ZKP 2020-08-05
Zokrates Hello World Walkthrough
-
create root.zok
- circuit definition in high level zokrates language
- prover provides a and b and calculates result: 1 if b is the square of a, 0 otherwise
- prover shares b, result and proof
- verifier can check that prover knew a number a such that
main(a, b) == result
- in other words, verifier can check that prover knew square root of b, without learning the square root.
-
zokrates compile -i root.zok
- transforms high level circuit definition to quadratic arithmetic program (QAP)
- creates 3 files:
abi.json, out, out.ztf
out.ztf
is human readable R1CS intermediary representation, out
the binary QAP equivalent
- insert explanation here ;-)
-
zokrates setup
- creates
proving.key, verification.key
for binary compiled out
representation of circuit
- this is the most important step, what exactly happens here?
- to be shared with all provers and verifiers
-
zokrates compute-witness -a 337 113569
- independent of
setup
- creates a new file
witness
based on out
- executes the QAP with the given input variables and saves all assignments to variables of the QAP in
witness
.
- witness is not to be shared (contains private variables), just in preparation of proof generation
-
zokrates generate-proof
- creates
proof.json
based on out (?), witness, proving.key
- another crucial step, to be understood later
- creates a bunch of curve points and such from the witness and the proving key
- proof is to be shared with the verifier
-
zokrates export-verifier
- creates
verifier.sol
from out (?), verifier.key
- verifier solidity contract
- to be deployed on chain
- can verify any valid proof
- to be understood
-
deploy on chain
-
verify proof