This post was first published on Medium.
Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.
We extend it to generate and verify proofs on Bitcoin.
Install Zokrates
From binary
Binaries can be downloaded from release page.
From source
git clone https://github.com/sCrypt-Inc/zokrates
cd ZoKrates
cargo +nightly build -p zokrates_cli –release
cd target/release
Zokrates workflow
The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin.
1. Design a circuit
Create a new Zokrates file named factor.zok with the following content:
This simple circuit/program proves one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private input named p and q and one public input named n.
2. Compile the circuit
Compile the circuit with the following command:
zokrates compile -i factor.zok
This generates two files that encode the circuit in binary and human-readable format.
3. Setup
This generates a proving key and a verification key for this circuit.
zokrates setup
4. Calculating a witness
A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witness, as they are factors of 91.
zokrates compute-witness -a 7 13 91
A file witness is generated.
5. Create a proof
It produces a proof, using both the proving key and the witness.
zokrates generate-proof
A proof file proof.json looks like the following:
6. Export an sCrypt verifier
This outputs a smart contract file verifier.scrypt, containing all the necessary code to verify a proof.
zokrates export-verifier-scrypt
7. Deploy the verifier
You can now deploy verifier.scrypt to Bitcoin. The easiest way is to use sCrypt IDE.
Right click and select Deploy Contract: Debug.
After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click Deploy.
If everything goes right, the verifier contract should have been deployed.
8. Verify the proof
Next, you’ll need to copy and paste from proof.json into Call panel and click on Call unlock().
If everything works ok, you should see the proof validated in a spending transaction.
What is next
Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template verifier.scrypt and add your own business logic.
Watch: The BSV Global Blockchain Convention presentation, Smart Contracts and Computation on BSV
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
