Interested in earning rewards by running nodes? You can sign up to Rent a Node to begin today. If you’re a project interested in renting ZK compute, start now with credits.

TL;DR

The economic security behind zero-knowledge proof generation is a fairly under-explored topic. Several prover networks and marketplaces have emerged in the past 12 months, most of them relying on staking or a financial bond, but more sophisticated design mechanisms ensuring accessibility, liveness, and decentralization are yet to be seen.

In our current blog post, we will dive into economic security in the context of ZK proof generation from different angles, covering

• the nature of ZK proving,

• the parallels between Bitcoin mining and proof mining,

• economic security through staking and restaking, and

• viable alternatives providing high liveness and execution guarantees.

The hybrid nature of proof generation

As of today, the most common proofs outsourced to third-party proof providers are server-side proofs, which require substantial compute capacity. Client-side proofs, on the other hand, are typically generated on user devices such as mobile phones or browsers to ensure that sensitive data does not leave the device.

Economic security through staking is most commonly the characteristic of Proof of Stake (PoS) networks. Validators of these protocols only need to maintain modest hardware, thus it is the financial commitment through staking that ensures liveness, Sybil-resistance, and network security.

On the contrary, in Proof of Work (PoW) networks, participants need to maintain very powerful hardware to stay competitive, and the redundant (wasted) computation, inherently part of network security, ensures liveness.

Redundancy vs. economic security

In the case of proof generation, security comes from the underlying math. However, to ensure consistent delivery of proofs, either redundancy or additional economic security may be needed, both of which come with trade-offs.

Redundancy can ensure liveness but increases the overall cost of proving for the user. But, if we remove redundancy to ensure cost-efficient proving, and introduce additional economic security to guarantee liveness, the entry barrier becomes higher, limiting accessibility and decentralization.

The hybrid nature of ZK proving necessitates moving beyond simple staking models toward more nuanced systems that balance liveness guarantees with lower barriers to participation.

Proof-mining vs. Bitcoin-mining

When discussing the topic of economic security behind proving, let’s start by exploring Bitcoin mining to see what we can learn and whether there is something to be applied for proof generation, often also referred to as proof mining.

Both proof-mining and Bitcoin-mining require substantial computational resources, however, they serve fundamentally different purposes.

• Bitcoin mining uses Proof of Work (PoW) to secure the network and achieve consensus, with miners competing to solve cryptographic puzzles.

• In contrast, proof-mining generates zero-knowledge or validity proofs to make data and computation verifiable without re-execution.

There is a clear parallel though: in both cases, participating in mining involves a significant economic commitment in the form of hardware costs.

On the other hand, the two economic models differ significantly: Bitcoin mining's competitive nature, where only the winning (fastest) miner receives rewards, and the redundant computation involved, are integral to network security.

The competition involved in Bitcoin mining can be compared to "proof racing" where all provers compete to generate the proof but only the fastest one gets rewarded. As stated earlier, this mechanism is very inefficient for proof generation, as it creates excessive wasted computation, which conflicts with the goal of minimizing proving costs.

This suggests that designing secure, efficient prover networks may require introducing alternative design elements. However, in what form they should come, is non-trivial.

The common answer: staking

To spare the wasted computation of proof racing and to ensure reliability and performance, economic security through staking (or a financial bond) is the common answer. Let’s dive deeper to understand what purpose it serves, and whether there are alternatives.

• Sybil resistance: Forcing prover nodes to lock up tokens, creates a cost to participate, preventing attackers from easily spawning unlimited identities (Sybils). The size of the required stake must exceed the potential profit from acting maliciously.

  • It's worth noting that hardware costs themselves can already act as a Sybil-resistance mechanism, reducing the necessity for staking: at sufficiently high hardware utilization it becomes impossible to back multiple Sybils with the same hardware.

• Economic security: Staked tokens act as collateral that can be slashed in case of non-delivery, or if a prover delivers invalid proofs. It encourages producing valid proofs efficiently to earn rewards while discouraging dishonest behavior.

  • We note that for permissionless and universal prover networks, like ZkCloud, where the users can deploy their own prover binary and get proofs generated, slashing is not trivial: in case of a malicious binary that never outputs a proof, the prover nodes should not be slashed, thus the protocol needs built-in mechanisms to prevent this.

• Liveness and availability: Staking can ensure prover availability, guaranteeing that proofs are generated on time, which is crucial for the finality in ZK-rollups.

  • In the case of non-delivery in an auction-based proof market, the proof requester needs to restart the entire auctioning process, which adds latency, and complexity to source a proof.

However, there are also some counter-arguments for staking:

• Higher entry barrier: If the hardware cost and operational overhead are already high, staking might mean too high an economic burden, potentially increasing the entry barrier, and centralizing the network to wealthy entities that can afford both hardware and stake.

• Opportunity cost: There is an opportunity cost to the staked tokens, which needs to be considered. In the competitive space of proving, where there is a race to the bottom for proving costs, prover economics and profitability need to account for this.

What about restaked economic security?

More and more protocols are building their prover networks or marketplaces as AVSs on EigenLayer, the first protocol to introduce the concept of restaking where staked ETH or Liquid Staking Tokens (LSTs) can be leveraged to secure additional services beyond Ethereum itself. Building a proof market or prover network as an AVS comes with multiple advantages, such as lower bootstrapping costs and faster go-to-market, but it comes with risks that must be considered.

• The tension between individual rational behavior and system security: Operators are incentivized to maximize returns by restaking across multiple AVS services. However, each additional restaking commitment dilutes the actual economic security behind each service. This creates a "tragedy of the commons" situation where individual optimization may lead to systemic risks.

In simple words, if 1000 ETH is restaked across 5 AVS protocols, each service isn't backed by 1000 ETH of security. They share 1000 ETH worth of economic security, and in case of a critical failure or attack, especially if multiple protocols are affected, the slashing of shared security can have cascading effects. And the correlation risk increases with each additional AVS service.

To understand the level of security dilution, let’s estimate the average number of AVSs backed by the same restaked assets.

As per their dashboard, on 6 Mar 2025, there were a total of 38 AVSs active on Eigenlayer, and the total TVL in Eigenlayer was $10.32B.

To calculate how many AVSs the same restaked assets are backing, we need to sum up the individual TVLs of all AVSs and divide it by Eigenlayer’s TVL. The formula is the following:

• Average AVSs per dollar = Total TVL across all AVSs / Total Eigenlayer TVL

This means that on average 12.3 AVSs are backed by the same restaked USD value. ​

Prover networks and marketplaces using restaked assets as economic security should consider the above when designing their architecture, and implement risk mitigation measures accordingly.

Are there alternatives to (re)staking?

Let’s look at some viable alternatives to economic security:

• Reputation systems: Instead of staking, a reputation system where provers are rated based on their past performance, timeliness, and reliability could incentivize honest behavior. Nodes with poor performance could be deprioritized, excluded from future task allocations, or even kicked out of the network which comes with losing their past reputation.

• Performance- and reputation-based rewards: A system where rewards are dominantly performance- and reputation-based (the two are essentially the same) can mimic the economic security of Bitcoin mining. Provers could earn rewards based on how reliably and fast they generate proofs, and risk losing potential revenue and accumulated reputation if they perform poorly.

• Cost of non-delivery: By imposing penalties for generating invalid proofs or failing to deliver proofs on time, networks can create a strong deterrent against unreliable provers, even without the need for staking. For instance, the prover penalties could come in the form of losing current and future revenue, through excluding the prover node from task allocation for a certain amount of time, cutting its reputation score, or kicking it out of the network.

• Proof of capacity and availability: Prover nodes could be mandated to complete proving workloads in times when their capacity is not filled up with actual proving jobs to prove that they are consistently available and maintain adequate hardware. Failing to complete these workloads could result in forced removal from the active prover set. This could efficiently decrease the risk of Sybils where multiple entities use the same hardware for proof generation, and minimize the time Sybils can spend in the network before being removed.

• Extended activation period and capacity verification: To avoid the fast re-joining of nodes that were kicked out, an extended entry period could be implemented during which prover nodes need to constantly complete proving tasks to verify their hardware capacity. Paired with a performance-based reward system, the cost of malicious behavior may end up being quite high.

While more research is needed to explore the optimal architecture design, through combining the above design elements, one could build an efficient mechanism that mitigates Sybils in the network, force-removes non-delivering prover nodes, and ensures liveness and availability, while providing sufficient security guarantees, without the elevated entry barrier and opportunity cost that staking introduces to prover networks.

Closing thoughts

While economic security through staking or restaking remains the dominant approach among decentralized prover networks and marketplaces, the financial models behind proof generation remain an important area of future exploration to balance security, decentralization, and accessibility. As the industry continues to mature, finding the right balance between robust execution guarantees and accessible participation will be crucial for achieving true decentralization in proof generation.

___

About ZkCloud:

ZkCloud, built by Gevulot, is the first universal proving infrastructure for ZK. Generate ZK proofs for any proof system at a fraction of the cost. Fast, cheap, and decentralized.

Learn more about ZkCloud:
Website | Docs | GitHub | Blog | X (Twitter) | Galxe Campaign | Telegram | Discord