A ZK-STARK (Zero-Knowledge Scalable Transparent ARgument of Knowledge) is a cryptographic proof system that allows one party to prove possession of secret information or the correctness of a computation to another party — without revealing the secret and without requiring a trusted setup ceremony. Developed by Eli Ben-Sasson and StarkWare Industries, STARKs achieve transparency (no trusted setup), quantum resistance (relying only on hash functions), and scalability (proof verification time is poly-logarithmic in computation size). While zk-SNARKs produce smaller proofs, zk-STARKs offer stronger cryptographic assumptions and are the foundation of StarkWare’s Ethereum scaling technology (StarkEx and StarkNet).
Origin & History
| Date | Event |
| 1985 | Foundational zero-knowledge proof theory (Goldwasser, Micali & Rackoff) |
| 2012 | zk-SNARKs formalised; require trusted setup — a limitation |
| 2018 | Ben-Sasson et al. publish “Scalable, transparent, and post-quantum secure computational integrity” — introduces STARKs |
| 2018 | StarkWare Industries founded by Ben-Sasson, Bentov, Horesh, Riabzev |
| 2020 | StarkEx (StarkWare’s scalability engine) launches with dYdX and DeversiFi |
| 2021 | StarkNet (decentralised L2) testnet launches on Ethereum |
| 2022 | StarkNet mainnet alpha; Cairo programming language for STARK-provable programs |
| 2023 | StarkNet processes millions of transactions monthly; STRK token announced |
| 2024 | StarkWare releases recursive STARK research enabling proof composition |
“STARKs are SNARKs’ bigger, post-quantum-safe cousin, they sacrifice proof size for transparency and security.” — Eli Ben-Sasson, StarkWare co-founder
How It Works
ZK-STARK vs ZK-SNARK COMPARISON ────────────────────────────────────────────────────────────────── SNARK STARK ───────────────────────────────────────────────────────────── Trusted Setup: Required (toxic waste) NONE (transparent) Proof Size: ~200 bytes ~50–200 KB Verify Time: Milliseconds Milliseconds Quantum Safe: No (elliptic curve) Yes (hash functions only) Prover Time: Fast Slower (larger constants) Used in: Zcash, zkSync, Groth16 StarkNet, StarkEx ──────────────────────────────────────────────────────────────────
STARK PROOF GENERATION: Computation → Algebraic Intermediate Representation (AIR) → Polynomial commitment (FRI protocol) → STARK proof (can be verified by anyone) → Ethereum L1 verifier checks proof in ~200k-500k gas
| Property | zk-SNARK | zk-STARK |
| Setup | Trusted ceremony | None (transparent) |
| Assumption | Elliptic curves | Hash functions only |
| Quantum resistance | No | Yes |
| Proof size | ~200 bytes | ~50–200 KB |
| Verification gas (ETH) | ~200K-300K gas | ~200K-500K gas |
| Scalability | High | Very high |
In Simple Terms
- No trusted setup – STARKs don’t require a secret ceremony to generate parameters. There is no “toxic waste” that must be destroyed; anyone can verify the randomness was fair.
- Quantum-safe – STARKs rely only on collision-resistant hash functions, which quantum computers cannot break (unlike the elliptic curve math SNARKs use).
- Larger proofs, same security – A STARK proof is much larger than a SNARK proof (50 KB vs. 200 bytes) but carries stronger security assumptions.
- Scales with computation – STARK verification time grows poly-logarithmically with computation size — a 1 million-step computation’s proof isn’t 1 million times harder to verify.
- Cairo language – StarkWare created Cairo, a language for writing STARK-provable programs, enabling complex smart contract logic to be proven on L2 and settled on Ethereum.
Real-World Examples
| Scenario | Implementation | Outcome |
| dYdX v3 on StarkEx | Perpetual futures settlement via STARK proofs | 1,000 TPS at Ethereum security; <$1 fees |
| Immutable X NFT minting | StarkEx ZK-Rollup for gaming NFTs | 9,000 NFT mints/second; zero gas for users |
| StarkNet DeFi | JediSwap, Ekubo DEX deploy on StarkNet | Full smart contract DeFi at 100× Ethereum speed |
| Cairo contracts | Developer writes Cairo contract for on-chain game | Every move proven correct on-chain; no cheating possible |
| Recursive STARKs | StarkWare proves proofs of proofs | Compress billions of transactions into one Ethereum TX |
Advantages
| Advantage | Detail |
| No trusted setup | Eliminates “ceremony” security risk entirely |
| Quantum resistant | Only crypto system provably safe against quantum computing |
| Transparent randomness | All proof parameters publicly verifiable |
| Extreme scalability | Recursive proofs can aggregate unbounded computation |
| Battle-tested math | Relies on well-understood hash functions, not novel assumptions |
Disadvantages & Risks
| Risk | Detail |
| Proof size | 50–200 KB proofs are expensive to post to Ethereum (calldata costs) |
| Verification gas cost | ~200K-500K gas to verify a STARK vs ~200K-300K for a SNARK |
| Cairo learning curve | Cairo language is different from Solidity; developer ecosystem smaller |
| Prover compute cost | STARK generation requires significant compute resources |
| EVM compatibility | Native StarkNet is not EVM-equivalent; Kakarot (EVM on Cairo) works around this |
Risk Management Tips:
- Monitor StarkNet’s decentralisation roadmap — prover centralisation is a current risk
- For EVM developers, explore Kakarot (EVM on Cairo) for easier migration to StarkNet
- Use L2Beat to track StarkNet’s security and upgrade key risks
FAQ
Q: What does “transparent” mean in ZK-STARK?
A: No secret parameters were generated. Anyone can independently verify that the proof system setup is fair — unlike SNARKs where a trusted ceremony’s integrity must be assumed.
Q: Why are STARK proofs larger than SNARK proofs?
A: SNARKs use elliptic curve pairing (compact but less safe assumptions); STARKs use Merkle trees and FRI polynomial commitments (inherently larger but more secure).
Q: Is StarkNet EVM-compatible?
A: Natively, StarkNet uses Cairo (not EVM). Kakarot is an EVM implementation written in Cairo, enabling Solidity contracts to run on StarkNet indirectly.
Q: Can STARKs scale to billions of transactions?
A: Recursive STARKs (proving proofs of proofs) theoretically scale to arbitrary computation. StarkWare’s Stwo prover targets proving millions of transactions per second.
Q: Who invented ZK-STARKs?
A: Eli Ben-Sasson (Technion professor and StarkWare co-founder) along with Iddo Bentov, Lior Horesh, and Michael Riabzev published the original STARK paper in 2018.
Sources
- Ben-Sasson et al., “Scalable, transparent, and post-quantum secure computational integrity” (2018) — IACR ePrint
- StarkWare documentation — starkware.co
- StarkNet documentation — docs.starknet.io
- Vitalik Buterin, “STARKs, Part 1” — vitalik.ca
UPay Tip: STARKs’ quantum resistance makes them the longest-term safe choice for cryptographic proof systems as quantum computing advances. While SNARKs are more efficient today, the crypto ecosystem’s gradual shift toward STARKs is a reasonable hedge against future quantum risk.Disclaimer: This glossary entry is for educational purposes only and does not constitute financial or legal advice.
UPay — Making Crypto Encyclopedic
