# ZKP 2020-08-05
## Zokrates Hello World Walkthrough
1. create `root.zok`
- circuit definition in high level zokrates language
```python
# a simple circuit which proves knowledge of a square root
# of a certain field element `b`
def main(private field a, field b) -> (field):
field result = if a * a == b then 1 else 0 fi
return result
```
- prover provides a and b and calculates result: 1 if b is the square of a, 0 otherwise
- prover shares b, result and proof
- verifier can check that prover knew a number a such that `main(a, b) == result`
- in other words, verifier can check that prover knew square root of b, without learning the square root.
2. `zokrates compile -i root.zok`
- transforms high level circuit definition to quadratic arithmetic program (QAP)
- creates 3 files: `abi.json, out, out.ztf`
- `out.ztf` is human readable R1CS intermediary representation, `out` the binary QAP equivalent
```
R1CS
====
def main(_0, _1) -> (1):
(1 * _0) * (1 * _0) == 1 * _4
# _2, _3 = ConditionEq((-1) * _1 + 1 * _4)
((-1) * _1 + 1 * _4) * (1 * _3) == 1 * _2
(1 * ~one + (-1) * _2) * ((-1) * _1 + 1 * _4) == 0
(1 * ~one) * (1 * ~one + (-1) * _2) == 1 * ~out_0
return ~out_0
```
- insert explanation here ;-)
3. `zokrates setup`
- creates `proving.key, verification.key` for binary compiled `out` representation of circuit
- this is the most important step, what exactly happens here?
- to be shared with all provers and verifiers
4. `zokrates compute-witness -a 337 113569`
- independent of `setup`
- creates a new file `witness` based on `out`
- executes the QAP with the given input variables and saves all assignments to variables of the QAP in `witness`.
- witness is not to be shared (contains private variables), just in preparation of proof generation
5. `zokrates generate-proof`
- creates `proof.json` based on `out (?), witness, proving.key`
- another crucial step, to be understood later
- creates a bunch of curve points and such from the witness and the proving key
- proof is to be shared with the verifier
6. `zokrates export-verifier`
- creates `verifier.sol` from `out (?), verifier.key`
- verifier solidity contract
- to be deployed on chain
- can verify any valid proof
- to be understood
7. deploy on chain
8. verify proof
```
1
|
2 - \
/|\ |
4.| 3 |
\|/ \|
5. 6
| |
8.- 7
```