Zero Knowledge Scheme

In this section, we describe the zero knowledge scheme features.

SNARKs vs STARKs vs Bulletproofs

We compare the three types of zero knowledge scheme zk-SNARKs, zk-STARKs and Bulletproofs. The zk-SNARKs is the most efficient. We can verify the proof with const or almost const time and generate proof process is also efficient. The proof size is also small. However, it's necessary to setup the parameters. We can save a lot of workload because of this but it would be the critical security issue. The zk-STARKs doesn't need to setup parameters and it has quantum tolerance. However, its proof size is far bigger than zk-SNARKs and the workload of verification process also far bigger than zk-SNARKs. The Bulletproofs doesn't need to setup parameters and its feature is in the middle between zk-SNARKs and zk-STARKs but it doesn't have quantum tolerance.

Summerize

To summerize the above comparison, it would be as following table.

SchemeTrusted SetupProver CostVerifier CostProof SizeQuantum Tolerance
zk-SNARKsNecessaryLowLowSmallNo
zk-STARKsUnnecessaryModerateHighLargeYes
BulletproofsUnnecessaryLowModerateModerateNo

Privacy Preserving Transactions Friendly

The Bulletproofs is mainly used for other privacy preserving transactions project for example Aztec, Zether and so on. That's because these projects are Ethereum smart contract base projects so if they use the zk-SNARKs, it's necessary to setup the parameters for each deploy smart contracts. It's really hard to collect enough parties to setup the parameters for each deploy. We use the zk-SNARKs because of its efficiency and the plonk allows us to setup parameters without depending on circuit. In other words, once we setup the parameters, we can reuse them when we prove the transactions.