The Ultimate Guide to Zero-Knowledge Proofs: zk-SNARKs vs zk-STARKs

Paulina Lewandowska

14 Apr 2023
The Ultimate Guide to Zero-Knowledge Proofs: zk-SNARKs vs zk-STARKs


As blockchain and cryptocurrency have risen in popularity, zero-knowledge proofs have become increasingly important in cryptography. These types of proofs allow for one party to prove they know certain information without actually revealing the information, making them useful for confidential transactions. In this blog post, we will compare the differences between the two most commonly used kinds of zero-knowledge proofs: zk-SNARKs vs zk-STARKs.

What are Zero Knowledge Proofs?

In cryptography, zero-knowledge proofs are a type of protocol that enables one party to prove to another party that a statement is true without revealing any additional information beyond the statement's truthfulness. In other words, zero-knowledge proofs allow one party to demonstrate knowledge of a particular fact without disclosing any other information that could be used to derive the same knowledge. This makes them useful for applications that require secure and private transactions, such as in blockchain and cryptocurrency, where they can be used to verify transactions without revealing any sensitive information. Zero-knowledge proofs are becoming increasingly important in cryptography due to their potential applications in privacy-preserving systems and secure transactions.

In the Mina Protocol video below, you will learn more details:

Zk-SNARKs vs zk-STARKs: what’s the difference?

In the realm of zero-knowledge proofs, there are two types: k-SNARKs and zk-STARKs. The distinguishing factor between the two lies in their approach to generating proofs. While zk-SNARKs utilize a trusted setup in which a group of trusted individuals generate a set of public parameters to generate proofs that can be reused indefinitely, zk-STARKs employ a more computationally intensive method that negates the need for a trusted setup.

Zk-SNARKs vs zk-STARKs

When comparing Zk-SNARKs and zk-STARKs, one key difference is their level of transparency. Zk-SNARKs are considered less transparent than zk-STARKs due to their reliance on a secret key that is only known to trusted setup participants, which could compromise the system's security if leaked or compromised. However, zk-STARKs are completely transparent and don't rely on assumptions or secret keys, making them more appealing to those who prioritize both transparency and security.

In terms of proof generation time and size, Zk-SNARKs are generally less efficient than zk-STARKs. However, zk-STARKs have the advantage of scalability and can handle more complex computations. Additionally, zk-STARKs are post-quantum secure, while Zk-SNARKs are not, making them resistant to attacks from quantum computers. Another important consideration is that zk-STARKs are more scalable and can handle larger computations compared to zk-SNARKs.

Zk-SNARKs explained

Zk-SNARKs have become increasingly popular due to their efficiency and privacy-preserving features, making them applicable in various real-life scenarios such as in blockchain, where they can be deployed to prove ownership of digital assets without revealing sensitive information. Additionally, Zk-SNARKs have played a crucial role in voting systems by ensuring the accurate counting of votes while maintaining voter anonymity. One of the most notable applications of Zk-SNARKs can be observed in Zcash, a private cryptocurrency, which allows users to transact anonymously while concealing transaction data. However, concerns about potential security risks have been raised regarding the use of trusted setups in Zk-SNARKs, as a compromised trusted setup can put the entire system's privacy at risk.

Zk-STARKs explained

Rather than requiring a trusted setup like zk-SNARKs do, zk-STARKs were developed as a better alternative, which is more resistant to attacks. This is because the trusted setup of zk-SNARKs is vulnerable to malicious use should it be compromised. Despite this, zk-STARKs require more calculations to generate a proof, making them less efficient overall. Still, recent developments have paved the way for more efficient zk-STARKs, making it a promising replacement to zk-SNARKs.

According to their use cases, zk-SNARKs and zk-STARKs differ not only in efficiency and trusted setups. Applications that require fast and efficient proof verification, such as privacy-preserving transactions in cryptocurrencies, typically use zk-SNARKs. In contrast, zk-STARKs are more appropriate for applications that require transparency and no trusted setup, such as voting systems and decentralized autonomous organizations (DAOs). Additionally, it's worth noting that although zk-SNARKs and zk-STARKs are the most prominent types of zero-knowledge proofs, there are other variants such as Bulletproofs and Aurora that offer different trade-offs in efficiency and security, depending on the specific use case.

How to implement zk proof in the project?

When implementing zero-knowledge proof in a project, there are various technical steps involved, and depending on the type of zero-knowledge proof used, different methods and tools are available, such as zk-SNARKs vs zk-STARKs. For instance, when using zk-SNARKs, developers must utilize a trusted setup to produce the public parameters that will be used to generate and authenticate the proofs. The process requires the selection of the appropriate trusted setup ceremony, the setup of necessary infrastructure and assigning the participants who will generate the parameters. After the trusted setup, developers must include the appropriate libraries such as libsnark in their code and develop the functions required to generate and authenticate the proofs.

When it comes to zk-STARKs, a different approach is necessary for developers since trusted setup isn't required. To prove the computations, they need to utilize tools like circom and snarkjs to generate the circuits and tools such as groth16 and marlin to verify and generate the proofs. This includes choosing the appropriate tools and libraries, creating circuits, and ensuring full implementation of verification functions and proof generation.

A deep understanding of the cryptographic protocols involved, as well as having access to the necessary tools and libraries, are crucial requirements for developers when implementing zero-knowledge proof in a project. Additionally, developers must ensure that the proofs generated by the system are correct, secure, and efficient without compromising the users' privacy or security. Testing and debugging play a critical role during the process, and developers must ensure the system undergoes thorough testing before deploying it to production.


Zero-knowledge proofs have become increasingly crucial in cryptography, particularly in blockchain and cryptocurrency. The most commonly used types of zero-knowledge proofs are zk-SNARKs and zk-STARKs, which vary in their approach to generating proofs, level of transparency, proof generation time and size, scalability, and post-quantum security. To implement zero-knowledge proof in a project, developers must possess a thorough understanding of the cryptographic protocols employed, access to the necessary tools and libraries, and ensure the system undergoes comprehensive testing before deployment. Different technical steps and methods are required depending on the zero-knowledge proof used. As the use of zero-knowledge proofs continues to expand, comprehending the trade-offs between different types and effectively implementing them in various applications while safeguarding privacy and security is of utmost importance.

Most viewed

Never miss a story

Stay updated about Nextrope news as it happens.

You are subscribed

Token Engineering Process

Kajetan Olas

13 Apr 2024
Token Engineering Process

Token Engineering is an emerging field that addresses the systematic design and engineering of blockchain-based tokens. It applies rigorous mathematical methods from the Complex Systems Engineering discipline to tokenomics design.

In this article, we will walk through the Token Engineering Process and break it down into three key stages. Discovery Phase, Design Phase, and Deployment Phase.

Discovery Phase of Token Engineering Process

The first stage of the token engineering process is the Discovery Phase. It focuses on constructing high-level business plans, defining objectives, and identifying problems to be solved. That phase is also the time when token engineers first define key stakeholders in the project.

Defining the Problem

This may seem counterintuitive. Why would we start with the problem when designing tokenomics? Shouldn’t we start with more down-to-earth matters like token supply? The answer is No. Tokens are a medium for creating and exchanging value within a project’s ecosystem. Since crypto projects draw their value from solving problems that can’t be solved through TradFi mechanisms, their tokenomics should reflect that. 

The industry standard, developed by McKinsey & Co. and adapted to token engineering purposes by Outlier Ventures, is structuring the problem through a logic tree, following MECE.
MECE stands for Mutually Exclusive, Collectively Exhaustive. Mutually Exclusive means that problems in the tree should not overlap. Collectively Exhaustive means that the tree should cover all issues.

In practice, the “Problem” should be replaced by a whole problem statement worksheet. The same will hold for some of the boxes.
A commonly used tool for designing these kinds of diagrams is the Miro whiteboard.

Identifying Stakeholders and Value Flows in Token Engineering

This part is about identifying all relevant actors in the ecosystem and how value flows between them. To illustrate what we mean let’s consider an example of NFT marketplace. In its case, relevant actors might be sellers, buyers, NFT creators, and a marketplace owner. Possible value flow when conducting a transaction might be: buyer gets rid of his tokens, seller gets some of them, marketplace owner gets some of them as fees, and NFT creators get some of them as royalties.

Incentive Mechanisms Canvas

The last part of what we consider to be in the Discovery Phase is filling the Incentive Mechanisms Canvas. After successfully identifying value flows in the previous stage, token engineers search for frictions to desired behaviors and point out the undesired behaviors. For example, friction to activity on an NFT marketplace might be respecting royalty fees by marketplace owners since it reduces value flowing to the seller.


Design Phase of Token Engineering Process

The second stage of the Token Engineering Process is the Design Phase in which you make use of high-level descriptions from the previous step to come up with a specific design of the project. This will include everything that can be usually found in crypto whitepapers (e.g. governance mechanisms, incentive mechanisms, token supply, etc). After finishing the design, token engineers should represent the whole value flow and transactional logic on detailed visual diagrams. These diagrams will be a basis for creating mathematical models in the Deployment Phase. 

Token Engineering Artonomous Design Diagram
Artonomous design diagram, source: Artonomous GitHub

Objective Function

Every crypto project has some objective. The objective can consist of many goals, such as decentralization or token price. The objective function is a mathematical function assigning weights to different factors that influence the main objective in the order of their importance. This function will be a reference for machine learning algorithms in the next steps. They will try to find quantitative parameters (e.g. network fees) that maximize the output of this function.
Modified Metcalfe’s Law can serve as an inspiration during that step. It’s a framework for valuing crypto projects, but we believe that after adjustments it can also be used in this context.

Deployment Phase of Token Engineering Process

The Deployment Phase is final, but also the most demanding step in the process. It involves the implementation of machine learning algorithms that test our assumptions and optimize quantitative parameters. Token Engineering draws from Nassim Taleb’s concept of Antifragility and extensively uses feedback loops to make a system that gains from arising shocks.

Agent-based Modelling 

In agent-based modeling, we describe a set of behaviors and goals displayed by each agent participating in the system (this is why previous steps focused so much on describing stakeholders). Each agent is controlled by an autonomous AI and continuously optimizes his strategy. He learns from his experience and can mimic the behavior of other agents if he finds it effective (Reinforced Learning). This approach allows for mimicking real users, who adapt their strategies with time. An example adaptive agent would be a cryptocurrency trader, who changes his trading strategy in response to experiencing a loss of money.

Monte Carlo Simulations

Token Engineers use the Monte Carlo method to simulate the consequences of various possible interactions while taking into account the probability of their occurrence. By running a large number of simulations it’s possible to stress-test the project in multiple scenarios and identify emergent risks.

Testnet Deployment

If possible, it's highly beneficial for projects to extend the testing phase even further by letting real users use the network. Idea is the same as in agent-based testing - continuous optimization based on provided metrics. Furthermore, in case the project considers airdropping its tokens, giving them to early users is a great strategy. Even though part of the activity will be disingenuine and airdrop-oriented, such strategy still works better than most.

Time Duration

Token engineering process may take from as little as 2 weeks to as much as 5 months. It depends on the project category (Layer 1 protocol will require more time, than a simple DApp), and security requirements. For example, a bank issuing its digital token will have a very low risk tolerance.

Required Skills for Token Engineering

Token engineering is a multidisciplinary field and requires a great amount of specialized knowledge. Key knowledge areas are:

  • Systems Engineering
  • Machine Learning
  • Market Research
  • Capital Markets
  • Current trends in Web3
  • Blockchain Engineering
  • Statistics


The token engineering process consists of 3 steps: Discovery Phase, Design Phase, and Deployment Phase. It’s utilized mostly by established blockchain projects, and financial institutions like the International Monetary Fund. Even though it’s a very resource-consuming process, we believe it’s worth it. Projects that went through scrupulous design and testing before launch are much more likely to receive VC funding and be in the 10% of crypto projects that survive the bear market. Going through that process also has a symbolic meaning - it shows that the project is long-term oriented.

If you're looking to create a robust tokenomics model and go through institutional-grade testing please reach out to Our team is ready to help you with the token engineering process and ensure your project’s resilience in the long term.


What does token engineering process look like?

  • Token engineering process is conducted in a 3-step methodical fashion. This includes Discovery Phase, Design Phase, and Deployment Phase. Each of these stages should be tailored to the specific needs of a project.

Is token engineering meant only for big projects?

  • We recommend that even small projects go through a simplified design and optimization process. This increases community's trust and makes sure that the tokenomics doesn't have any obvious flaws.

How long does the token engineering process take?

  • It depends on the project and may range from 2 weeks to 5 months.

What is Berachain? 🐻 ⛓️ + Proof-of-Liquidity Explained


18 Mar 2024
What is Berachain? 🐻 ⛓️ + Proof-of-Liquidity Explained

Enter Berachain: a high-performance, EVM-compatible blockchain that is set to redefine the landscape of decentralized applications (dApps) and blockchain services. Built on the innovative Proof-of-Liquidity consensus and leveraging the robust Polaris framework alongside the CometBFT consensus engine, Berachain is poised to offer an unprecedented blend of efficiency, security, and user-centric benefits. Let's dive into what makes it a groundbreaking development in the blockchain ecosystem.

What is Berachain?


Berachain is an EVM-compatible Layer 1 (L1) blockchain that stands out through its adoption of the Proof-of-Liquidity (PoL) consensus mechanism. Designed to address the critical challenges faced by decentralized networks. It introduces a cutting-edge approach to blockchain governance and operations.

Key Features

  • High-performance Capabilities. Berachain is engineered for speed and scalability, catering to the growing demand for efficient blockchain solutions.
  • EVM Compatibility. It supports all Ethereum tooling, operations, and smart contract languages, making it a seamless transition for developers and projects from the Ethereum ecosystem.
  • Proof-of-Liquidity.This novel consensus mechanism focuses on building liquidity, decentralizing stake, and aligning the interests of validators and protocol developers.


EVM-Compatible vs EVM-Equivalent


EVM compatibility means a blockchain can interact with Ethereum's ecosystem to some extent. It can interact supporting its smart contracts and tools but not replicating the entire EVM environment.


An EVM-equivalent blockchain, on the other hand, aims to fully replicate Ethereum's environment. It ensures complete compatibility and a smooth transition for developers and users alike.

Berachain's Position

Berachain can be considered an "EVM-equivalent-plus" blockchain. It supports all Ethereum operations, tooling, and additional functionalities that optimize for its unique Proof-of-Liquidity and abstracted use cases.

Berachain Modular First Approach

At the heart of Berachain's development philosophy is the Polaris EVM framework. It's a testament to the blockchain's commitment to modularity and flexibility. This approach allows for the easy separation of the EVM runtime layer, ensuring that Berachain can adapt and evolve without compromising on performance or security.

Proof Of Liquidity Overview

High-Level Model Objectives

  • Systemically Build Liquidity. By enhancing trading efficiency, price stability, and network growth, Berachain aims to foster a thriving ecosystem of decentralized applications.
  • Solve Stake Centralization. The PoL consensus works to distribute stake more evenly across the network, preventing monopolization and ensuring a decentralized, secure blockchain.
  • Align Protocols and Validators. Berachain encourages a symbiotic relationship between validators and the broader protocol ecosystem.

Proof-of-Liquidity vs Proof-of-Stake

Unlike traditional Proof of Stake (PoS), which often leads to stake centralization and reduced liquidity, Proof of Liquidity (PoL) introduces mechanisms to incentivize liquidity provision and ensure a fairer, more decentralized network. Berachain separates the governance token (BGT) from the chain's gas token (BERA) and incentives liquidity through BEX pools. Berachain's PoL aims to overcome the limitations of PoS, fostering a more secure and user-centric blockchain.

Berachain EVM and Modular Approach

Polaris EVM

Polaris EVM is the cornerstone of Berachain's EVM compatibility, offering developers an enhanced environment for smart contract execution that includes stateful precompiles and custom modules. This framework ensures that Berachain not only meets but exceeds the capabilities of the traditional Ethereum Virtual Machine.


The CometBFT consensus engine underpins Berachain's network, providing a secure and efficient mechanism for transaction verification and block production. By leveraging the principles of Byzantine fault tolerance (BFT), CometBFT ensures the integrity and resilience of the Berachain blockchain.


Berachain represents a significant leap forward in blockchain technology, combining the best of Ethereum's ecosystem with innovative consensus mechanisms and a modular development approach. As the blockchain landscape continues to evolve, Berachain stands out as a promising platform for developers, users, and validators alike, offering a scalable, efficient, and inclusive environment for decentralized applications and services.


For those interested in exploring further, a wealth of resources is available, including the Berachain documentation, GitHub repository, and community forums. It offers a compelling vision for the future of blockchain technology, marked by efficiency, security, and community-driven innovation.


How is Berachain different?

  • It integrates Proof-of-Liquidity to address stake centralization and enhance liquidity, setting it apart from other blockchains.

Is Berachain EVM-compatible?

  • Yes, it supports Ethereum's tooling and smart contract languages, facilitating easy migration of dApps.

Can it handle high transaction volumes?

  • Yes, thanks to the Polaris framework and CometBFT consensus engine, it's built for scalability and high throughput.