Zk-SNARKS Vs. Zk-STARKS

• Blockchain Council
• May 29, 2024

Throughout history, similar technologies have always emerged around the same time seeking similar outcomes but approaching the problem differently. Therefore, adopters should endeavor to examine each technology objectively when this market phenomenon arises.

Advances in cryptography have resulted in the creation of novel privacy technologies that may be used to protect data privacy. Among them are zk-SNARKs and zk-STARKs. However, each of these technologies has benefits and drawbacks that must be considered when evaluating and selecting a privacy solution.

zk-SNARKs are a type of zero-knowledge proof used to establish the truth of a statement without giving any information about the assertion itself. zk-STARKs are a more contemporary alternative to zk-SNARKs that do not require a “trusted setup.”

The features that distinguish zk-SNARKs from zk-STARKs will be discussed in this post. But before that, let us first understand the concept of zero-knowledge proof technology.

What is zero-knowledge-proof technology?

Zero-knowledge proof technologies allow one person to demonstrate to another that they know something without the prover needing to disclose the information itself. They are a privacy-improving technology since they decrease the amount of information that has to be supplied between users. Apart from this, it is also a scaling technology because it allows proofs to be verified at a quicker pace as they do not include the full amount of information for non-private systems.

In technical terms, Zero Knowledge Proof (ZKP) is an encryption technique developed in the 1980s by MIT academics Shafi Goldwasser, Silvio Micali, and Charles Rackoff.

Zero-knowledge methods are probabilistic evaluations, which means they do not establish something as conclusively as just releasing all of the information would. Instead, they give unlinkable data that might be used to demonstrate that the assertion’s validity is likely.

Currently, a website accepts the user password as input and compares it to the stored hash. When ZKP is used, the client’s password is unknown to the verifier, but the login can still be authenticated.

Zero-Knowledge Proof’s Characteristics

Zero-Knowledge

If the assertion is true, the verifier will have no idea. In this case, the statement might be an absolute value or an algorithm.

Completeness 

If the assertion is true, an honest verifier will finally be persuaded.

Soundness 

If the prover is dishonest, they will be unable to persuade the verifier that the evidence is sound.

Zk-STARKs and zk-SNARKs are two of the most promising zero-knowledge technologies on the market today. Zk-STARK means for zero-knowledge scalable transparent knowledge argument, whereas zk-SNARK stands for zero-knowledge succinct non-interactive knowledge argument. This post will look at the key differences between these two zero-knowledge technologies, both culturally and technically. Furthermore, both of these zero-knowledge methods are non-interactive, implying that the code may be deployed and run independently.

What is zk-SNARKS?

Alessandro Chiesa, a UC Berkeley professor, co-authored a paper in January 2012 that used the term zk-SNARK for the first time to describe the zero-knowledge proofs they created. At its core, Zk-SNARKs rely on elliptic curves for security. However, in cryptography, elliptic curves are used under the assumption that determining the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is impossible.

While there has been much controversy about whether elliptic curve random number generators have a backdoor, the technique as a whole remains safe. Although there are multiple common weaknesses in side-channel attacks, they can all be effectively handled in various ways.

Quantum attacks do threaten elliptic curve encryption, but the quantum computing necessary to breach its security model is not commonly accessible.

Zk-SNARKs require a trustworthy setup in addition to being based on elliptic curves. The initial generation event of the keys needed to construct the proofs required for private transactions, as well as the verification of those proofs, is referred to as a trusted setup. When such keys are initially established, a secret parameter is associated between the verification key and the keys transmitting private transactions.

Suppose the secrets used to construct these keys during the trusted setup event aren’t compromised. In that case, they might be used to manufacture trades via fake verifications, allowing the holder to do things like produce new tokens out of thin air and use them in transactions. But, of course, there would be no method of verifying that the tokens made out of thin air were indeed brought into existence due to the privacy characteristics of zk-SNARKs. Having said that, a reliable setup is only necessary at first.

As a result, SNARK-based network users must believe that the trusted setup was accomplished correctly, which implies that the secrets associated with the trusted setup key were destroyed and are no longer in possession of those who saw the ceremony. The dependency on a dependable setup has been one of the key grounds of disagreement among SNARK critics. On the other side, developers should only utilize the trusted setup once.

Another major issue leveled regarding SNARKs is that they are not quantum resistant. The privacy technique underpinning SNARKs will be compromised if quantum computing becomes widely available. Defenders of SNARKs correctly point out that we will face far greater obstacles when quantum computers are deployed, such as breaking RSA and most wallet infrastructure.

Despite the challenges with the trusted setup, SNARKs have been embraced at a far quicker rate than STARKs for various reasons. Years before STARKs were found, SNARKs were discovered, giving the technology a huge head start in terms of acceptance. One of the first digital asset initiatives, Zcash, promoted the use of SNARKs among blockchain developers.

Thanks to Zcash and other early adopters, SNARKs has the most developer libraries, published code, projects, and developers actively working on the technology. SNARKs are used by emerging DEX Loopring in addition to Zcash. If a developer wanted to start using zero-knowledge technology, SNARKs would have a lot more support than STARKs.
Furthermore, SNARKs are projected to need just 24% of the gas required by STARKs, implying that transacting using SNARKs would be significantly less expensive for the end-user. Finally, SNARKs have a substantially smaller proof size than STARKs, requiring less on-chain storage.

What are zk-STARKs?

While SNARKs have certain advantages over STARKs in terms of documentation and developer assistance, STARKs also have some advantages. But first, let’s look at what STARKs are in terms of technical concepts.

Eli Ben-Sasson, Iddo Bentov, Yinon Horeshy, and Michael Riabzev released the first STARK publications in 2018. Unlike SNARKs, STARKs’ core mechanism is based on hash functions. Using hash functions provides various advantages right away, such as being quantum resistant. Furthermore, there is no need for a trustworthy setup to start using STARKs in a network.

STARKs, on the other hand, have far bigger proof sizes than SNARKs, which implies that confirming STARKs takes longer and requires more gas than SNARKs.

Furthermore, due to a lack of developer documentation and community, developers will find it considerably more difficult to employ STARKs. While some projects like STARKWARE are developing STARK-based scaling solutions, the SNARKs community is still far bigger.

zk-STARKs against zk-SNARKs: Summary

The fact that zk-SNARKs require elliptic curve cryptography whereas zk-STARKs do not is a significant distinction between the two forms of proofs. Elliptic curve cryptography (ECC) is a kind of encryption technology that generates secure cryptographic keys using elliptic curve properties. It is a popular choice for online security since these keys may be used to encrypt and decode data.

ECC is more secure than other forms of encryption, such as RSA, and is more resistant to brute-force assaults, which are becoming more widespread in the current world.

Another distinction between zk-SNARKs and zk-STARKs is that zk-SNARKs necessitate the use of a trusted setup. This implies that the original keys used to construct the proofs must be created by someone. In contrast, zk-STARKs do not require a trusted setup.

Currently, zk-SNARKs are more popular than zk-STARKs. This is because zk-SNARKs have been around longer and are simpler to use. Instead of elliptic curves, which are more difficult to break and need a trusted setup, STARKs use hash functions. STARKs, on the other hand, have a higher proof size, which means that confirming a proof takes longer and consumes more gas.

Conclusion

While both the SNARKs and STARKs development communities embrace them, the Ethereum Foundation is very loud about STARKware, which uses Starks. Indeed, the Ethereum Foundation awarded STARKware a $12 million grant, demonstrating its commitment to the new technology.

Moreover, while STARK documentation is lacking compared to SNARK documentation, the technical community has lately produced a more comprehensive collection of resources for people interested in implementing the cutting-edge technology.

If you want to learn everything there is to know about cryptocurrencies and blockchain technology, the Blockchain Council’s extensive blockchain certifications are for you. The courses give students with subjective and practical information in an easy-to-understand format. They’re economical and give you quick access to a growing market.