zk-SNARKs vs. zk-STARKs: A Beginner's Guide
Blockchain technology is built on the premise of radical transparency. On public networks like Bitcoin and Ethereum, every transaction is recorded on the distributed ledger, visible to anyone with an internet connection. While this transparency builds trust among users, it creates a significant privacy paradox. Most individuals and businesses do not want their medical records, supply chain contracts, or full salary history exposed to the entire world.
This tension between the need for public verification and private data has driven the rapid adoption of zero-knowledge proofs (ZKPs). This cryptographic technology allows blockchains to remain public and secure while keeping sensitive user data confidential. Furthermore, ZKPs have become the backbone of multiple Layer 2 scaling solutions, enabling networks to process thousands of transactions per second on L2 chains.
In this article, we'll explore the concept of zero-knowledge proofs, explain how they work, and provide a detailed comparison between the two leading technologies in the sector: zk-SNARKs vs. zk-STARKs. Let's get started!
Zero-Knowledge Proofs 101: What Are ZKPs and How Do They Work?
A zero-knowledge proof is a cryptographic method that allows one party, known as the prover, to prove to another party, the verifier, that a statement is true without revealing any of the underlying information—the witness—that makes it true.
To understand this concept, imagine a login system. Typically, when you log into a website, you type your password, sending it to the server to check against a database. In a zero-knowledge scenario, you could mathematically prove to the server that you know the password without ever actually sending the password itself. The server verifies the proof and grants you access, but it never sees your secret credentials.
For a cryptographic protocol to be considered a zero-knowledge proof, it must satisfy three core properties:
Completeness: If the statement is true, an honest verifier will be convinced by an honest prover.
Soundness: If the statement is false, a dishonest prover cannot convince the verifier that it is true, except with a negligible probability.
Zero-Knowledge: If the statement is true, the verifier learns nothing else aside from the fact that the statement is true.
While there are various types of ZKPs, the crypto industry has largely coalesced around two specific implementations: zk-SNARKs and zk-STARKs.
What Are zk-SNARKs?
The term zk-SNARK stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. The concept was first coined in a 2012 paper co-authored by Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer, and gained mainstream attention when it was implemented in the Zcash privacy coin.
Technologically, zk-SNARKs rely on elliptic curve cryptography to generate proofs. Their defining feature is that they are "succinct," meaning the resulting proof is incredibly small in data size. This compactness offers significant advantages: validators can check the proofs in milliseconds, and because they occupy minimal space on the blockchain, the gas costs for verifying SNARKs on Ethereum are generally lower than for other methods. This efficiency makes them highly attractive for networks where storage space and processing power are limited.
However, this efficiency comes with notable trade-offs. The primary drawback is the requirement for a trusted setup. Before the system can launch, a set of cryptographic keys must be created, generating secret data known as toxic waste. If the participants in this ceremony do not destroy this data, a dishonest actor could potentially use it to forge false proofs and print unlimited tokens undetected. Furthermore, the elliptic curve cryptography behind SNARKs is not quantum-resistant, leaving them vulnerable to potential future attacks from quantum computers.
Despite these risks, zk-SNARKs are widely used across the industry today. They power privacy coins like Zcash and are the foundation for major scaling solutions and protocols such as Loopring, zkSync, Aztec, and Aleo.
What Are zk-STARKs?
zk-STARK stands for Zero-Knowledge Scalable Transparent Argument of Knowledge. They were introduced in a 2018 paper by Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev specifically to address the limitations inherent in SNARKs.
Unlike their predecessors, STARKs do not rely on elliptic curves but instead utilise collision-resistant hash functions. This architecture provides distinct advantages, most notably transparency.
zk-STARKs are trustless and do not require a trusted setup, meaning there is no toxic waste to destroy and no risk of a backdoor being created during a setup ceremony. Additionally, the reliance on hash functions makes STARKs quantum-resistant, securing them against future computing threats. They also excel at scalability; their verification speed scales quasilinearly, meaning they become increasingly efficient relative to SNARKs as the complexity of the dataset increases.
These robust features, however, come at a cost. The resulting proofs are significantly larger—often hundreds of times bigger than SNARK proofs. Consequently, they incur higher gas fees when verifying on Layer 1 networks like Ethereum. Furthermore, as a newer technology, the developer ecosystem and library of tools are still expanding to catch up with the head start SNARKs possess.
Nevertheless, the technology is rapidly gaining traction and currently serves as the engine behind massive scaling projects, including StarkNet, the decentralised exchange dYdX, and Polygon Miden.
zk-SNARKs vs. zk-STARKs: The Ultimate Zero-Knowledge Proof Comparison
When developers choose between these two zero-knowledge technologies, it often comes down to a specific trade-off: efficiency vs. security. zk-SNARKs are currently favoured for their small size and low costs, making them ideal for general-purpose use today. In contrast, users and developers prefer zk-STARKs for their long-term security guarantees and ability to scale massively without a trusted setup.
The table below outlines the key technical differences between zk-SNARKs and zk-STARKs:
| Feature | zk-SNARKs | zk-STARKs |
|---|---|---|
| Full Name | Zero-Knowledge Succinct Non-Interactive Argument of Knowledge | Zero-Knowledge Scalable Transparent Argument of Knowledge |
| Trusted Setup | Required (security risk if mishandled) | Not Required (transparent) |
| Cryptography | Elliptic curves | Hash functions |
| Quantum Resistance | No (vulnerable) | Yes (quantum-resistant) |
| Proof Size | Very small (succinct) | Large |
| Gas Cost (L1) | Low (cheaper) | High (more expensive) |
| Developer Adoption | High (older technology) | Growing (newer technology) |
The Future of Blockchain Privacy and Scalability
Zero-knowledge proofs are solving the blockchain trilemma, allowing networks to be secure, decentralised, and scalable while offering users privacy. While zk-SNARKs are currently popular due to their cost-efficiency, the quantum resistance and trustless nature of zk-STARKs make them a robust contender for the future of Web3.
Interestingly, we are beginning to see hybrid approaches emerge, where developers combine the speed of SNARKs with the security of STARKs to get the best of both worlds.
Risk Disclosure
Trading or investing in crypto assets is risky and may result in the loss of capital as the value may fluctuate. VALR (Pty) Ltd is a licensed financial services provider (FSP #53308).
Disclaimer: Views expressed in this article are the personal views of the author and should not form the basis for making investment decisions, nor be construed as a recommendation or advice to engage in investment transactions.