zkSNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) are the most widely deployed family of zero-knowledge proof systems in production blockchain applications. The acronym captures four key properties: Zero-Knowledge (reveals nothing beyond truth), Succinct (proof is tiny — hundreds of bytes, regardless of circuit complexity), Non-Interactive (prover generates proof without verifier interaction), and Argument of Knowledge (soundness holds against computationally bounded provers, and the prover must actually “know” the witness). The “succinct” property is what makes zkSNARKs transformative for blockchain — a single small proof can verify millions of computations, enabling zkRollups to batch thousands of transactions and settle with one proof. The primary cost of this succinctness is the trusted setup: zkSNARKs require a structured reference string (SRS) generated via a multi-party computation ceremony, where if all participants collude or retain “toxic waste,” the proof system becomes forgeable. Major zkSNARK constructions include Groth16 (most efficient, circuit-specific setup), PLONK (universal setup), and Marlin.
The SNARK Properties Explained
Succinct: Proof size is O(1) or O(log n) regardless of computation size — typically 200-500 bytes. Verification takes ~1-5ms.
Non-Interactive: The prover generates the proof without real-time verifier participation — essential for blockchain (on-chain verifiers can’t interact).
Argument of Knowledge: The prover’s proof implies they possess a valid witness (they can’t just guess the right proof without knowing the solution).
Trusted Setup Requirement
zkSNARKs require a Common Reference String (CRS) or Structured Reference String (SRS) generated via ceremony:
- Multiple parties contribute randomness to generate proving/verification keys
- Each party destroys their contribution’s “toxic waste” (random seed)
- If even one party is honest and destroys their share, the setup is secure
- The final proving/verification keys are public and used by all provers
Risk: If all participants collude and retain their toxic waste, they can create valid-looking proofs for false statements (forgeable proofs, not linkable to real witness).
Mitigation: Large multi-party ceremonies (Zcash Powers of Tau had hundreds of participants; Hermez had 216 contributors).
Major zkSNARK Constructions
| Name | Year | Setup Type | Proof Size | Best For |
|---|---|---|---|---|
| Groth16 | 2016 | Circuit-specific | ~192 bytes | Production (Zcash, Loopring) |
| PLONK | 2019 | Universal SRS | ~500 bytes | Flexible apps (Aztec, zkSync) |
| Marlin | 2019 | Universal SRS | ~1KB | Research |
| Sonic | 2019 | Universal SRS | ~1KB | Research |
| HyperPlonk | 2022 | Universal SRS | ~500 bytes | Emerging |
zkSNARK vs. zkSTARK
| Property | zkSNARK | zkSTARK |
|---|---|---|
| Trusted setup | Required | Not required |
| Proof size | ~200-500 bytes | ~50-500KB |
| Verify time | ~1-5ms | ~10-100ms |
| Quantum resistant | No | Yes |
| Maturity | Production | Production |
Related Terms
Sources
- “Groth16: On the Size of Pairing-Based Non-Interactive Arguments” — Jens Groth (2016). The foundational paper for the Groth16 zkSNARK construction — presenting the most compact proof system for NP statements using bilinear pairings, achieving 3 group elements proof size.
- “PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge” — Gabizon, Williamson, Ciobotaru (2019). Introducing PLONK — the universal zkSNARK that requires only one trusted setup ceremony for all circuits, enabling flexible zkRollup development without per-circuit ceremonies.
- “Trusted Setup Ceremonies: Design, Security, and Lessons Learned” — ZKProof Workshop (2020). Analysis of multi-party computation ceremonies for zkSNARK trusted setups — covering the “powers of tau” design, participant threat models, and operational security procedures. = MPC(output[i-1], my_random)); final output is combination of all participant contributions; Zcash Sapling ceremony (2018): 90+ participants over 90 days; notable contributors: Zooko Wilcox (CEO) using air-gapped machine, Edward Snowden (via anonymous submission), academic cryptographers; entropy sources: physical randomness (coin flips, dice, lava lamps, cosmic ray detectors), hardware entropy; security model: “1-of-n honest” — just one non-colluding participant breaks all adversaries; Groth16 limitation: requires SECOND ceremony (phase 2) per circuit after the universal “powers of tau” (phase 1); Hermez ceremony: 216 contributors, each added entropy and verified chain integrity; PLONK improvement: single universal ceremony covers all circuits of bounded size — eliminates per-circuit phase 2 requirement; open question: can we construct zkSNARKs without any trusted setup? Partially answered by zkSTARKs (no setup) and recursive STARKs.]
- “The State of zkRollups: SNARK-Based Scaling in Production” — L2Beat / Ethereum Foundation (2023). Analysis of zkSNARK-based L2 scaling systems in production — comparing StarkEx (STARK-based), zkSync (PLONK-based), Polygon zkEVM (PLONK-based), and Scroll (Halo2-based) on throughput, finality, and EVM compatibility.
- “ZKP Security: Known Attacks and Vulnerabilities in SNARK Systems” — Trail of Bits (2022). Security audit findings and theoretical attack taxonomy for zkSNARK systems — covering under-constrained circuits, trusted setup vulnerabilities, and implementation bugs in popular proving libraries.