Blockchain engineer guide to Zero Knowledge proofs, ZK-SNARKs and ZK-STARKs
A guide to zero knowledge proofs on the blockchain
Table of Contents for Blockchain engineer guide to Zero Knowledge proofs, ZK-SNARKs and ZK-STARKs
Introduction to Zero Knowledge proofs
Zero Knowledge Proofs (ZKP) are becoming more popular recently in the blockchain world. They provide a way to give anonymity in transactions on the blockchain.
They are proofs that allow someone (the prover) to prove to someone else (the verifier) that a statement is true, but without revealing any other information.
For example, if you had a hash of a random number, the proof could prove that there is a valid number that exists with that hash value - without revealing what that number is (this example is taken from https://z.cash/technology/zksnarks).
Zero Knowledge Proofs were first discovered in the 1980s, but have only recently become much more popular and worked on due to their application in the blockchain world. They allow a public ledger on blockchains to contain information that can be verified to be true, while keeping the details of that information secret.
Properties of zero knowledge proofs
A ZKP is defined by having these three key attributes:
Completeness (also known as ‘trueness’)
If the statement is true, a verifier will be fully convinced that the statement provided by the prover is in fact true. It also can do this without additional information from the prover.
Soundness (also known as ‘confirmed’)
If the statement is false, no one else could convince the verifier that it is true.
The verifier finds out that the statement is true, but without any additional information. It can verify the statement is true, but not the secret. In other words: the verifier finds out no other information.
For example, you could use a ZKP to verify that someone’s age, without finding out the rest of their information.
Types of Zero Knowledge Proofs
There are a few ways to categorise zero knowledge proofs. The biggest difference is interactive vs non interactive.
Interactive zero knowledge proofs
- requires that the prover does a sequence of actions to prove to the verifier that they know the true fact.
- this acts in a way that the verifier asks the prover to prove they know the fact. The verifier will keep challenging the prover, until it can be sure (based on mathmatical probability) that the prover really is speaking the truth
Non interactive zero knowledge proofs
- unlike interactive ZKPs, the prover provides a proof only once. This proof is much more computationally difficult for the prover to generate (takes more time). But the non interactive ones can be generated once, unlike the interactive proofs which require a lot of requests/responses between the verifier and prover.
What are zk-SNARKs?
ZK-SNARKs are a type of non interactive zero knowledge proof.
ZK-SNARK is an acronym that stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”.
It was first discovered in 2012 by Alessandro Chiesa.
It is a cryptographic proof, based on a complex quadratic equation/elliptic curves which involves public and private data.
Once the SNARK is created, the verifier can use it to verify some data. ZCash is a popular blockchain that uses ZK SNARKs
What are zk-STARKs
ZK-STARKs stands for “Zero-Knowledge Scalable Transparent Arguments of Knowledge”.
They were discovered by Iddo Bentov, Eli Ben-Sasson, Yinon Horeshy, and Michael Riabzev who first puhblished about them in 2018.
One of the main advantages of zk-STARKs is that there is no need for an initial trust setup (no need to generate the initial secret keys).
ZK-STARKs require much bigger proofs than SNARKs. This has the disadvantage that it takes more computation to confirm STARKs than SNARKs, which on blockchains means more gas.
Blockchains and crypto currencies using ZKPs
zcash (uses zk-SNARKs) to confirm transactions without revealing where the transaction came from (the source) or how much balance remains from the sender (source), or the identity of the recipient.
zkrollups. There are some L2 rollups that use ZKPs to compress and store user state on the L1. A zkSNARK can be provided that can be used to verify the off-chain data is correct.
You can find a list of them here.
This post is incomplete and a work-in-progress
I'll update it soon and flesh it out with more info!
Spotted a typo or have a suggestion to make this crypto dev article better? Please let me know!
📙 Solidity Auditing online quiz
Learn how to audit smart contracts by looking at some example code and trying to find the bugs
⛽ Solidity Gas Optimizations Guide
How to optimize and reduce gas usage in your smart contracts in Solidity
🧪 Guide to testing with Foundry
Guide to adding testing for your Solidity contracts, using the Foundry and Forge tools
📌 Guide to UTXO
UTXO and the UTXO set (used by blockchains such as Bitcoin) explained
📐 Solidity Assembly Guide
Introduction guide to using assembly in your Solidity smart contracts
📦 Ethereum EOF format explained
Information explaining what the upcoming Ethereum EOF format is all about