A Snapshot of Mystiko’s Technology — Choosing zk-SNARK over zk-STARK for Affordable Privacy for Everyone
--
Privacy protection technologies in blockchain networks have always been regarded as important within the cryptocurrency industry for the wider adoption of blockchain usage. And among these privacy technologies, zero-knowledge proof(ZKP) is often regarded as the most widely used technology and an essential feature in the future of Web3, Defi, and the metaverse.
For example, According to the 2022 Messari Crypto Thesis Report, it predicted that “on a long enough timeline, all crypto will converge to zero knowledge crypto [1].” And the “State of Zero-Knowledge Report 2022” survey by the Mina Foundations found that more than 40% of respondents see Finance as the industry’s most in need of ZKPs [2], showing the need for privacy protection technology.
Even among ZKPs, there are varieties in their methods. Currently, the zk-SNARK and zk-STARK are two noteworthy examples and the most widely used features across the blockchain industry. Both zk-SNARK and zk-STARK are acronyms for the method that the two parties prove their knowledge. zk-SNARK stands for the zero-knowledge succinct non-interactive argument of knowledge and zk-STARK stands for the zero-knowledge scalable transparent argument of knowledge. In this post, we will briefly go over the differences between zk-SNARK and zk-STARK and explain why Mystiko chose zk-SNARK as its core technology over zk-STARK.
ZK-SNARK
In 2012, Alessandro Chiesa, a professor at UC Berkeley, co-authored a paper and coined the term zk-SNARK for the first time [3]. The main objective of zk-SNARK is to reveal as little data as possible between the two parties. In other words, zk-SNARK is to prove that they have certain knowledge without revealing any information about the knowledge itself. zk-SNARKs requires a trusted set up and it refers to the initial creation event of the keys that are used to create the proofs required for private transactions and the verification of those proofs.
In general, zk-SNARK proofs are quickly verifiable and usually take up much less data than a standard Bitcoin transaction. This opens up a pathway for zk-SNARK technology to be used as both a privacy and a scalability solution. Zk-SNARK proofs are already being used on Zcash, on JP Morgan Chase’s blockchain-based payment system, and as a way to securely authenticate clients to servers.
ZK-STARK
While zk-SNARKs have made significant headway to being well-established and adopted, zk-STARK proofs are now being touted as the new and improved version of the protocol, addressing many previous drawbacks of zk-SNARKs.
zk-STARKs were created by Eli-Ben Sasson, a professor at the Technion-Israel Institute of Technology as an alternative version of zk-SNARK proofs [4]. Technically speaking, zk-STARKs do not require an initial trusted setup because they rely on leaner cryptography through collision-resistant hash functions. This approach also eliminates the number-theoretic assumptions of zk-SNARKs that are computationally expensive and theoretically prone to attack by quantum computers.
However, this novel technology comes with at least one major disadvantage: the size of the proofs is bigger when compared to zk-SNARKs. zk-STARKs have far larger proof sizes than SNARKs, which means that verifying STARKs takes more time than SNARKs and also leads to STARKs requiring more gas.
ZK-STARK vs ZK-SNARK
Compared to zk-SNARK, zk-STARK protocol has a gigantic proof size and a time-consuming verification process, and it lacks practical implementation. More precisely, in zk-SNARK, the proof size for 1 TX is 200 bytes, while it is 45 kB in zk-STARK. For 10,000 TX, the proof size in zk-SNARK is constantly 200 bytes; on the contrary, in zk-STARK, the proof size increases to 135 kB.
In terms of verification gas cost, zk-SNARK costs 600k while zk-STARK costs 2.5M. ZK-STARKs only rely on a collision-resistant hash function, and it is post-quantum secure. ZK-SNARK has stronger cryptographic assumptions without being quantum-resistant. Since the research on quantum computers is still in a very early stage, this should not be a critical issue in the foreseeable future.
https://vitalik.ca/general/2019/09/22/plonk.html [5]
Why Mystiko Chose zk-SNARK? For Affordable Privacy for Everyone
Mystiko.Network believes that privacy is a basic right for everyone, and therefore privacy protection on blockchain networks should be affordable for everyone as well.
As shown from the above chart, zk-SNARKs are estimated to require only 24% of that gas that STARKs would require, meaning that transacting with SNARKs would be far cheaper for the end-user. In addition, the proof size for SNARKs is much smaller than STARKs, meaning it would take less on-chain storage.
In consideration of the above factors, from the design stage, it was natural for Mystiko.Network to choose zk-SNARK over zk-STARK to create an affordable privacy solution for every user.
Even More Affordable Privacy with Mystiko
Recently, Mystiko.Network launched its V2 testnets. Along with various updates, the V2 testnet has incorporated zkrollup for zk private transactions in an effort to ensure privacy affordability to the next level. As a result, both single-chain and cross-chain private transactions on the V2 testnets cost 80% lower on gas fees than v1 testnets, and 50–90% lower than other major existing privacy solutions. Stay tuned for more updates on Mystiko’s journey to provide affordable privacy for everyone.
About Mystiko.Network
Mystiko.Network is the base layer of web3 with both connectivity and confidentiality. Leveraging zero knowledge proof with industry leading “zk of zk” technology, Mystiko.Network guarantees interoperability, scalability and privacy, all at once. Learn more about Mystiko.Network and follow us:
Website | Twitter | Telegram| Discord | Medium | ZK²
References
[1] Crypto Theses for 2022
https://messari.io/pdf/messari-report-crypto-theses-for-2022.pdf
[2] Quoting “The State of Zero Knowledge 2022 Report” (http://minaprotocol.com/wp-content/uploads/zkReport_2022_EN.pdf)
[3] Ben-Sasson, Eli, et al. “Succinct {Non-Interactive} zero knowledge for a von neumann architecture.” 23rd USENIX Security Symposium (USENIX Security 14). 2014.
[4] Ben-Sasson, Eli, et al. “Scalable zero knowledge with no trusted setup.” Annual international cryptology conference. Springer, Cham, 2019.
