Zero-Knowledge Proofs are based on three algorithms, Setup, which generates the keys, Prove, which generates a proof of some statement, and Verify, which verifies the proof. There are many factors to take into account when considering the trade-offs of the existing schemes. The main ones are, the security of the scheme, the efficiency and the key generation.
I published a post where I try to unpack the key generation aspect of the trade-off. In short, succinct zero-knowledge proofs require a setup stage, in the form of trusted setup or a multiparty ceremony. The exceptions are where the statement being proven is small enough that succinctness is not an issue, or it is of a form that can be written down compactly (e.g., when it’s highly repetitive).
There are many nuances to doing this setup in a way that maximizes security and efficiency, and minimizes trust and failure modes. Yet I claim that pre-processing SNARKs can be the right trade-off to take even though there is a need for an MPC. Two of the reasons are that
- proof size and verifier running time become succinct
- with universal and updateable CRS (the keys), one does not need to recompute the MPC
Here is the post on medium. This topic is under active research by different teams, both in academia and in the industry, and requires special attention and discussion, all which are welcome.