ZK SNARK & ZK STARK: Privacy-Enabling Protocols for the Future of Blockchain and Crypto

Posted by: ico-check
Review
July 10, 2018
Blockchain Privacy Protocols ZK-SNARK & ZK-STARK
One of blockchain’s core principles is the immutability of data stored on a public ledger. This immutability is derived from validation of data & transactions by nodes and the subsequent consensus when blocks containing the data are published on the blockchain. Publicly viewable data stored on the blockchain enables greater transparency of transactions, ensures that anyone can audit the blockchain and that no double spending has occurred. 

This publicly auditable or viewable data is great for transparency, especially for organizations or processes that involve a public trust. One of the drawbacks of blockchain however, is the loss of privacy, for it being a public ledger. All data is accessible to anyone who can view the blockchain.

One of the issues that blockchain and crypto will be facing in the future is integrating privacy into the public ledger. As blockchain seeks to move into more fields, such as data storage and identity verification, the privacy of data will be an important issue. 

Employing Zero Knowledge Proof enables users of blockchain to be selective about data they share publicly, but at the same time keeps the core principle of blockchain’s publicly verifiable and consensus approved blocks intact.  


What is Zero Knowledge Proof?

Zero Knowledge Proof refers to the proving of knowledge, ownership, or correctness to a verifier without revealing private, confidential or non disclosable info to the verifier. We will be focusing on two protocols, namely ZK SNARK and ZK STARK that are used to achieve Zero Knowledge Proof and that can be easily applied to blockchain and crypto in general. These two privacy protocols could be game changing because they open up a whole new world of possibilities for blockchain and crypto.

First off, let's start by discussing what these two protocols aim to achieve: Zero Knowledge Proof.

Zero Knowledge Proofs allow a Verifier to check that a Prover holds or has certain knowledge or access to something without having the verifier to witness or view the information or process. Zero Knowledge Proof as applied can be compared to somebody (a Prover) proving his claim that he knows how to cook KFC chicken and as proof he cooks a perfect example of KFC chicken which you (the Verifier) can verify by taste but the secret recipe isn't revealed to you.

Zero Knowledge Proofs allow private information to be kept private but at the same time allow outside verification of private information by interested parties which in the case of blockchain are nodes, miners or permissioned viewers of your data.

Zero Knowledge Proofs can also reduce computing and communication time spent verifying the completeness of data because there is no need to transmit the whole dataset for verification by an outside party.


Zero Knowledge Proof: A Scenario as Applied to Cryptocurrency Wallets:

ZK SNARKs and ZK STARKs are somewhat complicated and in-depth discussion of each one’s mechanism is outside this article’s scope. If you’d like a more in-depth, math-heavy explanation, you can check out Vitalik Buterin’s articles on ZK-SNARK and ZK-STARK.

To illustrate usage of Zero Knowledge proof, lets devise a scenario comparing wallets and amounts stored within the context of the old centralized way, blockchain and crypto, and with Zero Knowledge Proofs applied.


Old Centralized way:

Imagine you are walking down the street, wallet in pocket. Your wallet conceals the fact that you have a certain amount of currency stored in it. This concealment makes you blend in much easier with the crowd and provides some sort of protection against would-be-thieves who would want to target high value individuals so as to maximize the result of their actions. 

As proof of ownership, you have your ID with your name and picture inside your wallet. So, if say you passed through a checkpoint and the police asked if you own your wallet and the currency contained inside it and you agree to show proof of ownership, the police can determine that you indeed own the wallet. Showing false proof or counterfeit money stored in your wallet elicits a response from the central authority and you get penalized, otherwise things go on as normal.

Of course showing your ID or proof of ownership entails some risks since if the person asking has some malicious intent you could be in jeopardy. Moreover, thieves could employ surveillance techniques to get a glimpse of your ID whilst you are showing it to a trusted centralized authority (in this case the police). A forged copy of your ID can be made and used to access or prove ownership of your wallet. This scenario presents what is standard in today’s centralized internet and our trust on centralized entities to check for correctness.


Decentralized with Blockchain & Crypto:

Blockchain and crypto improve on privacy by applying a certain level of anonymity as there is no need for your personal ID to be tied to a wallet. This is akin to putting on a facemask with a unique serial number matching the one on your wallet. This serial number is your wallet address that determines the “location” of your wallet and all coins or tokens assigned to it. A private key is part of this system which is used to unlock your wallet and manipulate the contents stored within. 

In blockchain, your wallet and its contents are visible to your peers and so even though your personal ID might be separate from your wallet, all transactions and holdings in your wallet are visible to the public.

Blockchain disposes of a centralized authority and instead relies on our peers to act as witnesses and verifiers. In this case people walking down the street can witness and verify any transactions performed by your wallet. This is roughly how consensus in a decentralized system is achieved. 

But even this level of anonymity does not preclude advanced surveillance techniques from eventually tracking down the owner of the wallet by diligently following the trail of funds and movements of the wallet with data sent from your computer. Furthermore, blockchain does not enable privacy in the context of obscuring the content of smart contracts or the contents of your wallet.

The drawback is that your wallet, its contents, and any transactions are publicly visible which thieves or malicious actors can use to follow you to your home. Making the targeting of high value individuals even easier. This vulnerability has been used by the good guys to track criminals but does not prevent criminals from doing the same to you. 


Zero Knowledge Proof:

With Zero Knowledge Proofs applied, you can combine the best of both worlds of proving ownership of your wallet contents, keeping transaction history, and wallet address private to ensure complete anonymity and privacy. 

This is done through applying Zero Knowledge protocols to the contents, transaction history, or address of your wallet and sending the result out for other peers or nodes to validate. The result you send out is some data which does not contain the info you want kept private. Peers or verifiers can then solve for correctness using this data and they get either an incorrect or correct answer where correct means that the contents in your wallet and all transactions are all good and consensus can be reached.


ZK-SNARKs

ZK-SNARK as applied to blockchain and crypto is a privacy protocol utilizing Zero Knowledge Proofs to ensure privacy. The ZK-SNARK paper was published on May 2015 by Eli Ben-Sasson from Technion, Alessandro Chiesa & Madars Virza from MIT, and Eran Tromer from Tel Aviv University. The ZK-SNARK paper can be viewed here.

ZK-SNARK stands for:

Zero-Knowledge - Information provable by prover without divulging content to verifier, verifier only has to check proof.

Succinct - small in size, fast verification with proof only requiring around 288 bytes

Non-Interactive - no interaction necessary between two parties to prove correctness of computation

ARgument of Knowledge - Proof of truth or correctness.

ZK-SNARK relies on an initial trusted setup to start and is one of the inherent weaknesses of ZK-SNARK.

This trusted setup if compromised means that the whole system is flawed, this is also not transparent because the trusted setup is done privately and relies on the people or parties doing the trusted setup to completely destroy or delete an initial value. Another downside is that the trusted setup needs to be done for each iteration of ZK-SNARK and if applied to multiple transactions or for every smart contract created, will also require multiple trusted setups which can greatly erode trust in the system.


ZK-STARKs

ZK-STARK is a newer Zero Knowledge Proof protocol. Like its predecessor, ZK-STARK when applied to blockchain and crypto is a privacy protocol to ensure privacy but retain consensus within the blockchain. The ZK-STARK paper was published on March 2018 by a team composed of Eli Ben-Sasson Iddo Bentov, Yinon Horesh, Michael Riabzev from Israel’s Technion and Iddo Bentov from Cornell in the USA. The ZK-STARK paper can be viewed here

ZK STARK stands for:

Zero-Knowledge - Info provable by prover without divulging content to verifier, verifier only has to check proof.

Scalable - verification performed in short span of time with common computing resources

Transparent - no private trusted setup needed which can be abused if original key is found and instead relies on randomness.

And post-quantum secure computational - security not compromised by quantum computing

ARgument of Knowledge - Proof of truth or correctness.


ZK-STARK is a more advanced version of ZK-SNARK which does not require a trusted setup to start and instead relies on randomness which makes setup for ZK STARKs easy and transparent. This allows ZK STARK to be used in many iterations in multiple transactions and smart contracts without running into any trust issues. ZK STARKs are also quantum resistant which provides a good base for any future system seeing as quantum computing is in active development around the world. ZK-STARK is also less computationally intensive and faster for prover and verifier as compared to ZK-SNARK.

One disadvantage of ZK-STARK over ZK-SNARK is its size with it being around 10 times larger than ZK SNARK. This can pose to be a barrier for adoption for blockchains where space is at a premium. Research is currently ongoing on ZK-STARK to lower the size of proofs broadcast to verifiers.

The table below is a quick comparison of both protocols:

ZK MethodZK-SNARKsZK-STARKs
Time spent verifyingMed (1 sec to a few hours)Low (below 100ms)
Time spent making proofMed (1 sec to 2+ hours)Low (200ms to 1hr)
Size of proof~288 bytes200-300 kilobytes
ImplementationsZCash, Quorum BlockchainStarkWare (under research)
Source: Page 12, ZK-STARK paper


Uses for Zero Knowledge Proofs

Zero knowledge protocols have a myriad of uses, here are some of them: 

  • Anonymous Banking/Finance - transactions and amounts contained in wallets anonymized but still in consensus with blockchain.
  • Privacy coins and tokens - anonymous transfer and storage of coins and tokens
  • Off chain execution of smart contracts - smart contracts executed by specialized prover nodes and verified proof of proper execution verified by nodes on blockchain.
  • Private smart contracts - protect private or proprietary information
  • Off chain storage and verification of integrity of data - ensures data stored off chain is not tampered with.
  • Provably secure corporate, institutional, and public governance - budget, accounting and decisions accountable to public whilst keeping secrets secure.
  • Blockchain scaling solutions - no need to download whole blockchain to become a node, instead only need to download proof of zero knowledge from one node and start off from there.

As Zero Knowledge protocols proliferate and mature, it is foreseeable that even more applications will be discovered.


Zero Knowledge Powered Blockchain & ICO Future:

Being a more mature protocol, ZK-SNARKs have already been implemented in several privacy-oriented cryptocurrencies and blockchains like ZCASHand JP Morgan’s Quorum Blockchain. Ethereum, on the other hand, is exploring integration of ZK-SNARKS into its blockchain.

ZK-STARK, as a rather new protocol with its white paper being published in March 2018, is still in its infancy but some projects like StarkWare are already exploring its integration into blockchain, cryptocurrency, and other uses. Even though they have just been implemented and are being refined, Zero Knowledge Proofs will become an essential founding block as we move forward with the adoption of cryptocurrencies and blockchain.