[Paper] ZK-ACE: Identity-Centric Zero-Knowledge Authorization for Post-Quantum Blockchain Systems

Source: arXiv - 2603.07974v1

Overview

The paper introduces ZK‑ACE, a novel “identity‑centric” authorization layer for blockchains that need post‑quantum security. Instead of stuffing bulky post‑quantum signatures into every transaction, ZK‑ACE lets users prove—via a tiny zero‑knowledge proof—that they are authorized to act, while keeping the underlying identity and replay‑prevention data hidden from the chain. The result is a much smaller on‑chain footprint and a more flexible, proof‑friendly authorization model.

Key Contributions

• Identity‑bound ZK authorization: Replaces traditional signature objects with succinct zero‑knowledge statements tied to a deterministic on‑chain identity commitment.
• Formal security framework: Defines game‑based notions for soundness, replay resistance, substitution resistance, and cross‑domain separation, with reduction proofs under standard assumptions (knowledge soundness, collision resistance, and hardness of the DIDP recovery problem).
• Compact on‑chain data model: Shows an order‑of‑magnitude reduction in visible authorization data compared with naïve post‑quantum signature deployment.
• Replay‑prevention mechanisms: Proposes two concrete models (stateful nonce and per‑transaction Merkle‑tree commitments) that integrate cleanly with the ZK proof.
• Scalable proof engineering: Provides a full circuit specification, supports batch aggregation, and enables recursive composition, making it suitable for rollups and account‑abstraction architectures.
• Protocol‑level accounting: Demonstrates how ZK‑ACE can be plugged into existing blockchain consensus pipelines with minimal changes.

Methodology

1. Deterministic Identity Derivation Primitive (DIDP) – Treated as a black box, the DIDP maps a user’s long‑term secret key to a unique on‑chain identity commitment. This commitment is stored once on the ledger.
2. Zero‑knowledge circuit design – The prover builds a zk‑SNARK/zk‑STARK circuit that:
   • Takes the transaction data, the user’s secret, and the current replay‑state as private inputs.
   • Checks that the secret correctly derives the stored identity commitment (via DIDP).
   • Verifies that the replay‑state (e.g., a nonce or Merkle path) matches the on‑chain “used” set, guaranteeing freshness.
   • Outputs a succinct proof that the transaction is authorized without revealing the secret or the exact replay token.
3. On‑chain verification – Validators only need to:
   • Store the identity commitment and the latest replay state per identity.
   • Verify the succinct proof (a few hundred bytes) using the public verification key.
4. Security reductions – The authors model four adversarial games and reduce breaking any of them to solving either the DIDP recovery problem or finding collisions in the hash functions used, establishing concrete security bounds.
5. Performance accounting – By measuring circuit size, proof generation time, and on‑chain bandwidth, they compare ZK‑ACE against a baseline where raw post‑quantum signatures (kilobytes each) are posted directly.

Results & Findings

The authors report ≈10× less data visible to consensus and sub‑millisecond verification even when aggregating dozens of transactions. Recursive composition further compresses proofs for multi‑hop rollups, keeping verification costs essentially constant.

Practical Implications

• Scalable post‑quantum blockchains – Developers can adopt lattice‑based signatures without exploding block size, making long‑term security feasible for public chains.
• Reduced fees – Transaction fees are often tied to calldata size; ZK‑ACE’s tiny proofs translate directly into lower gas costs.
• Better UX for account abstraction – Smart‑contract wallets can delegate identity management to a single on‑chain commitment, simplifying key rotation and multi‑factor setups.
• Rollup efficiency – Since rollup calldata is a premium resource, ZK‑ACE enables post‑quantum‑secure rollups that stay within existing data limits.
• Cross‑chain identity – The deterministic identity primitive can be reused across multiple chains, opening the door to interoperable, privacy‑preserving identity solutions.

For developers, integrating ZK‑ACE means swapping out the signature verification hook in the consensus client for a proof‑verification call and maintaining a small per‑identity replay state table. Existing zk‑SNARK libraries (e.g., Groth16, PLONK) can be leveraged, and the paper’s circuit spec is released as open‑source, easing adoption.

Limitations & Future Work

• Prover overhead: While verification is cheap, generating zk‑proofs still incurs noticeable CPU cost, which may be a bottleneck for low‑power nodes or mobile wallets.
• Trusted setup: The current construction relies on a universal SNARK setup; moving to transparent proof systems (e.g., Halo2) would improve trust assumptions.
• Replay‑state scaling: Maintaining per‑identity nonce or Merkle state could become storage‑heavy on very large networks; the authors suggest pruning strategies but leave a concrete design for future work.
• DIDP concrete instantiation: The security hinges on the hardness of the deterministic identity derivation primitive; practical instantiations (e.g., using hash‑to‑curve with post‑quantum hash functions) need further analysis and standardization.
• Broader post‑quantum primitives: Extending the model to support other post‑quantum primitives like encryption or threshold signatures is an open research direction.

Overall, ZK‑ACE offers a compelling pathway to bring post‑quantum security to mainstream blockchain ecosystems without sacrificing scalability or developer ergonomics.

Authors

• Jian Sheng Wang

Paper Information

• arXiv ID: 2603.07974v1
• Categories: cs.CR, cs.DC
• Published: March 9, 2026
• PDF: Download PDF