zk-SNARK and zk-STARK – What are they and what are their differences?

What is zk-SNARK?

First of all, it is important to note that zk-SNARKs and zk-STARKs proofs fall within the domain of cryptographywhich encompasses encryption and decryption techniques widely used in our daily tools such as secure Internet connection (HTTPS protocol), messaging or banking applications.

In 2012, an article was published by researchers Alessandro Chiesa, Nir Bitansky, Ran Canetti and Eran Tromer, from institutions such as ETH Zurich and Columbia University. This article introduced the zk-SNARKs.

The basic notion behind this acronym, which stands for ” Zero-Knowledge Brief Non-interactive ARgument of Knowledge is to provide a zero knowledge proof (ZKP) in order to verify a declaration made by a prover without revealing anything other than the evaluation of the latter.

How do zero-knowledge proofs (ZKP) work?

The term ” Brief means that these proofs can be verified quickly within milliseconds because they are small in size, typically a few hundred bytes.

The appearance ” Non-interactive » means that the prover does not need to interact with the verifier to prove his knowledge, contrary to the interactive versions which require the sending of several proofs to the verifier.

Finally, the term Argument of Knowledge is used to describe such evidence, as it is used to convince the verifier of the validity of the knowledge without revealing other information.

To use zk-SNARKs, it is essential to establish a trust configuration at a given time between the prover and the verifier in order to have a set of public parameters as well as cryptographic keys. The keys then make it possible to ensure the confidentiality of the information.

What is zk-STARK?

Later, in a 2018 publication, researchers Yinon Horesh, Eli Ben-Sasson, Iddo Bentov and Michael Riabzev presented the zk-STARK as an alternative to zk-SNARK. Indeed, this protocol has two distinctive characteristics. First of all, unlike the zk-SNARK, it does not need a trusted system to pass its parameters. Then it is called quantum attack resistant, which means that it is designed to withstand the computing power of current and future quantum computers.

However, zk-STARKs are not without drawbacks and have a high cost in use, especially with regard to the size of the evidence. Unlike zk-SNARKs, the size of a zk-STARK evidence is much larger, on the order of a few tens of kilobytes, a factor of about 100 compared to zk-SNARKs.

Moreover, in the field of cryptography, zk-STARKs are dumbflabbergasted as a relatively new technology, with only 5 years since the publication of the original concept. It may still take time to fully assess their reliability and usefulness in different scenarios.

Use cases of zk-SNARK and zk-STARK in the blockchain

Many practical and theoretical use cases arise from these innovative cryptographic techniques. Privacy-focused cryptocurrency Zcash (ZEC) pioneered the use of zk-SNARKs. This is also what differentiates it from other blockchains.

Its uniqueness lies in its enhanced confidentiality guarantee, thanks to the possibility of fully encrypting transactions on its blockchain, while verifying them in accordance with the network’s consensus rules using zk-SNARKs proofs.

More recently, zk-SNARKs and zk-STARKs have become an essential part of Ethereum blockchain layer 2 scalability solutionsknown as zk-Rollups. Rollups are widely adopted and used in various cases, and several prominent examples include zkSync, ZKSpace, Loopring, etc. Let’s take a look at the most popular use cases.

All about the Optimistic Rollup and ZK Rollup of the Ethereum blockchain

Confidentiality of transactions

In general, cryptocurrency transactions are publicly visible on blockchains. Users are often under a pseudonym and can be traced back to them either because they have voluntarily linked their addresses to real-world identities, or by linking them to real identities through on-chain analysis.

Nevertheless, one can imagine the desire of certain entities to maintain the confidentiality of their transactions, and to meet this need, blockchains have been developed to allow completely anonymous transactions. Privacy-focused blockchains like Zcash and Monero preserve transaction details, such as sender and receiver addresses, asset type, quantity, and time of transaction.

zk-SNARKs or zk-STARKs proofs are also used on public blockchains. For example, Tornado Cash is a decentralized protocol that allows users to make private transactions on Ethereum. Tornado Cash uses zk-SNARKs evidence to prove ownership of tokens present in the mixer. However, these privacy tools are often considered illegal activities by governments.

Refine your knowledge of blockchain with the Alyra school

Alyra, training to integrate the blockchain ecosystem

Authentication

It is well known that the use of online services often requires verification of identity or access rights, which generally involves the provision of personal information such as e-mail addresses, dates of birth, etc In addition, it is often necessary to memorize passwords and there is a risk of losing them.

However, instead of providing credentials, it is possible for individuals to simply prove that they meet certain criteria, for example using a decentralized identity that certifies their citizenship in a country, without having to share their name or passport number.

This approach allows individuals to maintain their privacy, protect against identity theft and fraud, while allowing organizations to free themselves from the need to store large amounts of personal information, thereby reducing the risk of cyberattacks.

Another trivial example is proof of possession of passwords, where an individual can demonstrate to the verifier that they know a specific password without revealing other information that his knowledge of this password.

For example, applications can validate a password without needing to access its actual content, and a payment application can check an account’s balance without needing to access specific information about it.

This approach allows the individual to retain control of their personal informationwhile allowing digital actors to verify certain conditions required to continue processes.

Network scalability

Through the use of zk-STARKs, it is possible to perform calculations for bundles of off-chain transactions and then submit a single zk-STARK proof to confirm the validity of those transactions on the main blockchain. This provides better scalability to the Ethereum network as the nodes only verify proof of computation rather than transaction data.

StarkWare, led by Eli Ben-Sasson, the inventor of zk-STARKs, is the key player in this area. The teams of this startup are developing cheaper and faster scalability solutions for the Ethereum network. So far, StarkWare has managed to raise $273 million and is currently valued at $8 billion.

What are the similarities and differences between zk-SNARK and zk-STARK?

In terms of transparency, zk-SNARKs and zk-STARKs take different approaches. zk-SNARKs are considered more efficient and faster, with verification that can be performed in milliseconds. However, as mentioned above, some zk-SNARKs require an initial configuration of trust, where proof parameters must absolutely be generated in a secure and private way. Any compromise of these parameters could involve the security of the exchange.

On the other hand, zk-STARKs use hash function-based cryptography, which has the advantage of making random generation parameters public. This enhances transparency and security, as hash functions are resistant to quantum computing power.

With regard to security, zk-STARKs provide enhanced security by having larger evidence sizes than zk-SNARKs, and do not need an initial trust configuration. However, this can lead to longer verification times, which can make zk-STARKs less efficient.

zk-SNARKs also consume less resources when verifying proofs due to their smaller size in bytes. Although zk-SNARKs may seem more appealing due to their faster verification, zk-STARKs generate evidence faster and scale more efficiently despite their larger evidence sizes. Additionally, zk-STARKs consume less resources when used in a blockchain by adopting off-chain computing and storage.

Finally, verification of zk-STARKs does not depend on external parametersmaking them potentially easier to audit than zk-SNARKs in general.

To go further: zkSync, the first zkRollup compatible with the Ethereum Virtual Machine (EVM)

Sources: Introductory article to zk-SNARKs ; Introductory article to zk-STARKs