Build Your First Bitcoin Zero-Knowledge Proof Program: A Practical Step-by-Step Guide
This post was first published on Medium.
Zokrates is a toolkit for zkSNARKs, hiding a significant complexity inherent in zero-knowledge proofs (ZKP). It provides a higher-level python-like language for developers to code the computational problem they want to prove.
We extend it to generate and verify evidence on Bitcoin.
Binaries can be downloaded from post page.
freighter +night build -p zokrates_cli –release
The whole workflow is the same as the original ZoKratesexcept that the verification step is done on Bitcoin.
1. Design a circuit
Create a new Zokrates file named factor.zok with the following content:
This simple circuit/program proves that one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private inputs named p and q and one public input named n.
2. Compile the circuit
Compile the circuit with the following command:
zokrates compile -i factor.zok
This generates two files that encode the circuit in binary, human-readable format.
This generates a proof key and a verification key for this circuit.
4. Calculation of a witness
A proof attests that a prover knows secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witness, because they are factors of 91.
zokrates calculation-witness -a 7 13 91
A file witness is generated.
5. Create Evidence
It produces a proof, using both the proof key and the witness.
A record of evidence proof.json looks like the following:
6. Export a sCrypt checker
This generates a smart contract file verifier.scryptcontaining all the code needed to verify a proof.
7. Deploy the verifier
You can now deploy verifier.scrypt to Bitcoin. The easiest way is to use encryption IDE.
Right click and select Deploy the contract: debug.
Once the contract is compiled, which will complete in a few minutes, the following panel should appear. Click on Deploy.
If all goes well, the verifier contract should have been deployed.
8. Check the evidence
Then you will need to copy and paste from proof.json in Call panel and click Cunlock all().
If all is well, you should see evidence posted in an expense transaction.
What is the next
Congratulations! You have just created your first ZKP on Bitcoin. Then you can extend the model verifier.scrypt and add your own business logic.
Watch: Presentation of the BSV Global Blockchain Convention, Smart Contracts and Computation on BSV
New to Bitcoin? Discover CoinGeek bitcoin for beginners section, the ultimate resource guide to learn about bitcoin – as originally envisioned by Satoshi Nakamoto – and blockchain.