A prover is the system component in a zero-knowledge rollup that generates cryptographic proofs — called validity proofs or ZK proofs — which attest that a batch of transactions was executed correctly, without requiring anyone to re-run the actual computations.
The verifier (typically a smart contract on L1) can check this proof cheaply and be mathematically certain the batch is valid.
Why Provers Exist
Rollups batch thousands of transactions off-chain to reduce L1 costs. But L1 Ethereum still needs to know those transactions are correct. There are two approaches:
| Approach | How validation works |
|---|---|
| Optimistic rollup | Assume valid, allow fraud proofs within a challenge window (~7 days) |
| ZK rollup | Prove validity cryptographically before finality → instant finality |
The prover is what makes ZK rollups possible. It’s the engine that converts transaction data into a proof.
What a Prover Does
- Receives a batch of transactions from the sequencer
- Executes the transactions in a proving circuit (a constrained representation of computation)
- Generates a succinct proof (SNARK or STARK) that the state transition is correct
- Submits the proof to the L1 verifier contract
The L1 contract verifies the proof — a cheap operation — and accepts the new state root if valid.
Proof Types
| Type | Full Name | Used By | Notes |
|---|---|---|---|
| SNARK | Succinct Non-interactive ARgument of Knowledge | zkSync Era, Polygon zkEVM | Small proof size, fast verification, trusted setup required |
| STARK | Scalable Transparent ARgument of Knowledge | StarkNet, StarkEx | Larger proofs, no trusted setup, quantum-resistant |
| PLONK | Permutations over Lagrange-bases for Oecumenical Non-interactive arguments of Knowledge | Many L2s | Universal SNARK; flexible |
The Prover Bottleneck
Proof generation is computationally intensive — it’s the biggest performance and cost bottleneck in ZK systems:
- Latency: Provers can take seconds to minutes to generate proofs for large batches
- Cost: High compute needs; specialized hardware (GPUs, FPGAs, ASICs) is used
- Parallelization: Teams like RiscZero, Ulvetanna, and Cysic are building dedicated prover networks and hardware to accelerate this
Decentralized Prover Networks
Early ZK rollups used centralized provers (run by the rollup team). This creates a trust and liveness risk. The trend is toward prover markets where anyone can submit proofs:
- Polygon: Multi-prover approach (several teams compete)
- Taiko: Open prover market with incentive mechanisms
- Succinct/SP1: General-purpose proving infrastructure
Prover vs. Sequencer
| Role | Function |
|---|---|
| Sequencer | Orders transactions, produces batches |
| Prover | Generates validity proofs for those batches |
These can be the same entity in simple systems, or entirely separate in more decentralized designs.
Sources
- zkSync Docs: ZK proof system overview
- StarkWare: STARK vs SNARK comparison
- Vitalik Buterin: “An incomplete guide to rollups” (2021)