Bookmark https://zkiap.com/snarkjs !
New circom syntax for templates/arrays
Recently, circom added some new language features for easier inputting into templates and passing arrays around. Check it out here: https://github.com/iden3/circom/blob/master/mkdocs/docs/circom-language/anonymous-components-and-tuples.md
Circuit compilation diagram
This diagram is essential as you start working with the many artifacts generated by the snarkjs
compilation pipeline. It was made by fvictorio during the first 0xPARC Learning Group, a link to the standalone image can be found here.
snarkjs
steps
In the README of https://github.com/iden3/snarkjs, there are 27 different steps that they tell you to follow. Here, we break down what they mean and which ones you can skip:
(Preliminaries) Installing code
- First, install
snarkjs
andcircom
according to https://github.com/iden3/snarkjs#preliminaries - Reach out on discord if you have any difficulties with this
(Steps 0 - 8) Download Powers of Tau
- These steps create a “ptau” file which stores the powers of tau that are necessary for snarkjs to function (mathematical details covered in Session 5)
- You can skip setting these up yourself; Polygon Hermez has already done a ceremony to generate them
- Ethereum is currently running an even larger ceremony at https://ceremony.ethereum.org/ !
- Just download one from under https://github.com/iden3/snarkjs#7-prepare-phase-2 where there are more powers of tau than your circuit’s constraints
(Steps 9 - 13) Circuit writing + compilation
- After finishing your circuit in zkrepl.dev, you can copy the code into a local
circuit.circom
file - Need to specify public/private inputs
circom circuit.circom --r1cs --wasm --sym
will generate all the additional files you need for proving- Steps 11-13 just print other metadata or the circom file in other formats
(Step 14) Computing the witness
circuit_js$ node generate_witness.js circuit.wasm ../input.json ../witness.wtns
- This uses the JavaScript file
generate_witness.js
generated from the previous step, as well as taking in aninput.json
(Steps 15 - 21) Computing the proving key / trusted setup phase 2
- Here we generate the relevant metadata for creating proofs in a
.zkey
file, called a proving key - This requires a “trusted setup”, which inputs randomness across a few steps to create a secure proving key
- This would usually be done over many parties and is secure as long as they don’t all collude
- You should add some entropy of your own as in https://github.com/iden3/snarkjs#16-contribute-to-the-phase-2-ceremony
(Step 22, Step 25-26) Computing the verification key
- Here we compute the relevant metadata for verifying proofs in a
.vkey.json
file, called a verification key - Can also make a smart contract version for on-chain verification!
(Steps 23 - 24) Creating and verifying proofs
- Can create and verify proofs in the CLI, but can also create and verify proofs in JavaScript for web apps