The Zero-Knowledge Proof technology, which has been widely concerned in the Crypto industry, was proposed by mathematicians S.Goldwasser, S.Micali and C.Rackoff in 1980.
Zero-knowledge proof involves a series of steps to achieve "usable but unknowable" in cryptography.
The blockchain has the characteristics of openness, transparency, and non-tampering, which means that the assets and transaction records of encrypted investors on the chain have no privacy at all. Therefore, zero-knowledge proof technology has been introduced into the blockchain, among which zk-SNARK and zk-STARK is the most concerned.
zk-SNARK is the most adopted by project parties, and zk-STARK is considered superior to ZK-SNARK by cryptography experts. So which one is better, comprehensive technology or practical application?
zk-SNARK: concise + non-interactive
Alessandro Chiesa and others developed the zk-SNARK protocol in 2012. This is a simplified, non-interactive zero-knowledge proof technology. The full name is zero-knowledge succinct non-interactive arguments of knowledge, which can be disassembled into three parts. understand:
- zero-knowledge:
Zero-knowledge proof, to prove one thing to the other party without exposing privacy, making data "available but unknowable".
- succinct:
Simplicity, the thing to prove takes up little space and can be verified quickly (a few milliseconds).
- non-interactive:
Non-interactive means that there is no need for intersection between the prover and the verifier to quickly obtain the verification result.
The simplicity and non-interaction of zk-SNARK is relative to the traditional zero-knowledge proof scheme. The traditional scheme is an interactive proof, that is, repeated confirmation between the demonstrator (declaring that a certain proposition is true) and the verifier (confirming that the proposition is indeed true), and then the verifier keeps giving answers until the correct answer appears, so the efficiency very low.
The zk-SNARK solution does not require both parties to repeatedly confirm "yes or no", but "trusted initialization" in advance to generate a public reference string (CRS), and then all demonstrators can directly access it.
zk-STARK: probabilistic proof + buffer time
zk-STARK is developed by the StarkWare team established in December 2017 as an alternative solution to zk-SNARK. The research and development took more than a year, and it was not completely completed until 2019 after numerous iterations.
Although zk-STARK is a clever interactive proof - the security is guaranteed through hash function collision (a way of probabilistic proof), so efficient proof is realized. This idea is directly borrowed from the interactive oracle proof (IOP) technology launched in 2015. Simply put, the problem is broken up in a cryptographic way, and then the verifier randomly asks a few questions to the demonstrator. At the end of the round, all the demonstrators give accurate answers, and the verification is passed.
So zk-STARK also only needs very few computing resources to complete the proof, but it is safer and there is no risk of answer leakage. And in order to further ensure security, a dispute time delay (DTD) is also set as a buffer.
Vitalik Buterin's optimistic zk-STARK
During the Taipei Blockchain Week, Vitalik Buterin, founder of Ethereum, and Suji Yan, founder of Mask Network, had a fireside chat and talked about issues such as zero-knowledge proof (ZK) technology, the FTX incident, and the future development of Ethereum. Among them, zero-knowledge proof, Vitalik Buterin is optimistic about zk-STARK technology, and believes that zk-STARK will be as important as the blockchain in 10 years.
As a powerful privacy technology, zk-STARK can not only solve the problems of blockchain applications, but also bring better security to users of centralized systems.
Although the blockchain has characteristics such as openness, anti-censorship and compliance with the rules set by the developers, the blockchain also sacrifices scalability and privacy. However, with the technology of zk-STARK, these two shortcomings can be taken into account.
In the Ethereum expansion scenario, zk-SNARK technology is the most adopted. Although zk-STARK is also under development, the technology is still immature, at least limited in versatility, so we see that most of them are based on "scalability" to do various applications, such as identity, payment, DeFi, Various applications such as asset certification.
At present, most Ethereum Layer 2 projects (zkSync, Aztec, Loopring, Scroll, etc.) adopt the zk-SNARK technology route. In addition to the limited versatility, another reason is that the development of zk-STARK is generally reported. too difficult...
In general, the relationship between zk-SNARK and zk-STARK is somewhat like the relationship between Optimistic rollups and ZK rollups. The former is good for the short term, while the latter is good for the long term.
Aleo network beyond zk-STARK
Compared with L2's ZKP, Aleo has a major advantage, that is, the mining algorithm is simpler, more convenient, and has no gas fee, while maintaining scalability, privacy, and high-speed operation.
Specifically, when the Aleo network verifies a block, the algorithm will generate a random number. After the ZK calculation, if the final result is less than the target value, the calculation is correct, and the node that completes the calculation first has the right to produce a block. Every time a miner verifies a block, it only needs to generate a random number to start calculating. This mining logic is not much different from Bitcoin in form.
This is not the case for L2's ZKP computation. L2 is faced with a batch of transactions, so ZKP needs to be performed on each transaction during verification, and finally packaged and uploaded to L1.
In terms of computing, Aleo does not require parallel computing, allowing GPU mining machines to be seamlessly connected, which ensures the smooth operation of the Aleo network.
For example, in the Ethereum L2 ZK network, it is impossible to verify thousands of transactions one by one due to the strong performance of a single CPU. Parallel computing must be performed through devices with multiple computing units such as GPUs. Aleo has a great advantage in this respect, it does not require parallel computing, and GPU mining machines can be connected almost seamlessly.
For the Ethereum L2 ZK network, in order to adapt to L2 mining, the GPU needs further algorithm optimization to achieve parallel computing.
epilogue
It can be seen that zk-STARK is better than zk-SNARK, and the Aleo network is better than zk-STARK. Not sure if this is because the former is based on the ZK solution rollups protocol, while the latter builds ZK technology from 0 to 1, and is based on the Aleo system and other aspects such as Leo language and consensus mechanism.
On the technical path of zero-knowledge proof, we can think that Aleo's native ZK technology surpasses L2 ZK technology.
Compiler: [email protected]
Disclaimer: The content only represents the author's position and does not constitute investment advice. Please treat it with caution. If the article/material is infringing, please contact the official customer service.