snarkjs 资源 ​

Recently, circom added some new language features for easier inputting into templates and passing arrays around. Check it out here: https://github.com/iden3/circom/blob/master/mkdocs/docs/circom-language/anonymous-components-and-tuples.md

This diagram is essential as you start working with the many artifacts generated by the snarkjs compilation pipeline. It was made by fvictorio during the first 0xPARC Learning Group

In the README of https://github.com/iden3/snarkjs, there are 27 different steps that they tell you to follow. Here, we break down what they mean and which ones you can skip:

(Preliminaries) Installing code ​

• First, install snarkjs and circom according to https://github.com/iden3/snarkjs#preliminaries
• Reach out on discord if you have any difficulties with this

(Steps 0 - 8) Download Powers of Tau ​

• These steps create a “ptau” file which stores the powers of tau that are necessary for snarkjs to function (mathematical details covered in Session 5)

• You can skip setting these up yourself; Polygon Hermez has already done a ceremony to generate them

  • Ethereum is currently running an even larger ceremony at https://ceremony.ethereum.org/ !

• Just download one from under https://github.com/iden3/snarkjs#7-prepare-phase-2 where there are more powers of tau than your circuit's constraints

(Steps 9 - 13) Circuit writing + compilation ​

• After finishing your circuit in zkrepl.dev, you can copy the code into a local circuit.circom file
• Need to specify public/private inputs
• circom circuit.circom --r1cs --wasm --sym will generate all the additional files you need for proving
• Steps 11-13 just print other metadata or the circom file in other formats

(Step 14) Computing the witness ​

circuit_js$ node generate_witness.js circuit.wasm ../input.json ../witness.wtns

circuit_js$ node generate_witness.js circuit.wasm ../input.json ../witness.wtns

• This uses the JavaScript file generate_witness.js generated from the previous step, as well as taking in an input.json

(Steps 15 - 21) Computing the proving key / trusted setup phase 2 ​

• Here we generate the relevant metadata for creating proofs in a .zkey file, called a proving key

• This requires a “trusted setup”, which inputs randomness across a few steps to create a secure proving key

  • This would usually be done over many parties and is secure as long as they don't all collude

• You should add some entropy of your own as in https://github.com/iden3/snarkjs#16-contribute-to-the-phase-2-ceremony

(Step 22, Step 25-26) Computing the verification key ​

• Here we compute the relevant metadata for verifying proofs in a .vkey.json file, called a verification key
• Can also make a smart contract version for on-chain verification!

(Steps 23 - 24) Creating and verifying proofs ​

• Can create and verify proofs in the CLI, but can also create and verify proofs in JavaScript for web apps