New to blockchain software development? Read my beginners guide here

Blockchain engineer guide to Zero Knowledge proofs, ZK-SNARKs and ZK-STARKs

Created on August 2022 • Tags: zero-knowledgeguides

A guide to zero knowledge proofs on the blockchain


Table of Contents for Blockchain engineer guide to Zero Knowledge proofs, ZK-SNARKs and ZK-STARKs


Introduction to Zero Knowledge proofs

Zero Knowledge Proofs (ZKP) are becoming more popular recently in the blockchain world. They provide a way to give anonymity in transactions on the blockchain.

They are proofs that allow someone (the prover) to prove to someone else (the verifier) that a statement is true, but without revealing any other information.

For example, if you had a hash of a random number, the proof could prove that there is a valid number that exists with that hash value - without revealing what that number is (this example is taken from https://z.cash/technology/zksnarks).

Zero Knowledge Proofs were first discovered in the 1980s, but have only recently become much more popular and worked on due to their application in the blockchain world. They allow a public ledger on blockchains to contain information that can be verified to be true, while keeping the details of that information secret.

Properties of zero knowledge proofs

A ZKP is defined by having these three key attributes:

Completeness (also known as ‘trueness’)

If the statement is true, a verifier will be fully convinced that the statement provided by the prover is in fact true. It also can do this without additional information from the prover.

Soundness (also known as ‘confirmed’)

If the statement is false, no one else could convince the verifier that it is true.

Zero-knowledge

The verifier finds out that the statement is true, but without any additional information. It can verify the statement is true, but not the secret. In other words: the verifier finds out no other information.

For example, you could use a ZKP to verify that someone’s age, without finding out the rest of their information.

Types of Zero Knowledge Proofs

There are a few ways to categorise zero knowledge proofs. The biggest difference is interactive vs non interactive.

Interactive zero knowledge proofs

  • requires that the prover does a sequence of actions to prove to the verifier that they know the true fact.
  • this acts in a way that the verifier asks the prover to prove they know the fact. The verifier will keep challenging the prover, until it can be sure (based on mathmatical probability) that the prover really is speaking the truth

Non interactive zero knowledge proofs

  • unlike interactive ZKPs, the prover provides a proof only once. This proof is much more computationally difficult for the prover to generate (takes more time). But the non interactive ones can be generated once, unlike the interactive proofs which require a lot of requests/responses between the verifier and prover.

What are zk-SNARKs?

ZK-SNARKs are a type of non interactive zero knowledge proof.

ZK-SNARK is an acronym that stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”.

It was first discovered in 2012 by Alessandro Chiesa.

It is a cryptographic proof, based on a complex quadratic equation/elliptic curves which involves public and private data.

Once the SNARK is created, the verifier can use it to verify some data. ZCash is a popular blockchain that uses ZK SNARKs

What are zk-STARKs

ZK-STARKs stands for “Zero-Knowledge Scalable Transparent Arguments of Knowledge”.

They were discovered by Iddo Bentov, Eli Ben-Sasson, Yinon Horeshy, and Michael Riabzev who first puhblished about them in 2018.

One of the main advantages of zk-STARKs is that there is no need for an initial trust setup (no need to generate the initial secret keys).

ZK-STARKs require much bigger proofs than SNARKs. This has the disadvantage that it takes more computation to confirm STARKs than SNARKs, which on blockchains means more gas.

Blockchains and crypto currencies using ZKPs

  • zcash (uses zk-SNARKs) to confirm transactions without revealing where the transaction came from (the source) or how much balance remains from the sender (source), or the identity of the recipient.

  • loopring

  • mina

  • celo

  • zkrollups. There are some L2 rollups that use ZKPs to compress and store user state on the L1. A zkSNARK can be provided that can be used to verify the off-chain data is correct.

You can find a list of them here.

Futher reading

This post is incomplete and a work-in-progress
I'll update it soon and flesh it out with more info!

Spotted a typo or have a suggestion to make this crypto dev article better? Please let me know!

See all posts (70+ more)

See all posts (70+ more)

Was this post helpful? 📧

If you liked this content and want to receive emails about future posts like this, enter your email. I'll never spam you.

Or follow me on @CryptoGuide_Dev on twitter

By using this site, you agree that you have read and understand its Privacy Policy and Terms of Use.
Use any information on this site at your own risk, I take no responsibility for the accuracy of safety of the information on this site.