Post-quantum signature schemes impose kilobyte-scale on-chain artifacts. Verifying them inside ZK circuits merely relocates the cost via expensive lattice arithmetic in prover circuits. We present ZK-ACE (Zero-Knowledge Authorization for Cryptographic Entities), which replaces transaction-carried signature objects with identity-bound ZK statements. Given a deterministic identity derivation primitive (DIDP) as a black box, the prover demonstrates in zero knowledge that an identity consistent with an on-chain commitment authorized the transaction; no signature object is produced or verified on-chain. We provide game-based definitions and reduction-based proofs for authorization soundness, replay resistance, substitution resistance, and cross-domain separation, under knowledge soundness, collision resistance, and DIDP recovery hardness. Structural data accounting shows an order-of-magnitude reduction in per-transaction authorization data versus direct PQC deployment. A reference implementation offers two backends: Circle STARK (341 active rows / 361 AIR constraint expressions, 14.5 ms prove, 1.1 ms verify, approx. 107 KB proofs, transparent setup, post-quantum-oriented) and Groth16/BN254 (2,155 R1CS constraints, 37.3 ms prove, 128-byte proofs). Both are roughly 500--2,300x smaller than in-circuit PQC signature verification. Under mandatory per-block STARK aggregation, per-transaction consensus-visible data is approx. 160 bytes.

翻译：[翻译摘要] 后量子签名方案会在链上生成千字节级别的工件。若在零知识电路内部验证这些签名，只会通过证明电路中的昂贵格运算来转移成本。我们提出ZK-ACE（加密实体的零知识授权），该方案将交易携带的签名对象替换为身份绑定的零知识陈述。给定一个作为黑盒的确定性身份派生原语（DIDP），证明者能够在零知识条件下证明一个与链上承诺一致的身份已授权该交易；链上既不会生成也不会验证任何签名对象。我们利用知识可靠性、抗碰撞性与DIDP恢复难度，针对授权可靠性、重放抵抗性、替换抵抗性及跨域隔离性，提供了基于博弈的定义与基于归约的证明。结构数据核算表明，与直接部署后量子密码（PQC）方案相比，每笔交易的授权数据减少了一个数量级。参考实现提供两种后端：Circle STARK（341个有效行/361个AIR约束表达式，14.5毫秒证明，1.1毫秒验证，约107KB证明，透明设置，面向后量子）与Groth16/BN254（2,155个R1CS约束，37.3毫秒证明，128字节证明）。两者均比电路内后量子密码签名验证小约500-2300倍。在强制每区块STARK聚合条件下，每笔交易共识层可见数据约为160字节。