In the ever-evolving landscape of zero-knowledge proofs (ZKPs), STARKs have long held a prominent position. These cryptographic constructs serve as the foundation for several major ZK provers in production, including zkSync’s Boojum, Polygon’s zkProver, Aleo’s Winterfell, Aztec Protocol, and RISC Zero’s Zeth. Now, a groundbreaking collaboration between StarkWare and Polygon Labs promises to take STARKs to new heights.
The Scalability Challenge
Scalability is a critical factor when it comes to ZK provers. Efficiently generating and verifying proofs is essential for their widespread adoption. STARKs, with their “Transparent” nature that eliminates the need for trusted setups (unlike many SNARK-based provers), have been at the forefront of this field.
Introducing Stwo: The STARK Two Prover
Recent research has significantly advanced the scalability of STARKs, resulting in a new generation of provers known as Stwo (short for STARK Two). This collaboration between StarkWare and Polygon Labs aims to increase proving capacity by a staggering 100 times.
The Secret Ingredient: Mersenne Primes
Stwo’s speed and efficiency lie in its clever use of the eighth Mersenne prime (specifically, M31) for computations. Mersenne primes are prime numbers expressed in the form Mn = 2^n – 1, where n is an integer. These primes have unique properties and applications in number theory and computer science. Importantly, they align well with modern computer architectures, making operations involving M31 highly efficient.
The Circle and Geometric Methods
But here’s where it gets even more intriguing: Stwo leverages a geometric method inspired by the humble circle. This approach, combined with the M31 field, enables the Stark Two prover to generate proofs swiftly and with less computational power.
Beyond Starknet
The impact of this breakthrough extends beyond Starknet. Ventali Tan, co-founder of Lita (which is building the Valida zk-Virtual Machine), emphasizes that Stwo confirms the speed and power of the FRI polynomial commitment scheme—a key ingredient in STARKs. This same scheme underpins other high-performance proof systems like Plonky2 and Plonky3, which Valida and Succinct’s SP1 rely on.