# ZKP 2020-08-05 ## Zokrates Hello World Walkthrough 1. create `root.zok` - circuit definition in high level zokrates language ```python # a simple circuit which proves knowledge of a square root # of a certain field element `b` def main(private field a, field b) -> (field): field result = if a * a == b then 1 else 0 fi return result ``` - prover provides a and b and calculates result: 1 if b is the square of a, 0 otherwise - prover shares b, result and proof - verifier can check that prover knew a number a such that `main(a, b) == result` - in other words, verifier can check that prover knew square root of b, without learning the square root. 2. `zokrates compile -i root.zok` - transforms high level circuit definition to quadratic arithmetic program (QAP) - creates 3 files: `abi.json, out, out.ztf` - `out.ztf` is human readable R1CS intermediary representation, `out` the binary QAP equivalent ``` R1CS ==== def main(_0, _1) -> (1): (1 * _0) * (1 * _0) == 1 * _4 # _2, _3 = ConditionEq((-1) * _1 + 1 * _4) ((-1) * _1 + 1 * _4) * (1 * _3) == 1 * _2 (1 * ~one + (-1) * _2) * ((-1) * _1 + 1 * _4) == 0 (1 * ~one) * (1 * ~one + (-1) * _2) == 1 * ~out_0 return ~out_0 ``` - insert explanation here ;-) 3. `zokrates setup` - creates `proving.key, verification.key` for binary compiled `out` representation of circuit - this is the most important step, what exactly happens here? - to be shared with all provers and verifiers 4. `zokrates compute-witness -a 337 113569` - independent of `setup` - creates a new file `witness` based on `out` - executes the QAP with the given input variables and saves all assignments to variables of the QAP in `witness`. - witness is not to be shared (contains private variables), just in preparation of proof generation 5. `zokrates generate-proof` - creates `proof.json` based on `out (?), witness, proving.key` - another crucial step, to be understood later - creates a bunch of curve points and such from the witness and the proving key - proof is to be shared with the verifier 6. `zokrates export-verifier` - creates `verifier.sol` from `out (?), verifier.key` - verifier solidity contract - to be deployed on chain - can verify any valid proof - to be understood 7. deploy on chain 8. verify proof ``` 1 | 2 - \ /|\ | 4.| 3 | \|/ \| 5. 6 | | 8.- 7 ```
Last changed by  
Ansgar Dietrichs
375
Published on HackMD