**GROTH16**

Groth16 is a zk-SNARK scheme that leverages elliptic curve pairings. It enables a prover to convince a verifier of the truthfulness of a claim without revealing any additional information, thereby preserving privacy.

* **Polynomial Commitments for Zero-Knowledge:**

To ensure zero-knowledge (privacy), Groth16 employs a polynomial commitment scheme that binds the prover to a specific polynomial. It uses the KZG polynomial commitment scheme, which leverages pairing-friendly elliptic curves to securely bind the prover to a polynomial, ensuring they cannot cheat. This binding ensures both soundness (no invalid proofs can be generated) and privacy (no unnecessary details are exposed).

* **Trusted Setup**

Unlike Halo 2, Groth16 requires a trusted setup. This process, called the Ceremony of Tau, involves multiple trusted parties contributing random data through secure multi-party computation (MPC). The output is a Structured Reference String (SRS), which consists of the proving key (used to generate zk-proofs) and the verification key (used to verify proofs).

The setup also produces a "toxic waste"—sensitive data derived from the polynomial’s structure—that must be securely destroyed to maintain the security of the system.
During the setup, a secret value referred to as toxic waste is derived from the polynomial's data points. If this toxic waste is not securely destroyed or forgotten, an attacker could potentially generate fraudulent proofs. Therefore, securely disposing of toxic waste is crucial to maintaining the system’s security.

* **Proof Generation**

The prover uses the proving key (PK) and the witness (a solution to the circuit's constraints) to generate a zk proof. The witness represents the private inputs and intermediate values that satisfy the computation described by the circuit.

* **Proof Verification**

The verifier uses the verification key (VK) to check the validity of the zk proof. The verification is efficient and does not require the verifier to re-execute the computation, ensuring succinctness.

In [None]:
!node -v

v18.20.5


In [None]:
!npm install -g snarkjs@latest

[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙

In [None]:
!curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh -s -- -y

[1minfo:[0m downloading installer
[0m[1minfo: [0mprofile set to 'default'
[0m[1minfo: [0mdefault host triple is x86_64-unknown-linux-gnu
[0m[1minfo: [0msyncing channel updates for 'stable-x86_64-unknown-linux-gnu'
[0m[1minfo: [0mlatest update on 2025-01-09, rust version 1.84.0 (9fc6b4312 2025-01-07)
[0m[1minfo: [0mdownloading component 'cargo'
[0m[1minfo: [0mdownloading component 'clippy'
[0m[1minfo: [0mdownloading component 'rust-docs'
[0m[1minfo: [0mdownloading component 'rust-std'
[0m[1minfo: [0mdownloading component 'rustc'
 70.6 MiB /  70.6 MiB (100 %)  41.6 MiB/s in  1s ETA:  0s
[0m[1minfo: [0mdownloading component 'rustfmt'
[0m[1minfo: [0minstalling component 'cargo'
  8.8 MiB /   8.8 MiB (100 %)   6.5 MiB/s in  1s ETA:  0s
[0m[1minfo: [0minstalling component 'clippy'
[0m[1minfo: [0minstalling component 'rust-docs'
 16.5 MiB /  16.5 MiB (100 %)   2.2 MiB/s in  7s ETA:  0s
[0m[1minfo: [0minstalling component 'rust-std'
 29.0 MiB /  29.0

In [None]:
!npm --version

10.8.2
[1G[0K

In [None]:
!npm install -g yarn

[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K
added 1 package in 2s
[1G[0K⠙[1G[0K

In [None]:
!yarn --version

1.22.22


In [None]:
!git clone https://github.com/iden3/circom.git

Cloning into 'circom'...
remote: Enumerating objects: 7771, done.[K
remote: Counting objects: 100% (568/568), done.[K
remote: Compressing objects: 100% (105/105), done.[K
remote: Total 7771 (delta 501), reused 463 (delta 463), pack-reused 7203 (from 3)[K
Receiving objects: 100% (7771/7771), 5.34 MiB | 8.78 MiB/s, done.
Resolving deltas: 100% (4684/4684), done.


In [None]:
!curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y

[1minfo:[0m downloading installer
[0m[1minfo: [0mprofile set to 'default'
[0m[1minfo: [0mdefault host triple is x86_64-unknown-linux-gnu
[0m[1minfo: [0msyncing channel updates for 'stable-x86_64-unknown-linux-gnu'
[0m[1minfo: [0mdefault toolchain set to 'stable-x86_64-unknown-linux-gnu'

  [0m[1mstable-x86_64-unknown-linux-gnu unchanged[0m - rustc 1.84.0 (9fc6b4312 2025-01-07)

[0m[1m
Rust is installed now. Great!
[0m
To get started you may need to restart your current shell.
This would reload your [0m[1mPATH[0m environment variable to include
Cargo's bin directory ($HOME/.cargo/bin).

To configure your current shell, you need to source
the corresponding [0m[1menv[0m file under $HOME/.cargo.

This is usually done by running one of the following (note the leading DOT):
. "$HOME/.cargo/env"            # For sh/bash/zsh/ash/dash/pdksh
source "$HOME/.cargo/env.fish"  # For fish


In [None]:
import os
os.environ["PATH"] += ":/root/.cargo/bin"

In [None]:
!cargo --version

cargo 1.84.0 (66221abde 2024-11-19)


In [None]:
!cargo init --bin

[1m[32m    Creating[0m binary (application) package
[1m[36mnote[0m[1m:[0m see more `Cargo.toml` keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html


In [None]:
!cargo build --release

[1m[32m   Compiling[0m content v0.1.0 (/content)
[1m[32m    Finished[0m `release` profile [optimized] target(s) in 0.32s


In [None]:
%cd /content/circom

/content/circom


In [None]:
!pwd

/content/circom


In [None]:
!cargo install --path circom

[1m[32m  Installing[0m circom v2.2.1 (/content/circom/circom)
[1m[32m    Updating[0m crates.io index
[1m[32m     Locking[0m 130 packages to latest compatible versions
[1m[36m      Adding[0m clap v2.34.0 [1m[33m(available: v4.5.27)[0m
[1m[36m      Adding[0m codespan v0.9.5 [1m[33m(available: v0.11.1)[0m
[1m[36m      Adding[0m codespan-reporting v0.9.5 [1m[33m(available: v0.11.1)[0m
[1m[36m      Adding[0m handlebars v4.5.0 [1m[33m(available: v6.3.0)[0m
[1m[36m      Adding[0m lalrpop v0.19.12 [1m[33m(available: v0.22.1)[0m
[1m[36m      Adding[0m lalrpop-util v0.19.12 [1m[33m(available: v0.22.1)[0m
[1m[36m      Adding[0m num-bigint-dig v0.6.1 [1m[33m(available: v0.8.4)[0m
[1m[36m      Adding[0m wast v39.0.0 [1m[33m(available: v224.0.0)[0m
[1m[32m Downloading[0m crates ...
[1m[32m  Downloaded[0m bit-vec v0.6.3
[1m[32m  Downloaded[0m autocfg v0.1.8
[1m[32m  Downloaded[0m atty v0.2.14
[1m[32m  Downloaded[0m autocfg v1.4.0

In [None]:
!npm install -g snarkjs

[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K⠋[1G[0K⠙[1G[0K⠹[1G[0K⠸[1G[0K⠼[1G[0K⠴[1G[0K⠦[1G[0K⠧[1G[0K⠇[1G[0K⠏[1G[0K
changed 53 packages in 8s
[1G[0K⠏[1G[0K
[1G[0K⠏[1G[0K2 packages are looking for funding
[1G[0K⠏[1G[0K  run `npm fund` for details
[1G[0K⠏[1G[0K

0. Create and move into a new directory

In [None]:
!mkdir snarkjs_example
!cd snarkjs_example

1. Start a new powers of tau ceremony

In [None]:
!snarkjs powersoftau new bn128 14 pot14_0000.ptau -v

[36;22m[DEBUG] [39;1msnarkJS[0m: Calculating First Challenge Hash
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: tauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: tauG2
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: alphaTauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: betaTauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: Blank Contribution Hash:
		786a02f7 42015903 c6c6fd85 2552d272
		912f4740 e1584761 8a86e217 f71f5419
		d25e1031 afee5853 13896444 934eb04b
		903a685b 1448b755 d56f701a fe9be2ce
[32;22m[INFO]  [39;1msnarkJS[0m: First Contribution Hash:
		bc0bde79 80381fa6 42b20975 91dd83f1
		ed15b003 e15c3552 0af32c95 eb519149
		2a6f3175 215635cf c10e6098 e2c612d0
		ca84f1a9 f90b5333 560c8af5 9b9209f4


2. Contribute to the ceremony

In [None]:
!snarkjs powersoftau contribute pot14_0000.ptau pot14_0001.ptau --name="First contribution" -v

[1G[0JEnter a random text. (Entropy): [33Gegzgeeehe
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculating First Challenge Hash
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: tauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: tauG2
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: alphaTauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: Calculate Initial Hash: betaTauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG1: 0/32767
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG1: 16384/32767
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG2: 0/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG2: 8192/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: alphaTauG1: 0/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: betaTauG1: 0/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: betaTauG2: 0/1
[32;22m[INFO]  [39;1msnarkJS[0m: Contribution Response Hash imported: 
		b23793a9 fc763023 47178822 68eca34b
		5b6f0e36 2fdbbeb6 e9921d9a d9b17

3. Provide a second contribution

In [None]:
!snarkjs powersoftau contribute pot14_0001.ptau pot14_0002.ptau --name="Second contribution" -v -e="some random text"

[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG1: 0/32767
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG1: 16384/32767
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG2: 0/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: tauG2: 8192/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: alphaTauG1: 0/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: betaTauG1: 0/16384
[36;22m[DEBUG] [39;1msnarkJS[0m: processing: betaTauG2: 0/1
[32;22m[INFO]  [39;1msnarkJS[0m: Contribution Response Hash imported: 
		9d96f240 2868e311 8ee59d99 88d3c721
		68ac7f0b e354cfad 41469286 bd1770c9
		46e5bedd a97f51f0 27601cbe f9d506c2
		6154f275 1816ee10 bb6c7589 7704e05d
[32;22m[INFO]  [39;1msnarkJS[0m: Next Challenge Hash: 
		8b7b4370 fe3ed1ce ddb163d1 cd95c5be
		039d7f86 464ce615 3ec25b56 ec5844c2
		322b4534 24debb55 e84fd1bf f10ec97a
		0a351414 2149170f ff7a7b38 6156a18f


4. Provide a third contribution using third-party software

In [None]:
!snarkjs powersoftau export challenge pot14_0002.ptau challenge_0003
!snarkjs powersoftau challenge contribute bn128 challenge_0003 response_0003 -e="some random text"
!snarkjs powersoftau import response pot14_0002.ptau response_0003 pot14_0003.ptau -n="Third contribution name"

[32;22m[INFO]  [39;1msnarkJS[0m: Last Response Hash: 
		9d96f240 2868e311 8ee59d99 88d3c721
		68ac7f0b e354cfad 41469286 bd1770c9
		46e5bedd a97f51f0 27601cbe f9d506c2
		6154f275 1816ee10 bb6c7589 7704e05d
[32;22m[INFO]  [39;1msnarkJS[0m: New Challenge Hash: 
		8b7b4370 fe3ed1ce ddb163d1 cd95c5be
		039d7f86 464ce615 3ec25b56 ec5844c2
		322b4534 24debb55 e84fd1bf f10ec97a
		0a351414 2149170f ff7a7b38 6156a18f
[32;22m[INFO]  [39;1msnarkJS[0m: Claimed Previous Response Hash: 
		9d96f240 2868e311 8ee59d99 88d3c721
		68ac7f0b e354cfad 41469286 bd1770c9
		46e5bedd a97f51f0 27601cbe f9d506c2
		6154f275 1816ee10 bb6c7589 7704e05d
[32;22m[INFO]  [39;1msnarkJS[0m: Current Challenge Hash: 
		8b7b4370 fe3ed1ce ddb163d1 cd95c5be
		039d7f86 464ce615 3ec25b56 ec5844c2
		322b4534 24debb55 e84fd1bf f10ec97a
		0a351414 2149170f ff7a7b38 6156a18f
[32;22m[INFO]  [39;1msnarkJS[0m: Contribution Response Hash: 
		399da34d 27fc55a3 361d654f a344a60d
		46f933cd 73761a9a 4b16907e 104569b5
		e4a15

5. Verify the protocol so far

In [None]:
!snarkjs powersoftau verify pot14_0003.ptau

[32;22m[INFO]  [39;1msnarkJS[0m: Powers Of tau file OK!
[32;22m[INFO]  [39;1msnarkJS[0m: Next challenge hash: 
		0550c620 518b8c40 a269a459 25a9ed7f
		806e9162 b75c0848 37d43062 ea26cc0b
		c9a481a4 b54220b4 592f0955 cc35bbd9
		d52360f5 db152400 a5cd42a5 c3a311f5
[32;22m[INFO]  [39;1msnarkJS[0m: -----------------------------------------------------
[32;22m[INFO]  [39;1msnarkJS[0m: Contribution #3: Third contribution name
[32;22m[INFO]  [39;1msnarkJS[0m: Next Challenge: 
		0550c620 518b8c40 a269a459 25a9ed7f
		806e9162 b75c0848 37d43062 ea26cc0b
		c9a481a4 b54220b4 592f0955 cc35bbd9
		d52360f5 db152400 a5cd42a5 c3a311f5
[32;22m[INFO]  [39;1msnarkJS[0m: Response Hash:
		399da34d 27fc55a3 361d654f a344a60d
		46f933cd 73761a9a 4b16907e 104569b5
		e4a152b6 9a522cf3 4c000766 f180a799
		26dfd0c5 412d21e1 c4f473c3 72f2f8eb
[32;22m[INFO]  [39;1msnarkJS[0m: Response Hash:
		8b7b4370 fe3ed1ce ddb163d1 cd95c5be
		039d7f86 464ce615 3ec25b56 ec5844c2
		322b4534 24debb55 e84fd1bf 

6. Apply a random beacon

In [None]:
!snarkjs powersoftau beacon pot14_0003.ptau pot14_beacon.ptau 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon"

[32;22m[INFO]  [39;1msnarkJS[0m: Contribution Response Hash imported: 
		408ed46e ad17dd0f fda4710c 4b661cbf
		977d8a37 62f08d7f 154c0526 775d1566
		dde3ce12 8db14293 cba13206 acf5df0b
		22ce160a 068a47a3 7d4ff45a 2f0d6c9a
[32;22m[INFO]  [39;1msnarkJS[0m: Next Challenge Hash: 
		79af4d28 dc589ada 9468a75c 5087d9c0
		79f56230 a239a77f c40a2490 abb6eba9
		7665d0ff b968fde0 0c52e7a2 4ee360a4
		b164a602 a29e18b4 8a42f511 a5a14c27


7. Prepare phase 2

In [None]:
!snarkjs powersoftau prepare phase2 pot14_beacon.ptau pot14_final.ptau -v

[36;22m[DEBUG] [39;1msnarkJS[0m: Starting section: tauG1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 0 mix start: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 0 mix end: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 1 mix start: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 1 mix end: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 2 mix start: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 2 mix end: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 3 mix start: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 3 mix end: 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 4 mix start: 0/2
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 4 mix start: 1/2
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 4 mix end: 1/2
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 4 mix end: 0/2
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft  4  join: 4/4
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 4 join  4/4  1/1 0/1
[36;22m[DEBUG] [39;1msnarkJS[0m: tauG1: fft 5 mix st

8. Verify the final ptau

In [None]:
!snarkjs powersoftau verify pot14_final.ptau

[32;22m[INFO]  [39;1msnarkJS[0m: Powers Of tau file OK!
[32;22m[INFO]  [39;1msnarkJS[0m: Next challenge hash: 
		79af4d28 dc589ada 9468a75c 5087d9c0
		79f56230 a239a77f c40a2490 abb6eba9
		7665d0ff b968fde0 0c52e7a2 4ee360a4
		b164a602 a29e18b4 8a42f511 a5a14c27
[32;22m[INFO]  [39;1msnarkJS[0m: -----------------------------------------------------
[32;22m[INFO]  [39;1msnarkJS[0m: Contribution #4: Final Beacon
[32;22m[INFO]  [39;1msnarkJS[0m: Next Challenge: 
		79af4d28 dc589ada 9468a75c 5087d9c0
		79f56230 a239a77f c40a2490 abb6eba9
		7665d0ff b968fde0 0c52e7a2 4ee360a4
		b164a602 a29e18b4 8a42f511 a5a14c27
[32;22m[INFO]  [39;1msnarkJS[0m: Response Hash:
		408ed46e ad17dd0f fda4710c 4b661cbf
		977d8a37 62f08d7f 154c0526 775d1566
		dde3ce12 8db14293 cba13206 acf5df0b
		22ce160a 068a47a3 7d4ff45a 2f0d6c9a
[32;22m[INFO]  [39;1msnarkJS[0m: Response Hash:
		0550c620 518b8c40 a269a459 25a9ed7f
		806e9162 b75c0848 37d43062 ea26cc0b
		c9a481a4 b54220b4 592f0955 cc35bbd9
		

9. Create the circuit

In [None]:
!echo -e 'pragma circom 2.0.0;\n\ntemplate Multiplier(n) {\n    signal input a;\n    signal input b;\n    signal output c;\n\n    signal int[n];\n\n    int[0] <== a*a + b;\n    for (var i=1; i<n; i++) {\n        int[i] <== int[i-1]*int[i-1] + b;\n    }\n\n    c <== int[n-1];\n}\n\ncomponent main = Multiplier(1000);\n' > /content/circom/circuit.circom


10. Compile the circuit

In [None]:
!circom --r1cs --wasm --c --sym --inspect circuit.circom

[32mtemplate instances[0m: 1
non-linear constraints: 1000
linear constraints: 0
public inputs: 0
private inputs: 2
public outputs: 1
wires: 1003
labels: 1004
[32mWritten successfully:[0m ./circuit.r1cs
[32mWritten successfully:[0m ./circuit.sym
[32mWritten successfully:[0m ./circuit_cpp/circuit.cpp and ./circuit_cpp/circuit.dat
[32mWritten successfully:[0m ./circuit_cpp/main.cpp, circom.hpp, calcwit.hpp, calcwit.cpp, fr.hpp, fr.cpp, fr.asm and Makefile
[32mWritten successfully:[0m ./circuit_js/circuit.wasm
[32mEverything went okay[0m


11. View information about the circuit

In [None]:
!snarkjs r1cs info circuit.r1cs

[32;22m[INFO]  [39;1msnarkJS[0m: Curve: bn-128
[32;22m[INFO]  [39;1msnarkJS[0m: # of Wires: 1003
[32;22m[INFO]  [39;1msnarkJS[0m: # of Constraints: 1000
[32;22m[INFO]  [39;1msnarkJS[0m: # of Private Inputs: 2
[32;22m[INFO]  [39;1msnarkJS[0m: # of Public Inputs: 0
[32;22m[INFO]  [39;1msnarkJS[0m: # of Labels: 1004
[32;22m[INFO]  [39;1msnarkJS[0m: # of Outputs: 1


12. Print the constraints

In [None]:
!snarkjs r1cs print circuit.r1cs circuit.sym

[32;22m[INFO]  [39;1msnarkJS[0m: [ 21888242871839275222246405745257275088548364400416034343698204186575808495616main.a ] * [ main.a ] - [ main.b +21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[0] ] = 0
[32;22m[INFO]  [39;1msnarkJS[0m: [ 21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[0] ] * [ main.int[0] ] - [ main.b +21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[1] ] = 0
[32;22m[INFO]  [39;1msnarkJS[0m: [ 21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[1] ] * [ main.int[1] ] - [ main.b +21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[2] ] = 0
[32;22m[INFO]  [39;1msnarkJS[0m: [ 21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[2] ] * [ main.int[2] ] - [ main.b +21888242871839275222246405745257275088548364400416034343698204186575808495616main.int[3] 

13. Export r1cs to json

In [None]:
!snarkjs r1cs export json circuit.r1cs circuit.r1cs.json
!cat circuit.r1cs.json

[1;30;43mStreaming output truncated to the last 5000 lines.[0m
    "3": "1",
    "671": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   }
  ],
  [
   {
    "671": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   },
   {
    "671": "1"
   },
   {
    "3": "1",
    "672": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   }
  ],
  [
   {
    "672": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   },
   {
    "672": "1"
   },
   {
    "3": "1",
    "673": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   }
  ],
  [
   {
    "673": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   },
   {
    "673": "1"
   },
   {
    "3": "1",
    "674": "21888242871839275222246405745257275088548364400416034343698204186575808495616"
   }
  ],
  [
   {
    "674": "2188824287183927522224640574525727508854836

14. Calculate the witness

In [None]:
!echo '{"a": 3, "b": 11}' > /content/input.json
!snarkjs wtns calculate circuit_js/circuit.wasm /content/input.json witness.wtns

In [None]:
!snarkjs wtns check circuit.r1cs witness.wtns

[32;22m[INFO]  [39;1msnarkJS[0m: WITNESS CHECKING STARTED
[32;22m[INFO]  [39;1msnarkJS[0m: > Reading r1cs file
[32;22m[INFO]  [39;1msnarkJS[0m: > Reading witness file
[32;22m[INFO]  [39;1msnarkJS[0m: ----------------------------
[32;22m[INFO]  [39;1msnarkJS[0m:   WITNESS CHECK
[32;22m[INFO]  [39;1msnarkJS[0m:   Curve:          bn128
[32;22m[INFO]  [39;1msnarkJS[0m:   Vars (wires):   1003
[32;22m[INFO]  [39;1msnarkJS[0m:   Outputs:        1
[32;22m[INFO]  [39;1msnarkJS[0m:   Public Inputs:  0
[32;22m[INFO]  [39;1msnarkJS[0m:   Private Inputs: 2
[32;22m[INFO]  [39;1msnarkJS[0m:   Labels:         1004
[32;22m[INFO]  [39;1msnarkJS[0m:   Constraints:    1000
[32;22m[INFO]  [39;1msnarkJS[0m:   Custom Gates:   false
[32;22m[INFO]  [39;1msnarkJS[0m: ----------------------------
[32;22m[INFO]  [39;1msnarkJS[0m: > Checking witness correctness
[32;22m[INFO]  [39;1msnarkJS[0m: WITNESS IS CORRECT
[32;22m[INFO]  [39;1msnarkJS[0m: WITNESS CHECKING FI

15. Setup

In [None]:
#Groth16
!snarkjs groth16 setup circuit.r1cs pot14_final.ptau circuit_0000.zkey

[32;22m[INFO]  [39;1msnarkJS[0m: Reading r1cs
[32;22m[INFO]  [39;1msnarkJS[0m: Reading tauG1
[32;22m[INFO]  [39;1msnarkJS[0m: Reading tauG2
[32;22m[INFO]  [39;1msnarkJS[0m: Reading alphatauG1
[32;22m[INFO]  [39;1msnarkJS[0m: Reading betatauG1
[32;22m[INFO]  [39;1msnarkJS[0m: Circuit hash: 
		6698822f 69440f98 7489ff1a 165bf227
		46103437 23f0af80 7c940f13 855285c7
		48b19211 5430cb62 cc90b335 31b9a1c3
		294b9dad 83c269e1 35564bb9 b4dcbf14


16. Contribute to the phase 2 ceremony

In [None]:
!snarkjs zkey contribute circuit_0000.zkey circuit_0001.zkey --name="1st Contributor Name" -v

[1G[0JEnter a random text. (Entropy): [33Ggmhvggcgchg
[36;22m[DEBUG] [39;1msnarkJS[0m: Applying key: L Section: 0/1001
[36;22m[DEBUG] [39;1msnarkJS[0m: Applying key: H Section: 0/1024
[32;22m[INFO]  [39;1msnarkJS[0m: Circuit Hash: 
		6698822f 69440f98 7489ff1a 165bf227
		46103437 23f0af80 7c940f13 855285c7
		48b19211 5430cb62 cc90b335 31b9a1c3
		294b9dad 83c269e1 35564bb9 b4dcbf14
[32;22m[INFO]  [39;1msnarkJS[0m: Contribution Hash: 
		f56535bf c785491b 68eba45c 1c6ff37a
		9371524a 253dd9fa c66fcca0 07ff1294
		ef603c69 ace28be3 81a0e913 303ca237
		06a49eb0 43b3f476 372ae7d9 02542c6c


17. Provide a second contribution

In [None]:
!snarkjs zkey contribute circuit_0001.zkey circuit_0002.zkey --name="Second contribution Name" -v -e="Another random entropy"

18. Provide a third contribution using third-party software

In [None]:
!snarkjs zkey export bellman circuit_0002.zkey  challenge_phase2_0003
!snarkjs zkey bellman contribute bn128 challenge_phase2_0003 response_phase2_0003 -e="some random text"
!snarkjs zkey import bellman circuit_0002.zkey response_phase2_0003 circuit_0003.zkey -n="Third contribution name"

19. Verify the latest zkey

In [None]:
!snarkjs zkey verify circuit.r1cs pot14_final.ptau circuit_0003.zkey

20. Apply a random beacon

In [None]:
!snarkjs zkey beacon circuit_0003.zkey circuit_final.zkey 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 10 -n="Final Beacon phase2"

21. Verify the final zkey

In [None]:
!snarkjs zkey verify circuit.r1cs pot14_final.ptau circuit_final.zkey

[32;22m[INFO]  [39;1msnarkJS[0m: Reading r1cs
[32;22m[INFO]  [39;1msnarkJS[0m: Reading tauG1
[32;22m[INFO]  [39;1msnarkJS[0m: Reading tauG2
[32;22m[INFO]  [39;1msnarkJS[0m: Reading alphatauG1
[32;22m[INFO]  [39;1msnarkJS[0m: Reading betatauG1
[32;22m[INFO]  [39;1msnarkJS[0m: Circuit hash: 
		6698822f 69440f98 7489ff1a 165bf227
		46103437 23f0af80 7c940f13 855285c7
		48b19211 5430cb62 cc90b335 31b9a1c3
		294b9dad 83c269e1 35564bb9 b4dcbf14
[32;22m[INFO]  [39;1msnarkJS[0m: Circuit Hash: 
		6698822f 69440f98 7489ff1a 165bf227
		46103437 23f0af80 7c940f13 855285c7
		48b19211 5430cb62 cc90b335 31b9a1c3
		294b9dad 83c269e1 35564bb9 b4dcbf14
[32;22m[INFO]  [39;1msnarkJS[0m: -------------------------
[32;22m[INFO]  [39;1msnarkJS[0m: contribution #4 Final Beacon phase2:
		1a441d1d 5a064fcd b8b5efb0 b95a4198
		fab79f69 1c5c0a6e 36d7556b 8f6431ce
		f47365ca 962d82b1 932160fd 594d5cae
		4b28384e 968c7117 3109dddd 35070937
[32;22m[INFO]  [39;1msnarkJS[0m: Beacon genera

22. Export the verification key

In [None]:
!snarkjs zkey export verificationkey circuit_final.zkey verification_key.json

[32;22m[INFO]  [39;1msnarkJS[0m: EXPORT VERIFICATION KEY STARTED
[32;22m[INFO]  [39;1msnarkJS[0m: > Detected protocol: groth16
[32;22m[INFO]  [39;1msnarkJS[0m: EXPORT VERIFICATION KEY FINISHED


23. Create the proof

In [None]:
#Groth16
!snarkjs groth16 prove circuit_final.zkey witness.wtns proof.json public.json

#23a. Calculate the witness and generate the proof in one step

In [None]:
#Groth16
!snarkjs groth16 fullprove /content/input.json /content/circom/circuit_js/circuit.wasm circuit_final.zkey proof.json public.json

24. Verify the proof

In [None]:
#Groth16
!snarkjs groth16 verify verification_key.json public.json proof.json

[32;22m[INFO]  [39;1msnarkJS[0m: OK!
