Thanks to Alex Kuzmin, Andy Guzman, Miha Stopar, Sinu, and Zoey for their generous feedback and review.

TL;DR​

• The Problem: Delegating ZK proof generation to servers often fails to preserve privacy, as the server sees your private inputs, though there are recent researches on private proof delegation ^{1 2 3} to mitigate this issue. Ultimately, true privacy requires client-side proving, but current performance is too slow for mainstream adoption.
• The Opportunity: Modern mobile phones and laptops contain GPUs well-suited to accelerating parallelizable ZK primitives (NTT, MSM, hashing). Benchmarks show field operations on smaller fields like M31 achieve more than 100x throughput compared to BN254 on an Apple M3 chip ⁴.
• The Gap: No standard cryptographic library exists for client-side GPU implementations. Projects reinvent primitives from scratch, and best practices for mobile-specific constraints (hybrid CPU-GPU coordination, thermal management) remain unexplored.
• Post-Quantum Alignment: Smaller-field operations in post-quantum (PQ) schemes (hash-based, lattice-based) map naturally to GPU 32-bit ALUs, making this exploration more valuable as the ecosystem prepares for quantum threats.

1. Privacy is Hygiene​

Ethereum's public ledger ensures transparency, but it comes at a steep cost: every transaction is permanently visible, exposing users' financial histories, preferences, and behaviors. Chain analysis tools can easily link pseudonymous addresses to real-world identities, potentially turning the blockchain into a surveillance machine.

As Vitalik put it, "Privacy is not a feature, but hygiene." It is a fundamental requirement for a safe decentralized system that people are willing to adopt for everyday use.

Delegating ZK proof generation to servers undermines this hygiene. While server-side proving is fast and convenient, it requires sharing raw inputs with third parties. Imagine handing your bank statement to a stranger to "anonymize" it for you. If a server sees your IP or, even worse, your transaction details, privacy is compromised regardless of the proof's validity. Though recent studies explore private delegation of provers ¹, true sovereignty requires client-side proving: users generate proofs on their own devices, keeping data private from the start.

This is especially critical for everyday Ethereum privacy. Think of sending payments, voting in DAOs, or managing identity-related credentials (e.g. health records) without fear of exposure. Without client-side capabilities, privacy-preserving tech remains niche, adopted only by privacy-maximalist geeks. Hence, accelerating proofs on consumer hardware could be the bedrock for creating mass adoption of privacy, making it as seamless as signing a transaction today.

2. GPU Acceleration: A Multi-Phase Necessity for Client Proving​

Committing resources to client-side GPU acceleration for ZKP is both a short-term and long-term opportunity for Ethereum's privacy landscape. GPUs excel at parallel computations, aligning perfectly with core primitives that could be used in privacy-preserving techs like ZKP and FHE, and client devices (phones, laptops) increasingly feature growing GPU capabilities. This could reduce proving times to interactive levels, fostering mass adoption.

Current Status and Progress​

Although client-side proving is a reality, the user experience is still catching up. CSP benchmarks from ethproofs.org show that while consumer devices can now generate proofs in seconds, the process often takes longer than 100ms. For scenarios requiring real-time experience, like payments or some DeFi applications, this delay creates noticeable friction that hinders adoption.

CSP benchmarks from ethproofs.org 5. Snapshot taken on January 19, 2026

Several zkVM projects working on real-time proving have leveraged server-side GPUs (e.g. CUDA on RTX-5090) for ~79x improvement on average proving times, according to site metrics from Jan 28, 2025 to Jan 23, 2026, validating the potential of GPU acceleration for proving.

On the client side, though still in the early stages of PoC and exploration, several projects highlight potential:

• Ingonyama ICICLE Metal: Optimizes ZK primitives such as MSM and NTT for Apple's Metal API, achieving up to 5x acceleration on iOS/macOS GPUs (v3.6 release detailed in their blog post).
• zkMopro Metal MSM v2: Explores MSM acceleration on Apple GPUs, improved 40-100x over v1. For details, check this write-up. Building on ZPrize 2023 winners Tal and Koh's WebGPU innovations (inspired by their implementation) ⁶.
• Ligetron: Leverages WebGPU for faster SHA-256 and NTT operations, enabling cross-platform ZK both natively and in browsers.

Broader efforts from ZPrize and Geometry.xyz underscore growing momentum, though protocol integration remains limited ⁷⁸.

Opportunities for Acceleration​

Several ZK primitives are inherently parallelizable, making GPUs a natural fit:

• MSM (Multi-Scalar Multiplication): Sums scalar multiplications on elliptic curves; parallel via independent additions, bottleneck in elliptic curve-related schemes.
• NTT (Number Theoretic Transform): A fast algorithm for polynomial multiplication similar to FFT but over finite fields; parallel via butterfly ops, core to polynomial operations in many schemes.
• Polynomial Evaluation and Matrix-Vector Multiplication: Computes polynomial values at points or matrix-vector products; high-throughput on GPU shaders via SIMD parallelism.
• Merkle Tree Commitments: Builds hashed tree structures for efficient verification; parallel-friendly for batch processing and hashing.

Additionally, building blocks in interactive oracle proofs (IOPs), such as the sumcheck protocol ⁹, which reduces multivariate polynomial sums to univariate checks, benefit from massive parallelism in tasks such as summing large datasets or verifying constraints. While promising for GPU acceleration in schemes like WHIR ¹⁰ or GKR-based systems ¹¹, sumcheck is not currently the primary bottleneck in most polynomial commitment schemes (PCS).

These primitives map directly to bottlenecks in popular PCS, as shown in the table below.

PCS Type	Typical Schemes	Family (Hardness Assumption)	Primary Prover Bottleneck	Acceleration Potential	PQ Secure
KZG 12	Groth16, PlonK, Libra	Pairing-based (-SDH)	MSM	Moderate: Memory-bandwidth limited	No
IPA 13	Halo2, Bulletproofs, Hyrax	Discrete Log (DL)	MSM	Moderate: Parallel EC additions	No
Hyrax 14	GKR-based SNARKs	Discrete Log (DL)	MSM	Moderate: Similar to IPA but multilinear	No
LaBRADOR 15	LaBRADOR-based SNARKs	Lattice-based (SIS / LWE)	NTT, Matrix-Vector Ops	High: Fast small-integer arithmetic	Yes
FRI 16 / STIR 17	STARKs, Plonky2	Hash-based (CRHF)	Hashing, NTT	High: Extremely parallel throughput	Yes
WHIR 10	Multivariate SNARKs	Hash-based (CRHF)	Hashing	High: Extremely parallel throughput	Yes
Basefold 18	Basefold-SNARKs	Hash-based (CRHF)	Linear Encoding & Hashing	High: Field-agnostic parallel encoding	Yes
Brakedown 19	Binius, Orion	Hash-based (CRHF)	Linear Encoding	High: Bit-slicing (SIMD)	Yes

Table 1: ZK primitives mapped to PCS bottlenecks and GPU potential

Moreover, VOLE-based ZK proving systems, such as QuickSilver ²⁰, Wolverine ²¹, and Mac'n'Cheese ²², utilize vector oblivious linear evaluation (VOLE) to construct efficient homomorphic commitments. These act as PCS based on symmetric cryptography or learning parity with noise (LPN) assumptions. The systems are post-quantum secure. Their main prover bottlenecks are VOLE extensions, hashing, and linear operations, which make them well-suited for GPU acceleration through parallel correlation generation and batch processing.

In the short term, primitives related to ECC (e.g. MSM in pairing-based schemes) are suitable for accelerating existing, well-adopted proving systems like Groth16 or those using KZG commitments, providing immediate performance gains for current Ethereum applications.

Quantum preparedness adds urgency for the long term: schemes on smaller fields (e.g. 31-bit fields like Mersenne 31, Baby Bear, or Koala Bear ²³) align better with GPU native words (32-bit), yielding higher throughput. Field-Ops Benchmarks ⁴ confirm this. Under the same settings (not optimal for max performance but for fairness of experiment), smaller fields like M31 achieve over 100 Gops/s on client GPUs, compared to <1 Gops/s for larger ones like BN254.

Operation	Metal GOP/s	WebGPU GOP/s	Ratio
u32_add	264.2	250.1	1.06x
u64_add	177.5	141.1	1.26x
m31_field_add	146.0	121.7	1.20x
m31_field_mul	112.0	57.9	1.93x
bn254_field_add	7.9	1.0	7.64x
bn254_field_mul	0.63	0.08	7.59x

As quantum tech advances, exploration related to PQ primitives (e.g. lattice-based or hash-based operations) will drive mid-to-long-term client-side proving advancements, ensuring resilience against quantum threats like "Harvest Now, Decrypt Later" (HNDL) attacks, as mentioned in the Federal Reserve HNDL Paper and underscored by the Ethereum Foundation's long-term quantum strategy, which is a critical factor if we are going to defend people's privacy on a daily-life scale.

3. Challenges: Bridging the Gap to Everyday Privacy​

Despite progress, some hurdles remain between the current status and everyday usability.

3.1 Fragmented Implementation​

• No standard crypto library exists for client-side GPUs, forcing developers to reinvent wheels from scratch, which is often not fully optimized.
• Lack of State-of-the-Art (SoTA) references for new explorations, leading to duplicated efforts.
• Inconsistent benchmarking: metrics like performance, I/O overhead, peak memory, and thermal/power traces are rarely standardized, complicating comparisons. Luckily, PSE's client-side proving team is improving this ⁵.

3.2 Limited Quantum-Resistant Support​

Most GPU accelerations have focused on PCS related to elliptic-curve cryptography (ECC) like IPA, Hyrax, and KZG (pairing-based). All are vulnerable to quantum attacks via Shor's algorithm. These operate on larger fields (e.g. 254-bit), inefficient for GPUs' 32-bit native operations, and schemes like Groth16 face theoretical acceleration upper bounds, as analyzed in Ingonyama's blog post on hardware acceleration for ZKP ²⁴. On the other hand, PQ schemes such as those based on lattices or hashes (e.g. FRI variants) are underexplored on client GPUs but offer greater parallelism.

3.3 Device-Specific Constraints​

Client devices differ vastly from servers: limited resources, shared GPU duties (e.g. graphics rendering), and thermal risks. Blindly offloading to GPUs can cause crashes or battery drain ^{25 26}. Hybrid CPU-GPU approaches, inspired by Vitalik's Glue and Coprocessor architecture, need further exploration. Key unknowns include:

• Task dispatching hyperparameters.
• Caching in unified memory. Check Ingonyama's Metal PoC for zero-cost CPU-GPU transfers.
• Balancing operations: GPUs for parallelism, CPUs for sequential tasks.

Apple GPUs have the unified memory model in which the CPU and the GPU share system memory

4. PSE's Roadmap for GPU Acceleration​

To achieve client-side GPU acceleration's full potential, we propose a structured roadmap focused on collaboration and sustainability:

1. Build Standard Cryptography GPU Libraries for ZK

   • Mirror Arkworks's success in Rust zkSNARKs: Create modular, reusable libs optimized for client GPUs (e.g. low RAM, sustained performance) ²⁷.
   • Prioritize PQ foundations to enable HNDL-resistant solutions. For example, lattice-based primitives like NTT that scale with GPU parallelism ²⁸.
   • Make it community-owned, involving Ethereum, ZK, and privacy ecosystems for joint development, accelerating iteration and adoption in projects like mobile digital wallets.

2. Develop Best-Practice References

   • Integrate GPU acceleration into client-side suitable protocols, including at least one PQ scheme and mainstream ones like Plonky3 ²⁹ or Jolt ³⁰.
   • Optimize for mobile, tuning for sustained performance over peaks and avoiding thermal throttling via hybrid CPU-GPU coordination.
   • Create demo protocols as end-to-end references running on real devices with GPU boosts, serving as "how-to" guides for adopting standard libs.

This path transitions from siloed projects to ecosystem-wide tools, paving the way for explorations in sections like our starting points below.

5. Starting Points​

zkSecurity's WebGPU overview highlights its constraints versus native APIs like Metal or Vulkan. For example, limited integer support and abstraction overheads.

To validate, a PoC was conducted to compare field operations (M31 vs. BN254) across APIs ⁴. Key findings:

• u64 Emulation Overhead: Metal's native 64-bit support edges WebGPU (1.26x slower due to u32 emulation), compounding on complex ops.
• Field Size vs. Throughput: Smaller fields shine. M31 hits 100+ Gops/s; BN254 <1 Gops/s (favoring PQ schemes).
• Complexity Amplifies Gaps: Simple u32 ops show parity (1.06x); advanced arithmetic like Montgomery multiplication widens to 7x for BN254.

Start with native APIs first, such as Metal for iOS (sustainable boosts), then WebGPU for cross-platform reach. This prioritizes real-world viability over premature optimization.

6. Conclusion​

Client-side GPU acceleration for ZKPs represents both immediate and long-term opportunities for Ethereum privacy, potentially improving UX for adopting privacy-preserving tech and enabling quantum-secure daily-life use cases like private payments. By addressing fragmentation, embracing PQ schemes, and optimizing for mobile devices, we can make privacy "hygiene" for everyone (from casual users to privacy-maximalists). We believe that with collaborative efforts from existing players and the broader community, everyday Ethereum privacy is within reach.

Footnotes​

1. Kasra Abbaszadeh, Hossein Hafezi, Jonathan Katz, & Sarah Meiklejohn. (2025). Single-Server Private Outsourcing of zk-SNARKs. Cryptology ePrint Archive. https://eprint.iacr.org/2025/2113 ↩ ↩²

2. Takamichi Tsutsumi. (2025). TEE based private proof delegation. https://pse.dev/blog/tee-based-ppd ↩

3. Takamichi Tsutsumi. (2025). Constant-Depth NTT for FHE-Based Private Proof Delegation. https://pse.dev/blog/const-depth-ntt-for-fhe-based-ppd ↩

4. Field-Ops Benchmarks. GitHub. https://github.com/moven0831/field-ops-benchmarks ↩ ↩² ↩³

5. Proving Backends Benchmarks by Client-side Proving Team from PSE. https://ethproofs.org/csp-benchmarks ↩ ↩²

6. ZPrize 2023 Entry: Tal and Koh's WebGPU MSM Implementation. GitHub. https://github.com/z-prize/2023-entries/tree/main/prize-2-msm-wasm/webgpu-only/tal-derei-koh-wei-jie ↩

7. ZPrize. (2023). Announcing the 2023 ZPrize Winners. https://www.zprize.io/blog/announcing-the-2023-zprize-winners ↩

8. Geometry: Curve Arithmetic Implementation in Metal. GitHub. https://github.com/geometryxyz/msl-secp256k1 ↩

9. Carsten Lund, Lance Fortnow, Howard Karloff, & Noam Nisan. (1992). Algebraic methods for interactive proof systems. Journal of the ACM (JACM). https://dl.acm.org/doi/10.1145/146585.146605 ↩

10. Gal Arnon, Alessandro Chiesa, Giacomo Fenzi, & Eylon Yogev. (2024). WHIR: Reed–Solomon Proximity Testing with Super-Fast Verification. Cryptology ePrint Archive. https://eprint.iacr.org/2024/1586 ↩ ↩²

11. Shafi Goldwasser, Yael Tauman Kalai, & Guy N. Rothblum. (2008). Delegating computation: interactive proofs for muggles. In Proceedings of the fortieth annual ACM symposium on Theory of computing. https://dl.acm.org/doi/10.1145/1374376.1374396 ↩

12. Aniket Kate, Gregory M. Zaverucha, & Ian Goldberg. (2010). Constant-Size Commitments to Polynomials and Their Applications. In Advances in Cryptology - ASIACRYPT 2010. Springer. https://link.springer.com/chapter/10.1007/978-3-642-17373-8_11 ↩

13. Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Jens Groth, & Christophe Petit. (2016). Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting. Cryptology ePrint Archive. https://eprint.iacr.org/2016/263 ↩

14. Riad S. Wahby, Ioanna Tzialla, abhi shelat, Justin Thaler, & Michael Walfish. (2017). Doubly-efficient zkSNARKs without trusted setup. Cryptology ePrint Archive. https://eprint.iacr.org/2017/1132 ↩

15. Ward Beullens & Gregor Seiler. (2022). LaBRADOR: Compact Proofs for R1CS from Module-SIS. Cryptology ePrint Archive. https://eprint.iacr.org/2022/1341 ↩

16. Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, & Michael Riabzev. (2018). Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive. https://eprint.iacr.org/2018/046 ↩

17. Gal Arnon, Alessandro Chiesa, Giacomo Fenzi, & Eylon Yogev. (2024). STIR: Reed–Solomon Proximity Testing with Fewer Queries. Cryptology ePrint Archive. https://eprint.iacr.org/2024/390 ↩

18. Hadas Zeilberger, Binyi Chen, & Ben Fisch. (2023). BaseFold: Efficient Field-Agnostic Polynomial Commitment Schemes from Foldable Codes. Cryptology ePrint Archive. https://eprint.iacr.org/2023/1705 ↩

19. Alexander Golovnev, Jonathan Lee, Srinath Setty, Justin Thaler, & Riad S. Wahby. (2021). Brakedown: Linear-time and field-agnostic SNARKs for R1CS. Cryptology ePrint Archive. https://eprint.iacr.org/2021/1043 ↩

20. Kang Yang, Pratik Sarkar, Chenkai Weng, & Xiao Wang. (2021). QuickSilver: Efficient and Affordable Zero-Knowledge Proofs for Circuits and Polynomials over Any Field. Cryptology ePrint Archive. https://eprint.iacr.org/2021/076 ↩

21. Chenkai Weng, Kang Yang, Jonathan Katz, & Xiao Wang. (2020). Wolverine: Fast, Scalable, and Communication-Efficient Zero-Knowledge Proofs for Boolean and Arithmetic Circuits. Cryptology ePrint Archive. https://eprint.iacr.org/2020/925 ↩

22. Carsten Baum, Alex J. Malozemoff, Marc B. Rosen, & Peter Scholl. (2020). Mac'n'Cheese: Zero-Knowledge Proofs for Boolean and Arithmetic Circuits with Nested Disjunctions. Cryptology ePrint Archive. https://eprint.iacr.org/2020/1410 ↩

23. Voidkai. Efficient Prime Fields for Zero-knowledge proof. HackMD. https://hackmd.io/@Voidkai/BkNX3xUZA ↩

24. Ingonyama. (2023, September 27). Revisiting Paradigm’s “Hardware Acceleration for Zero Knowledge Proofs”. Medium. https://medium.com/@ingonyama/revisiting-paradigms-hardware-acceleration-for-zero-knowledge-proofs-5dffacdc24b4 ↩

25. "GPU in Your Pockets", zkID Days Talk at Devconnect 2025. https://streameth.org/6918e24caaaed07b949bbdd1/playlists/69446a85e505fdb0fa31a760 ↩

26. Benoit-Cattin, T., Velasco-Montero, D., & Fernández-Berni, J. (2020). Impact of Thermal Throttling on Long-Term Visual Inference in a CPU-Based Edge Device. Electronics, 9(12), 2106. https://doi.org/10.3390/electronics9122106 ↩

27. Arkworks. https://arkworks.rs/ ↩

28. Jillian Mascelli & Megan Rodden. (2025, September). “Harvest Now Decrypt Later”: Examining Post-Quantum Cryptography and the Data Privacy Risks for Distributed Ledger Networks. Federal Reserve Board. https://www.federalreserve.gov/econres/feds/files/2025093pap.pdf ↩

29. Plonky3. GitHub. https://github.com/Plonky3/Plonky3 ↩

30. Jolt. GitHub. https://github.com/a16z/jolt ↩

2025 has been a strong year for Mopro and the evolution of mobile proving. Over the past year, we showed that Mopro is not just a tool for advanced developers, but one that hackers and beginners can adopt with ease.

This progress was also showcased at DevConnect, where we presented Mopro’s approach to mobile proving and shared real-world learnings from building and deploying zk applications on mobile. You can watch the full talk.

The following milestones highlight what we accomplished.

Mobile SDK Management Solution​

We realized that for most zk protocol developers, building a full frontend is not essential—especially when the goal is to demonstrate a proof of concept or integrate the protocol into an existing product. What is essential, however, is a reliable and easy-to-use SDK.

To address this, we built reusable templates with Mopro bindings that can be integrated with minimal mobile development experience. These templates are designed to be easily extended into SDKs for multiple platforms, enabling zk protocol teams—such as zkEmail, Semaphore, and others—to focus on protocol design rather than frontend or mobile engineering.

Our approach is inspired by the Reclaim Protocol philosophy: a protocol should support as many platform SDKs as possible to unlock a broader range of applications and products.

Expanded FFI Support​

Although UniFFI provides a robust foundation for Rust FFI, it still requires manual effort to integrate with modern cross-platform frameworks such as Flutter and React Native. This added complexity can be a barrier for mobile developers.

In 2025, we streamlined this process by integrating multi-platform FFI generation into mopro-ffi. Today, Mopro can automatically generate bindings for Swift, Kotlin, Flutter (with flutter_rust_bridge), React Native (with uniffi-bindgen-react-native), and WebAssembly (with wasm-bindgen), eliminating the need to maintain platform-specific glue code. Developers define their interfaces once in Rust, and Mopro handles the rest.

Noir Support​

Alongside our existing support for Circom and Halo2, we integrated Noir into Mopro in 2025, recognizing its growing adoption as a frontend language for zero-knowledge circuits. Inspired by the zkPassport team, we enabled mobile proving and verification for Noir-based circuits.

Throughout the year, we participated in multiple NoirHack events and NoirCon, where we built Stealthnote Mobile, achieving up to 10× faster performance than the browser version and a superior user experience. We also released an example demonstrating how Noir proofs can be verified on-chain.

Hackathon Projects​

Throughout 2025, we participated in several hackathons and received over 50 project submissions built with Mopro. Below are a selection of standout projects developed this year.

Zuma​

Anonymous Event Attendance

ETHGlobal Trifecta — Zero Knowledge

• GitHub: https://github.com/chengggkk/zuma
• Submission: https://ethglobal.com/showcase/zuma-6vnoj

Zuma is a ZK-powered Luma-style application, inspired by Luma and Zupass. It combines the seamless user experience of native event apps with the strong privacy guarantees of zero-knowledge proofs.

When a user attends an event, the app generates a Semaphore proof to attest to attendance. Verifiers only need to validate the proof to confirm that the user is an attendee—without learning any personal information such as the user’s email address or name.

Stealthnote Mobile​

Glassdoor-Style Anonymous Forum

NoirHack 2025

• GitHub: https://github.com/vivianjeng/stealthnote-mobile

Stealthnote Mobile is inspired by stealthnote.xyz and demonstrates that Noir proofs can be generated and verified directly on mobile devices. Compared to the browser-based implementation, the mobile app achieves up to 10× faster performance.

While the browser version takes approximately 20 seconds to generate a Google OAuth proof, the mobile app completes the same operation in about 2 seconds, resulting in a significantly improved user experience. In the future, the app could integrate push notifications to notify users when new posts are available.

MobiScale​

Privacy-Preserving AI Biometric Verification with zkVM on Mobile

ETHGlobal Cannes 2025

• GitHub: https://github.com/ElusAegis/MobiScale
• Submission: https://ethglobal.com/showcase/mobiscale-n9vj6

Mobiscale represents a major technical milestone for Mopro, showcasing how mobile hardware can enable zkVMs on smartphones. The project combines AI-powered facial recognition with Apple’s Secure Enclave to verify identity in a privacy-preserving way.

Users upload a passport photo and take a live selfie, which are compared locally by an AI model to establish identity with high confidence. The system then generates zero-knowledge proofs using RISC Zero and Noir circuits, allowing third parties to verify identity claims without accessing biometric data, confidence scores, or image hashes.

ZeroSurf​

Seamless Browser-to-Mobile ZK Age Verification

ETHGlobal New Delhi 2025

• GitHub: https://github.com/Krane-Apps/zerosurf-anon-aadhaar
• Submission: https://ethglobal.com/showcase/zerosurf-9988k

ZeroSurf demonstrates a highly smooth user experience between browser applications and mobile native apps through deep linking. When accessing a website with age restrictions, users are redirected via a URL to a mobile app, where a zero-knowledge proof (in this case, an Anon Aadhaar proof) is generated.

The proof is then returned to the website, enabling verification without exposing sensitive information. This project expands the use cases for mobile-native provers and shows how browser-based applications can directly benefit from mobile zero-knowledge proving.

Future Direction​

In 2026, we propose the following direction for the community. While Mopro handles the FFI layer and ensures that proving systems work reliably across platforms, we also want to raise awareness that reaching users on different platforms requires more than just cross-platform compatibility.

To truly enable adoption, zk protocol developers should provide platform-specific SDKs that can be easily consumed by application developers on iOS, Android, web, and beyond. By offering well-designed SDKs tailored to each platform’s ecosystem, zk applications can achieve broader reach, better user experience, and faster integration across diverse platforms.

As for the Mopro team, we plan to collaborate with more projects to help them build and ship their protocol SDKs. We will continue exploring zkVMs on mobile and advancing client-side GPU research across different proving systems.

In addition, we aim to engage more deeply with mobile development communities and events, promoting the adoption of zero-knowledge proofs in real-world mobile applications.

Conclusion​

2025 was a milestone year for Mopro, proving that mobile zk is not only possible, but practical and accessible. As we move into 2026, we’re excited to keep pushing the boundaries of mobile proving and work closely with the community to bring zero-knowledge to more platforms and applications.

At ETHGlobal New Delhi this September, the Mopro and zkPDF teams sponsored two tracks focused on bringing general privacy to Ethereum. The hackathon delivered impressive projects that pushed boundaries in both infrastructure and application development.

Several submissions exceeded expectations with standout UX features. Deeplink integration enables seamless transitions between mobile apps and browsers, allowing native mobile proving across existing browser applications that require ZK (like age verification for websites). NFC integration demonstrated tap-to-prove and tap-to-verify capabilities, creating an experience as intuitive as Apple Pay. These implementations show the maturity of client-side ZK proving and its readiness for real-world adoption.

Infrastructure Track: Client-Side Privacy​

🏆 Grand Prize: AccessFI​

View Project | GitHub

AccessFI reimagines event payments with NFC-powered privacy. Users receive P-256 compatible SECP256k1 NFC cards linked to their wallets, enabling instant tap-to-pay for tickets, registration, food, and merchandise while preserving privacy through deterministic encryption.

The system eliminates payment friction with 5-second NFC transactions that work on any EVM chain. Privacy is maintained through ZK proofs that verify user eligibility without exposing personal data. A single card handles all event interactions: tap-to-buy tickets, tap-to-register, tap-to-pay for concessions.

Application Track: General Privacy​

🥇 First Prize: zkETHer​

View Project | GitHub

zkETHer implements a privacy-preserving protocol for ERC20 tokens, functioning as a non-custodial mixer. Users deposit fixed amounts by submitting cryptographic commitments to an on-chain Merkle tree, then withdraw to new addresses using ZK proofs generated on their mobile devices.

The protocol uses X25519 (ECDH) for key exchange, HKDF-SHA256 for deriving secrets, and Poseidon2 hash for commitments. Mopro enables computationally intensive ZK proofs to be generated directly on phones, making privacy accessible without specialized hardware.

The circuit implementation is robust, though real-world feasibility needs improvement for production deployment. The architecture demonstrates how mobile-first proving can bring mixer-style privacy to standard ERC20 tokens.

🥈 Second Prize: Wisk​

View Project | GitHub

Wisk rethinks background verification for the digital age with zkPDF. Instead of sharing documents with third parties, users prove specific claims about government-issued certificates without revealing the full content.

The system integrates with India's DigiLocker to verify official PDFs. Using zkPDF, Wisk validates the government's digital signature embedded in PDFs and generates ZKPs for requested fields (name, PAN number, credentials). The entire process happens in the browser—raw documents never leave the user's device.

🥉 Third Prize: ZeroSurf​

View Project | GitHub

ZeroSurf is a mobile browser with built-in ZK age verification using Anon Aadhaar. The smooth deeplink integration allows users to prove age requirements without revealing birth dates, enabling privacy-preserving access to age-restricted content.

The implementation showcases how deeplinks can bridge mobile browsers and ZK proving apps, creating frictionless user experiences for privacy-preserving authentication.

Key Takeaways & Future Explorations​

The hackathon revealed several promising directions for client-side privacy:

UX innovations like NFC and deeplinks proved that privacy-preserving technology can match the convenience of traditional systems. These features should be modularized within Mopro to improve developer experience. We'll invite teams that built these integrations to contribute reusable components.

Photo-identity integrity emerged as a recurring theme across multiple projects, adding security layers to identity verification. Integrating solutions like Rarimo's Bionetta and zkCamera with mobile-native proving through Mopro could strengthen this approach.

We're excited to see more UX innovations emerge in future hackathons. Whether it's tap-to-prove bringing native mobile experiences, smooth deeplink transitions between apps and browsers, or entirely new interaction patterns—the goal is providing developers with easy-to-use building blocks. By modularizing these patterns in Mopro, we can transform what took teams days to build during the hackathon into features that take minutes to integrate.

Beyond these UX enhancements, there are also two fundamental challenges worth exploring:

zkTLS and Mobile Proving​

zkTLS enables portable, verifiable data from any HTTPS connection without server cooperation. Using multi-party computation (MPC), zkTLS allows users to prove statements about web data—like account balances, transaction histories, or credentials—without revealing the underlying information or requiring platform APIs.

TLSNotary leads the MPC-based approach, using garbled circuits to split TLS session keys between users and notaries, ensuring neither party can forge proofs alone. This creates portable proofs of web data while preserving privacy.

Mobile integration remains an open challenge. While TLSNotary works well on desktop, coordinating MPC between mobile apps and browsers presents unique technical hurdles. Solving this would unlock powerful use cases: proving income from banking apps, verifying social media reputation, or demonstrating transaction history—all without sharing credentials or raw data.

Unified ZK Registry System​

The ZK identity landscape is fragmented. Projects like Anon Aadhaar, passport-based zkID solutions, and zkPDF each maintain separate on-chain registries. Users face redundant verifications, and developers must integrate with each system independently.

ERC-7812 proposes a solution: a singleton on-chain registry using Sparse Merkle Trees to store commitments to private data. Statements can be verified via ZK proofs without revealing underlying information.

With unified client libraries built around ERC-7812 and integrated with Mopro, developers would call one API after generating proofs on-device, regardless of proof type. The real power emerges in cross-application identity: a user proves their age once with Anon Aadhaar in one Mopro app, committing to ERC-7812. Later, a Mopro app using different schemes verifies that commitment without re-proving. The unified registry enables seamless credential reuse across the mobile applications while preserving privacy.