One sentence for ZK: ZK is a way for a prover to convince a verifier that some statement is true but reveals no additional information except that the statement is true. ZK is designed for anonymity. Imagine that we can prove we have a valid ID without verifiers knowing our real name or ID.
Here is a more vivid example. Alice and Bob are playing Sudoku. Alice would like to show Bob that she found the answer. However, she did not want to reveal any information about the answer since Bob was still working on it. How will you design this proof?
The answer is simple. We write down the Sudoku into cards, facing down. Bob can randomly choose one column, row, or block. Alice takes that column, row, or block of cards and shuffles it. Bob can verify the correctness by checking cards with 1-9. By constantly performing this step, Bob can say that Alice knows the answer, but Bob does not know the answer after the verification.
If you still can’t get the idea, view this video. The UCLA CS professor will explain ZK on five different levels. You will definitely get it.
Before examining the ZK Proof System comprehensively, notice that ZK-SNARK is a name of a class of schemes, and ZK-STARK is the name of a specific scheme.
Let’s start with ZK-SNARK. SNARK stands for Succinct Non-Interactive Arguments of Knowledge. SNARK is unique from other ZK proof systems because of its trust setup phase, what ‘N’ stands for.
The problem with ZK-SNARK is the trust setup phase. The trust setup phase generates a reference string. If the reference string is leaked, anyone can make the fake proof. Also, coordinating such a trust setup phase between multiparty is complex. The reference string can only be used in one program (Circuit). Thus it is impossible to have ZK-SNARK with a single trust setup for general computation. Another problem is that the reference string is not upgradable. If we upgrade the program, we need to rerun the trust setup phase.
To solve the problem, there are two approaches: