top of page

zk-SNARKS and zk-STARKS: What Are Zero-Knowledge Proofs and How Do They Work?

ZK-SNARKS and ZK-STARKS are two types of ZK-SNARKS and ZK-STARKS.

Along with the countless benefits that the Internet provides, our privacy is jeopardised when we use it for social media or business.

The Cambridge Analytica data harmed over 90 million Facebook users. According to the Wall Street Journal, this is only the beginning, and the outcomes are anticipated to improve.

Private user information was exposed on social media sites as a result of the Equifax data leak. As a result, the bulk of the population's birth dates were made public. The Uber hack also exposed the information of over 55 million consumers.

The security concerns are self-evident.

Blockchain Confidentiality

Cryptocurrencies are largely focused on the financial market, and they enable the network to execute monetary and value transactions. Money-transfer procedures are enabled by blockchain technology, which eliminates the need for a trusted third party.

This strategy can potentially result in the loss or theft of our digital assets. It has the potential to expose our personal data or expose us to hackers, both of which can have disastrous consequences for all parties involved.

As a peer-to-peer network, Bitcoin allows users to access all available ledger data. Due to the open and transparent nature of blockchain, every node has direct access to all records of all transactions that have ever occurred on the network. Each node, in general, has the ability to trace any of the records and determine the entire quantity of Bitcoins in a certain blockchain wallet.

Conducting a crypto transaction, on the other hand, makes pseudonymity impossible. It exposes some of the wallet owner's data, potentially putting his or her financial security at risk.

Because blockchain technology lacks confidentiality, bitcoin acceptance has been hampered. Privacy is a critical factor that prevents it from reaching its full potential.

zk-SNARKS and zk-STARKS, the New Game-Changers

Today, two top technologies — Monero and ZCash — are attempting to overcome security challenges with their cryptocurrencies. The Ring Confidential signature mechanism is used by Monero. Z-Cash, on the other hand, makes use of zk-SNARK (Zero-knowledge scalable transparent argument of knowledge), a mechanism that allows for anonymous transactions.

The goal of zk-STARKs is to create quick, scalable financial security solutions. Transaction encryption is possible in this manner. One of the ten Breakthrough Technologies of 2018 was zk-STARKs. The fact that well-known companies like R3 and Ethereum have already begun to employ zk-STARKs in their applications demonstrates the enormous potential of zk-SNARKS.

ZKPs were created in the 1980s by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. They're looking into technologies that allow people to prove facts by declaring that they know something without revealing it.

zk-SNARKs are based on Black2b cryptography, which allows for ring-signature verification of knowledge through one of the parties. This technology is currently exclusively used by Zcash.

A zero-knowledge proof has the following characteristics:

Completeness: An honest prover can persuade a verifier that the data is correct.

Soundness: the verifier will know if the prover is lying.

If the assertion is true, the verifier will have no way of knowing what the statement is.

The following are the requirements for zk-SNARK (zero-knowledge Succinct Non-Interactive ARgument of Knowledge):

If a statement is true, a verifier learns nothing more than the fact that the assertion is true.

In a nutshell, the proof must be minimal enough to be checked in a matter of milliseconds.

There is no back-and-forth contact between the prover and the verifier because only one set of information is submitted to the verifier for verification.

Soundness holds against a prover that uses polynomial-time, i.e. bounded computation, in a computationally soundproof way.

Without access to the witness, the proof cannot be constructed (the private input needed to prove the statement).

The nature of smart contracts is that they execute themselves. A sender must transmit money to a receiver in order to complete a transaction. After that, the transfer can be carried out using a smart contract. Some data, on the other hand, should be kept encrypted so that only the sender and receiver can track it. ZKP makes it possible to complete a transaction without disclosing the participants, currency, or amount transmitted.

It's worth noting that some organisations are able to follow the transactions of the most powerful wallet owners. However, they can only reduce the number of wallet owners for a few people. There is no way to identify the true owner of the wallet.

Proofs of Zero-Knowledge

Prior to the introduction of ZKPs, a prover may be malicious and deceive a verifier. The verifier's genuine motives were questioned by Shafi Goldwasser, Silvio Micali, and Charles Rackoff. They considered how to determine whether a verifier is telling the truth and whether or not a prover can trust him.

We must first create a strong password and transmit it to the server in order to safeguard ourselves. The server then hashes the password and verifies that it is correct. If a user attempts to log in, the website will prompt them for a password. The password is compromised in the event of an attack, and the consequences can be disastrous.

Zero-knowledge proofs are a method that can be used to help avoid such a situation.

A prover and a verifier are the two players in ZKP. The verifier must persuade the prover that he or she is aware of specific facts about a hidden item, but he or she is not required to reveal this information.

Consider programme C, which has two parameters: x and w. The first is open to the public, while the second holds confidential information. The outcome can either be true or false. The first participant must demonstrate that he or she is aware of secret witness w in order for C(x,w) to be true.

zk-SNARK is the greatest solution if someone simply wants to prove that he or she knows a secret piece of information without disclosing it to anyone.

G, P, and V are the three inputs to zk-SNARK.

The application generates two public keys: a proving key and a verification key, and it has a secret parameter. These are open inputs that can only be produced once.

Proof of Statement vs. Proof of Proof

We can prove two categories of data with ZKP: factual proof and knowledge proof.

The well-known truths that a user seeks to verify with ZKP are proofs of fact, such as whether data B belongs to group C.

Proof of knowledge is a way of stating that you know something without revealing any details about it.

Remember that establishing facts and proving knowledge are two very distinct things, thus the answers to them can be as well. Because it does not provide proofs to its users, the cryptocurrency world is built on "proof of knowledge," and users must function on the basis of faith.

Only after this step can a particular fact be transformed into the correct parameter, and only then can it be proven. The “quadratic arithmetic program” (QAP), which is used to transform the code of a function, is the most widely accepted form.

Users can also use this function to convert a fact into a QAP and generate a solution, which is referred to as a "witness."

The Distinction zk-STARKs and zk-SNARKs are two types of zk-STARKs.

zk-STARKs is a more developed version of zk-SNARKS. Eli-Ben Sasson, a professor at the Technion-Israel Institute of Technology, created it. In comparison to zk-SNARKS, he released a special document that describes a faster solution.

For security, zk-SNARKs rely on public-key cryptography, which necessitates the use of leaner symmetric cryptography and collision-resistant hash functions. It also excludes some zk-SNARKs procedures that require more money and are more vulnerable to attacks. zk-STARKs provide a set of alternatives to zk-SNARKs.

We don't need a trusted setup for zk-STARKs because we're trying to save money and time. The following are the main differences between zk-SNARKS and zk-STARKs:

The arithmetic circuit's complexity. The code is generated in such a way that it can be broken down into circuits and computed in the zk-SNARK and zk-STARK technologies.

The complexity of communication. With the increased complexity of the computation, the communication complexity of the zk-SNARK increases linearly, as well. zk-STARKs develop in the opposite way, and increase slowly as the computation size grows, which is the great advantage zk-STARKs in comparison to zk-SNARKs.

the complexity of the prover. zk-STARK is 10 times faster than zk-SNARK.

the complexity of the verifier. With the growth in computation size, zk-STARK enlarges slightly. On the other hand, SNARK needs less time \sfor proof of confirmation than STARK. For example, STARK takes up to 100 ms to confirm, and SNARK only needs up to 10 ms.

One more thing to consider is that zk-SNARK is difficult to apply at the complexity of the proofs scale.

The Trusted Execution Environment(TEE) allows the offloading of secret computations in blockchain-based networks. TEE technologies — for example, Intel’s Software Guard Extensions (SGX) — isolate code execution, remote attestation, secure provisioning, and safe storage of data. Moreover, applications that use TEE are highly protected from hackers.


Voting is another example of ZKPs being used to their full potential. Every citizen of any country who has ever voted in a presidential election is familiar with the voting process. A person with voting rights choose the candidate who, in his or her judgement, is the most suited among the others.

However, personal verification is required, and many people are terrified of being judged for their decision. ZKP allows users to vote more quickly, for less money, and anonymously.

Cryptocurrency ZKP

Zerocoin Electric Coin Company created the Zcash cryptocurrency in September 2016. Zcash is the first cryptocurrency to use the ZKP protocol in conjunction with blockchain technology. This coin allows for quick and safe transactions without revealing any personal information (such as addresses or location).

Integrating Zcash into Ethereum is a cost-effective solution for Ethereum to enter the Metropolis phase. Zooko Wilcox, Z-Chief Cash's Developer, gave a talk at DevCon2 in Shanghai, where he detailed three ways to apply zk-SNARK to Ethereum:

Zoe (on Ethereum, Zoe = Zcash) is a baby. This is about installing a zk-SNARK pre-compiler on Ethereum and constructing a Zcash smart contract. It can be used to see if Ethereum will allow the establishment of a zk-SNARK on its network.

Ethereum computability has been included into Zcash.

The Alchemy project was created to help two blockchains work together. Cloning BTC Relay, an Ethereum script that provides a Bitcoin lite client, can be used to build it.

For transaction implementation, zero-knowledge proof provides an open and favourable area. The verification algorithm is made up of building blocks that are precompiled contracts in Ethereum.

To generate a proving key and a verification key, the generator leaves the network. With the proving key, the prover establishes a proof. This can be done off-chain as well.

The proof, the verification key, and the public parameters are added as input data, and the verification process is run.

Let's see how zk-SNARKs can help with network privacy challenges. A mapping from addresses to balances exists in a token contract:

balances (address => uint256) mapping

Let's keep the same code but replace the balance with the balance's hash:

balance (address => bytes32) mapping Hashes

We can't hide the addresses of users making or receiving a transaction this way; just the balance and amount can be hidden. This is also known as a private transaction.

When one address is generated by the sender and the other by the recipient, zk-SNARKs are used to transfer tokens from one address to the other.

Generally, validating a transaction's size value necessitates parameter verification:

value >= balances[fromAddress]

Keep in mind that the hashes must match the balances. Here's the programme with the public and private inputs, x and w:

return ( w.senderBalanceBefore > w.value && sha256(w.value) == x.hashValue && sha256(w.senderBalanceBefore) == x.hashSenderBalanceBefore && sha256(w.senderBalanceBefore - w.value) == x.hashSenderBalanceBefore &

The receiver's programme is as follows:

return ( sha256(w.value) == x.hashValue && sha256(w.receiverBalanceBefore) == x.hashReceiverBalanceBefore && sha256(w.receiverBalanceBefore + w.value) == x.hashReceiverBalanceAfter && sha256(w.receiverBalance

The programme verifies that the balance, value, and the hashes are all the same:

transfer(address _to, bytes32) is a function that transfers data between two addresses. bytes32 hashSenderBalanceAfter, bytes32 hashReceiverBalanceAfter, bytes zkProofSender, bytes zkProofReceiver) hashValue, bytes32 hashSenderBalanceAfter, bytes32 hashReceiverBalanceAfter, bytes zkProofSender, bytes zkProofReceiver) hashSenderBalanceBefore = balance bytes32 bytes32 hashReceiverBalanceBefore = balance; hash[msg.sender]; hash[msg.sender]; hash[msg.sender]; hash[msg.sender]; has Hashes[ to];

zksnarkverify(confTxSenderVk, [hashSenderBalanceBefore, hashSenderBalanceAfter, hashValue], zkProofSender); bool senderProofIsCorrect = zksnarkverify(confTxSenderVk, [hashSenderBalanceBefore, hashSenderBalanceAfter, hashValue], zkProof

zksnarkverify(confTxReceiverVk, [hashReceiverBalanceBefore, hashReceiverBalanceAfter, hashValue], zkProofReceiver); bool receiverProofIsCorrect = zksnarkverify(confTxReceiverVk, [hashReceiverBalanceBefore, hashReceiverBalance

balanceHashes[msg.sender] = hashSenderBalanceAfter; balanceHashes[ to] = hashReceiverBalanceAfter; if(senderProofIsCorrect && receiverProofIsCorrect)

A number of difficulties must be addressed for proper transaction implementation from the confidential side:

Users must keep track of their balances on the client side, as tokens can be returned if the amount is lost. With a key derived from the signature key, the balances might be encrypted and stored on-chain.

To avoid reversing hashes and revealing balances, balances must contain 32 bytes of data and encode entropy in part of the balance.

Always double-check the address you're dealing with before completing the transaction.

In order to complete the transaction, communication is required. Keep in mind that certain parties may have a system in place to complete the transaction, allowing it to be completed as a "pending incoming transaction."

In fact, the most difficult task for zk-SNARK technology is establishing trust conditions during the setup phase. Users have no way of knowing if the setup procedure has ever been compromised. As a result, the major appeal is to be honest and fair within the network.


With Zero-Knowledge Proof technology, privacy is no longer a problem for blockchain. Nodes can use ZKPs to validate data without revealing it to the rest of the network. ZKP has already been incorporated into the technologies of the following companies:

QED-it is an Israeli firm that conducts transactions to prove specific facts without disclosing it. Financial institutions can be audited using zero-knowledge proof.

NuCypher is an initial coin offering (ICO) that focuses on proxy re-encryption. NuCypher's ZKP allows you can use an are-encrypted key instead of a public key. With the re-encrypted key, it is now possible to safely share data.

Nuggets enables online stores to secure their data by encrypting information using ZKP technology.

12 views0 comments
Post: Blog2_Post
bottom of page