Table of Contents
What Is a Zero-Knowledge Proof?
A zero-knowledge proof lets you prove that a statement is true without revealing any information about why it's true. You can prove you're over 21 without showing your birth date. You can prove you have enough funds without revealing your balance. You can prove a computation ran correctly without revealing the inputs. The verifier learns exactly one bit of information: the statement is true. Nothing else.
The concept sounds paradoxical, but the math is rigorous. Zero-knowledge proofs have three properties: completeness (an honest prover always convinces an honest verifier), soundness (a cheating prover almost never convinces the verifier), and zero-knowledge (the verifier learns nothing beyond the truth of the statement). These aren't aspirational goals. They're mathematical guarantees with formal security proofs. A zero-knowledge proof is not encryption—you're not hiding data to retrieve later. You're proving something about data without revealing the data itself. The proof is a mathematical object that anyone can verify, that conveys no information about the underlying witness, and that cannot be forged.
Here's the real-world analogy. Imagine you have a friend who is colorblind. You're holding two balls—one red, one green—and you want to prove they're different colors without telling your friend which is which. You give them to your friend, who puts them behind their back and either swaps them or doesn't, then shows them to you. You tell your friend whether they swapped. If the balls were the same color, you'd have to guess (50% chance). After 20 rounds, the probability of you faking it drops below one in a million. Your friend is convinced the balls are different colors. They still don't know which is red and which is green. That's zero-knowledge.
STARK vs SNARK
Most zero-knowledge systems in production today use SNARKs (Succinct Non-interactive Arguments of Knowledge). Groth16, PLONK, Halo 2—these are all SNARK variants. They produce tiny proofs (128–256 bytes) and verify quickly. But they have two fundamental weaknesses that H33's STARKs don't share.
SNARK (Groth16 / PLONK)
H33 STARK
No trusted setup. SNARKs require a setup ceremony where secret values ("toxic waste") are generated and must be destroyed. If anyone retains the toxic waste, they can forge proofs for any statement. The entire security of the system depends on the ceremony being honest. Groth16's Powers of Tau ceremony involved hundreds of participants and required each one to destroy their randomness. STARKs have no ceremony. No toxic waste. No trust assumptions. The security comes entirely from the collision resistance of SHA3-256, which has been studied for decades and is considered the gold standard for hash functions.
Post-quantum secure. SNARKs are built on elliptic curve pairings—the same mathematical structures that Shor's algorithm breaks. Every Groth16 proof deployed today will be forgeable when quantum computers reach sufficient scale. STARKs are built on hash functions. Shor's algorithm doesn't help with hash collisions. Grover's algorithm provides a quadratic speedup against hash preimage attacks, but SHA3-256 has a 128-bit post-quantum security level—more than sufficient. STARKs are post-quantum secure by construction.
The trade-off is proof size: ~18 KB for a STARK versus ~200 bytes for Groth16. For blockchain applications where every byte costs gas, this matters. For API-based verification, where proofs are transmitted over HTTP and verified on a server, 18 KB is irrelevant—it's smaller than most API responses. And H33's cached STARK verification runs in 0.059 microseconds, which is 50,000x faster than Groth16's ~3ms verification time.
H33's Two Engines: Lookup STARK + AIR STARK
H33 runs two distinct STARK engines, each optimized for a different class of computation:
Lookup STARK
For computations with a known, finite state space. The proof table is precomputed and cached. Verification is a DashMap lookup: 0.059 microseconds.
- Biometric match/no-match decisions
- Range proofs (age ≥ 21, balance ≥ amount)
- Membership proofs (user in allowlist)
- Compliance checks (value within regulatory limits)
AIR STARK
For arbitrary computations that can't be precomputed. Expresses the computation as polynomial constraints over an execution trace. Full STARK proof generated on demand.
- Custom business logic verification
- Smart contract execution proofs
- Audit trail integrity proofs
- Complex computation verification
The Lookup STARK is what makes H33's numbers possible. For any computation where the set of valid proofs can be precomputed—biometric matching (match or no-match), range checks (in range or out of range), membership tests (in set or not in set)—the proof is generated once and cached in an in-process DashMap. Verification becomes a hash table lookup: 0.059 microseconds. That's 59 nanoseconds. For context, a single L1 cache access takes about 1 nanosecond. This is near-hardware-limit verification speed.
STARK-IQ: Auto-Routing
You don't need to choose between Lookup and AIR. STARK-IQ analyzes your proof request and routes to the optimal engine. If the computation has a precomputable state space, it routes to Lookup STARK. If the computation is open-ended, it routes to AIR STARK. You describe what you want to prove. STARK-IQ handles the rest.
How STARK-IQ Decides
STARK-IQ examines three properties of your proof request: (1) Is the state space finite and small enough to precompute? (2) Has this proof type been generated before? (3) What is the expected verification frequency? For high-frequency, finite-state proofs (like biometric matching), it precomputes the lookup table and serves from cache. For one-off or open-ended proofs, it generates a full AIR STARK on demand. The routing decision happens in nanoseconds and is invisible to your application.
Generate a Proof
Let's generate a STARK proof. We'll prove that a value is within a valid range without revealing the value itself—a common compliance use case (e.g., proving a transaction amount is under a regulatory threshold without disclosing the amount).
curl -X POST https://api.h33.ai/v1/zkp/prove \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"proof_type": "range",
"statement": {
"value_commitment": "sha3:a1b2c3d4e5f6...",
"lower_bound": 0,
"upper_bound": 10000
},
"witness": {
"value": 4250
}
}'The statement is public: "the committed value is between 0 and 10,000." The witness is private: the actual value (4,250). The API returns a proof that the statement is true without revealing the witness:
{
"proof_id": "prf_stark_7x9k2m",
"proof_type": "range",
"engine": "lookup_stark",
"proof": "c4d8f2a1b3e5...truncated...7f9d2c4a",
"proof_size_bytes": 18432,
"statement_hash": "sha3:e7b2a1c4d8f3...",
"verification_url": "https://api.h33.ai/v1/zkp/verify/prf_stark_7x9k2m",
"quantum_resistant": true,
"hash_function": "SHA3-256",
"latency_us": 12.3
}Notice "engine": "lookup_stark"—STARK-IQ routed this range proof to the Lookup engine because range proofs have a finite, precomputable state space. The proof was generated in 12.3 microseconds. Subsequent verifications of this proof type will hit the cache at 0.059 microseconds.
Verify the Proof
Verification is free. No API key required. Anyone can verify.
curl https://api.h33.ai/v1/zkp/verify/prf_stark_7x9k2mOr verify with the raw proof:
curl -X POST https://api.h33.ai/v1/zkp/verify \
-H "Content-Type: application/json" \
-d '{
"proof": "c4d8f2a1b3e5...the-full-proof...",
"statement": {
"value_commitment": "sha3:a1b2c3d4e5f6...",
"lower_bound": 0,
"upper_bound": 10000
}
}'{
"valid": true,
"proof_type": "range",
"engine": "lookup_stark",
"statement_verified": "Value is in range [0, 10000]",
"quantum_resistant": true,
"hash_function": "SHA3-256",
"trusted_setup": false,
"verification_latency_us": 0.059,
"verified_at": "2026-04-02T15:00:00Z"
}The verifier now knows that the committed value is between 0 and 10,000. They don't know the value is 4,250. They don't know anything about the value other than it's in range. The proof is post-quantum secure (SHA3-256), required no trusted setup, and verified in 59 nanoseconds. Anyone with the proof and the statement can run this verification independently—it's not dependent on H33's infrastructure. The proof is a self-contained mathematical object.
Use Cases
Zero-knowledge proofs aren't just for blockchain. They solve real problems wherever you need to prove something without revealing underlying data.
Identity Verification
Prove you're over 21, a resident of a specific country, or a licensed professional—without revealing your ID, address, or license number. The verifier gets a binary yes/no. Zero personal data exposed.
Compliance Proof
Prove your transaction is under the regulatory threshold, your reserves exceed your liabilities, or your data processing meets GDPR requirements—without exposing the actual numbers or processes.
Audit Trail Integrity
Prove that a sequence of operations was executed correctly and in order—without revealing the operations themselves. An auditor verifies the trail is intact without seeing the data that flowed through it.
In each case, the pattern is the same: you have private data, you need to prove something about it, and you don't want to reveal it. A STARK proof turns this into an API call. The proof is generated on H33's infrastructure (your witness data is encrypted in transit and never stored). The proof can be verified by anyone, anywhere, forever. No trusted setup. No quantum vulnerability. No information leakage.
Enterprise examples in production today: banks proving reserve adequacy to regulators without exposing customer accounts. Healthcare providers proving HIPAA compliance without sharing patient records. Supply chain companies proving origin authenticity without revealing supplier contracts. Each of these reduces to a STARK proof request with a public statement and a private witness.
HICS: STARK-Attested Code Grading
HICS Uses STARKs to Prove Code Evaluation Ran Correctly
When HICS evaluates your codebase for post-quantum readiness, the evaluation itself is STARK-attested. This means the grade is a zero-knowledge proof: it proves the evaluation ran correctly, followed the published methodology, and produced the score it claims—without revealing your source code. The grade is cryptographically verifiable. Anyone can check that the score wasn't fabricated, manipulated, or cherry-picked. The STARK proof guarantees computational integrity of the entire grading process.
Your code stays private. Your grade is public and verifiable. That's what ZKPs make possible.
Get Your STARK-Attested HICS Score →What's Next
You've generated and verified your first STARK proof. Here's where to go deeper:
Start Proving Without Revealing
Get your free API key. 10,000 calls/month. No credit card. Your first STARK proof in under a minute.
Get Free API Key