Bitcoin on a Motherboard Technology. Hi-tech concept background

Create your first zero-knowledge proof program on Bitcoin: A practical step-by-step guide

This post was first published on Medium.

Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.

We extend it to generate and verify proofs on Bitcoin.

Close up view of silver bitcoin on computer motherboard

Install Zokrates

From binary

Binaries can be downloaded from release page.

From source

git clone
cd ZoKrates
cargo +nightly build -p zokrates_cli –release
cd target/release

Zokrates workflow

The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin.

1. Design a circuit

Create a new Zokrates file named factor.zok with the following content:

This simple circuit/program proves one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private input named p and q and one public input named n.

2. Compile the circuit

Compile the circuit with the following command:

zokrates compile -i factor.zok

This generates two files that encode the circuit in binary and human-readable format.

3. Setup

This generates a proving key and a verification key for this circuit.

zokrates setup

4. Calculating a witness

A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witness, as they are factors of 91.

zokrates compute-witness -a 7 13 91

A file witness is generated.

5. Create a proof

It produces a proof, using both the proving key and the witness.

zokrates generate-proof

A proof file proof.json looks like the following:

6. Export an sCrypt verifier

This outputs a smart contract file verifier.scrypt, containing all the necessary code to verify a proof.

zokrates export-verifier-scrypt

7. Deploy the verifier

You can now deploy verifier.scrypt to Bitcoin. The easiest way is to use sCrypt IDE.

deploy verifier.scrypt to Bitcoin

Right click and select Deploy Contract: Debug.


After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click Deploy.


If everything goes right, the verifier contract should have been deployed.

Call panel and click on Call unlock -1

8. Verify the proof

Next, you’ll need to copy and paste from proof.json into Call panel and click on Call unlock().

Call panel and click on Call unlock

If everything works ok, you should see the proof validated in a spending transaction.

What is next

Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template verifier.scrypt and add your own business logic.

Watch: The BSV Global Blockchain Convention presentation, Smart Contracts and Computation on BSV

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.