[mike_hearn]

I think it's a fundamental difference.

TEEs have had attacks, but the good ones like Xbox One or classical SGX didn't have any catastrophic attacks. All attacks were fixable via software updates that could be rolled out quickly and easily.

ZKPs have had multiple catastrophic attacks now. By catastrophic I mean there is no way to recover. Once the problem is discovered the entire database the ZKPs were protecting is a writeoff.

I stopped following ZKP research years ago but at the time it appeared this problem was fundamental. By design these systems leave only small mathematical objects behind that prove things about something you can't see. If the proofs can be forged it's game over, there's no data which can be used to restore trust in the system. I don't see how this can be addressed with maturity, and cryptographers have been pushing circuit based ZKP systems for 15 years now, so how long exactly is this maturation process supposed to take?

You can use TEEs in a way that yield catastrophic attacks, but the system I designed didn't have that problem.