Understanding the Difference Between zk-SNARKs and zk-STARKs

SNARK and STARK are zero-knowledge proof technologies that allow one party to prove a statement is true to another party without revealing any further information. [Zero-knowledge proofs (ZKPs)] have gained significant attention for their potential to enhance security, protect user privacy, and support [layer 2 scaling solutions]. ZKPs enable one party to prove a statement’s truth without disclosing additional information. They are beneficial for increasing privacy by reducing the amount of shared information between parties and improving scalability by requiring proof instead of verifying the entire dataset, resulting in faster verification.

The two most prominent zero-knowledge proof systems are SNARK and STARK. In this article, we will delve into what they are, how they work, and their key differences.

What is SNARK?

[zk-SNARK] stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. It was introduced in a paper authored by Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer in 2012. SNARK allows one party to prove their knowledge of a secret without revealing the secret itself. zk-SNARKs can be incorporated as zero-knowledge proof protocols in distributed ledger solutions to enhance privacy and scalability.

[Zcash] was the first widespread application of zk-SNARKs, using this technology to create shielded transactions where sender, receiver, and amount remain confidential. These shielded transactions can be fully encrypted on the blockchain but still verified as valid according to the network’s consensus rules using zk-SNARKs.

One important characteristic of some SNARKs is that they require a trusted setup, during which proof generation keys for private transactions are created. If the secrets used to create these keys are not destroyed during the event, they could potentially be used to produce false proofs. In scenarios involving cryptographic assets, this could allow participants to forge transactions or create new tokens out of thin air. Due to the inherent privacy of SNARKs, it’s impossible to verify whether forged proofs are indeed forged.

The security level of SNARKs is measured by the work required to find evidence of false statements. In other words, if SNARKs cannot computationally produce convincing proofs of false statements, then they are considered secure. For SNARKs to be considered secure, at least one participant in the setup ceremony must generate and destroy a trapdoor, in conjunction with other trapdoors, to minimize the possibility of compromising SNARK security. Therefore, trusted setups typically require many participants to run together to make this scenario highly unlikely.

While trusted setups are only initially required and apply to certain SNARKs, users of networks based on SNARKs must trust that the trusted setup ceremony was executed correctly, and the secrets were destroyed and not held by participants in the event. Dependence on such ceremonies has been a criticized aspect of some SNARKs, seen as a potential security weakness.

Another limitation of some SNARKs is that they are not considered post-quantum secure. Supporters of SNARKs argue that if quantum computers become a threat to SNARKs, the field of cryptography will face even greater challenges. Additionally, some SNARKs may upgrade to become quantum-resistant in the future.

What is STARK?

[zk-STARK] stands for Zero-Knowledge Scalable Transparent Argument of Knowledge and is a zero-knowledge proof system introduced as an alternative to SNARKs in a paper published by Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev in 2018. STARK (and ZKPs more broadly) can bring significant benefits to society:

“Personal information, such as medical and forensic data needs to be kept private, as it is a matter of human dignity. However, masks designed to protect privacy may also be abused by institutions entrusted with data to hide lies and deception, unfairly harming citizens and undermining trust in central authorities. Zero-knowledge (ZK) proof systems are a clever cryptographic solution that addresses the tension between individual privacy and institutional integrity, strengthening the latter without compromising the former.”

STARK supports [StarkWare’s] scalability technology, enabling developers to perform storage and computation off-chain. This improves scalability, as STARK proofs that verify off-chain computations can be generated by off-chain services and then published on-chain.

STARK allows blockchains to move computations to off-chain STARK provers and then use on-chain STARK verifiers to confirm the integrity of these computations. Layer-2 networks can achieve scalability by using STARKs to compute a large number of transactions in a single batch and then confirm the validity of these transactions on-chain using a single STARK proof, reducing gas costs for every transaction on the second-layer network.

Importantly, STARKs do not require a trusted setup ceremony because the randomness used by verifiers is publicly available and can be verified without relying on external parameters.

Comparing SNARKs and STARKs

SNARKs and STARKs each have their own advantages, and the choice between them depends on the specific use case requirements of users. It’s also important to note that SNARK and STARK are cutting-edge zero-knowledge proof technologies, and comparing them requires considering ongoing advancements and discoveries in this field.

Supporters argue that SNARKs are more efficient and faster, as they can provide verification within milliseconds. However, this efficiency comes at a cost, as some SNARKs rely on trusted setup ceremonies with potential security weaknesses. This means that the initial parameters used in proofs must be generated in a secure environment, and any leakage of these parameters could result in security vulnerabilities.

STARKs do not require a trusted setup, providing stronger security, but they may take longer to verify, making them less efficient. The proof data size of STARKs is larger than that of SNARKs, meaning that verifying STARKs may take more time and consume more gas. On the other hand, because STARKs can be verified without relying on external parameters, they are easier to audit, although this may depend on specific implementations. Unlike most SNARKs, STARKs rely on hash functions considered quantum-resistant.

One reason SNARKs were initially more widely adopted than STARKs is their development started six years earlier, giving them a head start in adoption.

Zero-knowledge proofs bring exponential scalability

Zero-knowledge proofs are foundational technology for the blockchain ecosystem, contributing to scalability while preserving individual privacy and institutional integrity. zk-SNARKs and zk-STARKs are at the forefront of this revolution, aiming to unlock use cases previously unachievable in public chains, drive innovation, and help create a more efficient global economy.

Feel free to follow Chainlink’s oracle and join the developer community via direct messages for a wealth of learning materials on smart contracts and blockchain topics!

Disclaimer：

1. This article is reprinted from [Chainlink]. All copyrights belong to the original author [Chainlink]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.