Crypto Gloss

ZK-STARK

Definition:

A ZK-STARK (Zero-Knowledge Scalable Transparent Argument of Knowledge) is a cryptographic proof system that allows verification of computations without revealing private inputs, requires no trusted setup ceremony of any kind, and derives security entirely from hash functions — making it plausibly quantum-resistant, though at the cost of proof sizes significantly larger than modern SNARKs. ZK-STARKs were developed by Eli Ben-Sasson and team at StarkWare (with academic publication in 2018) and are the foundation of StarkNet and StarkEx, which process hundreds of millions of transactions secured by STARK proofs.

How ZK-STARKs Differ from ZK-SNARKs

Property ZK-SNARK ZK-STARK
Trusted setup Required (most variants) None (“transparent”)
Cryptographic assumptions Elliptic curve pairings Collision-resistant hash functions
Proof size Very small (~200B–1.5KB) Larger (~40KB–1MB)
Proof generation time Faster for small computations Faster for large computations
Verification time Fast (constant regardless of computation size) Fast (polylogarithmic)
Quantum resistance Vulnerable to quantum computers (elliptic curves) Plausibly quantum-resistant (hash functions)
Primary users Most ZK-rollups StarkNet, StarkEx, Cairo

Key Properties

Transparency (no trusted setup)

The most important practical distinction from most SNARKs. Trusted setup ceremonies are logistical burdens and theoretical security risks. STARKs eliminate this entirely — the prover and verifier agree on publicly audited hash function parameters (e.g., which hash function to use), with no secret toxic waste to protect.

Scalability

The “S” in STARK refers to scalability in a specific sense: STARK proof generation time scales nearly linearly with computation size (vs. SNARKs which have worse scaling for very large computations). For the massive computations involved in proving blockchain execution traces (all transactions in a block), STARKs are efficient.

Hash function security

STARKs rely on collision-resistant hash functions (Poseidon, Rescue) rather than elliptic curve discrete logarithm assumptions. This means:

  • No exotic algebraic structures required
  • Quantum computers (using Grover’s algorithm) halve the security parameter but don’t break the system entirely
  • Security proofs are simpler and better understood

Larger proofs

The downside: STARK proofs are significantly larger than SNARK proofs. On-chain verification of a STARK proof costs more gas than a SNARK proof of equivalent computation. StarkNet addresses this via SNARK recursion — wrapping the large STARK proof in a small SNARK for final on-chain verification (SHARP: Shared Prover Architecture).

Cairo and AIR

STARKs prove the execution of computations expressed as AIR (Algebraic Intermediate Representation) — a more general representation than SNARK arithmetic circuits.

Cairo is StarkWare’s programming language designed to express computations as AIR-compatible traces. Cairo programs can be proven with STARK proofs. StarkNet smart contracts are written in Cairo (versions 0.x and 1.x).

The Cairo VM (VM = virtual machine) handles execution; the STARK prover generates proofs of that execution.

Production Deployments

StarkEx (2020–)

A Layer 2 scaling service using STARK proofs for dYdX v3, Immutable X, Sorare, and others. Each supported application gets a customized proof system optimized for their use case (e.g., NFT transfers, perpetual trading).

StarkNet (2022–)

A fully general-purpose ZK-rollup on Ethereum where anyone can deploy Cairo smart contracts. Uses STARK proofs for batch settlement.

Portfolio: StarkEx has processed hundreds of millions of transactions securing billions in value for production applications.

Related Terms

Sources

Last updated: 2026-04