This post was first published on Medium.
Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.
We extend it to generate and verify proofs on Bitcoin.
Binaries can be downloaded from release page.
git clone https://github.com/sCrypt-Inc/zokrates
cargo +nightly build -p zokrates_cli –release
1. Design a circuit
Create a new Zokrates file named factor.zok with the following content:
This simple circuit/program proves one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private input named p and q and one public input named n.
2. Compile the circuit
Compile the circuit with the following command:
zokrates compile -i factor.zok
This generates two files that encode the circuit in binary and human-readable format.
This generates a proving key and a verification key for this circuit.
4. Calculating a witness
A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witness, as they are factors of 91.
zokrates compute-witness -a 7 13 91
A file witness is generated.
5. Create a proof
It produces a proof, using both the proving key and the witness.
A proof file proof.json looks like the following:
6. Export an sCrypt verifier
This outputs a smart contract file verifier.scrypt, containing all the necessary code to verify a proof.
7. Deploy the verifier
You can now deploy verifier.scrypt to Bitcoin. The easiest way is to use sCrypt IDE.
Right click and select Deploy Contract: Debug.
After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click Deploy.
If everything goes right, the verifier contract should have been deployed.
8. Verify the proof
Next, you’ll need to copy and paste from proof.json into Call panel and click on Call unlock().
If everything works ok, you should see the proof validated in a spending transaction.
What is next
Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template verifier.scrypt and add your own business logic.
Watch: The BSV Global Blockchain Convention presentation, Smart Contracts and Computation on BSV
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.