Evaluating the Efficiency of zk-SNARK, zk-STARK, and Bulletproof in Real-World Scenarios: A Benchmark Study

1. Introduction

In digital interactions, individuals often need to verify statements without revealing unnecessary information. Traditional verification methods expose excessive data, creating privacy risks—especially when servers store copies of sensitive documents. Zero-knowledge proofs (ZKPs), introduced by Goldwasser et al., address this by enabling one party (the prover) to convince another (the verifier) of a statement’s truth without disclosing additional knowledge.

While early ZKPs required interactive communication, Blum et al. later developed non-interactive zero-knowledge proofs (NIZKPs), allowing single-round verification. These have become pivotal in:

• Cryptocurrencies (e.g., Zcash, Ethereum) for private transactions.
• Privacy-preserving authentication across industries beyond finance.

Our study benchmarks three leading NIZKP protocols—zk-SNARK, zk-STARK, and Bulletproof—in a unified, real-world application to evaluate their performance and security trade-offs.

2. Methodology

2.1. Benchmark Design

We implemented a MiMC hash function (optimized for ZKPs) across all three protocols using:

• zk-SNARK: Rust’s Bellman and Go’s gnark libraries.
• zk-STARK: Rust’s Winterfell.
• Bulletproof: Rust’s Bulletproofs crate.

Key Metrics Measured:

• Proof size (bytes).
• Proof generation/verification time (ms).
• Security levels (bits).

2.2. Configuration

• zk-SNARK: BLS12-381 curve, Groth16 proving system.
• zk-STARK: Default parameters (42 queries, blowup factor 8).
• Bulletproof: Curve25519 with Ristretto group.

3. Results

3.1. Performance Comparison

| Protocol | Proof Size (B) | Generation Time (ms) | Verification Time (ms) |
|----------------|---------------|----------------------|------------------------|
| zk-SNARK | 192–484 | 15–350 | 5–50 |
| Bulletproof| 500–2,000 | 200–10,000 | 10–1,000 |
| zk-STARK | 2,000–20,000 | 10–200 | 1–20 |

Observations:

• zk-SNARK: Smallest proofs, moderate speed. Verification key size affects total data transfer.
• Bulletproof: Larger proofs, slower generation (linear scaling).
• zk-STARK: Fastest verification, but largest proofs.

3.2. Security Analysis

• zk-STARK: Quantum-resistant (128-bit security).
• zk-SNARK/Bulletproof: Relies on elliptic-curve assumptions (~128-bit), vulnerable to quantum attacks.

4. Discussion

4.1. Use Case Recommendations

• zk-SNARK: Best for low-bandwidth applications (e.g., blockchain light clients).
• zk-STARK: Ideal for post-quantum needs or high-throughput verification.
• Bulletproof: Suitable for batch verification (e.g., confidential transactions).

4.2. Limitations

• Implementation variability: Library optimizations impact metrics.
• Security assumptions: Exact security levels depend on underlying curves/hashes.

5. Conclusion

Our benchmark highlights critical trade-offs:

• Efficiency: zk-SNARK leads in compactness; zk-STARK in speed.
• Security: zk-STARK excels in quantum resistance.

👉 For more on ZKP applications in blockchain

Future Work: Explore protocol optimizations and hybrid approaches.

FAQ

Q1: Which protocol is fastest for verification?
A1: zk-STARK, by an order of magnitude (1–20 ms).

Q2: Are zk-SNARKs quantum-secure?
A2: No—they rely on elliptic-curve cryptography.

Q3: Can Bulletproofs be batched?
A3: Yes, batch verification improves efficiency for multiple proofs.

👉 Explore ZKP tools for developers