Vitalik's Shanghai Speech: The History of Cryptography and the Significance of ZK

This article is the transcript of a speech by Vitalik Buterin, the co-founder of Ethereum, at the Shanghai Blockchain Week on October 23, 2025. In this speech, Vitalik reviewed the development of cryptography technology over the past half-century, starting from the origins of signatures and encryption algorithms, and explained how cryptography has driven the evolution of blockchain technology. He focused on analyzing the breakthroughs of zk-SNARKs and fully homomorphic encryption in terms of scalability, security, and privacy protection, demonstrating how these new technologies enable blockchain systems to achieve efficiency, low cost, and developer-friendly characteristics simultaneously. The speech delved into the application potential of zk-SNARKs in privacy computing, hardware trusted execution, and Web3 infrastructure, proposing a new security perspective: “If it’s not your silicon (hardware), it’s not your Private Key.”

Vitalik emphasized that as the cost of ZK technology decreases and performance improves, the future development of Blockchain will shift from “Why do we need ZK” to “Why not use ZK”. He called on global developers to actively participate in the construction of the ZK ecosystem, from foundational Cryptography research to decentralized application development, to jointly shape a trustworthy computing era based on encryption verification.

History of Cryptography Technology

Vitalik: Hello everyone, welcome to this blockchain event. In the past 10 years, the blockchain and Cryptography industry has developed significantly. Blockchain technology was in its very early stages at first, and now, compared to 10 years ago, the value proposition (differences) of blockchain is substantial.

Today, the topic of my speech is: Thinking about the long-term future of Blockchain and Cryptography technologies. If Blockchain and ZK, FHE, and all these other technologies are (first) scalable, second developer-friendly, and third affordable, what can we do with these technologies if they don't have many drawbacks?

In fact, the technology of Cryptography is divided into many parts, the first of which is signature, and the second is encryption.

Encryption is the difference between HTTP and HTTPS. Everyone should remember that 20 years ago there was no HTTPS; the technology of HTTPS existed, but no one used it. However, now, 20 years later, all websites, all apps, and all applications are based on HTTPS, created using signatures.

The second part is the signature. Why didn't we have this situation 20 years ago? Why is it happening now? It is because the cost of signatures and encryption is now almost zero. In fact, the theoretical foundations of signature and encryption technologies existed 50 years ago, with important papers published before 1976 and 1978, such as Diffie-Hellman and RSA, which can be said to have invented the first modern signature and encryption algorithms.

Around the 1980s and 1990s, starting in 1989, digital signature functionality was introduced. By around 1992, PCP emerged, and now there are various new technologies. By about 2015, this technology had become abundant, widely available, and so cheap and simple to use that people no longer need to think about its drawbacks.

The Significance of zk-SNARKs (ZK)

In the past decade, I have started to work on some new cryptographic technologies in the field of Cryptography, namely zk-SNARKs (zero-knowledge proofs), fully homomorphic encryption (FHE), and another very new technology that is still in its early stages.

Now you can prove about 2 million hashes in one second, so the efficiency of this technology is particularly high, the security is getting higher and higher, and the developer experience is particularly good.

The technology of fully homomorphic encryption has the potential to improve tenfold between 2023 and 2025.

Now we also have Blobs, which are things that help with secure scaling for L2. We currently have 6 Blobs and plan to create 500 Blobs in the next two to three years.

The gas limit on L1 has increased from 30 million to 45 million this year, but we plan to continue increasing it, potentially by 10 times or 100 times. You might think that the cost of this technology has become very low, and the developer UX has improved significantly. The entire Blockchain has also made similar progress.

What is the result of “abundance”? If you are thinking about ZK technology right now, it is possible that your attitude towards ZK is questioning why we need ZK? Can we avoid ZK? In fact, many times it is the same for Blockchain, why do we need Blockchain, can we avoid the need for Blockchain?

When a technology is very new and also very expensive, people may not necessarily believe in it, and that's normal. But five years later, I guess many people's attitude towards Blockchain, ZK, and new technologies will be: “Why not add ZK? Why not add Blockchain?”

ZK has a huge impact, and now we have a plan, a website called ethproofs.org, where you can see many ZK EVMs that can now prove Ethereum L1 in real-time, which was completely impossible two years ago. Two years ago, everyone thought it might take five years or even ten years to achieve this. But now it can be done, and currently about 50 GPUs can prove almost all Ethereum Blocks in real-time. This means our new gas limit (block capacity) is not 30 million, but 45 million. So when we scale in the long term, we can actually create a more scalable and decentralized network at the same time. Because we do not need every node to directly verify all transactions in the blockchain, we can also use most nodes with ZK, using a ZK proof to verify in just a millisecond, which is particularly fast.

The Privacy Attributes of ZK

ZK has another advantage which is privacy, so this year we can have a project slogan that we need to think about all aspects of Ethereum privacy, including on-chain transaction privacy, off-chain transaction privacy, and various applications, we can do this now. Two years ago, we could only do a little, but now we can do much more than before. Another important issue is the relationship between cryptography, blockchain, and hardware. In the blockchain field, we have a saying, “Not your keys, not your coins.” This means that if you do not control the private key of your wallet, your private key is controlled by someone else, and if it's controlled by someone else, you cannot verify whether your coins are safe. I think by 2030 we will add another saying, “Not your silicons, not your keys.” Because everything done in blockchain relies on cryptography, which relies on private keys, and private keys depend on algorithms, and algorithms need to run on hardware, while private keys need to be stored on hardware. So if you cannot trust your hardware, you cannot trust everything that happens on hardware.

I recently found that many fields have this problem. Blockchain has digital assets and digital identities, but IoT also has this issue. If every device has a computer inside, how can you trust it? Healthcare also has this problem; privacy in the medical field is very important.

We recently started an interesting project. If you attended DEVCON or went to Singapore, you might have seen a relatively small device that allows you to see the quality of the air, showing you many different indicators such as carbon dioxide and AQI. Having such a device helps us understand what is happening in the air, which is very important for our future medical field, but there are also significant privacy issues. Information known in the physical world ten or twenty years from now could be a thousand times more than what we know now. How can we protect privacy? How can we ensure security? So what we are working on now is a future version of this device, which will incorporate Cryptography technology. We can know what we want from the data while not exposing the privacy of every individual and every location. zk-SNARKs are very useful, and SAT (Boolean satisfiability problem) is also very useful.

First, we know that Cryptography is very important, and now we find that Cryptography is indeed usable. Second, open-source and verifiable hardware are also important; in fact, we have the same problems in the Blockchain field as in many other fields.

How to Participate in the ZK Ecosystem

All the fields I just mentioned are developing a lot now, how can you participate?

I think there are three answers:

First, entrepreneurship. Now you can create or support applications such as ZKID using ZK, FHE, Blockchain, etc.

Second, the research and optimization of underlying Cryptography technologies. We have the Lean team at the Ethereum Foundation, and there are many collaborative opportunities, also available at ethproofs.org, where everyone can contact the Ethereum team.

Thirdly, there are currently applications based on these technologies, such as Scroll, Taiko, Lighter (a high-frequency DEX), Intmax, Aztec, and some applications of ZK voting, like ZKPassport which has existed for about two years, as well as Aragon, which announced earlier this year that it would use ZK voting, along with some wallets. There are now many ways to participate in these areas.

I think the questions we might need to consider in five or ten years are about the many technologies that currently use signatures, encryption, and other simple cryptography, like HTTPS and Signal, but you don't know they have these technologies. These technologies are particularly cheap and can be used directly without thinking about costs or user experience issues. If ZK, fast blockchains, like L1, L2, and FHE can reach this level of efficiency, everything will use ZK. If that's the case, what can we do with this technology? The answer is not simple; we need to start experimenting now. Each year we can develop more and more applications, and we will probably learn a little more about this answer each year. I'm very happy to participate in this technology R&D process with everyone, and I hope to continue participating with everyone in the next 10 years.