Hekate ZK Engine
Monolithic ZK provers are dead. Hekate is a zero-knowledge proof system over binary tower fields: linear-time prover, bounded memory, no FFTs. It proves Keccak, AES, and post-quantum crypto on a laptop or a phone, where Plonky3 and Binius run out of RAM.
ZK hit the memory wall
Every other production prover loads the full execution trace into RAM, then pays an FFT blowup on top. That sets a hard floor:
- 128 GB+ of server RAM at production scale.
-
$1,180/mo for a single AWS prover instance (
r6g.8xlarge). - 0% chance of proving on a phone.
L2 margins collapse under the hosting bill, and client-side proving stays physics-impossible.
Linear-scaling prover infrastructure
10× less RAM. Up to 3× faster. Hekate clears the 128 GB memory wall outright and consistently beats Stwo and Plonky3 on production workloads. It streams through the trace, folds in place, and discards each segment the moment it is proved, so peak memory is bounded per table, not per computation.
- Virtual packing: Keccak proves in 54 columns instead of 2,633.
- O(N) bounded proving: sumcheck + Brakedown, with no FFT bottleneck.
- Ephemeral state: segments are proved and discarded just in time.
Benchmark results
Same Keccak workload, three provers. One finishes; the other two run out of memory.
| Prover | Time | Peak RAM | Result |
|---|---|---|---|
| Hekate | 268 s | 31.08 GB | compute-bound |
| Plonky3 | DNF | 164.6 GB (swap) | OOM crash |
| Binius64 | DNF | OOM @ 42K perms | impossible |
Keccak-f[1600], 671K permutations, Apple M3 Max.
Post-quantum and enterprise crypto, proved natively in binary fields:
| Primitive | Prove | Peak RAM | Proof size |
|---|---|---|---|
| ML-KEM-768 | 1.40 s | 331 MB | 4.2 MB |
| ML-DSA-65 | 2.54 s | 294 MB | 5.1 MB |
| AES-128 | 2.15 s | 772 MB | 3.4 MB |
Built for the edge
Bounded memory moves proving onto hardware that could never run it before: the phone in a pocket, the node at the edge. That opens three markets.
- Wallets & protocols: 100% on-device ZK, with no cloud round-trip and no MEV exposure.
- Autonomous agents: verifiable AI inference on the device (zkML), with zero-trust execution.
- Mobile DePIN & IoT: post-quantum ML-DSA signatures on iOS and Android, with bounded RAM and no battery drain.
The internals (binary tower fields, AIR chiplets, the LogUp bus, soundness proofs) live in the documentation.