This guest post is part of Building with S-two-a series showcasing what teams are building with the fastest prover in the world.
By Clement Walter, Co-Founder and CEO, Kakarot
We at Kakarot believe that the future of computing is about making all software verifiable by its users through real-time zero-knowledge proofs. We’re starting with Ethereum, which places everyone on the cusp of a fundamental zero-knowledge change to how all software works.
Three years ago, Kakarot, together with StarkWare, were the first to understand that ZK-EVMs should be built as EVMs on top of a general-purpose ZK-native stack rather than tailor-made from circuits. Since then, Kakarot has successfully implemented the Ethereum Virtual Machine and State Transition Function in Cairo, creating what we see as a critical “ZK Hedge” for Ethereum security.
Others have since recognized this approach, and today, RISC-V-based VMs like Succinct’s SP1 or Risc0 have achieved remarkable success and impressive proving results. However, their real-time performance on current network bandwidth-which is set to grow significantly-requires hardware that is already expensive today and will become increasingly costly as the network scales.
This is precisely why we believe the ZK world needs a new approach and ours remains fundamentally different: building from the ground up with ZK in mind. As Starkware’s CEO and founder Eli Ben-Sasson noted: “Kakarot will blaze a trail… because it has the superpower of a ZK-native language.”
Today, with CairoM, we’re pushing toward the next frontier: client-side proving that works on mobile devices. Imagine users generating ZK proofs directly on their phones and laptops-enhancing privacy, strengthening decentralization, and creating new possibilities for secure, verifiable interactions without relying on centralized services or expensive hardware.
S-two: Our high-performance proving engine
S-two, which recently demonstrated its technical superiority over other provers, serves as our proving backend. It generates the cryptographic proofs that make our ZK-EVM possible, but this process currently requires powerful cloud infrastructure.
How We Use S-two Today
Our current proving workflow follows this process: We start with an Ethereum block number, which feeds into our ZK Prover Inputs Generator (ZK-PIG) to create the necessary proving inputs. Separately, our Keth source code gets compiled by the Cairo Zero compiler into Cairo Assembly using Stark Field f252. The computational work happens on cloud machines, where we generate execution traces of the program to prove using the block’s inputs. Finally, S-two takes the Cairo execution trace and outputs a cryptographic proof of the block execution.
This cloud-based approach works well for our current needs, but it requires powerful infrastructure and centralized processing-exactly what we want to eliminate for true decentralization.
Unlocking client-side proving with M31
We’ve discovered that the key to bringing proving power directly to users’ devices, lies in a specific mathematical foundation: M31, a Mersenne prime that enables unprecedented efficiency in ZK operations.
M31’s power comes from its optimal size-31 bits is large enough for most computational needs while being small enough for maximum efficiency. This translates to dramatic performance gains: M31 operations are 125x faster than traditional large prime fields used in other ZK systems. This efficiency breakthrough will enable us to unlock two major use-cases for ZK:
- Real-time proving for Ethereum: The efficiency gains will make proving Ethereum blocks possible on machines of reasonable size and lower the block proving price.
- Client-side proving: Breaking free from the hardware requirements that currently restrict ZK proof generation to powerful servers.
Introducing CairoM: Built for mobile
This efficiency breakthrough enabled us to envision CairoM, a completely new stack (language + compiler + VM + prover) designed from the ground up to maximize S-two’s capabilities for client-side proving.
We are building CairoM to harness M31’s efficiency to make ZK proving practical on the devices most people already own. The combination of CairoM’s ZK-native design and S-two’s M31-optimized performance creates the foundation for real-time proving on smartphones and laptops.
From cloud to client
Two ambitious goals drive everything we do:
- Enable client-side proof generation at 10MHz on conventional hardware like standard laptops and mobile devices.
- Launch at least one mobile ZK application generating proofs locally on smartphones.
These aren’t just technical goals-they’re the performance thresholds that will make client-side ZK practical for everyday use, accessible to everyone regardless of their hardware budget, and truly aligned with decentralization principles.
Power to the people’s own devices
Local proof generation on mobile and conventional hardware represents a fundamental shift that unlocks the true potential of ZK for mass adoption.
- Enhanced privacy: When proofs are generated locally on your phone or laptop, sensitive data never leaves your device. Consider age verification-instead of sharing personal documents with third parties, users can generate a ZK proof locally that simply confirms “I am over 18” without revealing any other information. This approach is particularly relevant as privacy regulations tighten across France, Europe, and the US.
- True decentralization: Eliminating reliance on expensive hardware and centralized proving services removes barriers to participation and puts computational power back in users’ hands. Every smartphone and laptop becomes part of the proving infrastructure.
- Accessibility through efficiency: Rather than requiring specialized or costly hardware, we’re making ZK proving work on the devices people already own, ensuring that decentralized verification is truly accessible to all.
- Mobile-first future: By targeting mobile devices from the start, we’re building for the computing platform that billions of people carry in their pockets, making ZK applications truly ubiquitous.
The applications we’re most excited about include KYC and age verification without exposing any personal or financial details, as well as enabling users to produce verifiable facts from source data-like health-related information-all generated locally on their mobile devices without compromising their privacy.
Beyond real-time: The road to ubiquitous ZK
Our roadmap reflects our commitment to making mobile-friendly client-side ZK a reality:
- July 2025: Kakarot launches on EthProof with our current Cairo EVM implementation, marking our entry into the broader Ethereum proving ecosystem.
- 10MHz proving on conventional hardware by End of 2025: We’re targeting efficient proving on standard laptops and desktop computers that people already own.
- Mobile ZK applications in your pocket next year: We’re planning to go live with at least one mobile ZK application generating proofs locally on smartphones-imagine privacy-preserving proof that you’re over 18, or confidential verification of financial resources for bank customers, all generated on your phone.
We’re not building in isolation. Our collaboration with StarkWare leverages their top-performing ZK prover expertise as we tackle the real challenge: making ZK proving accessible on the hardware people actually use, from conventional laptops to mobile devices. This is why we are building with accessibility and true decentralization at its core, and at EthCC Cannes, we’ll be allowing everyone to try the new stack we are building today.
Get Involved The future of verifiable computing is being built now, and we want you to be part of it:
- Visit blog.kakarot.org for technical deep-dives and updates
- Follow @KakarotZKEVM for real-time progress updates
- Explore our open-source components on GitHub
- Test Ethereum block proving yourself with uv run keth
The era of mobile client-side zero-knowledge proofs isn’t just coming-it’s here. And with S-two powering our proving infrastructure, we are making it accessible to everyone, one mobile app at a time.
