In 1994, Oded Goldreich and Yair Oren proved a door shut: a fully noninteractive zero-knowledge proof — no back-and-forth between prover and verifier — could not exist under the standard definition. The field treated it as settled for thirty years. Then a graduate student walked through the wall.

As Quanta Magazine‘s Ben Brubaker reported in May, Rahul Ilango — a PhD student at MIT, now a postdoc at the Institute for Advanced Study in Princeton — built a zero-knowledge proof for any NP statement with no interaction, no trusted setup, and perfect soundness. That was the exact combination the field had crossed off. UCLA cryptographer Amit Sahai told Quanta the construction was “an incredibly cool new direction”; the paper, Gödel in Cryptography, won the 2025 Machtey Award.

←TODAY: A 2025 result (ePrint 2025/1296) shows secrecy can rest on what mathematics cannot prove, not only on what is hard to compute. →3012: Trust built on unprovability rather than a vendor’s setup is the kind that survives a century. Fulcrum: The incompleteness that frightened mathematicians in 1931 becomes load-bearing the moment you stop asking math to certify itself.

The system: what a zero-knowledge proof moves

Trace the dependency graph. A zero-knowledge proof, invented in 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff, lets a prover convince a verifier a statement is true while revealing nothing else. The textbook case is map three-colouring: colour every region so no two neighbours match. The prover commits to a colouring, hides it, and the verifier points at one border at a time. Reveal two different colours each time, across enough rounds, and the verifier is convinced without ever seeing the whole map.

The bottleneck is that conversation. Goldreich and Oren said you cannot remove it — a noninteractive proof needs a “simulator” that, classically, cannot exist. Ilango changes which impossibility he leans on. Rather than prove a simulator exists, he builds proofs where the ZFC axioms cannot disprove that one exists, even when none does. Secrecy stops being computational hardness and becomes a Gödelian blind spot. He calls it effectively zero-knowledge, and the qualifier is the honest part.

Say the trade-off plainly: this is a theoretical result resting on a contested redefinition of “zero-knowledge” and a bet that ZFC’s consistency is unprovable — not a shipping tool. And despite the quantum label this story files under, it is classical complexity theory; the only quantum thread nearby is the separate post-quantum migration.

The street: trust without disclosure

For a practice, the payoff is one phrase: prove a fact without handing over the data behind it. PAZ has covered this thread before, when quantum cryptography’s pioneers took a Turing Award. Show a model satisfies the fire code without releasing the model. Show a bid meets spec without revealing the price. Show a credential is valid without exposing the identity.

Atelier: Picture a confidential Wettbewerb where every studio proves its scheme clears the program and the budget envelope before a single drawing is opened — the jury checks compliance, not contents. Same trust-without-disclosure primitive, pointed at tendering and at the privacy-preserving digital building permit.

Hack: This Hack teaches you to compute how many challenge rounds an interactive zero-knowledge proof needs before cheating becomes astronomically unlikely — the exact cost Ilango’s noninteractive version deletes. A bluffer survives one round of three-colouring with probability at most 1 – 1/|E|, so the rounds compound as a scaling law.

import math

# One round catches a bluffer with prob >= 1/|E| (one bad edge out of |E|).
def rounds_needed(edges, target=2**-40):
    p_escape = 1 - 1 / edges                 # survive a single round
    return math.ceil(math.log(target) / math.log(p_escape))

for E in (100, 1000, 10000):
    print(f"|E|={E}: {rounds_needed(E)} rounds for cheat-odds < 2^-40")

Run it: 10,000 edges needs hundreds of thousands of rounds. That linear-in-secrecy chat is the queue that builds in every interactive protocol — and what the new construction removes in principle.

The move

The near-term action is not Ilango’s proof; it is the trust dependency you already own. The cryptography under your signed IFC files and e-permits rests on hard problems a quantum computer would break — which is why Apple shipped post-quantum corecrypto to GitHub this month and the EU’s roadmap wants cryptographic inventories by end-2026 and full migration by 2035. ETH Zurich’s group under Ueli Maurer has chased proofs “without intractability assumptions” for years. Draw your real trust dependency graph this week — which signatures, which standards, whose setup — and find the third dependency you forgot you had.

Sources & Further Reading

• Primary: Quanta Magazine — How Unknowable Math Can Help Hide Secrets
• Reinforcing: Rahul Ilango — Gödel in Cryptography (IACR ePrint 2025/1296)