Understanding Zero-Knowledge Proofs in Ethereum

What are zero-knowledge proofs, anyway?

Here's a weird concept: what if you could prove you know something without actually revealing what you know? That's zero-knowledge proofs in a nutshell.

Imagine you want to prove you're over 21 to buy a drink, but you don't want to show your ID with your address, full name, and birthday on it. With ZK proofs, you could prove "yes, I'm over 21" without revealing anything else. The bouncer learns exactly one bit of information: you're old enough. Nothing more.

On Ethereum, this gets really powerful. You can prove you have enough money for a transaction without showing your balance. You can prove you're on an approved list without revealing which person you are. The blockchain verifies everything is legit, but your private data stays private.

ZK-SNARKs: the OG of blockchain privacy

Most privacy tech you see in crypto uses ZK-SNARKs. The name's a mouthful (Succinct Non-Interactive Arguments of Knowledge), but here's what matters:

• They're tiny: A proof is like 300 bytes. That's smaller than this paragraph.
• They're fast to check: Verification takes milliseconds, no matter how complex the original computation was.
• No back-and-forth needed: You generate a proof, submit it, done. No conversation required.

How do they actually work?

The flow goes like this:

1. One-time setup: Someone runs a "trusted setup ceremony" to generate special keys. This only happens once per application.

2. Turn your logic into math: Whatever you want to prove gets converted into a mathematical circuit. Think of it like turning code into algebra.

3. Generate the proof: Using your private inputs and the proving key, you create a tiny proof that says "I did this computation correctly."

4. Anyone can verify: With just the verification key and the proof, anyone can confirm you're telling the truth in constant time.

The catch

SNARKs need that trusted setup. If the people running the setup collude and keep the secret randomness, they could forge proofs. Projects like Zcash solved this with multi-party ceremonies where you'd need everyone to collude, which is practically impossible. But it's still a thing to know about.

Also, quantum computers could eventually break SNARKs. We're not there yet, but it's on the horizon.

ZK-STARKs: no trust required

STARKs came along to fix the trusted setup problem. Everything is transparent and publicly verifiable. No secret ceremonies, no trust assumptions.

They also use hash functions instead of elliptic curves, which means they should survive quantum computers. That's a big deal for long-term security.

The trade-off

STARKs have bigger proofs. We're talking tens or hundreds of kilobytes instead of a few hundred bytes. On Ethereum where every byte costs gas, that adds up. Verification is also slower and more expensive on-chain.

So it's a trade-off: SNARKs are cheaper but need trust and aren't quantum-safe. STARKs are trustless and quantum-safe but cost more.

Where this stuff actually gets used

Private transactions

With ZK proofs, you can move tokens without anyone knowing how much or to whom. The network still verifies no one's cheating, but the details stay hidden.

Identity without exposure

Prove you passed KYC without uploading your passport to another database. Prove you're a US citizen without revealing your SSN. Prove you're an accredited investor without showing your bank statements.

Scaling Ethereum

ZK-rollups batch thousands of transactions into one proof. Ethereum only has to verify that one proof, not process every transaction individually. You get the security of Ethereum with way higher throughput.

Which should you use?

What we use at NixProtocol

We went with Groth16 (a SNARK) for our privacy modules because gas costs matter a lot for real-world usage. But we're keeping a close eye on STARK developments. As proof sizes shrink and verification gets cheaper, we'll likely add STARK options for users who want that extra assurance.

The ZK space moves fast. What's expensive today might be cheap tomorrow.