Bookmark https://zkiap.com/snarkjs !
New circom syntax for templates/arrays
Recently, circom added some new language features for easier inputting into templates and passing arrays around. Check it out here: https://github.com/iden3/circom/blob/master/mkdocs/docs/circom-language/anonymous-components-and-tuples.md
Circuit compilation diagram
This diagram is essential as you start working with the many artifacts generated by the
snarkjs compilation pipeline. It was made by fvictorio during the first 0xPARC Learning Group, a link to the standalone image can be found here.
In the README of https://github.com/iden3/snarkjs, there are 27 different steps that they tell you to follow. Here, we break down what they mean and which ones you can skip:
(Preliminaries) Installing code
- First, install
circomaccording to https://github.com/iden3/snarkjs#preliminaries
- Reach out on discord if you have any difficulties with this
- These steps create a “ptau” file which stores the powers of tau that are necessary for snarkjs to function (mathematical details covered in Session 5)
- You can skip setting these up yourself; Polygon Hermez has already done a ceremony to generate them
- Ethereum is currently running an even larger ceremony at https://ceremony.ethereum.org/ !
- Just download one from under https://github.com/iden3/snarkjs#7-prepare-phase-2 where there are more powers of tau than your circuit’s constraints
- After finishing your circuit in zkrepl.dev, you can copy the code into a local
- Need to specify public/private inputs
circom circuit.circom --r1cs --wasm --symwill generate all the additional files you need for proving
- Steps 11-13 just print other metadata or the circom file in other formats
(Step 14) Computing the witness
circuit_js$ node generate_witness.js circuit.wasm ../input.json ../witness.wtns
generate_witness.jsgenerated from the previous step, as well as taking in an
- Here we generate the relevant metadata for creating proofs in a
.zkeyfile, called a proving key
- This requires a “trusted setup”, which inputs randomness across a few steps to create a secure proving key
- This would usually be done over many parties and is secure as long as they don’t all collude
- You should add some entropy of your own as in https://github.com/iden3/snarkjs#16-contribute-to-the-phase-2-ceremony
- Here we compute the relevant metadata for verifying proofs in a
.vkey.jsonfile, called a verification key
- Can also make a smart contract version for on-chain verification!
(Steps 23 - 24) Creating and verifying proofs