Build Your First Bitcoin Zero-Knowledge Proof Program: A Practical Step-by-Step Guide

This post was first published on Medium.

Zokrates is a toolkit for zkSNARKs, hiding a significant complexity inherent in zero-knowledge proofs (ZKP). It provides a higher-level python-like language for developers to code the computational problem they want to prove.

We extend it to generate and verify evidence on Bitcoin.

Install Zokrates


Binaries can be downloaded from post page.

From source

cd ZoKrates
freighter +night build -p zokrates_cli –release
cd target/output

Zokrates Workflow

The whole workflow is the same as the original ZoKratesexcept that the verification step is done on Bitcoin.

1. Design a circuit

Create a new Zokrates file named factor.zok with the following content:

This simple circuit/program proves that one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private inputs named p and q and one public input named n.

2. Compile the circuit

Compile the circuit with the following command:

zokrates compile -i factor.zok

This generates two files that encode the circuit in binary, human-readable format.

3. Setup

This generates a proof key and a verification key for this circuit.

zokrates setup

4. Calculation of a witness

A proof attests that a prover knows secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witness, because they are factors of 91.

zokrates calculation-witness -a 7 13 91

A file witness is generated.

5. Create Evidence

It produces a proof, using both the proof key and the witness.

zokrates generate-evidence

A record of evidence proof.json looks like the following:

6. Export a sCrypt checker

This generates a smart contract file verifier.scryptcontaining all the code needed to verify a proof.

zokrates export-verifier-scrypt

7. Deploy the verifier

You can now deploy verifier.scrypt to Bitcoin. The easiest way is to use encryption IDE.

deploy verifier.scrypt on Bitcoin

Right click and select Deploy the contract: debug.


Once the contract is compiled, which will complete in a few minutes, the following panel should appear. Click on Deploy.


If all goes well, the verifier contract should have been deployed.

Call Panel and click Call Unlock -1

8. Check the evidence

Then you will need to copy and paste from proof.json in Call panel and click Cunlock all().

Call Panel and click Call Unlock

If all is well, you should see evidence posted in an expense transaction.

What is the next

Congratulations! You have just created your first ZKP on Bitcoin. Then you can extend the model verifier.scrypt and add your own business logic.

Watch: Presentation of the BSV Global Blockchain Convention, Smart Contracts and Computation on BSV

New to Bitcoin? Discover CoinGeek bitcoin for beginners section, the ultimate resource guide to learn about bitcoin – as originally envisioned by Satoshi Nakamoto – and blockchain.

Donald E. Patel