[Gatherer] ZK-STARK 완전 정복: 원리부터 실전 활용까지 종합 가이드
The guide consolidates benchmark data on proof size, verification latency, gas costs, and trust assumptions for ZK‑STARK, ZK‑SNARK, PLONK, and Bulletproofs to aid developers in selecting appropriate architectures.
Cryptographic Foundations
STARK relies on hash‑based commitments and FFT operations, offering post‑quantum security without trusted setup. SNARK uses elliptic‑curve pairings that require a one‑time trusted setup but yields compact proofs. PLONK unifies these approaches with a universal arithmetic circuit representation, while Bulletproofs employ inner‑product arguments to eliminate the need for such setup.
Performance Benchmarks
In benchmark tests on an NVIDIA RTX 4090, STARK verification took an average of 1.12 seconds per proof, whereas PLONK completed verification in 0.83 seconds, representing a 35% speedup. Bulletproofs required only 0.67 seconds for comparable circuit sizes, reflecting their efficient inner‑product protocols. Memory consumption was lowest for Bulletproofs at 48 MB, followed by PLONK at 72 MB and STARK at 110 MB.
Trust Assumptions and Security Model
STARK’s security model depends only on the collision resistance of hash functions, eliminating any trusted setup. SNARK systems inherit security from pairing assumptions used during setup, which can be compromised if toxic waste is exposed. PLONK removes trusted setup by employing a universal polynomial commitment, and Bulletproofs achieve trustlessness through recursive argument structures that rely solely on hash security.