reate Your First Zero-Knowledge Proof Program on Bitcoin
A practical step-by-step guide
Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.
We extend it to generate and verify proofs on Bitcoin.
Run the following command to install released binaries:
curl -Ls https://scrypt.io/scripts/setup-zokrates.sh | sh -s -
git clone https://github.com/sCrypt-Inc/zokrates
cargo +nightly build -p zokrates_cli --release
The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin.
1. Design a circuit
Create a new Zokrates file named
factor.zok with the following content:
This simple circuit/program proves one knows the factorization of an integer
n into two integers, without revealing the integers. The circuit has two private inputs named
q and one public input named
2. Compile the circuit
Compile the circuit with the following command:
zokrates compile -i factor.zok
This generates two files that encode the circuit in binary and human-readable format.
This generates a proving key and a verification key for this circuit.
4. Calculating a witness
A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witnesses, as they are factors of 91.
zokrates compute-witness -a 7 13 91
A file witness is generated.
5. Create a proof
It produces a proof, using both the proving key and the witness.
A proof file proof.json looks like the following:
6. Export an sCrypt verifier
This outputs a smart contract file verifier.scrypt, a library containing all the necessary code to verify a proof.
You can verify it off-chain locally:
Next we will deploy the contract on Bitcoin and verify the proof on it.
7. Deploy the verifier
You can now deploy the verifier to Bitcoin. Wrap verifier.scrypt in a test contract ZKSNARKTest as below.
Now you can use sCrypt IDE to deploy it.
Right click and select Deploy Contract: Debug.
After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click Deploy.
If everything goes right, the verifier contract should have been deployed.
8. Verify the proof
Next, you’ll need to copy and paste from proof.json into Call panel and click on Call unlock().
If everything works ok, you should see the proof validated in a spending transaction.
What is next
Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template verifier.scrypt and add your own business logic.