Over the past year, the excitement around zero-knowledge tech has blossomed, fueled mostly by what can only be described as an explosion in zero-knowledge ecosystem building. Our team, Numio, has been building around this zktech since mid-2020, and we’re excited about its potential and future, which is why we are building a Layer 2 zkRollup mobile wallet. There are various zero-knowledge technologies out there, but this wave of excitement is, in general, centered around a product known as a zkRollup (or Validity Rollup).
The “zk” in zkRollup stands for zero-knowledge, referring to a zero-knowledge proof (aka zkProof). Though a zkRollup isn’t in itself a zero-knowledge proof, as it does not utilize zkProofs to obfuscate information (like zcash for example) but as a proof of computational integrity (i.e. that all txs included in the block are valid). There are a variety of proofs that have been used for these purposes, but the main ones that are actively being built towards are zkSNARKs and zkSTARKs.
SNARKs & STARKs – A Basic Understanding
Before comparing these two technologies, it’s important to understand them individually.
First off, let’s start with zkSNARKs. SNARK stands for a “Succinct Non-interactive ARgument of Knowledge”. Succinct, when referring to a zero knowledge proof, means you can have a short hash of information that can be verified extremely quickly, even when what you are verifying is a large amount of data – this is similar to a “.zip” file. Non-interactive refers to how you don’t need to relay information back and forth between the prover and verifier to validate the information. With the first iterations of zero-knowledge protocols, you would need to communicate back and forth multiple times. Argument of knowledge is much more generalized, and basically means knowing the “inputs or outputs of a program”.
A zkSTARK is one of the more renowned types of proofs. This proof was invented by the team at StarkWare, who are one of the leading builders on top of the zkSTARK, with their two products StarkEx & StarkNet. STARK stands for “Scalable Transparent ARgument of Knowledge”. Since STARKs are focused so much around scalability, it makes sense for its acronym to refer to scalability – but it does make for a nice acronym. Transparent refers to the fact that there is no need for a trusted ceremony for the proof to be created- this is the opposite to a SNARK, where you need a group of individuals, of which you have to trust at least one party, for it to be reliable. If they are *all* unable to be trusted, then it could lead to malicious activity. Similar to a SNARK, STARKs are also non-interactive, so information is communicated right away between the prover and verifier.
Argument of Knowledge refers to the same thing as it does for SNARK.
SNARKs vs STARKs
When comparing these proofs, they obviously have similarities, but have different properties and use cases. Let’s dig into it!
zkSTARKs are known to be significantly more scalable and fast, making them more efficient for large amounts of proofs. Ironically, SNARKs are much smaller in byte size, but they are unable to scale as effectively as STARKs. This ultimately can make transactions cheaper to process for STARKs when they are eventually pushed onchain. Proofs are also able to be generated much faster with STARKs, but slower “to verify” compared to SNARKs. This downside of a STARK means that if there isn’t a significant number of proofs created (low throughput), it will result in much longer wait times for the proof to be verified to amortize the large costs. Because of some of these reasons, many teams building products focused around DeFi, payments, and gaming applications are specifically using STARKs to compute data more effectively.
One of the core use cases for a SNARK proof is around its ability for privacy preservation. A great example of a product using SNARKs is Dark Forest, which is a product built on Ethereum. The interesting thing about this is that all moves made by players in this universe are done publicly onchain, but because they use zkSNARKs, all of the movements are hidden from the other players! This allows for entirely new types of gaming applications to be created. Other use cases for SNARKs are around identity, payments, DeFi, or even the ability to provide “proof of assets”. While STARKs can be used for privacy, most of the current development around privacy is focused around building on SNARKs.
In general, zkSNARKs require a trusted setup, but it depends on the tradeoffs made with their implementation where you may not necessarily need them. STARKs don’t require this, and are also quantum secure (though the latter is not very useful for now). Although quantum security currently poses little concern, it could potentially be a significant issue in the future.
What teams are building on zkSNARKs & STARKs?
Over the last few years, the amount of development using these technologies has increased immensely. The first team to really build on zkSNARKs was Z-Cash, a privacy focused coin. Since then, other implementations have been built like Aztec Protocol, Mina Protocol, zkSync, Polygon Hermez, Loopring, Aleo, & Scroll.
The zkSTARK ecosystem is a bit smaller, but obviously much newer, as STARK proofs weren’t invented until 2018. StarkWare are currently the largest developers on the technology building StarkEx & StarkNet, however Polygon has begun building their own in-house product, known as Polygon Miden. The Matter Labs team, the group building zkSync, has stated that although it’s not necessary for now to roll new cryptography, they plan to switch cryptographic primitives in the future based on the advancement of research, adoption, and peer review of novel proof systems.
What is the future?
With some of these technologies in their infancy, we are most likely going to see a wave of innovation within zk based applications built over the next couple years. The R&D going into this field has increased significantly just over the last year, and the amount of capital deployed from an investment standpoint has grown similarly. We are already seeing new types of research going into newer types of proofs (like what Polygon Mir is working on), and we will continue to see applications built on top of them for people to utilize!
Buy, sell, trade, earn crypto with DeFi, collect NFTs, and more, while saving you up to 100x on Ethereum fees. Numio gives you more control over your digital assets in one convenient app. Numio can be used pseudonymously, or with an optional zkProof powered identity verification system. All Numio products are non-custodial.
Available on Android and iOS, Numio was the first zkRollup powered mobile payments app to be released on Google Play.