A July 14 arXiv preprint proposes stripping application gateways out of critical infrastructure security entirely, replacing them with cryptographic proofs that edge devices can check in tens of milliseconds [S1]. Generating each proof takes tens of seconds on a desktop [S1]. Whether that tradeoff works for the power stations and water treatment plants that depend on these gateways is the question this research opens but does not close.
The gateway maintenance problem
Modernising the security of operational technology, the computers that control critical infrastructure, has become a pressing challenge [S1]. The standard approach uses application gateways: intermediary servers that sit between users and edge devices, checking whether someone is allowed in. These gateways must be physically collocated with remote edge devices and kept patched against the latest vulnerabilities with minimal downtime [S1].
In a network of hundreds or thousands of distributed devices, that is a heavy burden. Every gateway is a server to power and a point of failure to monitor.
How Prezta works
Prezta, short for Provable Remote Execution of Zero-Trust Authorization, moves the authorization check onto the client device [S1]. Instead of asking a gateway whether a user is allowed in, the client runs its access policy inside a zero-knowledge virtual machine, or zkVM, a sandboxed environment that produces a succinct mathematical proof of authorization [S1]. The edge device verifies that proof. No gateway needed.
The proof is a SNARK, a cryptographic proof that is tiny to check but expensive to produce. The edge device does not need to trust the client or run any policy logic. It checks the proof and either accepts or rejects. Because the policy runs on the client, policies and identity management can change without touching the edge devices [S1].
The authors built a prototype using the RISC Zero zkVM [S1]. It supports XACML 3.0 policies, a standard access-control language, and JWT identity claims, the tokens used in modern web authentication [S1]. Their compiler correctly implements 83% of the XACML 3.0 conformance suite [S1]. About one in six policy patterns is not yet handled.
Why tens of seconds matters
zkVMs introduce substantial proof overhead [S1]. The authors attacked this from several angles: compiling policies to Rust code, precompiling regular expressions, and optimising signature verification and JWT parsing. Together these steps reduced prover time by more than an order of magnitude [S1].
Even after those optimisations, proof generation completes in tens of seconds on a desktop [S1]. Verification takes only tens of milliseconds [S1]. That is fast enough for resource-constrained edge devices [S1].
The gap between those two numbers is the story. Tens of seconds is fine for a worker logging into a substation at the start of a shift. It is not fine for a system that needs to make thousands of authorization decisions per second.
What it means
The core idea flips where trust lives. Today, trust sits in the gateway, a piece of infrastructure you have to install, power, patch and protect. Prezta moves trust into mathematics. The edge device does not need to know anything about the policy or the user's identity. It checks a proof.
This matters because edge devices in critical infrastructure are often the hardest things to update. They sit in remote locations running specialised software with limited processing power. If you can change an access policy without sending a technician to the device, or even pushing a firmware update over the network, you have removed one of the biggest maintenance costs in operational technology security.
The broader trend is real. Zero-knowledge proofs are moving from blockchain novelty into mainstream security architecture. A separate April 2026 arXiv paper proposes "Proof of Execution" for verifying that AI agents followed governance rules, using similar cryptographic techniques [P3]. Another May 2026 paper, ZK-ACE, applies zero-knowledge authorization to post-quantum blockchain identity systems [P4]. The tooling is maturing too: the ProvableHQ SDK, which builds on RISC Zero technology, recently added transport-aware proving with mTLS support [P2]. Open-source projects like agentzt are bringing zero-trust principles to AI agents specifically [P5].
What it means for business
For operators of critical infrastructure, the value proposition is maintenance reduction. Every application gateway you can remove is one fewer server to patch and monitor at a remote site. A utility company with 500 substations might be running 500 gateways, each needing security updates, each a potential point of failure. Prezta's architecture would let those companies centralise policy management while leaving edge devices untouched.
For a two-person security consultancy or a suburban systems integrator, this is worth watching but not yet worth buying. The prototype covers 83% of the XACML 3.0 conformance suite [S1]. Real policies may not compile. Proof generation in tens of seconds rules out interactive use cases. And the paper has not been peer-reviewed [S1], so the security claims need independent verification before anyone trusts them with a water treatment plant.
Vendors building zero-trust products should note where the market is heading. If clients can generate their own authorization proofs, the gateway becomes optional. That changes how you price and deploy access control. The RISC Zero zkVM, already used in this prototype, is becoming a default platform for this kind of work [S1].
What we don't know yet
The paper is a preprint, not peer-reviewed [S1]. No independent audit has tested the prototype or its security claims. The 83% XACML 3.0 conformance figure means 17% of standard policy patterns are unsupported, and the paper does not specify which ones [S1].
Proof generation in tens of seconds is a wide range. The paper does not break down how long specific policy types take, or how proof time scales with policy complexity. Whether hardware acceleration, such as GPUs or dedicated proving chips, could bring this below one second is an open question the authors do not address.
The prototype has not been tested in real operational technology environments [S1]. There is no data on how it performs under network latency and adversarial conditions.
The next concrete signal: whether this work survives peer review, and whether the RISC Zero ecosystem can push proof generation below one second. Until then, Prezta is a promising architecture with a real limitation stamped on its forehead.
If this is the kind of security research you want to follow as it moves from preprint to practice, subscribe for the next dispatch.
Sources
- [S1] Prezta: Provable Remote Execution of Zero-Trust Authorization using SNARKs — arXiv preprint (cs.CR, q-fin.GN) (attributed)
- [P2] Releases · ProvableHQ/sdk · GitHub — Releases · ProvableHQ/sdk · GitHub (attributed)
- [P3] Proof of Execution: Runtime Verification for Governed AI Agent Actions — Proof of Execution: Runtime Verification for Governed AI Agent Actions (attributed)
- [P4] ZK-ACE: Identity-Centric Zero-Knowledge Authorization for Post-Quantum Blockchain Systems — ZK-ACE: Identity-Centric Zero-Knowledge Authorization for Post-Quantum Blockchain Systems (attributed)
- [P5] openafw/agentzt — openafw/agentzt (attributed)
Related reading
- LeRobot v0.6.0 ships world models with zero inference cost — our technology desk, 2026-07-10
- New arXiv paper maps how AI-human trust gets exploited — our technology desk, 2026-07-11
- ALER-TI fills time series gaps using historical retrieval — our technology desk, 2026-07-09
Generated from an audited evidence pack with primary-source research. Social-media items are discussion signals, not verified facts. Nothing here is financial, legal or medical advice.