# reate Your First Zero-Knowledge Proof Program on Bitcoin

## A practical step-by-step guide

Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.

We extend it to generate and verify proofs on Bitcoin.

# Install Zokrates

## From binary

Run the following command to install released binaries:

`curl -Ls https://scrypt.io/scripts/setup-zokrates.sh | sh -s -`

## From source

`git clone https://github.com/sCrypt-Inc/zokrates`

cd ZoKrates

cargo +nightly build -p zokrates_cli --release

cd target/release

# Zokrates workflow

The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin.

## 1. Design a circuit

Create a new Zokrates file named `factor.zok`

with the following content:

This simple circuit/program proves one knows the factorization of an integer `n`

into two integers, without revealing the integers. The circuit has two private inputs named `p`

and `q`

and one public input named `n`

.

## 2. Compile the circuit

Compile the circuit with the following command:

`zokrates compile -i factor.zok`

This generates two files that encode the circuit in binary and human-readable format.

## 3. Setup

This generates a proving key and a verification key for this circuit.

`zokrates setup`

## 4. Calculating a witness

A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called *witness.* In the following example, 7 and 13 are the witnesses, as they are factors of 91.

`zokrates compute-witness -a 7 13 91`

A file ** witness** is generated.

## 5. Create a proof

It produces a proof, using both the proving key and the witness.

`zokrates generate-proof`

A proof file ** proof.json** looks like the following:

## 6. Export an sCrypt verifier

This outputs a smart contract file ** verifier.scrypt**, a library containing all the necessary code to verify a proof.

`zokrates export-verifier-scrypt`

You can verify it off-chain locally:

`zokrates verify`

Next we will deploy the contract on Bitcoin and verify the proof on it.

## 7. Deploy the verifier

You can now deploy the verifier** **to Bitcoin. Wrap

**in a test contract**

*verifier.scrypt**ZKSNARKTest*as below.

Now you can use sCrypt IDE to deploy it.

Right click and select *Deploy Contract: Debug*.

After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click *Deploy*.

If everything goes right, the verifier contract should have been deployed.

## 8. Verify the proof

Next, you’ll need to copy and paste from ** proof.json** into

*Call*panel and click on C

*all unlock()*.

If everything works ok, you should see the proof validated in a spending transaction.

# What is next

Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template ** verifier.scrypt** and add your own business logic.