dev-resources.site
for different kinds of informations.
Niftyzk tutorials 1
This is the start of the tutorial series on Niftyzk and will go over installation and the basic commands as of NiftyZK 0.1.4
https://github.com/NiftyZk/niftyzk
Niftyzk is a scaffolding tool and circom development framework with first class support for CosmWasm.
Installation
You can find the documentation on the github repository. The project depends on Circom to be installed which depends on Rust. You also need NPM to install niftyzk the CLI.For the circom installation instructions, visit :
https://docs.circom.io/getting-started/installation
To install niftyzk, install it straight from github
npm install -g git+https://github.com/NiftyZk/niftyzk.git
This will install it and the niftyzk
command will be available from the command line.
Run niftyzk --version
to verify the installation, it should output:
$ niftyzk --version
0.1.4
The help page should show the following:
Usage: niftyzk [options] [command]
Scaffold a new Circom project and circuits, compile it and run Powers of Tau
Phase-2 ceremonies. Generate a cosmwasm verifier contract. Supports Groth-16
with a BN128 curve
Options:
-V, --version output the version number
-h, --help display help for command
Commands:
init Initialize and scaffold a new project
ptaufiles [options] Display information and download ptau files
gencircuit Generate circom circuits and javascript tests for the current directory
dev [options] Hot reload for circuit development. input.js must
contain a valid circuit input
compile [options] Compile the circuits
ceremony Runs a phase 2 ceremony server that accepts anonymized contributions via a website. Default port is 3000.
Prefix the command with PORT=number to change the
default port
finalize [options] Finalize the circuit after the phase2 ceremony is
finished
vkey [options] Generate the verification key for this circuit
gencontract [options] Generate a cosmwasm verifier smart contract
help [command] display help for command
niftyzk init [folder]
To start a new project, you need to initialize a directory and select the scaffolded project. The init command will either work in the current directory or create a new directory depending if the folder name was specified. The command will enter the scaffolding menu that allows to to configure the generated code
Creating a new directory with name myproject
? What project do you want to scaffold? (Use arrow keys)
❯ Commit-Reveal Scheme
Commit-Reveal Scheme with Fixed Merkle Tree
EdDSA signature verification
EdDSA signature verification with Fixed Merkle Tree
As of 0.1.4 , the following schemes are available to generate. You should use these are templates and roll your own implementation using them.
A commit-reveal scheme allows proving the knowledge of a secret without revealing it. The commitments are implemented using hashing, the scheme allows a proof to be constructed that verifies the knowledge of a hash pre-image without revealing it. This scheme can serve as a basis for account abstraction or games.
A commit-reveal scheme with a fixed merkle tree adds merkle proofs to the commit-reveal scheme and allows the verification that a commitment is contained in the merkle root. The scaffolded project resembles a well known project tornado cash, which uses a similar scheme however caution is advised if in replicating that exact functionality. The scheme is a great starting point for account abstraction, identity verification, privacy and scaling solutions.
The EdDSA signature verification scheme allows for verification of an Edwards digital signature inside the circom circuit, these digital signatures are not supported by blockchains by default but can be efficiently used inside zero-knowledge circuits.The signature verification scheme is a great stating point for account abstraction, voting systems identity verification and rollups.
The EdDSA signature verification comes with an optional merkle tree implementation that allows verification that the public key of a signer is found in the merkle tree. The merkle tree effectively contains the signers that are allowed to pass verification.
? Choose the hashing algorithm to use: (Use arrow keys)
❯ mimc7
mimcsponge
pedersen
poseidon
The next step is to select the hash algorithm to use with your scheme. This choice is important because each hashing function targets a little different use-caseMiMC7 and MiMCSponge are very effective hashing algorithms developed for verification schemes, however they require an extra key parameter to work. The key is an added secret that should not be revealed and so these work best when used with centralized proving system that doesn’t allow individual users to access the secret variables and computes proofs on their behalf, for example to delegate rights.
Poseidon hash is the most flexible which and simple to implement that doesn’t require a secret key, unlike MiMC implementations. This is a great hashing algorithm if you want decentralized proof compute that runs in the browser.
Pedersen hashing is used to implement Pedersen commitments which are homomorphic. It’s implementation is a bit more advanced and requires working with bits instead of passing bigint values directly like the other hashing algorithms.It is recommended to use Poseidon over Pedersen however it depends on your use-case.
? Do you wish to add tamperproof public inputs? (E.g: walletaddress): (y/N)
If you select a commit-reveal scheme you will be asked to add tamper proof inputs, you need to type them in a comma separated list. The tamper proof inputs use hidden signals inside the circuit for tamper resistance.When a zero-knowledge proof is computed it contains public inputs which need to be revealed on a blockchain for verification. If some of the inputs are arbitrary and doesn’t partake in the commit-reveal scheme, then an adversary is able to manipulate them.Making public signals tamper proof is essential for security.
? Do you wish to add public inputs to sign? (E.g: address,amount) (y/N)
If you selected EdDSA, you will be asked to add inputs to sign. The purpose is similar to making them tamper proof, however they will be part of the signed message itself. EdDSA signatures always sign hashes, so you can add as many inputs as you like.
When you have completed the scaffolding process you need to npm install
the dependencies and ready to start iterating on your circuit.
The contents of the scaffolded projects will be explained in another tutorial, for now we move on to the other commands.
niftyzk dev
Usage: niftyzk dev [options]
Hot reload for circuit development. input.js must contain a valid circuit input
Options:
--circuit [path] The circuit to test. Defaults to circuits/circuit.circom
--assertout Asserts the output of the circuit. The output must be exported from a getOutput() function
from input.js
--verbose Show extra information for debugging
-h, --help display help for command
This command is used to start the hot reload development environment.The circuits will be compiled and executed with an input. The inputs are defined in /test/input.js
file, which must export a getInput()
function that will be called by the hot reload. The output of the circuit can be asserted by passing the --assertout
flag. The output must be implemented in the getOutput()
function in the input.js file. This allows you to iterate compile and test the circuit as you develop it.You can use log();
inside your circuits for debugging. If you run it with the optional --verbose
flag, more debugging information will be available.
niftyzk ptaufiles
Usage: niftyzk ptaufiles [options]
Display information and download ptau files
Options:
-f, --filename [filename] The file to download
-h, --help display help for command
To compile circuits you will need files created with a powers of tau ceremony. You can opt to create your own files but that’s an insecure solution. The Phase 1 of powers of tau creates reusable files, so we can use them from the Polygon Hermez ceremony. The built in download will get the files for you and place them where the compiler expects them to be. The files get quite large and not all work with the ceremony server. If your circuits are large you need to use big ptaufiles to compile them.
For automated systems, if you know the filename you can pass it as an argument, if not a dropdown menu will appear for you to manually select it.
Example file to select
powersOfTau28_hez_final_15.ptau
blake2b hash: 982372c867d229c236091f767e703253249a9b432c1710b4f326306bfa2428a17b06240359606cfe4d580b10a5a1f63fbed499527069c18ae17060472969ae6e
Power: 15, Max Constraints: 32K
Size: 36.08 MiB
Supports built in ceremony server: YES
niftyzk compile
Usage: niftyzk compile [options]
Compile the circuits
Options:
--circuit [path] Specify the location for the circuit. Defaults to circuits/circuit.circom
-h, --help display help for command
This command invokes the circom compiler which depends on Rust. It must be installed beforehand to proceed with the compilation.The current circuits will be compiled and the output will be in the circuits/compiled
directory. You should commit this file to git because it contains the compilation results, recompiling will always yield a different circuit and verification parameters so you should keep this to continue. If you alter the circuit you need o recompile each time.
niftyzk ceremony
Usage: niftyzk ceremony [options]
Runs a phase 2 ceremony server that accepts anonymized contributions via a website. Default port is 3000. Prefix
the command with PORT=number to change the default port
Options:
-h, --help display help for command
There will be a dedicated tutorial to explain how to deploy a ceremony server, for now all you need to know is that to secure groth-16 proving circuits the Powers of tau ceremony needs to be repeated, it has a circuit specific phase. The compilation outputs a zkey files into the compiled directory which can be contributed to. The contribution creates a new zkey from the previous one, they are stored indexed. The contribution takes place in the browser and niftyzk contains a webserver. The contributions are anonymous and as long as a single participant remains honest the ceremony is secure.
niftyzk vkey
Usage: niftyzk vkey [options]
Generate the verification key for this circuit
Options:
--final Export the final verification key after the phase2 ceremony
-h, --help display help for command
You need to export a verification key to run tests, compute proofs or generate a cosmwasm contract. The vkey can be created before or after the ceremony, the final key must be exported after the finalize
niftyzk finalize
Usage: niftyzk finalize [options]
Finalize the circuit after the phase2 ceremony is finished
Options:
-b, --beacon [string] A random beacon to use for finalizing the ceremony. For example a block hash or a hex number outputted by a Verifiable Delay Function (VDF)
-i, --iter [num] Number of iterations
-n, --name [string] The name of the final contribution
-h, --help display help for command
The finalize command requires a random beacon to finalize the circuit. This should be ran after the ceremony is finished and all the contributions are done. The beacon is a hex number that should be outputted by a Verifiable Delay Function, often a block hash is used. You need to export a new vkey after the finalization to continue.
niftyzk gencontract
After you acquired the verification key you can generate the contract. The circuits don’t need to be finalized for this, however your verification will be vulnerable without a ceremony and finalization.
Usage: niftyzk gencontract [options]
Generate a cosmwasm verifier smart contract
Options:
--circuit The full name of the circuit file to use. Defaults to circuit.circom
--ark Use the Arkworks Groth-16 verifier implementation
--bellman Use the Bellman Groth-16 verifier implementation
--overwrite If a contract directory already exists, you are required use this option to overwrite it.
--folder [name] Specify the name of the generated contract's folder
-h, --help display help for command
The available libraries to use for the Rust verifier are Arkworks or Bellman. You can find both on crates.io.
You need to specify the folder name and if the folder exists already explicitly overwrite it.
Checking the generated contracts:
Install the wasm rust compiler backend: rustup target add wasm32-unknown-unknown
Run cargo test
to run the generated tests
Build the contracts using cargo wasm
Verify the contract.wasm using the cosmwasm-check utility cargo install cosmwasm-check
cosmwasm-check ./target/wasm32-unknown-unknown/release/contract.wasm
And you are done, you created a verifier for a cosmwasm contract from your circuit
*The development pipeline could be drawn with the graph as :
*
I hope you like niftyzk, in the next tutorials I will explain more about the generated code, showcase the merkle tree utils and deploy a ceremony server on a VPS.
Featured ones: