Any Computation is Verifiable With Cheap On-Chain Folding Verifiers

Zero-knowledge proofs (ZKPs) are marketed to be kind of like magic — everyone talks about them, but when you try to use them, you realize they require a supercomputer, a PhD in cryptography, and a willingness to burn absurd amounts of gas. Not exactly accessible.

‍

At NovaNet, we think that’s incorrect and that the industry has been too focused on big provers and speed at a trade off of on-device ZKP. So we built something we like better: an Ethereum Virtual Machine (EVM) verifier that actually makes proving useful things practical and cheap on-chain.

‍

It does this by folding—a trick that lets you squash multiple proofs into one like a computational Matryoshka 🪆, keeping verification costs low and making ZK better for privacy, on device compute, and generally more fun. Our verifier is based on previous work by PSE. Thanks guys! We are also contributing our open-sourced work.

‍

The best part of a succinct folding verifier? It runs at just 750,000 gas, which is pretty close to the cost of verifying a single Groth16 proof (~400,000 gas). But instead of verifying only one proof, you can verify thousands of them.

‍

Our work can also utilize an upcoming MicroNova implementation.

‍

Folding: The TL;DR

‍

Here’s the problem: if you want to prove a really big computation (think machine learning, cryptographic signatures, or an elaborate on-chain Sudoku solver), traditional ZK systems force you to either:

‍

Pay insane amounts of gas to verify it on-chain.
Give up and let a centralized server do the verification in so-called “proof networks.”

Folding fixes this. Instead of verifying each proof separately, it lets us combine proofs incrementally. This means:

‍

One proof, one verification – instead of verifying thousands of individual proofs, we just verify one. This is excellent for proof aggregation of thousands of smaller privacy proofs.
Computation stays cheap – verification costs don’t explode even if the computation is huge.
Step-by-step proving – stop whenever you want, check progress, and pick up later. No more restarting from scratch if something crashes. Technically this is called IVC, or incremental verifiable computation.

‍

This is more than just a fancy optimization. It unlocks actual real-world use cases that weren’t possible before:

‍

zk on consumer hardware – No more needing a NASA supercomputer to prove stuff. Now your laptop (or a high-end mobile phone) can do real zk proving with memory efficient ZKP.
Way less gas – Instead of verifying 5,000 individual proofs on-chain, just verify one and call it a day. Get together with your friends and agg some zkGaming proofs. NovaNet’s upcoming Proof Parties will unleash some more tech on this 🤫.
Massive computations now possible – zkML, zkBLS signatures, cryptographic proofs... all the fun stuff that used to be infeasible to verify on-chain can be made into continuations and aggregated.

‍

The Numbers (Because You Like Charts 📈)
‍

Gas Costs: A single 750k gas verification now replaces thousands of separate verifications.
Proving Time: 1 million computation steps? 2–3 minutes on a laptop. Not bad. 2x in an upcoming PR.
Memory Usage: ~1.2x the size of the original computation, vs. 3-4x in traditional proving systems. You can actually pick the memory size to match your device.
Verification Time: Always under 200ms, no matter how big the computation is.

‍

Two Ways to ZK (Pick Your Fighter)

‍

There are two main ways to use NovaNet: bottom-up (for privacy) and top-down (for big computations).

‍

Bottom-Up: Privacy-Preserving Aggregation

‍

Think of this as the “everyone generates their own proof, but we verify them together” model:

‍

Perfect for private transactions, AI models, and gaming.
Each user keeps their data local (yay privacy!), but proofs get bundled together for cheap verification.
Instead of verifying 5,000 proofs from DePIN devices, we verify one. Gas savings = chef’s kiss 🤌.

‍

Top-Down: Parallelizing Large Computations

‍

This one’s for the big-brain zk applications:

Need to prove something huge? Split it up into smaller steps.
Different provers tackle different chunks, then we fold the results together.
Great for zkML, cryptography, and anything that would normally melt a single prover’s machine.

‍

The Future of ZK: Less Pain, More Fun

‍

For too long, ZK has been either too expensive (gas fees eat your lunch) or too painful (proving takes hours).

‍

Folding makes it suck less.

‍

Now you can verify zero-knowledge ML models on-chain without bankrupting yourself, generate proofs on your laptop instead of needing a server farm, and verify thousands of computations on-chain for the cost of one.

‍

We're hyped to see how people continue to build with this. The repo is here — let's go wild.