Zero-Knowledge Proofs: What Are zk-STARKs and How Do They Work? (zk-STARK V2)

In the rapidly evolving world of blockchain and digital asset platforms, trust is everything. Users need confidence that exchanges hold sufficient assets to cover all liabilities—without compromising privacy. This is where zero-knowledge proofs (ZKPs) come into play, and more specifically, zk-STARKs, a cutting-edge cryptographic tool that enables transparent verification while preserving user confidentiality.

This article explores the mechanics of zk-STARKs, their role in proof-of-reserves (PoR) systems, and how they power next-generation transparency in crypto exchanges like OKX. We’ll break down complex concepts into digestible sections, explain technical workflows, and guide you through self-verification processes—all while maintaining strict privacy and security standards.

Understanding Proof of Reserves and Zero-Knowledge Proofs

What Is Proof of Reserves (PoR)?

Proof of Reserves (PoR) is a mechanism used by cryptocurrency exchanges to demonstrate that they hold sufficient assets to fully back users’ balances. In essence, it proves solvency—ensuring that the platform isn’t operating as a fractional reserve or engaging in risky financial practices.

A basic PoR would involve publishing two key figures:

• Total user liabilities (sum of all account balances)
• Total on-chain assets held by the exchange

If the assets equal or exceed liabilities, trust is reinforced. However, simply revealing individual user balances threatens privacy. That’s where zero-knowledge proofs step in.

👉 Discover how leading platforms ensure transparency without exposing sensitive data.

What Are Zero-Knowledge Proofs (ZKPs)?

A zero-knowledge proof (ZKP) allows one party (the prover) to prove to another (the verifier) that a statement is true—without revealing any information beyond the truth of that statement.

In the context of PoR:

• The exchange proves it has enough funds to cover all user balances.
• It does not disclose individual account details.
• Users can verify their own inclusion in the total without seeing others’ data.

There are two major types of ZKPs:

• zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge)
• zk-STARKs (Zero-Knowledge Scalable Transparent Argument of Knowledge)

We use zk-STARKs because they offer stronger security guarantees with minimal cryptographic assumptions—no trusted setup required—and are resistant to quantum attacks.

How Do zk-STARKs Work in Proof of Reserves?

At the core of our PoR system lies a Merkle tree, a data structure that aggregates all user balances into a single root hash. Each leaf node represents a user’s account hash, containing token-specific equity and debt values denominated in USD.

To protect privacy and ensure accuracy, we process this data using zk-STARKs through a two-tiered circuit architecture: batch circuits and recursive circuits.

Step 1: Structuring User Balances

Each user’s balance is split into:

• Equity: Positive holdings (e.g., 2 BTC)
• Debt: Negative balances (e.g., -1 ETH due to borrowing)

This ensures only non-negative numbers are processed, simplifying computation and reducing error risks.

These values are hashed and placed as leaves in a Merkle tree. The resulting Merkle root becomes a compact representation of all accounts.

Users receive a Merkle proof—a cryptographic path from their account to the root—allowing them to verify inclusion without exposing their identity.

Step 2: Batch Processing with Batch Circuits

Processing millions of accounts at once is computationally impractical. To solve this, we divide accounts into smaller groups called batches (e.g., 1024 accounts per batch).

Each batch circuit takes these accounts as input and generates three outputs:

• _h_batch: Merkle root of the batch
• _e_batch: Sum of all equities in USD
• _d_batch: Sum of all debts in USD

The circuit verifies:

• All equity ≥ debt within the batch
• Sums are correctly calculated
• No arithmetic overflow occurred
• The Merkle root is correctly formed

This modular approach enables parallel processing across multiple machines, significantly boosting efficiency.

Step 3: Recursive Aggregation with Recursive Circuits

Once batch proofs are generated, we need to combine them into a single global proof. This is done using a recursive circuit.

It accepts:

• 64 batch proofs (π₀ to π₆₃)
• Corresponding hashes (h₀ to h₆₃)
• Equity sums (e₀ to e₆₃)
• Debt sums (d₀ to d₆₃)

And produces:

• _h_recursive: Combined hash of all batch roots
• _e_recursive: Total equity across all batches
• _d_recursive: Total debt across all batches

The recursive circuit ensures:

• All 64 batch proofs are valid
• Aggregated sums match expected totals
• Final hash is correctly derived via concatenation and hashing
• No overflow in summation

This hierarchical design allows us to scale efficiently—even with tens of millions of accounts—while keeping proof sizes small and verification fast.

Advancements in zk-PoR Version 2

Our zk-PoR V2 introduces significant improvements over the previous version:

🔹 50x Faster Proving Time

V2 completes proof generation in just 3 hours on a single 10-core machine, compared to 36 hours across 9 machines (64 cores each) previously. This speed boost comes from:

• Using the Plonky2 framework, which compiles Rust-based circuits into optimized machine code
• Leveraging GPU acceleration for certain computations, reducing time by an additional 30%

🔹 Enhanced Auditability

By abstracting away low-level cryptographic complexity, Plonky2 delivers cleaner, more readable code—making audits easier and reducing the risk of implementation errors.

🔹 Ultra-Compact Proof Size

V2 reduces proof size from ~1.2GB (V1) to just ~500KB—a compression rate of over 99.95%. This is achieved through recursive proof aggregation, where multiple proofs are folded into one succinct, verifiable output.

These enhancements make zk-PoR not only more secure but also more practical for real-world deployment.

Frequently Asked Questions (FAQ)

Q1: Why use zk-STARKs instead of zk-SNARKs?

zk-STARKs eliminate the need for a trusted setup, rely on simpler cryptographic assumptions (hash functions only), and are quantum-resistant. These features make them ideal for high-security environments like exchange reserves.

Q2: Can anyone verify the proof independently?

Yes. The entire PoR system is open-source. Anyone can download the verification tool and validate both individual inclusion and global solvency claims—no special permissions required.

Q3: How do I know my data isn’t exposed during verification?

Your personal data remains private. You only share a cryptographic commitment (hash) of your account and its Merkle path—no identifiable information is revealed during verification.

Q4: What happens if the proof fails?

If verification fails, it indicates either incorrect aggregation, missing accounts, or negative net worth somewhere in the system. Such an outcome would raise serious concerns about solvency and require immediate investigation.

Q5: Is this system resistant to manipulation?

The use of Merkle trees, zero-knowledge proofs, and open-source tooling makes tampering extremely difficult. Any attempt to alter data would invalidate the cryptographic proofs.

👉 See how advanced cryptography protects your digital assets behind the scenes.

How to Self-Verify Your Account Inclusion

You can personally confirm that your balance is included in the reserve audit:

1. Log in to your OKX account → Go to Assets
2. Select Proof of Reserves
3. Click Details → Choose Copy Data
4. Paste the JSON string into a text editor and save it as _inclusion_proof.json
5. Download the open-source validator:
   zk-STARKValidator
6. Place both the validator and your JSON file in the same folder
7. Run the validator—it will automatically process your file

8. Check the result:

   • ✅ "Inclusion constraint verified"
   • ❌ "Inclusion constraint failed"

This gives you direct control over verifying your presence in the system—without relying on third parties.

How to Verify Total Balance and Non-Negative Constraints

To confirm the exchange holds enough assets and no user has negative equity:

1. Visit the official PoR page → Select Liability Report
2. Download the zk-STARK proof file
3. Extract sum_proof_data.json
4. Download the zk-STARKValidator
5. Place both files in a new folder
6. Run the validator—it will process the sum proof automatically

7. Look for:

   • ✅ "Total sum and non-negative constraint verified"
   • ❌ "Verification failed"

This proves both completeness and fairness: every user is accounted for, and no one owes more than they hold.

Open Source and Transparency

Transparency builds trust. That’s why our entire zk-PoR V2 system is open-sourced on GitHub:

github.com/okx/proof-of-reserves-v2

Developers, auditors, and users can examine, test, and contribute to the codebase—ensuring long-term accountability.

👉 Explore how cutting-edge cryptography powers trustless verification today.