SNARKs and STARKs

zk-SNARKs

Zero-Knowledge Succinct Non-Interactive Argument of Knowledge

How SNARKs Work

Circuit Representation: Express computation as an arithmetic circuit
R1CS Constraint System: Convert to Rank-1 Constraint System
QAP Transformation: Encode as Quadratic Arithmetic Program
Polynomial Commitment: Commit to polynomials representing the witness
Proof Generation: Create succinct proof using cryptographic primitives

Popular SNARK Constructions

Construction	Key Features
Groth16	Smallest proofs, requires trusted setup per circuit
PLONK	Universal trusted setup, flexible circuits
Marlin	Universal setup, efficient proving
Halo2	No trusted setup, recursive proofs

Trusted Setup Ceremonies

Many SNARKs require a Multi-Party Computation (MPC) ceremony:

Multiple participants generate randomness
Each participant's contribution can be verified
At least one honest participant ensures security
"Toxic waste" must be destroyed after ceremony

zk-STARKs

Zero-Knowledge Scalable Transparent Argument of Knowledge

How STARKs Work

Execution Trace: Represent computation as a trace of states
Polynomial Interpolation: Encode trace as polynomials
FRI Protocol: Prove low-degree of polynomials
Merkle Proofs: Provide cryptographic commitments

Advantages over SNARKs

No Trusted Setup: Uses only hash functions
Post-Quantum Security: Based on symmetric cryptography
Scalability: Proving time scales well with computation size
Transparency: All parameters publicly verifiable

Trade-offs

Larger proof sizes (~200 KB vs ~288 bytes)
Higher verification costs
Newer technology with less battle-testing

Comparison Table

Feature	SNARKs	STARKs
Proof Size	Small (~288 bytes)	Large (~200 KB)
Verification	Fast (~10ms)	Slower (~100ms)
Proving Time	Fast	Fast
Trusted Setup	Often required	Never required
Quantum Resistance	No	Yes
Maturity	High	Growing

Emerging Hybrids

New constructions combine benefits of both:

BooSTARKs: STARKs with SNARK-like proof sizes
Binius: Binary field arithmetic for efficiency

Next: Applications