Zero-Knowledge Proofs
STARKs vs SNARKs
A ground-up guide🧵
STARKs vs SNARKs
A ground-up guide🧵
STARKs and SNARKs are two genius technologies that use different approaches to achieve the same objective:
Zero-Knowledge Proofs
zk proofs enable one party to prove to another party that they know something without revealing the information itself
Zero-Knowledge Proofs
zk proofs enable one party to prove to another party that they know something without revealing the information itself
A SNARK is a:
'Succinct Non-interactive Argument of Knowledge'
while a STARK is a:
'Scalable Transparent Argument of Knowledge'
These two threads summarize how they work:
'Succinct Non-interactive Argument of Knowledge'
while a STARK is a:
'Scalable Transparent Argument of Knowledge'
These two threads summarize how they work:
While both systems help achieve the same objective and have similar-sounding names, the mechanics behind each of them are quite different
Let's take a look at a few significant differences:
Let's take a look at a few significant differences:
1. Trusted Setup
SNARKs rely on a trusted party to initially create secret keys that are used for generating proofs
If the secrets used to create these keys are not destroyed, they could be utilized to forge fake transactions
SNARKs rely on a trusted party to initially create secret keys that are used for generating proofs
If the secrets used to create these keys are not destroyed, they could be utilized to forge fake transactions
STARKs on the other hand require no trusted setup and rely solely on the randomness of hash functions (Merkle trees) to create secret keys
This property itself is a major advancement over SNARKs and allows zkSTARKs to create verifiable trust
This property itself is a major advancement over SNARKs and allows zkSTARKs to create verifiable trust
2. Scalability
STARKs *generally* exhibit much higher scalability than SNARKs
Let's explore 4 different aspects of scalability for both systems:
STARKs *generally* exhibit much higher scalability than SNARKs
Let's explore 4 different aspects of scalability for both systems:
i) Communication Complexity
It is defined as the amount of communication needed to solve a problem distributed among two or more parties
In the setup phase, as the size of the computation grows, so does the communication complexity of SNARKs in a linear fashion
It is defined as the amount of communication needed to solve a problem distributed among two or more parties
In the setup phase, as the size of the computation grows, so does the communication complexity of SNARKs in a linear fashion
For STARKs, it grows only slightly as computation size grows
This is a large advantage of STARKs vs. SNARKs when it comes to the one-time setup
This is a large advantage of STARKs vs. SNARKs when it comes to the one-time setup
However, after the setup phase is complete, SNARKs currently have LESS communication complexity than STARKs when verifying proofs
(all chart credits in this thread: @AdamLuciano )
(all chart credits in this thread: @AdamLuciano )
ii) Prover complexity
STARKs are ~10x faster than SNARKs as computation size increases
STARKs are ~10x faster than SNARKs as computation size increases
iii) Verifier Complexity
As computation size grows, STARKs grow only slightly vs. SNARKS, which tend to grow in a linear fashion
After the setup phase, SNARKs need less time to verify proofs than STARKs, e.g. STARKs may take 50–100ms to verify, while SNARKs need ~10ms
As computation size grows, STARKs grow only slightly vs. SNARKS, which tend to grow in a linear fashion
After the setup phase, SNARKs need less time to verify proofs than STARKs, e.g. STARKs may take 50–100ms to verify, while SNARKs need ~10ms
iv) Proof size
STARKs are larger than SNARKs, which also means they cost more to verify on Ethereum since bigger proof = more computation = higher gas fees
Is the higher proof size worth it?
Depends on the use case:
STARKs are larger than SNARKs, which also means they cost more to verify on Ethereum since bigger proof = more computation = higher gas fees
Is the higher proof size worth it?
Depends on the use case:
3. Quantum Security
SNARKs use Elliptic Curve Cryptography (ECC), which is not quantum-safe
Advancements in quantum computing could leave SNARK-based systems open to attack
SNARKs use Elliptic Curve Cryptography (ECC), which is not quantum-safe
Advancements in quantum computing could leave SNARK-based systems open to attack
More likely, they’ll just need to be updated at some point in the near future
STARKs on the other hand, are not vulnerable since they rely on hash functions for their encryption schemes
STARKs on the other hand, are not vulnerable since they rely on hash functions for their encryption schemes
This table summarizes all of the above:
4. Ecosystems and Projects
Many more projects are using SNARKs than STARKs since SNARKs have been around for longer
SNARK Projects: @zksync, @loopringorg, @0xPolygonHermez, @ZKSpaceOfficial
STARK Projects: @StarkNetEco, @dYdX, @0xPolygonMiden
Many more projects are using SNARKs than STARKs since SNARKs have been around for longer
SNARK Projects: @zksync, @loopringorg, @0xPolygonHermez, @ZKSpaceOfficial
STARK Projects: @StarkNetEco, @dYdX, @0xPolygonMiden
zkProofs have gone from privacy-protecting technologies to becoming the next frontier of scaling technology
It’s safe to assume both SNARKs and STARKs will feature heavily in the drive to scale Ethereum
It’s safe to assume both SNARKs and STARKs will feature heavily in the drive to scale Ethereum
Hope you enjoyed reading this
If you find zk proofs fascinating too, Like/Retweet the first tweet (linked below)
Follow me @ShivanshuMadan for more such learning & alpha!
If you find zk proofs fascinating too, Like/Retweet the first tweet (linked below)
Follow me @ShivanshuMadan for more such learning & alpha!
Loading suggestions...