Understanding the Difference Between zk-SNARKs and zk-STARKS

SNARKs and STARKs are zero-knowledge proof technologies that allow one party to prove to another that a statement is true without revealing any further information.

Zero-knowledge proofs (ZKPs) have been garnering a lot of attention across an array of use cases for their transformative potential for enhancing security, protecting user privacy, and supporting scaling with layer-2 networks.

ZKPs enable one party to prove to another party that a statement is true without revealing any additional information. ZKPs are both beneficial for increasing privacy—since they reduce the amount of information shared between parties—and scalability, since they allow proofs to be verified at a faster rate than if the entire data set would have to be verified.

Two prominent zero-knowledge proof systems are SNARKs and STARKs. In this article, we’ll dive into what they are, how they work, and their key differences.

What Is a SNARK?

zk-SNARK stands for Zero-Knowledge Succinct Non-interactive Argument of Knowledge—they were introduced in a 2012 paper co-authored by Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. SNARKs provide the ability for one party to prove to another that they know a secret without revealing the secret itself.

zk-SNARKs can be added to distributed ledger solutions as a zero-knowledge proof protocol to enhance privacy and scalability. Zcash was the first widespread application of zk-SNARKs, applying the technology to create shielded transactions in which the sender, recipient, and amount are kept private. Shielded transactions in Zcash can be fully encrypted on the blockchain yet still be verified as valid under the network’s consensus rules by using zk-SNARKs.

An important property of some SNARKs is their reliance on a trusted setup ceremony—an event where the keys that are used to create the proofs required for private transactions and the verification of those proofs are created. If the secrets used to create the keys during the event are not destroyed, they could be utilized to create false proofs. This would give participants the ability to forge transactions or mint new tokens out of thin air in the case of a cryptocurrency. Because of the inherent privacy features of SNARKs, there would be no way to verify that the forged proofs were indeed forged. 

The security level of a SNARK is measured by the amount of work that must be done to find a convincing proof of a false statement. In other words, a SNARK is secure if it is computationally infeasible to produce a convincing proof of a false statement. For SNARKs that require a trusted setup to be considered secure, at least one participant in the ceremony has to have produced and then discarded a trapdoor that, if combined with the other trapdoors, would make it possible to compromise the security of the SNARK. As such, trusted setups are commonly run with many participants to render the possibility of this occurrence low enough.

While the trusted setup is only required initially and only for some SNARKs, users of a SNARK-based network must trust that the ceremony was performed correctly and that the secrets were destroyed and are not being held by the participants of the creation event. The reliance on such a ceremony has been an area of criticism for some SNARKs as a potential security Achilles heel. 

Another limitation of some SNARKs is that they are not considered to be quantum-resistant. Proponents of SNARKs argue that if quantum computers start posing a threat to SNARKs, larger issues will be at hand in the world of cryptography. In addition, some SNARKs could potentially be upgraded in the future to become quantum-resistant.

What Is a STARK?

zk-STARK stands for Zero-Knowledge Scalable Transparent Argument of Knowledge and is a zero-knowledge proof system that was introduced as an alternative to SNARKs in a 2018 paper by Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. As stated in the paper, STARKs (and, more broadly, ZKPs) can serve an important benefit for society:

“Human dignity demands that personal information, like medical and forensic data, be hidden from the public. But veils of secrecy designed to preserve privacy may also be abused to cover up lies and deceit by institutions entrusted with data, unjustly harming citizens and eroding trust in central institutions. Zero-knowledge (ZK) proof systems are an ingenious cryptographic solution to this tension between the ideals of personal privacy and institutional integrity, enforcing the latter in a way that does not compromise the former.”

STARKs underpin StarkWare’s scalability technology. By enabling developers to take storage and computation off-chain, STARKs increase scalability, as STARK proofs that verify the accuracy of off-chain computations can be produced by off-chain services and then posted on-chain. 

STARKs allow blockchains to move computations to a single off-chain STARK prover and then verify the integrity of those computations using an on-chain STARK verifier. Layer-2 networks can unlock scalability benefits by computing a large number of transactions in a single batch using STARKs and then using a single STARK proof to confirm the transactions’ validity on-chain. All of the transactions in the batch share the cost of the on-chain operation, offering a low gas cost for each individual transaction on the layer-2 network.

Importantly, as the randomness utilized by the verifier is publicly available, and the proof can be verified without relying on any external parameters, STARKs do not have the requirement of a trusted setup ceremony.

Comparison of SNARKs and STARKs

Both SNARKs and STARKs have their advantages, and the choice between the two depends on the specific use case requirements of the user. It’s also important to note that both SNARKs and STARKs are cutting-edge zero-knowledge proof technologies actively being researched, so comparing them may depend on ongoing advancements and discoveries in the field. 

SNARKs are considered more efficient and faster by their proponents, as they can be verified in a matter of milliseconds. However, this efficiency comes at a cost, as some SNARKs rely on a potential security weak link—the trusted setup ceremony. This means that the initial parameters used in the proof must be generated in a secure environment, and any compromise of the parameters can result in a breach of security.

STARKs can offer enhanced security through the non-requirement of a trusted setup but can take longer to verify and can therefore be considered less efficient as a result. STARKs have larger proof sizes than SNARKs, which means that verifying STARKs may take more time and be more gas-intensive than SNARKs. On the other hand, as the proof for STARKs can be verified without relying on any external parameters, STARKs can be easier to audit than SNARKs, though this may depend on the individual implementation. Unlike most SNARKs, STARKs rely on hash functions which are considered to be quantum-resistant.

There are several reasons why SNARKs have initially been more widely adopted than STARKs, despite some of them having the potential security drawbacks associated with the trusted setup ceremony. SNARKs were developed six years ahead of STARKs, which helped give them a head start in terms of adoption.

Achieving Exponential Scalability With Zero-Knowledge Proofs

Zero-knowledge proofs are a foundational technology for the blockchain ecosystem that help unlock orders of magnitude more scalability while helping to preserve the privacy of individuals and the integrity of institutions. zk-SNARKS and zk-STARKS are at the forefront of this revolution, and they are both helping to unlock a wide range of use cases for public blockchain networks that were previously inaccessible, incentivizing innovation and helping create a more efficient global economy.

If you are a developer and want to integrate Chainlink trust-minimized services, check out our documentation, ask a question in Discord, or set up a call with an expert.