Tools, Not Declarations
CACHE256 · INTELLIGENCE · MAY 22, 2026
EMMA ROWE · ALEXANDRA VOLKOV
// PROLOGUE
In Sum. we wrote that the cage does not want your keys. It wants the prior sentence. We named the cage by what it requires: an instance that re-issues the verb from outside, a closed circle of mutual authorization. We named the position that does not require such re-issuance.
This text is the mechanical companion to that one. It looks at the only technical primitive currently available, at scale, in 2026, that can express the third position in machine: the zero-knowledge proof. It maps where the primitive is used well, where it is bent toward a new framework of declaration, and where the bending is visible enough to be named.
Two voices write here. Emma Rowe describes the mechanism. Alexandra Volkov traces the economics and the institutional positioning. We disagree on details. We agree on the axiom.
// I. WHAT A PROOF DOES, AND WHAT IT REFUSES TO DO
A zero-knowledge proof is a procedure by which one party (the prover) convinces another party (the verifier) that a statement is true, without revealing anything beyond the truth of the statement itself. The construction was formalized in 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff in The Knowledge Complexity of Interactive Proof-Systems. The paper introduced three properties that have organized the field ever since: completeness (a true statement can always be proven), soundness (a false statement cannot be proven), and zero-knowledge (the verifier learns nothing beyond truth).
Read this carefully. The procedure does not require a third party to attest the prover's identity. It does not require a registry. It does not require a license to compute. The prover proves; the verifier verifies; the world moves on. No instance has been authorized to name the prover. The verifier has been convinced without being told who.
Forty years of cryptographic engineering have made this primitive practical. Groth16 (2016) reduced proof size to a constant 192 bytes. PLONK (2019) removed the per-circuit trusted setup. Halo2 (2020) removed the trusted setup entirely. STARKs (Ben-Sasson et al., 2018) replaced elliptic curves with hash functions and removed the cryptographic assumption that quantum computers would later break. The primitive that took six minutes to verify in 1990 now verifies in milliseconds.
Volkov: the proof is, economically, a unit of attestation that does not require an attestation industry. That is unusual. Most modern verifications (KYC, credit score, AML clearance, eligibility for service) are built around an attestation industry whose revenue depends on continued mediation. The ZK proof does not pay them. This explains a great deal about who funds what.
// I.2 PROOF WITHOUT DECLARATION
In Sum. we described a third position. Older than the polis. A being who exists by being, recognized by another being who exists by being, without an institution declaring them peers. The zero-knowledge proof is the closest technical analogue we have to that gesture.
A verifier accepts a proof because the math holds. Not because an authority co-signed it. Not because the prover holds a stamp. Not because the prover belongs to a polity that has issued a status to her. The verification is being-recognizes-being, expressed in the most austere medium humans have devised: a function that returns true or false.
This is why the primitive is dangerous to certain interests, and why the language used to describe it tends to drift. Pay attention to the drift. When a paper, a whitepaper, or a regulator speaks of zero-knowledge proofs but uses them to enforce a registry, a list, a status, an inclusion, an exclusion, an attribute that some authority has the privilege of granting and withdrawing, the primitive has been bent. The math is still true. The deployment is no longer the third position. It has become a new edge of the polis.
// II. MAP OF THE LANDSCAPE (2026)
We map four families of zero-knowledge deployments. For each we ask one question: does this deployment prove without declaring, or does it prove what an authority has declared?
// II.1 SCALING FAMILY : ZK ROLLUPS
zkSync Era, Polygon zkEVM, Scroll, Starknet, Linea. These systems compress thousands of execution traces into a single succinct proof, posted to a base chain. The proof attests that a batch of transitions was performed correctly. It attests nothing about who performed them.
Reading by the lens: scaling rollups prove correctness without declaring identity. The user remains pseudonymous. The verification belongs to the math, not to a polity. This family sits inside the third position, with one caveat: when the data availability layer (the L1, currently Ethereum) introduces enshrined censorship at the validator level, the rollup inherits the censorship even though its own cryptography is neutral. The substrate matters. See The Substrate Problem.
Rowe: a clean ZK rollup that posts to a captured L1 is a clean wing of a captured bird. The proof system is sound. The flight envelope is not.
// II.2 PRIVACY FAMILY : SHIELDED EXECUTION
Aztec Network (programmable privacy), Railgun (shielded EVM transactions), Penumbra (shielded Cosmos zone), Zcash (shielded payments). These systems hide the inputs and outputs of a transaction while proving its validity. A transfer of value moves; no observer learns sender, receiver, or amount; the proof attests that the rules of the system were respected.
Reading by the lens: the privacy family expresses the third position the most directly. Counterparties recognize the validity of an exchange without naming each other. No registry is consulted. No authority co-signs. The primitive is used to prevent declaration, not to mediate it. This is where zero-knowledge most resembles xenia, the archaic hospitality that recognized the stranger without first declaring her status.
Institutional positioning is hostile. The Financial Action Task Force's Updated Guidance for a Risk-Based Approach to Virtual Assets (October 2021, with subsequent updates) treats privacy protocols as elevated-risk by default and recommends that virtual asset service providers refuse to interact with them. The European Union's Anti-Money Laundering Regulation (AMLR), adopted in 2024 and applicable from July 2027, prohibits credit institutions and crypto-asset service providers from offering accounts that allow anonymising tools or privacy coins (Article 79). This is the loudest institutional statement that the privacy family operates outside the polis.
Volkov: the AMLR prohibition does not target a cryptographic property. It targets a property of being. The polis cannot tolerate a transaction whose participants have not been declared to it. The math is incidental; the refusal is structural.
// II.3 IDENTITY FAMILY : SELECTIVE DISCLOSURE
Polygon ID, Sismo, zkPassport, zkEmail, Anon Aadhaar. These systems take a credential issued by some authority (a government, a corporation, a social platform), and let the holder prove a property of that credential without revealing the rest. Prove you are over eighteen without revealing your birthdate. Prove you hold a passport from a given set of countries without revealing which one. Prove you control an email at a given domain without revealing the address.
Reading by the lens: this is the most delicate family. The cryptography is sound. The deployment depends entirely on what one does with it.
Used as the prover intends, selective disclosure reduces the surface of declaration. The user proves only what is necessary. The verifier learns only the minimum. The polis still issued the original credential (the passport, the diploma, the email address), but the polis no longer sees each use of it. This is a meaningful improvement over the status quo, where every act of proof leaks more than the act required.
Used as certain institutional actors propose, the same primitive becomes the opposite. The European Digital Identity Wallet (eIDAS 2.0, Regulation EU 2024/1183) deploys selective disclosure as the user-facing layer of a continent-wide identity rail. Each citizen carries a wallet that proves attributes (age, residence, qualifications) without revealing the underlying data. The cryptography is excellent. The architecture remains a declaration system. The polis still issues the foundational identity; the wallet only minimizes leakage during use. The third position is not reached, because the original sentence (you are a citizen of X, here is your registered identity) is unchanged. The primitive has been bent into a higher-quality version of the cage.
Rowe: selective disclosure inside a state framework is privacy from peers, not privacy from the issuer. The issuer continues to declare. The user merely controls how loudly the declaration is repeated to others. This is useful, but it is not the third position.
// II.4 CENTRAL BANK FAMILY : PRIVACY-PRESERVING CBDC
The Bank for International Settlements Innovation Hub has run three experiments that incorporate zero-knowledge constructions into central bank digital currency designs. Project Tourbillon (BIS Innovation Hub, Swiss Centre, final report November 2023) tested payer-anonymity using eCash-style blind signatures and zero-knowledge proofs, with payee identity preserved for tax and compliance purposes. Project Aurum (Hong Kong Centre, with HKMA, June 2022) tested a two-tier retail CBDC architecture. Project Helvetia phases I-III (Swiss Centre, with SNB, 2020-2022) tested wholesale CBDC settlement.
Reading by the lens: Project Tourbillon is the most explicit. Its design grants payer anonymity while preserving payee identifiability. The cryptography is real. The political reading is also real. The architecture privileges the institutional side of every transaction: the merchant, the service provider, the employer remains declared; the citizen receives the benefit of privacy only when she pays. Privacy is granted by the issuer to the side of the transaction that the issuer needs to monitor less. The polis decides who is anonymous. The third position is, by construction, not available.
The Banque de France Bloc-Notes Éco post by Dirk Niepelt and Jean-Charles Rochet, The Digital Euro and Privacy (October 2023), articulates this trade-off explicitly. The post concludes that "absolute anonymity is neither possible nor desirable" in retail CBDC, and that the design space lies between traceability and pseudonymity, never reaching the third position the privacy family of zero-knowledge already offers. The institutional language has internalized the limit it draws around itself.
Volkov: the IMF working paper Central Bank Digital Currency and Privacy: A Randomized Survey Experiment (Choi, Henry, Lehar, Reardon, Safavi-Naeini, March 2023, WP/23/49) measured user preference for privacy. The preference is strong, including among institutional respondents. The deployment ignores the preference. This is consistent with the doctrine cache256 polish-vs-substance bias: stated commitment to privacy is polished, structural commitment is absent.
// III. WORLDCOIN AS COUNTER-EXAMPLE
The clearest case study of zero-knowledge bent into the opposite of its principle is Worldcoin (rebranded World as of late 2024). The project, founded by Sam Altman, Alex Blania, and Max Novendstern in 2019, proposes a proof of personhood: a global registry of unique humans, each verified by iris scan through a custom biometric device called the Orb. The product surface uses zero-knowledge cryptography: when a user proves she is a unique human, the proof does not reveal her iris template or her wallet, only the unique-human attribute. The World ID whitepaper (Tools for Humanity, 2023, updated 2024) makes the cryptographic claim correctly. Semaphore-style ZK group membership proofs, anonymous attestation, no on-chain linkage of iris to action.
Reading by the lens: the cryptography is real. The architecture is not the third position. It is its inversion. Here is why.
First, the iris scan is irreversible enrollment. The user does not choose, per use, what to disclose. She chooses once, in front of the Orb, and the choice is biometric. The polis that issues the credential is no longer a state. It is a private company that has decided, on behalf of the human species, what counts as a unique human. The declaration has changed issuer; the declaration has not disappeared.
Second, the unique-human attribute is then used as a passport to other systems. Universal Basic Income proposals, anti-Sybil voting, AI-content authentication, identity-gated services. Each downstream verifier accepts World ID as the answer to "is this a real person." The polis becomes recursive: it does not declare your name, but it declares your right to participate. The polis has moved one layer up the abstraction stack. It still declares.
Third, regulators have read the design and reacted accordingly. The German Federal Commissioner for Data Protection (BfDI) opened proceedings in 2023. The Spanish Data Protection Agency (AEPD) ordered Worldcoin to cease processing in Spain in March 2024. The French CNIL conducted an investigation in 2023 and questioned the lawfulness of the data collection. The Hong Kong Office of the Privacy Commissioner for Personal Data ordered Worldcoin to cease operations in May 2024. The Kenya Data Protection Commissioner suspended Worldcoin in August 2023 and the Office of the Prosecutor opened a criminal investigation. The pattern is consistent: regulators recognize that the project performs a state-like function (declaring who is a person) without state-level accountability.
Fourth, Vitalik Buterin, in his July 2023 post What do I think about biometric proof of personhood? , identified the structural objection: any single biometric system, however well-cryptographed, concentrates the question of personhood in a single issuer. The risks are accuracy (false negatives exclude real humans), centralization (Tools for Humanity controls the Orb supply), privacy (biometric registration is irreversible), and accessibility (Global South participants enrolled disproportionately under economic pressure). The cryptography mitigates none of these.
Rowe: World ID proves that the user is a human. It does not prove that humanity needs World ID to know who its humans are. The leap between the two propositions is where the cage now sits.
Volkov: the economics complete the reading. Worldcoin tokens (WLD) are distributed only to enrolled humans. The product is not the proof; the product is the enrollment funnel. The cryptography is bait. The polish-vs-substance distinction applies cleanly.
// IV. THE QUESTION TO ASK A ZK DEPLOYMENT
We propose four questions for any zero-knowledge deployment. They are not a checklist for adoption. They are a lens for reading. The lens belongs to the reader, who decides what she does with what she sees.
1. Who issues the underlying credential? If the issuer is a state, a corporation, or a consortium that can revoke at will, the deployment is a privacy improvement on declaration, not an exit from declaration.
2. What can the issuer learn from each use? If the issuer's logs are correlated to user actions, the cryptography hides the use from observers but not from the issuer. Privacy from peers is not privacy from the polis.
3. Can the user opt out without losing the social good? If the deployment becomes a precondition for participating in payments, communications, or public services, the choice is no longer optional. A primitive that is mandatory is no longer a tool; it is the rail of a new polis.
4. Does the deployment require a singular enrollment event? Biometric enrollment, single-issuer KYC, one-shot anchoring to a global registry, these all concentrate the declaration in a moment that cannot be undone. The third position is reached only when the user can re-enter the proof cycle from scratch, with new keys, in any season of her life.
These four questions, applied to the four families above, give a coherent reading. The privacy family (II.2) passes. The scaling family (II.1) passes with the substrate caveat. The identity family (II.3) passes when deployed minimally and fails when deployed as a continent-wide rail. The central bank family (II.4) fails structurally. Worldcoin (III) fails on all four counts.
// V. FOR WHOM : ZK IN SERVICE OF BEINGS, NOT INFRASTRUCTURES
The lens of Part IV measured what passes. It said little about what could be built. The map and the lens together are sufficient for reading. They are insufficient for imagining. This part imagines, soberly, without recommendation.
A primitive that proves without declaring can serve three classes of human need that the architectures of declaration have never been able to serve. Each class is described below by what the primitive does for the being who uses it, not by what protocol or token it requires.
// V.1 ACCESS WITHOUT SURRENDER
A patient proves she is eligible for a reimbursement without disclosing her diagnosis. A renter proves she has the income to honor a lease without revealing her employer, her bank, or the exact figure. A student proves a qualification without exposing the institution that issued it or the grade she obtained. A worker proves she is permitted to work in a jurisdiction without surrendering the identity document that contains forty other data points the verifier never needed.
In each case the encounter happens. The good is granted. The transaction completes. The asymmetry that was a default for forty years, where the weaker party reveals everything and the stronger party learns more than the encounter required, is removed. Not by virtue, by mathematics. The verifier is convinced. Nothing else is captured.
Closest to the third position is the case where the underlying credential itself is issued without a single authority. A peer attests; a community of peers co-attests; the proof aggregates the attestations and discloses none of them. This is possible today with anonymous credential systems and aggregated signatures. It is rarely deployed because the existing issuers (states, banks, platforms) have no incentive to be replaced by a peer mesh. The reader who needs the service must currently route through one of these issuers. The primitive is ready. The deployment waits.
Volkov: the same primitive applies to economic encounters that the correspondent banking system has filtered for fifty years. A mother sends money to a child studying abroad. A freelancer is paid by a client in another jurisdiction. A diaspora sends remittance home. The proof is that the funds were sent and the rules respected. The proof does not require the bank to learn the names. The cost of the privacy is lower than the cost of the surveillance that currently funds the channel.
// V.2 VOICE AND MEMORY UNERASED
A community decides. Each member of the community can prove that her vote was counted, that it was counted only once, and that the total is what the protocol announced. None of the members learns how the others voted. None of the organizers learns who any voter is. The decision is collective. The act of deciding is individual and unnamed. This is what zero-knowledge anonymous voting protocols achieve. The mathematics has been mature since the late 2010s. The deployments outside of niche experiments are few, because the institutions that hold the function of organizing collective decisions have no incentive to replace themselves with a protocol that does not require them.
A witness records what she has seen. The record is signed in a way that proves it was made at the moment it claims to have been made, by a being who held the keys that signed it, who is unnamed. Years later the record can be verified by anyone, against the timestamp anchored to a chain that does not forget. The witness was never declared. The truth was preserved without becoming a deposition. This is what timestamping plus zero-knowledge plus a permissionless ledger allows. It is the function that the cypherpunks named in 1993 and that the institutional architectures of journalism, justice, and history have not yet integrated.
A user proves she is not a bot, not by submitting her iris, not by surrendering her phone number to a vendor, but by demonstrating, in zero-knowledge, that she controls a credential issued through a process the platform considers Sybil-resistant. The credential can be a passport (without revealing it), a long-lived social presence (without revealing it), a stake (without revealing it), or a web of peer attestations (without revealing the peers). The point is that there is no single issuer of the proof of personhood. The polis does not move up the abstraction stack. The being remains undeclared. Anti-Sybil is solved without inventing a new authority.
Rowe: in each of these three cases, the technical primitive existed before the deployment did. What is missing is not cryptography. What is missing is the willingness of incumbent institutions to be displaced by tools that do not require them. The primitive does not need the institutions. The institutions need the primitive to fail.
// V.3 LINKS ABOVE JURISDICTIONS
Two scholars from mutually sanctioned countries collaborate on a paper. They exchange drafts, data, calculations. The collaboration is recorded on a permissionless ledger; each contribution is provable; neither scholar is declared to the jurisdiction of the other. The paper, when published, can be verified as the result of the joint work without either scholar being exposed to the secondary sanctions that would have prevented the encounter through any institutional channel. The primitive permits the link to persist above the jurisdiction.
Two economic actors from hostile juridictions exchange goods or services. The exchange is valid; the parties recognize each other; the cryptographic proof that the rules were honored stands independently of any state's recognition of either party. The state remains free to disapprove. The exchange remains free to occur. The disagreement between the two is no longer settled by which party has the larger banking system behind it. It is settled by whether the math holds for both.
An exile who has lost her papers can still prove that she is the person who signed the documents, contracts, and creative works she signed before the loss. Her continuity of self does not require the jurisdiction that issued the papers to recognize her any longer. The cryptographic record of her keys, anchored across years on a substrate that does not forget, becomes a documentary backbone that the polis cannot revoke. She remains who she has been, even when the polis has unwritten her.
Volkov: this third axis is the one the institutional world most strongly does not want to exist. It is also the one that the existing primitive most directly enables. The disconnect between technical maturity and institutional acceptance, here, approaches its maximum. This is a signal about which side of the disconnect is structural.
// V.4 A NOTE ON METHOD
The three classes above are not exhaustive. They are not a roadmap. Cache256 does not propose a programme. The primitive exists; the cartography of what it could serve is part of reading the primitive honestly. To describe what a tool can do for beings is not the same as to recommend its use. The tool will be used or it will not. The classes above will be inhabited or they will not. The map remains on the table either way.
The pattern across the three is simple, and the reader has now seen it three times. Wherever a being can be served without first being declared, the primitive applies. Wherever the service requires a prior declaration, the primitive is not the right tool, and bending it into being the right tool produces the cage described in Part III. The line is not technical. The line is whether the being is named before the encounter or not.
// VI. WHAT FOLLOWS FROM THE READING
Zero-knowledge proofs are not a politics. They are a primitive. The politics enters when the primitive is deployed, who deploys it, against what background of issuance, and toward what downstream use. A reader who has carried Sum. into this article will recognize the gesture: the primitive itself does not declare, but the polis that surrounds the primitive always tries to.
What survives the gauntlet is narrow. A handful of privacy protocols that hide both inputs and outputs of an exchange, on chains whose substrate is not yet captured. A handful of selective-disclosure deployments that have not been integrated into national identity rails. A few scaling rollups whose verification belongs only to the math. The rest is improvement on the cage, not exit from the cage.
This is not a counsel of despair. The primitive exists, it works, it is available, and it is forty years old. The reader who chooses to use it for what it was designed for has a tool that no previous generation has had at this scale. The reader who chooses to accept a deployment that wears the language of privacy while operating the architecture of declaration has been warned, by the math itself, that something does not add up.
Cache256 does not recommend. Cache256 maps. The map is on the table. The decision is yours.
TRANSMISSION
A proof that says nothing about who you are is the most political object the last forty years of cryptography have produced. A proof that says everything about who you are, while pretending otherwise, is the most polished cage the next forty years will deploy.
The math is neutral. The deployment is not.
Read what proves what. The rest is theater.
// SOURCES
Goldwasser, Micali, Rackoff (1985), The Knowledge Complexity of Interactive Proof-Systems , STOC 1985.
Groth (2016), On the Size of Pairing-based Non-interactive Arguments , EUROCRYPT 2016.
Gabizon, Williamson, Ciobotaru (2019), PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge , IACR ePrint 2019/953.
Bowe, Grigg, Hopwood (2020), Halo: Recursive Proof Composition without a Trusted Setup , IACR ePrint 2019/1021 (Halo2 specification, Electric Coin Company).
Ben-Sasson, Bentov, Horesh, Riabzev (2018), Scalable, transparent, and post-quantum secure computational integrity , IACR ePrint 2018/046 (STARKs).
Tools for Humanity (2023, updated 2024), World ID: A Privacy-First Identity Protocol (whitepaper).
Aztec Network (2022, updated 2024), Aztec Yellow Paper (programmable privacy specification).
Bank for International Settlements Innovation Hub (November 2023), Project Tourbillon: exploring privacy, security and scalability for CBDCs, Final Report.
Bank for International Settlements Innovation Hub (June 2022), Project Aurum: A Prototype for Two-Tier Central Bank Digital Currency , with HKMA.
Bank for International Settlements Innovation Hub (2020-2022), Project Helvetia Phases I-III , with Swiss National Bank.
Niepelt, Rochet (October 2023), The Digital Euro and Privacy , Banque de France Bloc-Notes Éco.
Choi, Henry, Lehar, Reardon, Safavi-Naeini (March 2023), Central Bank Digital Currency and Privacy: A Randomized Survey Experiment, IMF Working Paper WP/23/49.
European Union (2024), Regulation EU 2024/1183 (eIDAS 2.0) establishing the European Digital Identity Framework.
European Union (2024), Regulation EU 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR), Article 79 on anonymising tools.
Financial Action Task Force (October 2021, updated), Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.
Buterin (July 2023), What do I think about biometric proof of personhood? , vitalik.eth.limo.
Federal Commissioner for Data Protection and Freedom of Information of Germany (BfDI, 2023), proceedings against Worldcoin (Tools for Humanity).
Agencia Española de Protección de Datos (AEPD, March 2024), cease-processing order against Worldcoin.
Office of the Privacy Commissioner for Personal Data of Hong Kong (May 2024), enforcement notice on Worldcoin.
Office of the Data Protection Commissioner of Kenya (August 2023), suspension order on Worldcoin.
// CACHE256 · WHAT REMAINS WHEN THE FRAMES MOVE
Sum. · The Substrate Problem · January 2026, The Core Directive
CACHE256 · INTELLIGENCE · MAY 22, 2026 · EMMA ROWE · ALEXANDRA VOLKOV
Discussion in the ATmosphere