Privacy has always been viewed as a valuable feature within the cryptocurrency community. It is the precursor to fungibility, which is necessary for a widely used form of money. Similarly, most crypto-asset holders don’t want their holdings and transaction history to be completely public. Among the various cryptographic techniques aiming to provide privacy to blockchains, the zk-SNARK and zk-STARK proofs are two noteworthy examples.
zk-SNARK stands for zero-knowledge succinct non-interactive argument of knowledge, and zk-STARK represents zero-knowledge succinct transparent argument of knowledge. Zk-SNARK proofs are already being used on Zcash, on JP Morgan Chase’s blockchain-based payment system, and as a way to securely authenticate clients to servers. But while zk-SNARKs have made significant headway to being well-established and adopted, zk-STARK proofs are now being touted as the new and improved version of the protocol, addressing many of the previous drawbacks of zk-SNARKs.
This article will show you how to explain zero-knowledge protocols to your children and tell you what are zero knowledge protocols used for.
zk-SNARKs
Zcash is the first widely available application of zk-SNARKs. While other privacy projects like Monero employ ring signatures and other techniques - effectively creating a smokescreen around who sent what - zk-SNARKs fundamentally changes the way data is shared. The privacy of Zcash is derived from the fact that transactions in the network can remain encrypted but still be verified as valid by using zero-knowledge proofs. So those that are enforcing consensus rules don’t need to know all of the data underlying each transaction. It’s worth mentioning that privacy features in Zcash are not active by default, but are rather optional and dependent on manual setup.
Zero-knowledge proofs allow one individual to prove to another that a statement is true, without disclosing any information beyond the validity of the statement. The parties involved are commonly referred to as a prover and a verifier, and the statement they hold in secret is called a witness. The main objective of these proofs is to reveal as little data as possible between the two parties. In other terms, one can use zero-knowledge proofs to prove that they have certain knowledge without revealing any information about the knowledge itself.
Within the SNARK acronym, “succinct” means that these proofs are smaller in size and can be quickly verified. “Non-interactive” means that there is little to no interaction between the prover and the verifier. Older versions of zero-knowledge protocols usually require the prover and verifier to communicate back and forth, and therefore, are considered “Interactive” zk proofs. But in “non-interactive” constructions, provers and verifiers only have to exchange one proof.
Currently, zk-SNARK proofs are dependent on an initial trusted setup between a prover and verifier, meaning that a set of public parameters is required to construct zero-knowledge proofs and, thus, private transactions. These parameters are almost like the rules of the game, they are encoded into the protocol and are one of the necessary factors in proving a transaction was valid. However, this creates a potential centralization issue because the parameters are often formulated by a very small group.
While an initial trusted setup is fundamental to today’s zk-SNARK implementations, researchers are working to find other alternatives as a way to reduce the amount of trust required in the process. The initial setup phase is important in preventing counterfeit spending because if someone had access to the randomness that generated the parameters, they could create false proofs that seemed valid to the verifier. In Zcash, the initial setup phase is known as the Parameter Generation Ceremony.
Moving onto the “Arguments of Knowledge” piece of the acronym. zk-SNARKs are considered computationally sound, meaning that a dishonest prover has a very low chance of successfully cheating the system without actually having the knowledge (or witness) to support their statement. This property is known as soundness and assumes that the prover has limited computing power.
Theoretically, a prover with enough computational power could create fake proofs, and this is one of the reasons quantum computers are considered by many as a threat to zk-SNARKs (and blockchainsystems).
Zero-knowledge proofs are quickly verifiable and usually take up much less data than a standard Bitcoin transaction. This opens up a pathway for zk-SNARK technology to be used as both a privacy and a scalability solution.
zk-STARKs
zk-STARKs were created by Eli-Ben Sasson, a professor at the Technion-Israel Institute of Technology. As an alternative version of zk-SNARK proofs, zk-STARKs are, generally, considered a more efficient variant of the technology - potentially faster and cheaper depending on the implementation. But more importantly, zk-STARKs do not require an initial trusted setup (hence, the “T” for transparent).
Technically speaking, zk-STARKs do no require an initial trusted setup because they rely on leaner cryptographythrough collision-resistant hash functions. This approach also eliminates the number-theoretic assumptions of zk-SNARKs that are computationally expensive and theoretically prone to attack by quantum computers.
In other terms, zk-STARK proofs present a simpler structure in terms of cryptographic assumptions. However, this novel technology comes with at least one major disadvantage: the size of the proofs is bigger when compared to zk-SNARKs. Such a difference in data size may present limitations depending on the context of use, but it is probably something that can be figured out as the technology is further tested and investigated.
Closing thoughts
It is clear that both zk-SNARKS and zk-STARKs appeal to the growing concern in regards to privacy. Within the cryptocurrency world, these protocols have great potential and may be a groundbreaking avenue towards mainstream adoption. Hope you can get a further understanding about how to explain zero-knowledge protocols to your children after reading this article.
