Try   HackMD

ZKP 2020-08-05

Zokrates Hello World Walkthrough

  1. create root.zok

    • circuit definition in high level zokrates language
    ​​​# a simple circuit which proves knowledge of a square root
​​​# of a certain field element `b`
​​​def main(private field a, field b) -> (field):
​​​   field result = if a * a == b then 1 else 0 fi
​​​   return result
    • prover provides a and b and calculates result: 1 if b is the square of a, 0 otherwise
    • prover shares b, result and proof
    • verifier can check that prover knew a number a such that main(a, b) == result
    • in other words, verifier can check that prover knew square root of b, without learning the square root.

  2. zokrates compile -i root.zok

    • transforms high level circuit definition to quadratic arithmetic program (QAP)
    • creates 3 files: abi.json, out, out.ztf
    • out.ztf is human readable R1CS intermediary representation, out the binary QAP equivalent
    ​​​R1CS
​​​====
​​​
​​​def main(_0, _1) -> (1):
​​​     (1 * _0) * (1 * _0) == 1 * _4
​​​     # _2, _3 = ConditionEq((-1) * _1 + 1 * _4)
​​​     ((-1) * _1 + 1 * _4) * (1 * _3) == 1 * _2
​​​     (1 * ~one + (-1) * _2) * ((-1) * _1 + 1 * _4) == 0
​​​     (1 * ~one) * (1 * ~one + (-1) * _2) == 1 * ~out_0
​​​      return ~out_0
    • insert explanation here ;-)

  3. zokrates setup

    • creates proving.key, verification.key for binary compiled out representation of circuit
    • this is the most important step, what exactly happens here?
    • to be shared with all provers and verifiers

  4. zokrates compute-witness -a 337 113569

    • independent of setup
    • creates a new file witness based on out
    • executes the QAP with the given input variables and saves all assignments to variables of the QAP in witness.
    • witness is not to be shared (contains private variables), just in preparation of proof generation

  5. zokrates generate-proof

    • creates proof.json based on out (?), witness, proving.key
    • another crucial step, to be understood later
    • creates a bunch of curve points and such from the witness and the proving key
    • proof is to be shared with the verifier

  6. zokrates export-verifier

    • creates verifier.sol from out (?), verifier.key
    • verifier solidity contract
    • to be deployed on chain
    • can verify any valid proof
    • to be understood

  7. deploy on chain

  8. verify proof

  1
  |
  2 - \
 /|\  |
4.| 3 |
 \|/ \|
  5.  6
  |   |
  8.- 7
Last changed by 
Ansgar Dietrichs
0
522
Published on HackMD