*This post was first published on Medium. *

Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.

We extend it to generate and verify proofs on Bitcoin.

**Install Zokrates**

**From binary**

Binaries can be downloaded from release page.

**From source**

git clone https://github.com/sCrypt-Inc/zokrates

cd ZoKrates

cargo +nightly build -p zokrates_cli –release

cd target/release

**Zokrates workflow**

The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin.

**1. Design a circuit**

Create a new Zokrates file named factor.zok with the following content:

This simple circuit/program proves one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private input named p and q and one public input named n.

**2. Compile the circuit**

Compile the circuit with the following command:

zokrates compile -i factor.zok

This generates two files that encode the circuit in binary and human-readable format.

**3. Setup**

This generates a proving key and a verification key for this circuit.

zokrates setup

**4. Calculating a witness**

A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called *witness.* In the following example, 7 and 13 are the witness, as they are factors of 91.

zokrates compute-witness -a 7 13 91

A file ** witness** is generated.

**5. Create a proof**

It produces a proof, using both the proving key and the witness.

zokrates generate-proof

A proof file ** proof.json** looks like the following:

**6. Export an sCrypt verifier**

This outputs a smart contract file ** verifier.scrypt**, containing all the necessary code to verify a proof.

zokrates export-verifier-scrypt

**7. Deploy the verifier**

You can now deploy ** verifier.scrypt **to Bitcoin. The easiest way is to use sCrypt IDE.

Right click and select *Deploy Contract: Debug*.

After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click *Deploy*.

If everything goes right, the verifier contract should have been deployed.

**8. Verify the proof**

Next, you’ll need to copy and paste from ** proof.json** into

*Call*panel and click on C

*all unlock()*.

If everything works ok, you should see the proof validated in a spending transaction.

**What is next**

Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template ** verifier.scrypt** and add your own business logic.

Watch: The BSV Global Blockchain Convention presentation, Smart Contracts and Computation on BSV

*New to Bitcoin? Check out CoinGeek’s **Bitcoin for Beginners** section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.*