Feb 2
2 min read
What is the difference between zkSNARKs and zkSTARKS?
I decided to dive deeper into zero knowledge proofs to stumble upon any new things I learn. This is not intended to be a 0–1 guide- that will come next, this is just for my own learnings, and maybe yours.
Here are the notes:
zkSNARKS
- Zero-knowledge: A verifier can validate the integrity of a statement without knowing anything else about the statement. The only knowledge the verifier has of the statement is whether it is true or false.
- Succinct: The zero-knowledge proof is smaller than the witness and can be verified quickly.
- Non-interactive: The proof is ‘non-interactive’ because the prover and verifier only interact once, unlike interactive proofs that require multiple rounds of communication.
- Argument: The proof satisfies the ‘soundness’ requirement, so cheating is extremely unlikely.
- (Of) Knowledge: The zero-knowledge proof cannot be constructed without access to the secret information (witness). It is difficult, if not impossible, for a prover who doesn’t have the witness to compute a valid zero-knowledge proof.
zkSTARKS
like zksnarks, but scalable.
ZK-STARK is an acronym for Zero-Knowledge Scalable Transparent Argument of Knowledge. ZK-STARKs are similar to ZK-SNARKs, except that they are:
- Scalable: ZK-STARK is faster than ZK-SNARK at generating and verifying proofs when the size of the witness is larger. With STARK proofs, prover and verification times only slightly increase as the witness grows (SNARK prover and verifier times increase linearly with witness size).
- Transparent: ZK-STARK relies on publicly verifiable randomness to generate public parameters for proving and verification instead of a trusted setup. Thus, they are more transparent compared to ZK-SNARKs.
So two things changed: 1) more scalable. 2) publicly verifiable randomness rather than trusted setup, more transparent.
