Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Writing a circuit is 20% of the work. The other 80% is the SNARK pipeline: running a trusted setup (Powers of Tau ceremony), generating a circuit-specific key, producing proofs, and (for blockchain apps) generating a Solidity verifier and deploying it. This task walks through the full shell-command pipeline for a minimal circuit, end to end, so you have the reps when it comes time to ship.
Complete pipeline for the Multiplier circuit from Task 1. Five shell commands: powers-of-tau (reuse an existing ceremony output), circuit-specific setup (phase 2), prove, verify, export-Solidity. Total time for a tiny circuit: under 2 minutes.
# Full Groth16 pipeline for multiplier.circom
# Prereqs: circom 2.x, snarkjs 0.7+, powers-of-tau ptau file
# 1) Compile circuit
circom multiplier.circom --r1cs --wasm --sym -o build/
# 2) Setup (phase 2 — circuit-specific)
# Assume powersOfTau28_hez_final_10.ptau exists from hermez ceremony
snarkjs groth16 setup build/multiplier.r1cs \
powersOfTau28_hez_final_10.ptau \
build/multiplier_0000.zkey
# Contribute randomness to phase 2 ceremony
snarkjs zkey contribute build/multiplier_0000.zkey \
build/multiplier_final.zkey --name="alice" -v
# Export verification key
snarkjs zkey export verificationkey build/multiplier_final.zkey \
build/verification_key.json
# 3) Generate witness for input {a:3, b:11}
echo '{"a":"3","b":"11"}' > input.json
node build/multiplier_js/generate_witness.js \
build/multiplier_js/multiplier.wasm input.json build/witness.wtns
# 4) Prove
snarkjs groth16 prove build/multiplier_final.zkey \
build/witness.wtns build/proof.json build/public.json
# 5) Verify locally
snarkjs groth16 verify build/verification_key.json \
build/public.json build/proof.json
# → OK
# 6) Generate Solidity verifier contract
snarkjs zkey export solidityverifier build/multiplier_final.zkey \
build/Verifier.sol
# → Verifier.sol has verifyProof() — inherit or deploy directlysnarkjs zkey beacon with a public randomness beacon (e.g., a recent block hash) as a final ceremony contribution. This is standard practice for production ceremonies.Use these three in order. Each builds on the one before.
In one paragraph, walk me through the end-to-end Circom → SNARK → on-chain pipeline: compile, setup, witness-gen, prove, verify, deploy.
Walk me through the two-phase setup for Groth16: what does the Powers of Tau ceremony produce, what's specific to a given circuit in phase 2, and why is the ceremony 'trusted' — what happens if someone records the toxic waste?
I'm deploying a production zk-SNARK verifier contract on Ethereum. Walk me through: (a) which ptau file is safe to use (and who ran it), (b) how I'd organise my own phase-2 ceremony with multiple contributors, (c) how I'd optimise gas on the Solidity verifier.