Device and machines for mining cryptocurrency

PLONK on Bitcoin

This post was first published on Medium.

We are proud to announce that Bitcoin now supports PLONK. For a detailed description of how PLONK works, you can refer to our previous explanations, Part 1 and Part 2.

A close-up of a bottle with a bitcoin

We have previously implemented Groth16, the smallest and most efficient SNARK construction. However, it requires a trusted setup for each circuit. By eliminating the need for a per-circuit trusted setup, PLONK both mitigates concerns regarding the security of that process and ensures that no secure multi-party computation (MPC) setup ceremonies will be required again if circuit changes in the future due to, e.g., critical bug fixes. Universal and updatable setup ceremonies, such as Perpetual Powers of Tau, can be reused for any circuit in PLONK. It makes deploying new circuit and upgrading existing circuits much easier and safer.

Run your first PLONK on Bitcoin

We have added PLONK support in our existing snarkJS library, which is fully compatible with Circom. All Circom circuits developed for Groth16 can be directly reused in PLONK without any change at all. The full PLONK verifier code can be found here, along with a test in Javascript. Generating a PLONK verifier is similar to developing a Groth16 verifier in snarkJS.

You need to install Circom compiler and our snarkJS first.

in line image 2 script set up url text

1. Design a circuit

Implement circuits in Circom language. For example, this simple circuit/program called ‘factor.circom’ proves that people know to factor the integer ‘n’ into two integers without revealing the integers. The circuit has two private inputs named ‘p’ and ‘q’ and one public input named ‘n.’ For more information on how to use Circom, you can refer to https://docs.circom.io.

2. Compile the circuit

Compile the circuit with the following command:

command on text on how to compile circuit

3. Start a new **powers of tau** ceremony

The ‘new’ command is used to initiate the ceremony of **powers of tau**.

powers of tau command to initiate ceremony in line image

Finally we verify the protocol so far:

snarkjs powers of tau verification of protocol text in line image

4. Setup

This will generate a proving key for the circuit and verify that key, using PLONK.

snarkjs plonk setup

5. Export verification key

We export the verification key from ‘circuit_final.zkey’ into ‘verification_key.json.’

export the verification key in line image

6. Calculating a witness

First, we create a file ‘input.json’ containing the circuit inputs with the following contents:

we create a file 'input.json' containing the circuit inputs

Next, we use the ‘factor.wasm’ obtained from compiling the circuit to calculate the witnesses:

calculate the witnesses using node generate_witness.js circuit wasm text as in line image

7. Create a proof

It uses the proving key and witnesses to generate a proof, using PLONK.

generate proof using PLONK

8. Export an sCrypt verifier

This outputs a smart contract file “verifier.scrypt” that contains all the code needed to verify the proof on-chain.

snarkjs zkey export scryptverifier

You can verify it locally:

snarkjs plonk verify locally text

9. Deploy the verifier

You can now deploy the verifier to Bitcoin. Wrap verifier.scrypt in a test contract PlonkVerifier as below.

Now you can use sCrypt IDE to deploy it.

use sCrypt IDE to deploy

Right click and select Deploy Contract: Debug.

Deploy Contract to Debug

After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click Deploy.

deploy PlonkVerifier Construction Arguments

If everything goes right, the verifier contract should have been deployed.

output start deploying contract PlonkVerifier Contract PlonkVerifier deployed

10. Verify the proof

Next, you’ll need to copy and paste from proof.json into Call panel and click on Call unlock().

proof validated in a spending transaction

If everything works ok, you should see the proof validated in a spending transaction.

What is next?

Congratulations! You have just created your first PLONK proof on Bitcoin. So far, we have implemented both Groth16 and PLONK. Any proof system can be implemented the same way as a smart contract, thanks to Bitcoin’s programmability and scalability. Now it is time to implement your favorite proof systems, including Marlin, Sonic, Halo, Bulletproof, and STARK.

Watch: The BSV Global Blockchain Convention presentation, Smart Contracts and Computation on BSV

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]