SNARKs are more efficient and faster; STARKs do not require a trusted setup, providing stronger security, but may take longer to verify.
Written by: Chainlink
Zero-knowledge proofs (ZKPs) have attracted a lot of attention due to their potential to enhance security, protect user privacy, and support layer-2 network scaling.
ZKPs enable one party to prove to another that a claim is true without revealing any other information. ZKPs are good for both increased privacy — as they reduce the amount of information shared between parties — and scalability, since it only requires proofs to be verified rather than the entire dataset, which is faster to verify.
Two of the most talked about zero-knowledge proof systems are SNARK and STARK. In this article, we'll dive into what they are, how they work, and their key differences.
What are SNARKs?
zk-SNARK stands for Zero-Knowledge Succinct Non-interactive Argument of Knowledge - they were introduced in a 2012 paper by Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer Introduced. SNARKs enable one party to prove to another party that they know a secret without revealing the secret.
zk-SNARKs can be added to distributed ledger solutions as a zero-knowledge proof protocol to enhance privacy and scalability. Zcash is the first widespread application of zk-SNARKs, applying the technology to create shielded transactions in which the sender, receiver, and amount are kept secret. Shielded transactions in Zcash can be fully encrypted on the blockchain, but still be verified as valid under the network's consensus rules by using zk-SNARKs.
An important property of some SNARKs is that they require a trustworthy configuration process—a process in which proofs of private transactions and keys to generate proofs are created. If the secrets used to create this key were not destroyed during the event, they could be used to create false proofs. In scenarios involving crypto assets, this would allow participants to forge transactions or mint new tokens out of thin air. Due to the inherent privacy of SNARKs, it is impossible to verify that a forged proof is indeed forged.
The security level of a SNARK is measured by the amount of work that must be done to find evidence of a misrepresentation. In other words, a SNARK is secure if it is computationally incapable of producing convincing proofs of misrepresentation. For SNARKs that require a trusted setup to be considered secure, at least one participant in the ceremony must generate and destroy a trapdoor that, if used in conjunction with other trapdoors, could otherwise compromise the security of the SNARK. Therefore, trusted setups typically require many actors to run together so that the probability of this happening is low enough.
While trusted setup is only initially required and only available for certain SNARKs, users of SNARK-based networks must trust that the trusted setup ceremony (ceremony) has been performed correctly and that secrets have been destroyed and not created by participants in the event hold. The reliance on this ritual has been an area of much criticism for some SNARKs, viewing it as a potential security weakness.
Another limitation of some SNARKs is that they are not considered quantum resistant. Proponents of SNARKs believe that if quantum computers start to pose a threat to SNARKs, the field of cryptography will face bigger problems. Additionally, some SNARKs may be upgraded to be quantum-resistant in the future.
What are STARKs?
The full name of zk-STARK is Zero-Knowledge Scalable Transparent Argument of Knowledge (Zero-Knowledge Scalable Transparent Argument of Knowledge), which is a zero-knowledge proof system. Introduced as an alternative to SNARKs in this paper. As stated in the paper, STARKs (and more broadly, ZKPs) can bring great benefits to society:
“It is a matter of human dignity that people’s personal information, such as medical and forensic data, needs to remain private. But masks designed to protect privacy can also be misused by institutions entrusting data to cover up lies and deceit that unfairly harms citizens and weaken trust in central institutions. Zero-knowledge (ZK) proof systems are an ingenious cryptographic solution to the tension between individual privacy and institutional integrity, strengthening the latter without compromising the former .”
STARK supports StarkWare's scalability technology. By enabling developers to store and compute off-chain, STARKs improve scalability because STARK proofs verifying the accuracy of off-chain computations can be generated by off-chain services and then published on-chain.
STARKs allow a blockchain to transfer computations to an off-chain STARK prover, and then use an on-chain STARK verifier to verify the integrity of those computations. Layer-2 networks can achieve scalability by using STARKs to compute a large number of transactions in a single batch, and then using a single STARK proof to confirm the validity of the transactions on-chain. All transactions in a batch share the cost of on-chain operations, providing low gas costs for each transaction on the layer 2 network.
Importantly, STARK does not require a trusted setup ceremony since the randomness used by validators is publicly available and proofs can be verified without relying on any external parameters.
Comparing SNARKs and STARKs
Both SNARKs and STARKs have their own advantages, and the choice between the two depends on the user's specific use case requirements. It's also important to note that both SNARKs and STARKs are cutting-edge zero-knowledge proof techniques that are being actively researched, so comparing them also needs to take into account the continued progress and discoveries in the field.
Proponents argue that SNARKs are more efficient and faster because they can be verified in milliseconds. However, this efficiency comes at a price, as some of the trusted setup ceremonies that SNARKs rely on have security weaknesses. This means that the initial parameters used in the proof must be generated in a secure environment, and any disclosure of the parameters may lead to a security breach.
STARKs do not require a trusted setup, thus providing stronger security, but may take longer to verify and are therefore considered less efficient. The proof data size of STARK is larger than that of SNARK, which means that verifying STARK may take more time and consume more gas than SNARK. On the other hand, STARKs are easier to audit than SNARKs since their proofs can be verified without relying on any external parameters, although this may depend on the specific implementation. Unlike most SNARKs, STARKs rely on hash functions that are considered quantum-resistant.
There are several reasons why SNARKs were initially more widely adopted than STARKs, although some of them have potential security flaws related to trusted setup ceremonies. SNARKs were developed six years earlier than STARKs, which helps them get a head start in adoption.
Zero-knowledge proofs bring exponential growth in scalability
Zero-knowledge proofs are the foundational technology of the blockchain ecosystem, helping to improve scalability while helping to protect individual privacy and institutional integrity. zk-SNARKS and zk-STARKS are at the forefront of this revolution, both designed to unlock use cases previously unachievable on public chains, spur innovation and help create a more efficient global economy.
