perspective*
| # | Cluster | Where **client-side** proofs appear today | Does the user device actually **build** the proof? | How much would CSP advancements move the needle? |
| --- | -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| 1 | Key Management | Stealth-address social-recovery flow relies on a ZK proof that the new key controls the hidden commitment `k` [[Vitalik 2023](https://vitalik.eth.limo/general/2023/01/20/stealth.html#stealth-addresses-and-social-recovery-and-multi-l2-wallets)] | **Yes** – owner/guardian proves knowledge of `(x,c)` on-device | **High** – mobile-friendly proofs turn recovery into a one-click UX |
| 2 | Trust Experience | Mainly UX/metaphor work; cryptography runs elsewhere | **No** | None |
| 3 | Private Reads | Light-client **verification** or PIR happens, but proving is server-side; end user only checks proofs | **No** | Low |
| 4 | Private Transactions | Shield / unshield / spend proofs (Railgun, Aztec, Tornado-style) | **Yes** – wallet proves locally before relaying | **Very High** |
| 5 | Private & Shielded DeFi | Same proofs as #4 plus larger circuits for multi-step calls | **Yes** | **Very High** |
| 6 | Hardened Security | Tracks PQ-safe, transparent proof systems | Depends (dev tooling first, users later) | Medium – dictates future-proof migration path |
| 7 | Composable Trust / Proof Interop | Holders aggregate / recurse multiple verifiable credential proofs on the fly | **Yes** | **High** |
| 8 | Oracles & Web2 Proofs | zkTLS, zkEmail, passport proofs – pure client-side ZK | **Yes** – browser or mobile app does all proving | **High** |
### Cluster-by-cluster notes
- **Key Management** – Users (or guardians) generate a small proof during social-recovery or key-rotation flows. Mobile-friendly provers make recovery more convenient.
- **Trust Experience** – No heavy proving; client devices mostly display privacy or compliance indicators. Gains come indirectly as other clusters' proofs get lighter and easier to explain.
- **Private Reads** – Clients verify proofs from servers or light-client networks; they rarely build their own. Faster verification libraries still matter for battery life.
- **Private Transactions** – Every shield, unshield or private spend is proven locally before relaying. Lower RAM , faster runtimes and transparent setup directly improve payment UX.
- **Private & Shielded DeFi** – Same proving workload as private payments, plus larger circuits for multi-step actions. Efficiency gains lead to gas and latency savings.
- **Hardened Security** – Tracks PQ-safe, transparent proof systems so that _all_ other clusters can keep proving on-device in the long run.
- **Composable Trust / Proof Interop** – Holders aggregate or recurse multiple VC proofs on their phones. Lighter recursion and transparent setups reduce bundle size and bandwidth.
- **Oracles & Web2 Proofs** – Apps like zkEmail, zkTLS and zkPass rely entirely on users producing proofs from Web2 data. Any prover speed-up benefits the UX.
Sign in with Wallet
Connect another wallet