Zero-knowledge proofs, introduced by Goldwasser, Micali, and Rackoff, are a fundamental building block in theoretical cryptography with numerous applications. Still, the impact of zero-knowledge proofs for building secure systems in practice has been modest at best. Part of this can be explained by the economics of deploying new technology in the wild: often introducing a trusted third party in lieu of a proof system achieves users' security goals with lower anticipated cost. The goal of this thesis is to lower the cost of using zero-knowledge proofs in real-world systems. This cost has two major components: the cost incurred by the proof system itself, and the price paid to instantiate the security model the proof system relies on. Working with my collaborators, I have contributed to reducing both of these costs: -- Cost of the security model. For many practical scenarios it is crucial that proofs be non-interactive and succinct. In the standard model, non-interactive zero-knowledge (NIZK) proofs do not exist for languages outside BPP (even with just computational soundness). However, if the security model includes a trusted party, available for a one-time setup phase, then NIZKs exist for all languages in N P. Soundness of the NIZK depends on this trusted setup: if public parameters are not correctly generated, or if the trusted party's secret internal randomness is revealed, an attacker could convince the verifier of false N P statements without being detected. We show how public parameters for a class of NIZKs can be generated by a concretely-efficient multi-party protocol, such that if at least one of the parties is honest, then the result is secure and can be subsequently used for generating and verifying numerous proofs without any further trust. -- Cost of the proof system. We have designed and built an open-source cryptographic library, called libsnark, that provides efficient implementations of state-of-the-art zero-knowledge proof constructions. Our library is the fastest and most comprehensive suite of zero-knowledge proofs currently available. Working in tandem, these contributions have achieved industrial impact, and are the main efficiency enablers for Zerocash, a privacy-preserving payment system.