I have a question regarding the term ‘succintness’ of zero knowledge proofs. Does succinct mean “short proofs” (meaning the proof size grows sub-linear to the full statement) OR does it mean low verification time? Up to now I have thought that short proof sizes also imply short verificiation times. e.g. on the zCash website it says:
“Succinct" zero-knowledge proofs can be verified within a few milliseconds, with a proof length of only a few hundred bytes even for statements about programs that are very large
and therefore succinctness somewhat addresses both issues, but the following screenshot (Zooko Wilcox keynote from Devcon4) implies otherwise, since for example STARKs have big proof sizes, but small verification times whereas bulletproofs have small proofs but large verification times:
Also, in what situations would one prefer smaller proof sizes with big verification times over big proof sizes with small verification times? Whats the point of even having small proofs when the verification time is long anyway? Maybe for reasons of total blockchain size?