Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Zk-STARKs Arrive: But Is The Privacy Coin Tech Even Needed?

Zk-STARKs Arrive: But Is The Privacy Coin Tech Even Needed?

by

Zero-knowledge without the trusted setup, what else could you need?

Zk-STARKs Arrive But Is The Privacy Coin Tech Even Needed

Share this article

Zk-STARKs have been long hyped up as a replacement for Zcash’s Zk-SNARK system, for one simple reason: they don’t require the trusted setup, which (if compromised) could allow an attacker to mint unlimited coins.

The Monero team has been especially vocal about that possibility, speculating in 2017 on including Zk-STARKs in the roadmap. Fluffypony even ‘promised’ a STARK-based sidechain on Twitter.

Zcash went as far as putting money on the line, with Electric Coin Co. investing in Starkware, whose Co-Founder Dr. Eli Ben-Sasson was a founding scientist of ECC.

Zk-STARKs were considered “a myth” at the time, a cutting-edge technology still too far away in the future. Recently, 0x made it a reality through OpenZKP, which should have been a wish come true, but a lot has changed in two years.

And that could mean that the major privacy coins will pass on STARKs altogether.

Why is 0x developing STARKs?

0x is building an Ethereum-based decentralized exchange protocol, which forms the backbone of DEXes such as Radar Relay. In late 2018 it teamed up with Starkware, the chief developer of Zk-STARKs to propose StarkDex, a proof of concept for a scalable decentralized exchange.

Both SNARK and STARK are touted as possible scaling tools for blockchain computations, thanks to the S for ‘Succinct’ part. Succinct proofs scale very well with the size of the secret they’re meant to be proving, enhancing performance.

This feature was exploited for Starkdex by offloading the majority of the computation for exchange trades off-chain, using a zero-knowledge STARK proof to verify that they were computed correctly.

The sudden release of OpenZKP seems to indicate that 0x has ‘taken over’ the STARK industries – but their applications could go beyond just scaling DEXes.

Is STARK the bane of existing privacy coins?

Despite all the previous hype, STARKs found a lukewarm reception by leading privacy coin teams.

“STARKs are not a direct or obvious progression from SNARKs, but rather they occupy a different point in the design space,” explains George Tankersley, Director of Engineering at Zcash Foundation.

Technology has moved on in the past two years, as several usability improvements were made to Zcash’s algorithm. “We’re actually happy with the proof system we currently use, which is a SNARK called Groth16,” continued Tankersley. “STARK proofs are much larger and slower than Groth16 proofs, so the question is: are we willing to make that tradeoff for transparency and post-quantum security?”

But while STARKs appear to have much to be desired in terms of optimization, even their trustlessness is not unique.

“On that point [transparency], it’s just too soon to choose. There’s been an explosion of research targeting these features this year: Sonic and Marlin both greatly improve on the trusted setup problem while Halo and Fractal are addressing transparency AND recursion, which is important for scaling,” Tankersley added.

“By the time we can make a solid judgement, there will probably be something other than STARKs we’d want to use,” he concluded.

Monero’s Take

Members of the Monero Research Lab have also been cautious in discussing Zk-STARKs. While a general consensus on the specific OpenZKP implementation is yet to be formed, they highlighted several issues with STARKs in general. 

“Certainly the idea of efficient generalized zero-knowledge proving systems whose soundness doesn’t depend on third-party trust is great,” prefaced a Monero Research Lab member. “But all the formalizations I’ve seen in preprints/papers have all [sic] suffered from proof size problems.” 

“Right now you can’t really get it all: trust-free, fast proving, fast verifying, small proofs,” the member emphasized.

Proving systems currently used by Monero and Zcash each fulfill only half of those qualities; and STARKs are not an exception. Large proof sizes result in heavy blockchains, an issue afflicting pre-Bulletproofs Monero.

MRL also considers all three systems to be weak in terms of prover complexity, but improvements can make some of them acceptable.

It thus becomes a matter of preference, and the initial reaction suggests that the STARKs boat has sailed for existing privacy coins, though a hypothetical StarkCash project could still compete, in theory.

The MRL representative was still optimistic about the general trend. “Advances in proving systems are great because they provide flexibility in the frameworks available for building transaction protocols,” he concluded.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.