What Is a ZK-STARK?

A zk-STARK is a zero-knowledge proof built without a trusted setup — using hash functions instead of elliptic curve pairings, at the cost of a larger proof.
Lewis Jackson
CEO and Founder

The zk-SNARK's biggest structural weakness is the trusted setup — a one-time ceremony that generates shared cryptographic parameters, with secret values that have to be destroyed and never recovered. Most of the time that ceremony goes fine. But "most of the time" is an uncomfortable phrase to build a security model on, and a fair number of engineers looked at that requirement and decided to build something that didn't need it at all.

That's a zk-STARK. STARK stands for Scalable Transparent ARgument of Knowledge, and both of those adjectives are doing something specific: "transparent" means no trusted setup, and "scalable" means the proving and verification costs grow in a much friendlier way as computations get bigger. The tradeoff, and there's always a tradeoff, is proof size — STARK proofs run tens to hundreds of kilobytes, versus a few hundred bytes for a SNARK. Same job, different set of costs.

How a zk-STARK Actually Works

The core design choice that separates a STARK from a SNARK is what kind of math it leans on. SNARKs get their succinctness from elliptic curve pairings — an elegant piece of cryptography, but one that depends on the discrete logarithm problem being hard, and on a trusted setup to generate the reference parameters those pairings check against. STARKs skip pairings entirely and build their proofs out of hash functions instead, the same collision-resistant hashing used throughout blockchain infrastructure generally.

Concretely: the computation being proven still gets converted into a set of polynomial constraints, much like in a SNARK. But instead of committing to those polynomials via pairing-based cryptography, a STARK uses something called a Merkle tree — repeatedly hashing data into a tree structure until you get a single root hash that commits to everything beneath it, without revealing it. The prover then uses a protocol called FRI (it stands for Fast Reed-Solomon Interactive Oracle Proof of Proximity, which nobody says out loud) to convince the verifier that the committed values really do form a low-degree polynomial — which is the mathematical property that guarantees the computation was done correctly — by spot-checking a small number of points rather than the whole thing.

Nothing in that process requires a secret. Anyone can independently verify a STARK proof using only public information and the hash function itself. That's what "transparent" means in practice: no ceremony, no destroyed secrets, no residual trust assumption sitting underneath the whole system.

The "scalable" half of the name comes from how proving time behaves. STARK proving time scales quasi-linearly with the size of the computation, and — this is the part that matters for real deployments — verification time scales polylogarithmically, meaning it grows extremely slowly even as the underlying computation gets much larger. Prove a computation a thousand times bigger, and the proof only takes marginally longer to check.

Where the Constraints Live

Proof size is the binding constraint, and it's a real one. Hash-based commitments are less compact than elliptic curve pairings, so STARK proofs are meaningfully larger than SNARK proofs for the same statement. On a blockchain, data posted on-chain costs money, so a bigger proof has historically meant a more expensive one to verify — a real disadvantage in fee-sensitive environments, though it's narrowed as verification techniques and calldata costs have both improved.

There's a second constraint worth naming, and it cuts the other way: STARKs are widely considered post-quantum secure, because hash functions aren't vulnerable to Shor's algorithm the way elliptic curve discrete logarithms are. SNARKs, built on pairing-based cryptography, would need to be redesigned if practical quantum computers ever arrive. STARKs, built on hashing, mostly wouldn't. That's a constraint on the future, not the present — but it's the kind of asymmetry that shapes which construction gets chosen for systems meant to last decades rather than years.

What's Changing

Proof size is the thing actively being worked on. Techniques for compressing STARK proofs and reducing on-chain verification cost have improved steadily, narrowing — without eliminating — the size gap with SNARKs. Recursive proving, where one proof verifies a batch of other proofs, is being applied to STARKs specifically to compress many computations into a single, cheaper-to-verify proof, which does more to solve the cost problem than raw proof-size optimization alone.

Production adoption is the other visible shift. StarkWare's StarkEx and StarkNet systems run STARK proofs at meaningful scale today, and STARK-based validity proofs are increasingly used as an explicit alternative to SNARK-based ones in rollup architecture — not a replacement so much as a parallel track with a different risk profile.

What Would Confirm This Direction

Continued narrowing of the proof-size and verification-cost gap with SNARKs through better compression and recursive composition. Growing production usage of STARK-based systems at scale without security incidents. Increased attention to post-quantum cryptography generally, which would make the transparent, hash-based design look more forward-looking rather than just a different tradeoff.

What Would Invalidate or Change It

A practical break in the collision-resistance of the hash functions STARKs depend on would be serious, though hash-based cryptography has a long track record and is generally considered more conservative than newer elliptic curve assumptions. More likely: if proof-size and on-chain verification costs never close the gap with SNARKs in cost-sensitive deployments, adoption could stay concentrated in a narrower set of use cases rather than becoming the default choice.

Timing Perspective

Now: zk-STARKs are live in production, most visibly through StarkWare's StarkNet and StarkEx, and are an established alternative wherever the trusted-setup question matters enough to accept a larger proof.

Next: Proof compression and recursive composition are the active engineering fronts — the same problem SNARKs are working on, approached from a different starting point.

Later: Post-quantum security could become the deciding factor rather than a secondary consideration, if quantum computing progress accelerates. That's a long-horizon variable, not a near-term one.

Boundary Statement

This covers what distinguishes a zk-STARK from a zk-SNARK — the transparent setup, the hash-based construction, the FRI protocol, and the size-versus-trust tradeoff. It doesn't cover the internals of FRI in mathematical detail, the security audit status of any specific StarkWare product, or a general comparison of every proof system in use today.

This is mechanism explanation only. It isn't a recommendation to use, build on, or invest in any STARK-based product.

Related Posts

See All
Crypto Research
New XRP-Focused Research Defining the “Velocity Threshold” for Global Settlement and Liquidity
A lot of people looking at my recent research have asked the same question: “Surely Ripple already understands all of this. So what does that mean for XRP?” That question is completely valid — and it turns out it’s the right question to ask. This research breaks down why XRP is unlikely to be the internal settlement asset of CBDC shared ledgers or unified bank platforms, and why that doesn’t mean XRP is irrelevant. Instead, it explains where XRP realistically fits in the system banks are actually building: at the seams, where different rulebooks, platforms, and networks still need to connect. Using liquidity math, system design, and real-world settlement mechanics, this piece explains: why most value settles inside venues, not through bridges why XRP’s role is narrower but more precise than most narratives suggest how velocity (refresh interval) determines whether XRP creates scarcity or just throughput and why Ripple’s strategy makes more sense once you stop assuming XRP must be “the core of everything” This isn’t a bullish or bearish take — it’s a structural one. If you want to understand XRP beyond hype and price targets, this is the question you need to grapple with.
Read Now
Crypto Research
The Jackson Liquidity Framework - Announcement
Lewis Jackson Ventures announces the release of the Jackson Liquidity Framework — the first quantitative, regulator-aligned model for liquidity sizing in AMM-based settlement systems, CBDC corridors, and tokenised financial infrastructures. Developed using advanced stochastic simulations and grounded in Basel III and PFMI principles, the framework provides a missing methodology for determining how much liquidity prefunded AMM pools actually require under real-world flow conditions.
Read Now
Crypto Research
Banks, Stablecoins, and Tokenized Assets
In Episode 011 of The Macro, crypto analyst Lewis Jackson unpacks a pivotal week in global finance — one marked by record growth in tokenized assets, expanding stablecoin adoption across emerging markets, and major institutions deepening their blockchain commitments. This research brief summarises Jackson’s key findings, from tokenized deposits to institutional RWA chains and AI-driven compliance, and explains how these developments signal a maturing, multi-rail settlement architecture spanning Ethereum, XRPL, stablecoin networks, and new interoperability layers.Taken together, this episode marks a structural shift toward programmable finance, instant settlement, and tokenized real-world assets at global scale.
Read Now

Related Posts

See All
No items found.
Lewsletter

Weekly notes on what I’m seeing

A personal letter I send straight to your inbox —reflections on crypto, wealth, time and life.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.