Privacy has always been considered an important feature within the cryptocurrency world. This property is a prerequisite for fungibility, a widely used form of money. Similarly, most crypto-asset holders do not want their funds and transaction history to be fully visible to everyone. Among most cryptographic techniques aimed at providing security to blockchains, zk-SNARK and zk-STARK proofs are two notable examples.

zk-SNARK stands for zero-knowledge concise non-interactive argument of knowledge, and Zk -STARK stands for zero-knowledge concise transparent argument of knowledge. Zk-SNARK proofs are already used in Z-cash and JP Morgan Chase's blockchain-based payment system as a way to securely connect customers to servers. Although zk-SNARKs have made great progress towards becoming well known and accepted, zk-STARK proofs are being introduced as a new and more advanced version of this protocol, addressing many of the problems of zk-SNARK.


Ali Baba's Cave Allegory

In 1990, cryptographer Jean-Jacques Quisquater (along with other contributing authors) published anĀ article titled ā€œHow to Explain Zero-Knowledge Protocols to Your Child.ā€ The articleĀ presents the concept of ToM proofs through an allegory involving Ali Babaā€™s cave. Since its creation, this allegory has gone through several different adaptations and now exists in many different variations. But still the underlying information is essentially the same.

Imagine a ring-shaped cave with a single entrance and a magic door separating the two sides. To pass through the magic door, one must whisper the correct secret words. Imagine that Alice (yellow) wants to prove to Bob (blue) that she knows the correct secret words, but while doing so, she wants to keep the words secret. To do this, Bob agrees to wait outside while Alice enters the cave and walks to the end of one of two possible paths. In this example, Alice decides to take Route 1.

zk-SNARKā€™lar ve zk-STARKā€™lar Nedir?

After a while, Bob comes to the entrance and shouts which way he wants Alice to exit (way 2 in this example).

zk-SNARKā€™lar ve zk-STARKā€™lar Nedir?

If Alice really knows the secret words, she will follow the path specified by Bob.

zk-SNARKā€™lar ve zk-STARKā€™lar Nedir?

The whole process can be repeated several times to verify that Alice did not choose the right path by chance.

Ali Baba's cave allegory depicts the zero-knowledge proofs that are part of the zk-SNARK and zk-STARK protocols. ToM proofs can be used to prove possession of information without revealing that information.


zk-SNARKā€™lar

The first widespread use of zk-SNARKs was with Zcash. While other privacy projects like Monero use ring signatures and other techniques that effectively create a smoke screen around who sends what, zk-SNARKs fundamentally change how data is shared. Zcash's privacy is based on the fact that transactions on the network can remain encrypted while being validated with zero-knowledge proofs. This means thatĀ those executing reconciliation rules do not need to know all the data under every transaction. It is also important to note that the privacy features in Zcash are not self-enabled, they are optional and require manual editing.

Zero-knowledge proofs allow one person to prove to another that a statement is true without having to share any information other than the validity of the statement. Participating parties are often referred to asĀ proversĀ andĀ verifiers, and the testimony they keep secret is called aĀ witness. The main goal of these proofs is to reveal the least amount of data possible between the two parties. In other words, one can use zero-knowledge proofs to prove that one has certain knowledge without revealing anything about the knowledge itself.

The acronym SNARK means ā€œconciseā€ proofs are small in size and can be verified quickly. ā€œNon-interactiveā€ also means that there is little or no interaction between the prover and the verifier. Older versions of zero-knowledge protocols often required the prover and truthmaker to communicate, so they were known as ā€œinteractiveā€ zk proofs. But in ā€œnon-interactiveā€ structures, provers and verifiers only need to share one proof.

Currently, zk-SNARK proofs depend on initial trustworthy arrangements between a prover and verifier, meaning that a set of public parameters is required to create zero-knowledge proofs and thus secret transactions. These parameters are kind of like game rules; They are recorded in the protocol and are one of the necessary factors to ensure the validity of transactions. However, this raises the issue of potential centralization because the parameters are determined by a very small group.

While having an initial public issuance is of fundamental value for today's zk-SNARK implementations, researchers are working on finding other alternatives to reduce the amount of trust required in the process. The initial setup phase is important to prevent fraudulent spending because if someone has access to the randomness that creates parameters, they can create proofs that will appear valid to the verifier. In Zcash, the initial setup phase is known as Ā Parameter Creation Ceremony.

We move on to the ā€œARGUMENTSā€ part of the acronym. Zk-SNARKs are considered computationally robust, meaning that the chance of a dishonest prover successfully fooling the system is very low. This property is known as robustness and is based on the assumption that the prover has limited computational power. Theoretically, a prover with sufficient computational power could create false proofs. This is one of the reasons why many people see quantum computers as a threat to zk-SNARKs and blockchain systems.

The last part of the acronym is ā€œInformation,ā€ meaning that it is not possible for the prover to establish a proof without actually having the information (or witness) to support his or her statement.

Zero-knowledge proofs can be verified in a short time and generally require much less data than a standard Bitcoin transaction. This paves the way for zk-SNARK technology to be used as both a privacy and scalability solution.


zk-STARKā€™lar

zk-STARKs were created as an alternative version of zk-SNARK proofs and are considered a faster and cheaper implementation of this technology. But more importantly, zk-STARKs do not require a reliable initial arrangement (hence the T meaning transparent).

Technically, zk-STARKs do not require reliable initialization because they rely on a more biased symmetric cryptography via conflict-tolerant hash functions. This approach also eliminates zk-SNARK's numerical-theoretical assumptions, which are computationally more costly and theoretically vulnerable to attacks by quantum computers.

One of the main reasons why zk-SNARKs can be implemented cheaper and faster is that the communication rounds between provers and verifiers remain constant no matter how much the calculation increases. In contrast, in zk-SNARKs, the more computations required, the more parties need to share messages among themselves. Therefore, the total amount of data in zk-SNARKs is much larger than the proofs in zk-STARK.

It is quite clear that both zk-SNARKs and zk-STARKs target growing privacy concerns. Within the cryptocurrencyĀ world, these protocols hold great potential and could become a groundbreaking path to mainstream adoption of cryptocurrencies.