Zero-knowledge proofs system satisfy three fundamental properties:

• Completeness: an honest prover always convinces the verifier.
• Soundness: a cheating prover is caught with overwhelming probability.
• Zero-knowledge: the verifier learns nothing beyond the validity of the statement.

Succinctness, keeping proofs short and verification fast, is the key design goal, often achieved through techniques like polynomial commitments, inner-product arguments, and algebraic IOPs compiled via the Fiat–Shamir heuristic.

Verifiable computation builds on these primitives: a client encodes its computation as an arithmetic circuit or constraint system (e.g., R1CS, QAP), a server evaluates the circuit and produces a succinct proof, and the client verifies correctness in time far less than re-executing the computation. Sum-check protocols and multilinear extensions provide an alternative interactive approach with efficient recursive structure.

• Transparent setup — eliminating trusted setup ceremonies (e.g., Bulletproofs, STARKs, Halo) to remove trust assumptions
• Post-quantum security — lattice-based SNARKs from RLWE/LWE assumptions, hash-based STARKs resistant to quantum attacks
• Proof aggregation & recursion — composing multiple proofs into a single succinct proof for batch verification and incremental computation

Privacy. On a standard blockchain, transaction amounts, sender, and receiver are all public. Zero-knowledge proofs allow a user to prove that a transaction is valid (e.g., the sender has sufficient balance, the amounts are non-negative) without revealing the actual values. Concretely, Pedersen commitments hide amounts while range proofs (such as Bulletproofs) guarantee correctness; Zcash uses zk-SNARKs to shield entire transactions including sender and receiver addresses. These techniques turn an inherently transparent ledger into one that supports confidential transfers.

Scalability. In a naive blockchain, every node re-executes every transaction to verify the chain. ZK-rollups break this bottleneck: a rollup operator executes thousands of transactions off-chain, then posts only the resulting state diff and a succinct validity proof on-chain. The Layer-1 chain verifies one short proof instead of replaying all transactions, increasing throughput by orders of magnitude while inheriting the base chain's security guarantees. This approach is now deployed in production systems such as zkSync, StarkNet, and Polygon zkEVM.

• Confidential transactions — shorter range proofs, stealth addresses, and private smart contract execution without trusted setup
• ZK-rollups — general-purpose zkEVMs, recursive proof composition for deeper compression, and decentralized prover networks
• Cross-chain interoperability — light-client proofs and bridging protocols that use ZKPs to verify state across heterogeneous chains

MPC protocols typically rely on secret sharing (e.g., Shamir's scheme) or garbled circuits to distribute computation across parties. Each party holds only a share of the data, and the protocol ensures that intermediate values remain hidden throughout the computation. The security guarantee is that even if a subset of parties collude, they learn nothing beyond the agreed-upon output.

Key sub-areas include:

• Private Set Operations (PSO) is a protocol for computing intersections, unions, and cardinalities over private datasets without revealing individual elements. Techniques include oblivious polynomial evaluation, cryptographic accumulators, and hash-based approaches.
• Private Information Retrieval (PIR) allows a client to query a database and retrieve an entry without the server learning which entry was requested. Constructions range from information-theoretic multi-server PIR to computational single-server PIR based on lattice assumptions (LWE/RLWE).
• Function Secret Sharing (FSS) splits a function (e.g., point function, interval function) into compact secret keys distributed to servers. Each server locally evaluates its share on any input, and the outputs combine to yield the original function's value—enabling lightweight two-server PIR and distributed computation.

• Communication efficiency — reducing round complexity and bandwidth in PSO and PIR protocols
• Lattice-based constructions — sublinear-communication PIR from MLWE/RLWE and post-quantum secure MPC
• Delegated computation — outsourcing set operations and database queries to untrusted cloud servers with verifiable correctness

FHE schemes are built on lattice-based hardness assumptions, primarily the Learning with Errors (LWE) and Ring-LWE problems. A ciphertext carries a small amount of "noise," and each homomorphic operation increases this noise. The central technical challenge is noise management: Gentry's bootstrapping technique refreshes a ciphertext by homomorphically evaluating the decryption circuit, resetting the noise level and enabling unlimited computation depth. Modern schemes (BGV, BFV, CKKS, TFHE) optimize this trade-off for different use cases—exact integer arithmetic, approximate real-number arithmetic, or fast Boolean gate evaluation.

• Efficient bootstrapping — reducing the computational cost of noise refresh to make FHE practical for deep circuits
• Approximate arithmetic — privacy-preserving machine learning, statistical analysis, and neural network inference over encrypted data