Cointime

Download App
iOS & Android

The Future of Privacy: Understanding the Different Types of Zero-Knowledge Proofs

Validated Individual Expert

If you don’t know what zero-knowledge proofs (ZKPs) are, I recommend you go through my article — Zero-Knowledge Proofs for Dummies. While that article skimmed the surface on what they are, the various use cases, and the drawbacks, in this article, I want to expand on the differences between the major implementations of zero-knowledge proofs. This article aims not to go in-depth from a technical, cryptographic perspective but more from an application level as it pertains to blockchain technologies in general.

Let’s first start with the basic types of ZKPs.

Interactive vs non-interactive zero-knowledge proofs

The two main types of zero-knowledge proofs are interactive and non-interactive. Interactive zero-knowledge proofs (IZKPs) require the prover and verifier to engage in a back-and-forth conversation in which the prover provides responses to the verifier’s queries. This interaction can be performed in person or over a network like the internet.

Non-interactive zero-knowledge proofs (NIZKPs), on the other hand, do not require any interaction between the prover and verifier. Instead, the prover creates a single, self-contained proof that the verifier can independently verify without further communication. This can be more convenient and efficient than interactive proofs since it does not require the prover and verifier to be online simultaneously or exchange multiple messages. One of the most classic ways of achieving this is with the Fiat-Shamir heuristic technique based on digital signatures.

One of the key differences between interactive and non-interactive zero-knowledge proofs is the level of trust required between the prover and verifier. In an interactive proof, the verifier must trust the prover to follow the protocol and provide honest responses to their queries. In a non-interactive proof, on the other hand, the verifier doesn’t need to trust the prover at all since they can independently verify the proof without relying on any information provided by the prover.

Another difference between the two types of zero-knowledge proofs is the level of computational complexity required. Interactive proofs tend to be more computationally intensive than non-interactive proofs since they require the prover and verifier to exchange multiple messages and perform additional computations. Non-interactive proofs, on the other hand, require only a single computation by the verifier, making them more efficient and scalable.

Both interactive and non-interactive zero-knowledge proofs have pros and cons, and the best choice for a given scenario will depend on the specific requirements and constraints. Interactive proofs may be more suitable for situations where the prover and verifier are online simultaneously and can easily communicate. In contrast, non-interactive proofs may be more suitable for situations where the prover and verifier are not online simultaneously or where the prover’s trustworthiness is uncertain.

Limitations of interactive zero-knowledge proofs

Interactive zero-knowledge proofs (IZKPs) have several limitations, thus making them more expensive and complex.

  • IZKPs require interaction between the prover and verifier, which can be inefficient and time-consuming. To complete the proof, the prover must send multiple messages back and forth with the verifier. This can take significant time, especially if the proof is complex or involves large data. This can be a problem when speed is of the essence, such as in high-frequency trading or real-time decision-making.
  • IZKPs do not scale well. As the data being proven increases, the proof’s complexity also increases, making it difficult to complete the proof in a reasonable amount of time. This can be a problem when large amounts of data need to be proven, such as in supply chain management or healthcare.
  • IZKPs rely on the assumption that the prover and verifier are honest and do not try to cheat or manipulate the proof. However, this assumption is not always valid, and the prover can try to deceive the verifier by sending false messages or manipulating the proof somehow. This can compromise the integrity of the proof and undermine its usefulness.
  • IZKPs require specialized cryptographic techniques, which can be difficult to implement and require a high level of technical expertise. This can make it challenging for non-technical users to use IZKPs and may limit their adoption in certain contexts.

Overall, while IZKPs have the potential to provide strong security and privacy guarantees, these limitations have historically hampered their widespread use. Alternative techniques, such as non-interactive zero-knowledge proofs or proof-of-work systems, may be more suitable in certain contexts.

Once we understand the differences between interactive and non-interactive ZKPs, it’s time to dive deeper into the most popular blockchain and crypto industry implementations — zkSNARKs. While zkSNARKs are used by zkSync, arguably the most popular L2 utilizing ZKPs, a close second is also zkSTARKs by Starkware. Let’s understand how these two implementations differ and the pros and cons of each.

zkSNARKs meme

zkSNARKs vs zkSTARKs

zkSNARKs and zkSTARKs are both zero-knowledge proof (ZKP) systems that allow one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any information about the statement itself. ZKPs have many applications, including privacy-preserving transactions on blockchains, secure multi-party computation, and anonymous communication.

zkSNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) were first introduced in a paper by Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, and Madars Virza in 2014. They are based on the idea of a “non-interactive proof,” which means that the prover and verifier do not need to communicate with each other during the proof process. This makes zkSNARKs well-suited for use in blockchains, where communication between parties is limited by the need to reach a consensus.

zkSNARKs use a combination of public and private keys to create a proof. The prover has access to a private key, which they use to generate a proof of the statement they wish to make. The verifier has access to a corresponding public key, which they use to verify the proof. If the proof is valid, the verifier can be confident that the statement is true, even though they do not have any information about the statement itself.

Advantages of zkSNARKs

  • One of the main advantages of zkSNARKs is their efficiency. The proof process is very fast, making it possible to use zkSNARKs in high-throughput systems such as blockchains.

Disadvantages of zkSNARKs

  • They rely on a “trusted setup” process, in which a group of participants generate and destroy a set of public and private keys. If this process is not performed correctly, it could compromise the system’s security.
  • Additionally, zkSNARKs are not transparent, meaning that it is impossible to verify the proof’s correctness without access to the private key.

zkSTARKs (Zero-Knowledge Scalable Transparent ARgument of Knowledge) was introduced in a paper by Eli Ben-Sasson, Michael Riabzev, and Nicholas Spooner in 2018. They are an improvement on zkSNARKs that address some issues with the original design.

Like zkSNARKs, zkSTARKs allow a prover to create a proof of a statement without revealing any information about the statement itself. However, zkSTARKs do not require a trusted setup process, making them more secure and transparent. In addition, zkSTARKs are much more efficient than zkSNARKs, with proof sizes that are several orders of magnitude smaller.

Advantages of zkSTARKs

  • One of the main advantages of zkSTARKs is their transparency. With zkSNARKs, it is not possible to verify the correctness of the proof without access to the private key. With zkSTARKs, it is possible to create a “proof of verification,” which allows anyone to verify the correctness of the proof without access to any secret information. This makes zkSTARKs a more secure and transparent choice for applications where trust is essential.
  • Another advantage of zkSTARKs is their scalability. zkSNARKs rely on complex mathematical operations that are resource-intensive, making them less efficient as the size of the proof increases.

Disadvantages of zkSTARKs

  • One major drawback is that zkSTARKs are only suitable for proving the authenticity of certain types of statements. In particular, they can only be used to prove the authenticity of statements represented as polynomials, which limits their applicability.
  • Another drawback is that zkSTARKs are not fully non-interactive, requiring a trusted setup phase in which a common reference string (CRS) is generated. This CRS must be kept secret and secure for the zkSTARK proof to be considered valid. If the CRS is compromised, then the security of the proof is also compromised.
  • Additionally, zkSTARKs are not yet widely used or well-understood, so potential vulnerabilities may not yet be discovered. This lack of widespread adoption and understanding also means a lack of tools and resources for working with zkSTARKs, making it more difficult to implement and use them in practice.
  • Finally, zkSTARKs are still relatively new and untested compared to other zero-knowledge proof systems, which means that their long-term security and reliability are not yet fully understood. This uncertainty can be a drawback for organizations or individuals looking for a proven and reliable method of verifying the authenticity of statements.

In summary, while zkSTARKs offer several benefits in terms of efficiency and security, there are also several drawbacks to consider when deciding whether to use them. These drawbacks include a limited range of applicability, the need for a trusted setup phase, a lack of widespread adoption and understanding, and uncertainty about their long-term security and reliability.

Comments

All Comments

Recommended for you

  • SBF ordered to forfeit more than $11 billion

    SBF has been ordered to confiscate more than 11 billion US dollars. SBF has now been sentenced to 25 years in prison.

  • Former CEO of FTX and Alameda Research Sentenced to 25 Years in Prison for Fraud and Money Laundering

    Sam Bankman-Fried, the co-founder and former CEO of FTX and Alameda Research, has been sentenced to 25 years in prison for fraud and money laundering. The judge criticized Bankman-Fried's behavior during the trial and deemed a 25-year sentence to be sufficient. Bankman-Fried's sentence may send a message to the crypto industry and there is no possibility of parole, but he may earn "good time" credit for good behavior while incarcerated. Bankman-Fried was found to have misused over $8 billion in customer funds and will be serving time in prison for his actions. The trial emphasized the importance of not using customers' funds without their knowledge or approval.

  • Web3 AI training company FLock raises $6 million in seed funding

    Web3 artificial intelligence training company FLock has raised $6 million in seed funding led by Lightspeed Faction and Tagus Capital. FLock will use these funds to develop its team and build a federated learning-driven artificial intelligence training platform.

  • Prisma: Vault owners need to prohibit delegation of contracts related to LST and LRT

    The LSD stablecoin protocol Prisma Finance stated in a post that for vault owners, please prohibit delegating authorization of the LST contract starting with 0xcC72 and the LRT contract starting with 0xC3eA.

  • MAS: Singapore is working on global first-tier fund tokenization regulation

    Chia Der Jiun, Managing Director of the Monetary Authority of Singapore, introduced some fund tokenization pilots at an event for asset managers. These pilots are part of the Project Guardian and MAS Global Layer 1 (GL1) tokenization plans. Chia Der Jiun emphasized the advantages of tokenization in real-time settlement and process automation, which can improve efficiency and achieve greater customization of funds. UK asset management company Schroders and fund distribution platform Calastone are exploring this as part of the Project Guardian public blockchain trial in Singapore. A recent survey by Calastone showed that 96% of asset management companies in the Asia-Pacific region plan to launch tokenized products within three years. Chia stated that as these Project Guardian pilot projects approach commercialization, MAS is working with the pilot project managers to study the legal and regulatory treatment and impact of tokenized investment funds."

  • Indonesia's Financial Services Authority to Regulate Crypto Industry in 2025 with Evaluation in Regulatory Sandbox

    Indonesia's Financial Services Authority (OJK) will take over regulation of the crypto industry from the commodities agency Bappebti. Crypto firms must undergo evaluation in a regulatory sandbox before being licensed to operate in the country. The OJK aims to prioritize consumer protection and education, and firms operating without evaluation in the sandbox will be considered illegal. The sandbox provides a safe and isolated environment for testing and innovation development, helping to enhance security and responsible management in the financial sector. Once under OJK's oversight, crypto assets will likely be reclassified as financial instruments.

  • The Shenzhen Illegal Fund Raising Prevention Office issued a risk warning on the "DDO digital options" business

    The Shenzhen Office for Preventing and Dealing with Illegal Fundraising issued a risk warning regarding the "DDO digital option" business. The activities related to the DDO digital option business conducted in the name of Dingyifeng International are essentially the issuance and trading of virtual currencies. According to the "Notice on Further Preventing and Dealing with Risks of Speculation in Virtual Currency Trading" jointly issued by ten departments including the People's Bank of China in September 2021, it is clear that virtual currency-related business activities are illegal financial activities, and overseas virtual currency exchanges providing services to residents within China are also illegal financial activities. The activities conducted by Dingyifeng International in the name of serving residents within China are suspected of illegal fundraising and other illegal financial activities. Our office has organized relevant departments to carry out work, resolutely deal with illegal fundraising and criminal activities, and seriously investigate the legal responsibilities of relevant personnel. (Shenzhen Local Financial Supervision and Administration Bureau)

  • The Hong Kong Legislative Council plans to review the relevant stable currency consultation and sandbox legislation at the end of this year or next year

    Hong Kong legislator Wu Jiezhuang revealed that Hong Kong will release stablecoin consultation and sandbox (computer security mechanism), which will allow the industry to innovate digital asset projects in the sandbox environment. Relevant legislation will be reviewed in the Legislative Council at the end of this year or next year, which will help the entire digital asset industry ecosystem. Hong Kong has been improving the digital asset (virtual asset) market on different legal levels. Last year, there were regulations on virtual currency trading platforms and issuance systems.

  • Vitalik: Humanity needs to create a world where blockchain and artificial intelligence work together

    Vitalik Buterin, the founder of Ethereum, stated at BiddleAsia 2024 held at Signiel Seoul in the Songpa district on March 28 that artificial intelligence is a huge market and its importance is increasing day by day. We need to create a world where blockchain and artificial intelligence work together. Artificial intelligence can now create applications with 100 to 500 lines of code. Vitalik also stated that the ability to write 10,000 lines of code can eliminate most of the bugs in the Ethereum virtual machine.

  • South Korean RWA blockchain technology development company PARAMETA completed a new round of financing of approximately US$7.5 million

    South Korean RWA blockchain technology development company PARAMETA announced the completion of a new round of financing of KRW 9 billion (approximately $7.5 million), with Shinhan Hyperconnect Investment Fund under Shinhan Venture Investment and Korea Asset Investment & Securities participating. As of now, the company's total financing has reached KRW 25 billion (approximately $20.8 million). PARAMETA plans to use this investment to expand its own blockchain technology research and development capabilities to meet RWA technology needs and expand from core technologies such as engines/chains to service applications. Relevant services are expected to be launched within the year.