On the Origins of Confidential Proving Delegation (CPD)
Let me tell you a story.
Mid-2023. I had just decided to start Fermah.
I jumped on a call with a few folks I trust deeply, including Amit Sahai, a world-renowned cryptographer with foundational contributions to the ZK space. I shared the vision: ZK should be easy for developers. No one should have to battle setting up proving infrastructure and optimizing it — they should be able to just delegate proving to a platform that gets it done.
Amit:
“What about witness data? How can one trust random GPUs with sensitive witness data?”
Me:
“Most apps in production today aren’t even using the zero-knowledge part of ZKPs — just the succinctness.”
Amit laughed:
“So it’s like ZK without the ZK! So what do apps that care about privacy do for generating proofs?”
Me: ...
After the call, I had a lot of meetings and was restless all day. I wrote to Amit something like:
“ZK tech not being accessible to the very people it was initially designed to protect is wild. But I’m not sure if it’s the right time to build a solution. I’ll have to do some market research.”
So I started with a simple approach:
- Make a list of apps that are starting to show promise of becoming huge
- See which of them need ZK with privacy
Sure enough, two of the top applications were ZK-identity and zkTLS.
Let me quickly tell you why I was bullish on them before we get on with the story.
I was stunned at how compelling proof of personhood is to secure an AI-driven future — and how Sam Altman, leading the way in AI, emphasized the need for ZK-identity.
zkTLS is a more personal story. I hopped on this bandwagon when there were pretty much just a couple of people on it. This was a good 5 years ago. I led product and implementation of a zkTLS project at Mina. I understood even back then that the time would come when crypto adoption would be fueled by tapping into where adoption already exists — Web2. And that bridge is zkTLS.
I was convinced we had to solve this. It was clear we needed to go the MPC route — FHE is still too optimistic for this kind of heavy work. I dug into research papers and came across Dan Boneh and Alex Ozdemir’s collaborative SNARKs paper and the line of work that followed. The idea is that multiple machines perform proof generation through an MPC protocol, ensuring no single machine has access to the sensitive data.
Fast forward to October/November 2023, I was running the whole Fermah vision by Dan. It was beautiful to get his blessing on the approach.
From there, I forged ahead with our seed raise, with a core thesis: build what Fermah is known for today — a universal proof market — and layer in a golden cherry on top: the MPC-zkVM.
My vision is to build a zkVM that is MPC-friendly and comes with confidential proving delegation baked in.
The idea is:
- Developers can write computation in popular languages like Rust
- They don’t have to worry about UX — no more client-side proving
- They don’t have to manage proving infra
- Their clients simply send a “prove this with privacy” transaction to Fermah — and out comes a proof, generated confidentially
That’s the heart of our Confidential Proving Delegation (CPD) protocol.
I’m excited to share our first baby step toward that vision: CPD for Groth16 proofs — still one of the most widely used proof systems out there.
We’re standing on the shoulders of giants:
- Ingonyama’s Icicle, which turbocharges proving on GPUs
- TACEO, who brought MPC to Circom
- Boneh-Ozdemir, who added MPC to Arkworks
Our CPD protocol works hand-in-hand with Fermah’s matchmaking layer to offer a full solution for anyone building with ZK and privacy in mind.
We’re also incredibly grateful to Worldcoin for believing in this vision early. They gave us a grant to explore CPD for the Remainder proof system — which was extra meaningful given how bullish we at Fermah are on ZK-identity. Huge thanks to Remco and DcBuilder for their support and trust.
We are already working with a few phenomenal customers and would love to help everyone else who shares the vision of ZK with privacy.
