Introduction to SNARK Development with `arkworks`
In this tutorial, we will learn how to write applications for use with state-of-the-art zkSNARKs using the arkworks
ecosystem of SNARK libraries.
Prerequisites
Because the arkworks
ecosystem uses the Rust programming language, this tutorial assumes some familiarity with the basics of Rust. We also assume basic familiarity with zkSNARK concepts, and in particular with the following terminology:
- Public input/instance: a publicly known object that the verifier can check a zkSNARK proof against. For example, in a proof of membership in a Merkle tree, the Merkle tree root would be a public input.
- Private input/witness: an object that is known only to the prover, for either efficiency or privacy reasons. In the Merkle tree example, the Merkle tree authentication path would be a private input.
- Circuit: an encoding of a computation in a way that can be proven using a zkSNARK.
- Gadget: subcircuits corresponding to useful computations that can be used to build up the full circuit. In the Merkle tree example, a hash function gadget would be used repeatedly.
Instructions
-
Ensure that you have the latest version of Rust installed (1.51 at the time of writing). If you do not already have Rust installed, you can do so via
rustup
. Linux users, please note thatarkworks
relies on Rust 1.51, which might be more recent than the Rust version provided by your distribution's package repositories; hence, even if you have installed Rust via your package manager, please install the latest Rust viarustup
. -
Clone this repository via
git clone https://github.com/arkworks-rs/r1cs-tutorial.git
-
(Optional) While Rust works out of the box with your text editor of choice, using Visual Studio Code along with the
rust-analyzer
plugin makes Rust development easier. -
(Optional) Join the Telegram channel for this tutorial and for the
arkworks
ecosystem to ask questions interactively. -
Proceed to the exercises below.
Exercises
In this tutorial, we will construct a SNARK-based rollup for a simple payments system. In the course of doing so, you will learn how to use arkworks
libraries for writing constraint systems, how to debug these circuits for both correctness and performance, and finally how to plug these circuits into zkSNARKs.
First, checkout the main
branch in the repository.
Exercise 1: Merkle Tree Example
We'll design a simple circuit for checking a Merkle tree membership path for a given leaf. Open merkle-tree-example/README.md
.
Exercise 2: Validating a single transaction
We'll design a circuit for validating a single transaction in a simple account-based payment system. Open simple-payments/README.md
to first learn more about the payment system, and then open rollup/README.md
for the instructions for this exercise.
Exercise 3: Writing a rollup circuit
We'll design a circuit for a rollup for batch verification of transactions in the foregoing payment system. Open rollup/README.md
for the instructions for this exercise.
Solutions
If you get stuck on one of the above exercises, or if you wish to compare your solution with ours, check out the solutions
branch on this repository.