mirror of synced 2025-09-23 12:18:44 +00:00

A toolbox for zkSNARKs on Ethereum

ethereum language snark verifiable-computation zero-knowledge zksnarks zokrates

Find a file

schaeff 067df95f71 update maintainers		2018-10-26 10:26:29 +02:00
zokrates_cli	refine inlining strategy	2018-10-24 12:15:15 +02:00
zokrates_core	refine inlining strategy	2018-10-24 12:15:15 +02:00
zokrates_fs_resolver	add error handling to fs resolver	2018-08-16 10:49:08 +02:00
.dockerignore	split into cli and lib	2018-06-30 00:32:15 -04:00
.gitignore	Add Jenkinsfile; Fix Warnings	2018-03-20 21:44:22 +01:00
build.sh	include all packages in tests and build	2018-08-01 11:50:35 +02:00
build_release.sh	add production dockerfile, update CI	2018-10-25 23:25:58 +02:00
Cargo.lock	Merge pull request #131 from Schaeff/string-free-flat-absy	2018-10-05 10:55:00 +02:00
Cargo.toml	bump patch	2018-08-22 12:47:18 +02:00
dev.Dockerfile	update maintainers	2018-10-26 10:26:29 +02:00
Dockerfile	update maintainers	2018-10-26 10:26:29 +02:00
full_test.sh	split libsnark and packing helpers	2018-10-23 17:28:17 +02:00
Jenkinsfile	add production dockerfile, update CI	2018-10-25 23:25:58 +02:00
LICENSE	Create LICENSE - closes #14	2018-04-12 09:59:36 +02:00
README.md	split libsnark and packing helpers	2018-10-23 17:28:17 +02:00
test.sh	include all packages in tests and build	2018-08-01 11:50:35 +02:00

README.md

Zokrates

Zokrates is a toolbox for zkSNARKs on Ethereum.

This is a proof-of-concept implementation. It has not been tested for production.

Motivation

Ethereum runs computations on all nodes of the network, resulting in high costs, limits in complexity, and low privacy. SNARKs have been enabling to only verify computations on-chain for a fraction of the cost of running them, but are hard to grasp and work with.

Zokrates bridges this gap. It helps you create offchain programs and link them to the Ethereum blockchain, expanding the possibilities for your Dapp.

Installation

Using Docker is currently the recommended way to get started with Zokrates.

docker run -ti zokrates/zokrates /bin/bash

Or build yourself with the following commands.

git clone https://github.com/JacobEberhardt/ZoKrates
cd ZoKrates
docker build -t zokrates .
docker run -ti zokrates /bin/bash
cd ZoKrates/target/release

Example

First, create the textfile add.code and implement your program:

def main(field a, field b, field c) -> (field):
  return a + b + c

The keyword field declares the type of the parameters used as elements of the underlying finite field.

Then run the different phases of the protocol:

./zokrates compile -i 'add.code'
./zokrates setup
./zokrates compute-witness -a 1 2 3
./zokrates generate-proof
./zokrates export-verifier

API reference

Zokrates provides a command line interface. You can see an overview of the available subcommands by running

./zokrates

`compile`

./zokrates compile -i /path/to/add.code

Compiles a .code file into ZoKrates internal representation of arithmetic circuits.

Creates a compiled .code file at ./out.code.

`compute-witness`

./zokrates compute-witness -a 1 2 3

Computes a witness for the compiled program found at ./out.code and arguments to the program. A witness is a valid assignment of the variables, which include the results of the computation.

Creates a witness file at ./witness

`setup`

./zokrates setup

Generates a trusted setup for the compiled program found at ./out.code.

Creates a proving key and a verifying key at ./proving.key and ./verifying.key. These keys are derived from a source of randomness, commonly referred to as “toxic waste”. Anyone having access to the source of randomness can produce fake proofs that will be accepted by a verifier following the protocol.

`export-verifier`

./zokrates export-verifier

Using the verifying key at ./verifying.key, generates a Solidity contract which contains the generated verification key and a public function to verify a solution to the compiled program at ./out.code.

Creates a verifier contract at ./verifier.sol.

`generate-proof`

./zokrates generate-proof

Using the proving key at ./proving.key, generates a proof for a computation of the compiled program ./out.code resulting in ./witness.

Returns the proof, for example:

A = 0x45582d7906c967b1fd1cac0aad3efefa526e4cd888b8ecb5907b46c2eb1f781, 0x8158089a63a6aafa4afc3bbfd5ebf392e5ef61d0c5faf2e2445c9112450f29c
A_p = 0x5e4fe0bfa79a571b8918138ee5d7b3d0ad394c9bb8f7d2e1549f7e3c3bab7e9, 0x1708b5ba3d138e433406c792f679ae6902fc9f7c6131305a9a5f826dbe2d71fb
B = [0x34f5c5b7518597452e55a69bf9171a63837a98a1c1c1870b610b2cfe79c4573, 0x18e56afd179d67960db838a8fdb128eb78d5dd2c1ffcd564f9d0dada928ed71f], [0xf160ea8d2dc33b564a45c0998309b4bf5a050cc8f6288793b7401b37d1eb1a2, 0x23ade8ba2c64300b5ff90e18641516407054a21179829252fd87f1bd61a3be34]
B_p = 0xc88b87d45f90da42b9c455da16dad76996ef5b1e859a4f0db7dcef4f7e3b2fd, 0x20ed7c62dd8c6c47506e6db1d4837daa42ae80b931227153054539dcbf6f3778
C = 0x2c230cbffbcb6211d2cf8f434df291a413721e3bef5ada4030d532d14b6ea504, 0x21421565f75429d0922c8cf00b68e4da23c61670e787ce6a5de14a5a86ebdcb0
C_p = 0xce11fe724ce1ce183c15c4f5405d9607d6c769422aa9f62f4868478324a2f5, 0x1e585b35ed22ef32fd70ef960818f1514d1dd94b3517c127e782de24173c69f9
H = 0x2306e74a1a7e318d2d3c40cbea708b0e0b91cd1548c9db6261fc2bd815740978, 0xde538e4e99b0e20e84cdbbd3bc08c37bca0af21edd67faf52bc4027a9b00f7c
K = 0x1868436121f271e9fbf78a8f75bb4077e2d4f208891793fd5b468afc3b05c0e4, 0x1021c3ecb15c3fd7340d4eb5bf446e1ad457020e4f8b7cc82f8af64507a35fbe

Passed to the verifier contract, this proof can be checked. For example, using web3, a call would look like the following:

Verifier.at(<verifier contract address>).verifyTx(A, A_p, B, B_p, C, C_p, H, K, [...publicInputs, ...outputs])

Where A, ..., K are defined as above (adding brackets and quotes: A = ["0x123", "0x345"]), publicInputs are the public inputs supplied to witness generation and outputs are the results of the computation.

Testing

Run normal tests with

cargo test

and run long and expensive tests with

cargo test -- --ignored