The basics of zkSTARKs and zkSNARKs

Photo by Nate Johnston on Unsplash

Zero-knowledge proofs are at the cutting edge of cryptography that is advancing the ways in which blockchains can scale and achieve privacy. From this has emerged two similar technologies zkSNARKs and zkSTARKs.

Zero knowledge proofs achieve privacy by allowing one party to prove something to another party without disclosing the information necessary to prove it. The party that is proving something is called the prover, while the party that is making sure the information is correct is called the verifier.

For example, if you wanted to prove that you are over 18 years old you may use a driver’s license. However, doing so not only reveals information about your age but your name, date of birth, and a whole host of personal information. A zero-knowledge proof allows you to prove that you are indeed over 18 years old, without actually revealing any of the information on your driver’s license. In this case, you are the prover and the party you’re trying to prove your age to is the verifier.

Since only a proof needs to be sent and verified between parties rather than all the necessary information, this also increases scalability. While zero knowledge technology is still a work in progress the most well-known example is of Mina’s blockchain that is a tiny 22kb — roughly the size of a couple of tweets.

zkSNARK is an acronym where the first part stands for zero-knowledge, and the latter for Succinct Non-interactive Arguments of Knowledge.

zkSNARKs are small and efficient which allows them to have relatively fast times to create and verify proofs. The smaller proof size also requires less gas to verify when being published onto L1 by a rollup. In General, both zkSTARKs and zkSNARKs can dramatically increase the scalability of a blockchain when used with rollups as they can be used to verify the validity of a batch of transactions at once.

Although, zkSNARKs do require trust assumptions as they need to agree upon a set of parameters for the trusted setup. This could create centralization as the zkSNARK setup is usually a closed process that involves a small group of people. If a party had access to the setup parameters they would be able to forge a zkSNARK proof and deceive the verifier into accepting a valid proof. Although, systems have recently emerged where zkSNARKs don’t require an initial trusted setup.

zkSNARKs are also assumed to be vulnerable to quantum attacks. Arguments of Knowledge in this instance assumes that the prover has limited computing power because theoretically, a prover that has sufficient computer power could convince a verifier of a false zkSNARK proof.

zkSTARK is an acronym where the latter part stands for Scalable Transparent Arguments of Knowledge.

While zkSTARKs are larger in size than zkSNARKs, the size of the proof doesn’t directly dictate how long it will take to generate — the type of computation is also a factor. The size is slightly inhibitive though as rollups using zkSTARKs require more gas to submit the proof to L1.

Although, zkSTARKs are quicker to generate than snarks. Both the prover and verification time for a zkSTARK increases at a slower rate than zkSNARKs when computation requirements increase — resulting in better scalability.

ZkSTARKs don’t require a trusted setup because they utilize randomness that is publicly verifiable to create the system. Unlike zkSNARKs, zkSTARKs are quantum-resistant due to the stronger cryptographic primitives used in their design, like collision-resistant hash functions, which is why their proof size is significantly larger than that of zkSNARKs. Thus, arguments of knowledge for zkSTARKs make no assumptions that prover computing power is limited.

Both zkSTARKs and zkSNARKs are cutting-edge cryptography that is pushing the boundaries of what is possible with blockchain scaling. As the technologies improve, along with hardware improvements, zero knowledge proofs will proliferate as the technology that underpins modular scaling and the future of blockchains as we know them.