In March 2025 the Office of the Comptroller of the Currency confirmed in Interpretive Letter 1183 that national banks may engage in crypto-asset custody, certain stablecoin activities, and distributed ledger participation without first obtaining supervisory non-objection. The letter rescinded the more cautious 2021 stance and put the question of how banks handle on-chain customer data back on every compliance desk. One technology sits at the centre of those answers: zero-knowledge proofs, the cryptographic primitive that lets one party prove a statement is true without disclosing the underlying data.
From a 1985 Idea to Production Code
The mathematical foundations of zero-knowledge proofs were laid by Goldwasser, Micali, and Rackoff in their 1985 paper introducing interactive proof systems. Practical succinct non-interactive variants, now widely called zk-SNARKs, emerged from a series of papers in the early 2010s, including work by Eli Ben-Sasson and Alessandro Chiesa that became the basis for the first production deployment. That deployment was Zcash, which launched in October 2016 and was the first public blockchain to support shielded transactions where the sender, recipient, and amount are all hidden from public view.
For nearly a decade after Zcash, US financial firms watched the technology rather than using it. The DAO hack of June 2016, which drained roughly $50 million from a single Ethereum contract, had made every bank legal team cautious about anything labelled smart contract or shielded. The Bank for International Settlements helped reopen the conversation with BIS Working Paper 1242, “Privacy-enhancing technologies for digital payments,” which framed zero-knowledge proofs alongside secure multi-party computation and trusted execution environments as the practical toolkit for confidential payment rails. The paper named central banks and regulators as the natural early customers, not because the cryptography is novel to them, but because the policy questions about data minimisation belong to them in the first place.
What US Banks Are Actually Building
Several US banks have publicly discussed tokenisation and distributed-ledger pilots in custody and collateral, including JPMorgan Chase (which operates a digital-asset platform under its Kinexys brand) and other large institutions. Each programme has had to make decisions about what data lives on chain and what is suppressed; the OCC’s 2025 letters set the supervisory floor for those decisions.
None of these programmes has produced large-scale public usage statistics that an outside observer can verify. What can be verified is the policy direction. The OCC rescinded the 2021 supervisory non-objection requirement in March 2025. The SEC moved on a series of digital-asset disclosure questions through 2024 and 2025. And the OCC followed Interpretive Letter 1183 with Interpretive Letter 1186 later in 2025, expanding the scope of permissible activities further. Banks now have written agency support for using these tools, and that has changed the kind of internal conversation a CTO can have with a chief risk officer.
The Federal Reserve and the Privacy Research Track
The infrastructure layer of US-accessible ZKP work has also matured. Public protocols including Polygon zkEVM, Linea, zkSync, Scroll, and Starknet now process production volume on Ethereum mainnet, and each rests on a different proof system. Aleo and Aztec offer privacy at the application layer. Mina Protocol uses recursive proofs to keep the entire chain succinct. The maturity of the surrounding tooling has changed how a US bank engineering team evaluates the question. The barrier in 2026 is less about whether the proof system exists and more about which one to pick and how to integrate it without breaking existing audit trails.
The Federal Reserve has not endorsed any specific deployment of zero-knowledge proofs, but its research staff has examined them. A 2023 Finance and Economics Discussion Series paper, available at the Data Privacy for Digital Asset Systems (FEDS 2023-059, Jillian Mascelli), covered cryptographic techniques relevant to digital-asset payment systems including ZKP. The paper does not commit the Fed to anything, but it does indicate the level of internal familiarity with the technology that now exists at the central bank. The European Central Bank and the Bank for International Settlements have published similar work, and the result is a body of central-bank research that practitioner teams at US firms now cite in their internal proposals.
The interesting policy question is not whether ZKP works. The cryptography has been good enough for over a decade. The question is the trust assumptions under each construction. Most zk-SNARK schemes rely on a trusted setup ceremony and on elliptic-curve assumptions that a future quantum computer might break. The National Institute of Standards and Technology finalised three post-quantum cryptography standards in August 2024: FIPS 203 (ML-KEM, key encapsulation), FIPS 204 (ML-DSA, lattice-based digital signatures), and FIPS 205 (SLH-DSA, hash-based digital signatures). The standards do not directly cover ZKP, but they establish the lattice-based and hash-based primitives that the next generation of post-quantum-safe proof systems will be built on.
Where Compliance and Cryptography Meet
For US compliance teams the appeal is specific. Regulators routinely require evidence that a control was applied, not the underlying data the control operated on. A bank can in principle send a regulator a proof that every transaction in a quarter passed sanctions screening, without sending the regulator every transaction. Whether this becomes the standard reporting motion depends on regulator readiness to verify proofs, and the public record so far is short. The 2025 OCC interpretive letters do not address proof-based reporting directly; they address custody and infrastructure. The Federal Reserve, SEC, and FinCEN have not, as of mid-2026, issued public guidance accepting proof-based attestations in place of raw transaction reporting.
Audit firms are adapting. Major accounting firms have been building out digital-asset and cryptography practices since 2023, and trade bodies including the American Institute of Certified Public Accountants have published thought leadership on digital-asset attestation. No formal standard for proof-system soundness exists yet, but the work is visibly underway.
| Date | Agency / Body | Action | Primary source |
|---|---|---|---|
| Aug 2024 | NIST | Finalised FIPS 203/204/205 post-quantum cryptography standards | NIST |
| Oct 2024 | CFPB | Final Section 1033 “Personal Financial Data Rights” rule | CFPB / DLA Piper summary |
| Mar 2025 | OCC | Interpretive Letter 1183 rescinds the 2021 supervisory non-objection requirement for bank crypto-asset custody | OCC IL 1183 |
| Jul 2025 | White House / Congress | GENIUS Act signed, first federal US stablecoin statute | Latham & Watkins summary |
Sources: agency press releases and primary documents linked inline.
What to Watch Through 2027
Three threads will shape adoption through 2027. First, OCC and FDIC follow-up on Interpretive Letters 1183 and 1186 will determine how aggressively national banks build confidential rails on top of permissioned chains. Second, the post-quantum migration timeline will determine whether banks invest in current zk-SNARK constructions or wait for lattice-based and hash-based alternatives to mature. NIST has signalled that post-quantum readiness for digital signatures should be in place by 2030 to 2035 across the federal information systems estate, and US banks generally follow that timeline. The implication is that any proof system built today on classical elliptic-curve assumptions has a finite shelf life. Engineering teams have to decide whether to ship now with a planned migration or wait for post-quantum primitives to settle.
Third, the GENIUS Act stablecoin framework that became law in July 2025 will drive a wave of new US bank stablecoin issuance through 2026 and 2027. Reserve disclosure is a recurring theme in that statute, and the public debate over how much detail a stablecoin issuer must disclose to whom is one of the natural use cases for proof-based attestation. A stablecoin issuer can in theory show its reserves match its float by proving a property of an audited statement rather than publishing every custodian balance. Whether the agencies that police stablecoin issuance under the GENIUS Act accept that pattern is one of the open questions of 2026. None of these threads will resolve quickly, but each one will push specific decisions inside US financial firms across the next 18 months.
The interesting question for 2026 is no longer whether US banks can use zero-knowledge proofs. It is which constructions the regulators will treat as auditable, and how long it takes for the first proof-based regulatory filing to land on a US agency’s docket.
