ZK Proof-Artifact Roadmap
A staged plan for evolving the post-quantum (PQ) verifier and ZK/SP1 proof-artifact work, based on the public reference repoWallet-Wall/walletwall-vault (current public main: walletwall-vault@0.8.5, SHA 6462c10). It exists to keep the next steps sober and sequenced — not to assert readiness.
The WalletWall app consumes only local, read-only evidence shapes from this work. It does not run proving, does not verify on-chain, and does not import prover/verifier code at runtime. See PQ Evidence, Testnet Rehearsal & ZK/SP1 Status and Vault Boundaries & Disclosures.
Current state (as of walletwall-vault@0.8.5, baseline walletwall-vault@0.8.1)
| Component | State | Notes |
|---|---|---|
| TS / open PQ verifier | Pure ML-DSA-65 (FIPS 204) verification boundary | Off-chain, read-only; boundary guards merged (public #60) |
| Evidence artifact / schema | walletwall.pq-verifier.v1, hash-only result shape | Deterministic; carries only keccak256 hashes (public #61) |
| SP1 smoke lane | Research smoke signal only | CI lane proving the toolchain builds — not production proving (public #62) |
| ZK/PQ status matrix | Disclosure matrix of what is / isn’t proven | Separates PQ evidence, rehearsal, and ZK status (public #63) |
| ACVP vector coverage | Broader known-answer coverage added | ML-DSA-65 verifier coverage expanded (public #64, @0.8.2) |
| Reproducible proof artifact | Example published | Canonical inputs, expected hashes, and reproduce command — research artifact only, not a production proof (public #65, @0.8.3) |
| Hosted verifier demo | Feasibility spike only | Dev/testnet spike: accepts a test vector and returns a hash-only result; no app runtime call (public #66, @0.8.4) |
| On-chain verifier | Feasibility study only | Gas/calldata/precompile/threat-model document — not an implementation; on-chain ML-DSA verification does not exist (public #67, @0.8.5) |
| Gated SP1 proving / e2e | Not implemented | No end-to-end proof generation is wired or claimed |
Stages
Each stage is independent and gated. None implies the next is funded, scheduled, or safe to ship.Stage 0 — Read-only evidence (live)
The app shows hash-only PQ verifier evidence and testnet rehearsal metadata as separate gates. This is the only live app capability. No proving, no on-chain verification, no custody.Stage 1 — Broaden ACVP vector coverage ✓ done in public repo
Broader known-answer / ACVP test-vector coverage for the ML-DSA-65 verifier was added in public PR #64 (@0.8.2). Increases confidence in the off-chain verifier; changes nothing about on-chain or production status. No app change required.
Stage 2 — Reproducible proof-artifact example ✓ done in public repo
A reproducible, independently re-verifiable proof-artifact example (inputs, expected hashes, and a reproduce command) was published in public PR #65 (@0.8.3). This is a research artifact, not a production proof and not a custody signal. The app may display a reference link and expected hash (read-only) — no prover, verifier import, or raw proof blob.
Stage 3 — Gated SP1 proving / e2e (research, not yet built)
Wire end-to-end SP1 proving behind an explicit research gate, clearly labelled as not production proving. Output remains a research artifact; the app continues to display read-only evidence only. This stage is not yet built.Stage 4 — Hosted verifier demo spike ✓ done in public repo (feasibility only)
A hosted verifier spike was completed in public PR #66 (@0.8.4): feasibility/dev service that accepts a test vector and returns a hash-only result. The app does not call this service at runtime. This is docs/spike only — no custody, no mainnet, no user funds.
Stage 5 — On-chain verifier feasibility ✓ done in public repo (study, not build)
An on-chain verifier feasibility study (gas, calldata, precompile assumptions, threat model) was authored in public PR #67 (@0.8.5). This is a document, not an implementation. On-chain ML-DSA verification does not exist until separately built and audited.
Recommended next PR sequence (public vault repo)
ForWallet-Wall/walletwall-vault, sequenced and sober. Stages 1, 2, 4, and 5 are done in the public repo; stage 3 remains unbuilt:
- More ACVP vectors — broaden known-answer coverage for ML-DSA-65. ✓ done (public #64,
@0.8.2) - Reproducible proof-artifact example — publish inputs + expected hashes + a reproduce command. ✓ done (public #65,
@0.8.3) - Hosted verifier demo spike — feasibility spike only; testnet/dev, no custody. ✓ done (public #66,
@0.8.4) - On-chain verifier feasibility doc — a study (gas/calldata/threat model), not an implementation. ✓ done (public #67,
@0.8.5) - Stage 3 — Gated SP1 proving / e2e — wire end-to-end proving behind an explicit research gate, clearly labelled as not production proving. Not yet built. Requires its own design review.
- Audit / independent review — before any stage moves toward production.
Explicit non-goals
This roadmap does not plan, promise, or imply:- production custody of funds,
- mainnet deposits or withdrawals,
- yield, interest, or returns,
- a quantum-proof or quantum-secure guarantee,
- on-chain ML-DSA verification (none exists today),
- production SP1 proving (the smoke lane is research only),
- any runtime dependency of the app on the public vault repo.
Related
PQ Evidence, Rehearsal & ZK/SP1 Status
How the app surfaces these as separate, read-only gates today.
Vault Boundaries & Disclosures
Full custody, testnet, and quantum-resistance boundary statement.
walletwall-vault (public repo)
The public reference repo for contracts, the verifier, and proof artifacts (current: @0.8.5).