Arrow icon
Ness Labs: Make the most of your mind
Learn more about Joggo

A Summary of

STARKs, part I: proofs with polynomials

by
Vitalik Buterin
Vitalik
View original

ZK-SNARKs are a zero-knowledge (ZK) proof technology used for succinct proofs and verifications. However, this technology comes with several limitations. ZK-STARK (T standing for "transparent") is a newer zero-knowledge proof technology that helps resolve the primary weaknesses of ZK-SNARKs.

Issues ZK-STARKs Help Resolve

ZK-STARKs utilize simpler cryptographic assumptions and avoid: 1. Reliance on a "trusted setup" 2. The uses of elliptic curves and pairings 3. The knowledge-of-exponent assumptions  ZK-STARKs only rely on hashes and information theory. Which keeps them secure from attackers with quantum computers. 

The Cost of ZK-STARKs

  • ZK-STARKs require much larger proofs than ZK-SNARKs. The size of proof increases from 288 bytes to a few hundred kilobytes.
  • However, the cost is not worth it when the need for trust minimization is high, such as in the context of public blockchains.

How General ZK Proofs Work

Let f(x) = y - f: public function - x: private input - y: public output A ZK proof allows one to prove that they know an x such that f(x) =y without revealing the private input. 

Limitations of ZK-STARKs:

  • ZK proofs are intended to be succinct, meaning the proof is quicker than the computation itself.
  • However, data greater than any degree-1,000,000 polynomial miss the mark for succinctness.

Solutions:

  • Proof of Proximity
  • Two Catch Proof
Related content
See all posts
Arrow icon