What is zero-knowledge-proof (ZKP) technology and how does it work?

ZKPs are cryptographic protocols that, as their name implies, prevent eavesdroppers from accessing data or violating privacy throughout the process.

A zero-knowledge proof (ZKP) is a cryptographic approach that allows one person (the prover) to verify a claim made by another without the prover disclosing any supporting information. You might wonder who invented ZKPs? In the 1980s, Shafi Goldwasser, Silvio Micali and Charles Rackoff of MIT proposed the idea of "zero knowledge technologies."

A demonstration of zero knowledge must meet the following three requirements:

  • Completeness/Irrefutability: If the claim is genuine, an honest prover will be persuaded of its integrity by an equally honest verifier (i.e., one correctly following the protocol).
  • Soundness: If the claim is untrue, there is only a slim chance that the dishonest prover can persuade the honest verifier that it is. 
  • Zero-Knowledge: If the claim is accurate, the only thing the verifier knows is that the claim is valid.

Before we look at how zero-knowledge proofs work, let's understand the two types. First are the interactive zero-knowledge proofs, which include repeated interactions between the prover and the verifier. The prover is "challenged" by the verifier to repeatedly demonstrate their knowledge of a fact. The process is repeated until the verifier is confident that the prover is truthful. On the other hand, non-interactive proofs are the antithesis of this process. They demand that the two parties exchange a single transaction that verifies the prover's veracity just once.

The real-world implementations of ZKPs make use of several cryptographic techniques like Schnorr Non-Interactive Zero Knowledge (NIZK) proof to make it possible to verify a computational statement. The Schnorr NIZK proof enables one to demonstrate familiarity with a discrete logarithm without disclosing its value. Many cryptographic protocols can benefit from using it as a valuable building component to ensure that participants honestly adhere to the protocol’s specifications.

For instance, a payment recipient can use ZKP techniques to confirm that the payer has a sufficient balance in their bank account without learning anything further about the payer's balance. Therefore, by using ZKPs, the privacy and security of users' information can be ensured.

Are you curious about whether Bitcoin uses zero-knowledge proofs? The simple answer is that the underlying cryptographic algorithm used by Bitcoin (BTC) is called an Elliptic Curve Digital Signature Algorithm (ECDSA) and does not rely on zero-knowledge methods to ensure increased levels of privacy and security. Digital signatures are most frequently used to sign transactions and send BTC, and ECDSA enables the use of a private key to sign any communication.

What are zk-SNARKs and how do they work?

The necessity of a trusted setup is one of the zk-SNARKs' key characteristics. It also requires the creation of cryptographic keys, which serve as the evidence necessary for verification and carrying out confidential transactions.

But what does zk-SNARK stand for? The term "Zero-Knowledge Succinct Non-Interactive Argument of Knowledge," or "zk-SNARK," refers to a proof architecture where one can demonstrate ownership of specific knowledge, such as a secret key, without disclosing that knowledge and without interacting with either the prover or the verifier. 

Most cryptocurrencies use a network check to ensure that specific requirements have been met before validating a transaction. The requirements are to verify that the sender has the funds available and that they have supplied the correct private key to prove that the money is theirs.

The transaction's sender can demonstrate all this using zk-SNARKs without disclosing any addresses or transaction amounts. For example, the blockchain network uses zk-SNARKs to encode a part of its consensus rules to offer this functionality. 

The information that needs to be proven is transformed into equations by zk-SNARKs during the transaction procedure. Without revealing the actual data, these equations can be assessed and solved. So, which coins use zk-SNARKs?

Zcash was applied zk-SNARKs for the first time to demonstrate that a transaction's requirements can be met without disclosing any significant details about the addresses or values involved. Even though zk-SNARKs don't have any apparent flaws, someone with the private key needed to set up the protocol could fabricate evidence and create fake money. Therefore, Zk-SNARK-based privacy coins must ensure that no single party has access to the private key.

What are zk-STARKs and how do they work?

zk-STARKs are one of the two transparent and scalable privacy-enhancing methods. The public availability of the randomness utilized by the verifier negates the need for a trusted setup.

But, what does zk-STARK stand for? zk-STARK stands for Zero-Knowledge Scalable Transparent Argument of Knowledge, which is a type of cryptographic proof technology. zk-STARKs, also known as zero-knowledge proofs, allow users to communicate validated data or execute computations with a third party without the data or analysis being revealed to the other party.

zk-SNARKs, which were used to build zk-proof systems before the development of zk-STARKs, solved the vulnerability of those trusted parties jeopardizing the system's privacy because they had to set up the zk-proof system initially. zk-STARKs advance this technology by distancing away from the requirement for a reliable setup.

Moreover, the scalability and privacy issues with permissionless blockchains are improved with STARKs. The present zk-STARK research being conducted by STARK technology pioneer StarkWare Industries is primarily concerned with scalability, with privacy coming later.

By enabling developers to relocate computations and storage off-chain, STARKs increase scalability. STARK proofs that verify the accuracy of off-chain computations can be produced by off-chain services. After that, these proofs are re-posted on the chain so that anyone with interest can verify the computation.

In addition, STARKs enable existing blockchain infrastructure to scale exponentially without compromising computational integrity by off-chaining the majority of computing effort. So, which coins use zk-STARKs?

Layer-2 solutions compute thousands of transactions in a single batch using STARKs, and then use a single STARK proof to confirm their validity on-chain. All of the transactions in the batch share the cost of the on-chain operation, offering a low gas cost for each transaction. Starkware is implementing Zero-Knowledge Scalable Transparent Argument of Knowledge in many blockchains, including the Ethereum blockchain.

zk-STARKs vs. zk-SNARKs: Main differences

Both zk-STARKS and zk-SNARKs are types of non-interactive ZKPs. However, they are different from various perspectives, as discussed in the table below:

Based on the above discussion, are STARKs better than SNARKs? zk-STARKs are clearly portrayed favorably in the comparison with zk-SNARKs. Compared to zk-SNARKs, they provide more scalability, transparency and security for the blockchains. However, it is crucial to remember that ZK-STARKs have a larger proof size and take longer to verify.

As a result, zk-SNARKs would have much more support than zk-STARKs if a developer started employing zero-knowledge technologies. Additionally, zk-SNARKs are anticipated to use only 24% of the gas, suggesting that employing zk-SNARKs for transactions would be substantially less expensive for the end user. Also, zk-STARKs are still in the initial phase and have a long time to prove their efficiency to developers and other stakeholders in the blockchain ecosystem.