Real World Crypto 2021 - Session 11: Invited Talk


Prev | Up | Next

Eli Ben Sasson (StarkWare) / Scaling Computations on Blockchains with ZK-STARKs / paper video slides

Plug for a language called Cairo There’s a playground too. – a list of resources about zero-knowledge proofs.

His Pitch: “Blockchains == Inclusive Accountability” but sacrifice privacy and scalability. ZK-STARKs solve both problems, because anyone can download chain and verify.

SNARK = Succinct, Non-Interactive ARgument of Knowledge
STARK = Scaleable, Transparency ARgument of Knowledge

Solving for scaleability

ZK-STARKs: they can solve scale and privacy - in theory, and in practice!

Why can’t blockchains meet the txns/per sec that VISA et al can? He claims: VISA run big iron that can do 10,000s txns/sec, but your laptop can’t.

ZK proof recap:

On a blockchain: verifiers only need to see a Merkle root hash of all txns, they see prev root and proposed new root, and a proof, and this can be executed v quickly. The prover only has to see all the individual txns.

Transparency is the T in ZK-STARK. []“arthur - merlin protocol”](

SNARK - S = succinct; N = Non-Interactive (set-up may require huge computation time and must be highly trusted. (remember zcash genesis?) He calls the need for these properties ‘toxic’ and claims that ZK-STARK is ‘non-toxic’.

Cairo: MVL (minimal viable language) for production STARK systems

If you write using Cairo code, then you get a ZKP verifier for free as part of Cairo.
This has been launched on the Ethereum test net.