In sum, this means (i) more efficient folding SNARKs (no heavy hash-gadget proofs), (ii) better security (no FS-in-circuit hacks), and (iii) a new paradigm for more scalable post-quantum succinct proofs.

We diverge from recursive folding and propose
(i) a lattice folding scheme that folds thousands of statements in one shot. So folding depth 1-2 is enough for most use cases;
(ii) a framework to turn any group or lattice folding schemes into SNARKs without embedding FS circuits.

A recent groundbreaking attack (eprint.iacr.org/2025/118.pdf)
shows that proving FS inside SNARK circuits might be risky. Worse still, hashes are expensive to prove, and an efficiency bottleneck of existing folding-based IVC/PCD is indeed the overhead for proving hash computations.

Typical folding-based SNARKs rely on recursive folding: each step verifies the correctness of the previous step by running a folding verifier. However, folding verifiers are made non-interactive via Fiat-Shamir. So you must prove the hash computations of FS inside the circuit.

Excited to share eprint.iacr.org/2025/1905.pdf that re-envisions how to use folding/accumulation in succinct proof systems.
We provide a new framework to build folding-based SNARKs by eliminating the need to prove Fiat-Shamir inside circuits and by introducing a high-arity lattice folding scheme.

eprint.iacr.org/2025/620.pdf
Exciting paper that accelerates Hyperplonk proof generation by 801x over CPUs.