Original text: Zero-Knowledge Magic for Cheap
Translation and proofreading: Starknet Chinese Community
📑 Please indicate the source for reprinting🕹️
You show up at the club and forget your ID, and the security guards are staring at you.
It would be nice if you could prove your age without giving away too much information.
This is exactly where zero-knowledge proofs come in.
Quick Facts
Now you can verify zk-SNARKs through Starknet.
Starknet is the most economical way to publish zero-knowledge proofs¹.
Earn income ? This "news" is provided exclusively by this article.
Zero-knowledge starter pack 🎒
We need three key ingredients.
Starknet is like a super powerful highway where complex smart contracts can run quickly and at low cost. You can think of Starknet as a super fast relative of Ethereum.
Circom² is a proof generator for your community. It allows developers to write programs that hide some of their input information .
Garaga is Starknet's proof checker. Like a very sophisticated security guard, it is able to verify mathematical proofs directly on Starknet.
How the whole process works together 🔄
First, we need to write the computation we want to check in a programming language that supports zero-knowledge proofs. Such languages allow specifying private inputs and can be compiled into what we call zk-circuits.
ZK Circuit as Black Box
Next, we need to choose a framework to generate and verify the proof, depending on whether you only need local verification or want to publish the proof on-chain for everyone to see.
The whole process is as follows:
🧑💻Write code and compile your zk circuit
🧮Proof : Generate a proof
🏗️ Deploy validators on-chain
✅Verification : Publish and verify proof on-chain
If you want to keep it a mystery, please don't read on . 🙈
Step by step (Cairo) ✨
Step 1: Create Your Circuit
pragma circom 2.0.7; include "../../node_modules/circomlib/circuits/comparators.circom"; include "../../node_modules/circomlib/circuits/poseidon.circom"; template Auth() { signal input password; signal input hash; signal output out; component hasher = Poseidon(1); hasher.inputs[0] <== password; // Add the hash to output for testing out <== hasher.out; component eq = IsEqual(); eq.in[0] <== hasher.out; eq.in[1] <== hash; 1 === eq.out; } component main {public [hash]}= Auth();The Circom program verifies that someone knows a password by comparing it to its Poseidon hash.
Bonus points : try out the implementation on zkrepl.dev and generate a Poseidon hash here .
Once the compilation is complete, you will have a private attestation key and a verification key .
Now, given a private input ,
{ "password": "0x476172616761526f636b73", "hash": "137293068078....58724960716461" }You can use the attestation key to generate an attestation on your machine :
Proof file
proof.jsonin groth16 formatAll public inputs are included in the
public.jsonfile
Technical details : * Proofs can also be generated using zkrepl.dev. Alternatively, you can clone this repository via Git and generate proofs locally using the * snarkjs framework.
Now, the zero-knowledge magic ensures two things:
Anyone can verify this proof and be confident that you know the password
No one can learn the password by looking at the proof⁴.
Step 2: Write a validator using Garaga
Now that we have proof.json , let’s deploy a validator on Starknet and publish the proof for everyone to see.
1. First, Garaga can automatically generate a Starknet validator contract suitable for your circuit. We just need the verification key bound to the compiled circuit:
garaga gen --system groth16 -vk verification_key.json2. Declare the validator. You don’t need to deploy it yet. You can use:
starkli declare target/dev/verifier.contract_class.json3. Use the validator in the contract to process the proof.
fn verify_login(proof: Span<felt252>) { // Get the caller let caller = get_contract_address(); // Get the verifier implementation let class_hash = self.verifier_class.read(); let garaga_verifier = IVerifierLibraryDispatcher { class_hash }; // Check the proof let result = garaga_verifier.verify_groth16_proof_bn254(proof); assert!(result.is_some(), "invalid proof"); let expected_hash = *result.unwrap()[0]; assert(self.hash.read(caller) == expected_hash, "Wrong authentication") }4. Use Garaga CLI to publish the proof, generate the transaction data and send the transaction through starkli.
garaga calldata --system groth16 \ --vk verification_key.json \ --proof proof.json \ --public-inputs public.jsonWait?! 🫴
We didn't solve the original "I'm over 21" problem, did we?
This is true, but we have proven two things:
The difficulty of zero-knowledge applications lies in writing verification circuits.
The possibilities are endless. You can use OpenPassport to privately access a citizen's date of birth, or use their API to create certificates without the hassle.
Starknet's fees and Garaga's advanced optimization technology make this very affordable.
The fee schedule is as follows:
Deployment: About $5
On-chain proof verification: less than $1
Want a challenge, bro? 🤺
Ready to practice? Prove your abilities and earn rewards.
Prove that you can factor integers by sending a factorization ZK proof of your Starknet address to this contract: Challenge Contract
You must provide a list of 32 integers that multiply together to equal your address.
For example, if your address is 0x31337, which is 201527 in decimal,
Possible factors include 1, 137, 1471, 201527.
A valid input example is: [201527, 1, 1, 1, 1, …, 1] (31 1s)
The more factors there are, the higher the score and reward .
Factors of 1 are not counted. Please format your input as an array of 32 integers.
Check out the zk-mint repository for more clues on how to generate and publish proofs.
If you successfully solve it, please share it on Twitter at https://x.com/tek_kac :)
footnote:
[¹] By “cheapest” I mean, as far as I know, please don’t quote me on this.
[²] We use Circom, but other zk-DSL³ can also be handled by Garaga: such as Gnark or Risc0.
[³] zk-DSL: Zero-knowledge Domain Specific Language.
[⁴] Believe me, this mathematical proof doesn’t fit in a footnote right now.
