Crypto Gloss

ZK-SNARK

Definition:

A ZK-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) is a cryptographic protocol that enables a prover to convince a verifier that a statement is true without revealing any information beyond the truth of the statement itself — with proofs that are small in size and fast to verify, requiring no back-and-forth interaction between prover and verifier. ZK-SNARKs are the foundational cryptographic primitive underlying Zcash’s private transactions, most ZK-rollups (including zkSync, Polygon zkEVM, and Scroll), and a growing number of privacy-preserving applications across the blockchain ecosystem.

Unpacking the Name

Zero-Knowledge (ZK): The prover reveals nothing beyond “the statement is true.” A verifier learns no information about the witness (the private input that makes the statement true).

Succinct: The proof is very small — typically hundreds of bytes — regardless of how complex the computation being proven is. Verification is fast (milliseconds).

Non-Interactive: Proving and verifying requires no back-and-forth communication between parties. The prover generates the proof; the verifier checks it independently.

Argument: The proof is computationally sound (not information-theoretically — there is a negligible but nonzero probability that a false statement could be proven, bounded by computational assumptions).

Knowledge: The prover must actually “know” the witness — they cannot forge a proof without possessing the private information.

Core Concepts

Statement and witness:

  • Statement: “I know a pre-image X such that Hash(X) = Y” (public: just Y)
  • Witness: The actual value of X (private, known only to prover)
  • ZK-SNARK proves the statement without revealing X

Circuit representation:

The computation being proven must be expressed as an arithmetic circuit — a sequence of addition and multiplication gates over a finite field. The prover and verifier agree on the circuit; the prover provides a witness (private input) and the circuit output.

Trusted Setup (Critical Limitation)

Most popular ZK-SNARK systems (Groth16, PLONK) require a trusted setup ceremony — a one-time multi-party computation that generates public parameters (proving key and verifying key). If all participants in the ceremony collude or if any secret toxic waste is not destroyed, the system’s soundness is compromised (false proofs could be generated).

Groth16: Requires a circuit-specific trusted setup — a separate ceremony per application. Zcash’s Sapling trusted setup (“Powers of Tau”) was one of the largest MPC ceremonies in history (~90 participants).

PLONK: Requires a universal setup — one ceremony works for all circuits up to a specified size. Significantly more practical.

ZK-STARKs and Halo2 eliminate the trusted setup entirely.

Common SNARK Systems

System Trusted Setup Proof Size Key Users
Groth16 Circuit-specific ~200 bytes Zcash, Filecoin
PLONK Universal ~1.2 KB Many ZK-rollups
Marlin Universal ~500 bytes Aleo
Halo2 None Larger Zcash Orchard, Scroll

Applications in Crypto

Zcash private transactions: The oldest and most prominent ZK-SNARK application. Zcash uses Groth16 to prove that shielded transactions are valid (correct amounts, no double-spend) without revealing sender, receiver, or amount.

ZK-Rollups: Use SNARKs to compress hundreds of transactions into a single proof. The L1 verifies the SNARK proof rather than re-executing all transactions, enabling scalability. zkSync Era (Boojum), Polygon zkEVM, and Scroll all use SNARK-based proving.

Private DeFi: Tornado Cash (Groth16), Railgun — private transaction pools where proving withdrawal eligibility without revealing deposit history.

Identity: Anonymous credential systems where a user proves membership or eligibility without revealing identity.

Related Terms

Sources

Last updated: 2026-04