1970-01-01

(2026-04) ZEE200; Zero Knowledge for Everything and Everyone @ 200 KHz

[[Sunghyeon Jo]]
[[Vladimir Kolesnikov]]
[[Yibin Yang]]

2026-04-28

Abstract

Zero-knowledge execution of high-level programs proceeds by repeatedly evaluating CPU steps. Each such step privately selects and evaluates an instruction (possibly involving memory access) from a rich instruction set. Building on this paradigm, ZEE (Heath et al., S&P'21) realized a full toolchain supporting arbitrary $\texttt{ANSI C}$ programs, demonstrating this capability by proving SIR- and CVE-reported bugs in off-the-shelf Linux programs $\texttt{sed}$ and $\texttt{gzip}$ .

We revamp the state of the art by building a new constant-round ZK system ZEE200, which is about $20\text{-}40\times$ faster than ZEE. ZEE200 is built on a novel and convenient cryptographic framework for efficiently proving general statements represented as real-world programs. Our framework integrates several crucial recent advances, such as Tight ZK CPU (Yang et al., CCS'24) and fast ZK RAM (Yang and Heath, USENIX Security'24). We develop better encodings for $\mathbb{Z}_{2^{32}}$ arithmetic, and numerous low-level optimizations.

Compared to ZEE's $\approx 10$ KHz CPU speed on a limited ISA, ZEE200 runs at $\approx 200$ KHz (still on a commodity laptop and a LAN!), while supporting a much richer ISA. For example, we rerun a ZEE's benchmark, proving a SIR-reported vulnerability in off-the-shelf Linux utility $\texttt{sed}$ . On a 2021 ThinkPad X1 Carbon Gen 9 under a simulated $1$ Gbps LAN (single-threaded), ZEE200 completed the proof in $1.5$ seconds, compared to ZEE's $30.1$ seconds, a $20\times$ improvement.