experiments with zokrates

zokrates is a zero knowledge proof framework that you could use to deploy solidity contracts that use zero knowledge proofs.

zero knowledge proofs are an area of cryptography that could allow someone to prove a hash satisfied a series of constraints. zokrates makes it easier for developers to practically apply this into projects such as Solidity.

zokrates could be used to build anonymous deposit networks, credentialing, etc. there are many possibilities! games are another one and what i felt like testing it with at the time.

what could zokrates be useful for

there are some cool application build with zero knowledge proofs such as identity tooling, anonymity networks, games.

from my perspective whats most interesting is being able to perform actions that won’t be visible in the mempool. on-chain games are interesting but often transfer wealth from the less technical people. it’s like a new lego you otherwise have to put a lot of effort into, so that’s why i think it’s interesting to test.


i saw there is a docker image which is a pretty nice way to check it out, i’ll note the curl for a global installation

curl -LSfs get.zokrat.es | sh

i’m going to use forge from foundry with my project too since it only handles the proof and i’ll want to use it with a solidity contract

curl -L https://foundry.paradigm.xyz | bash

writing a .zok file

zokrates has its own language that uses a .zok extension. you write this file, use the zokrates build command to build the project which will finally produce a verification jey and abi that you can use with your Solidity contracts

here is a simple example from their github site

def main(private field a, field b) {
    assert(a * a == b);

this program takes two inputs, one of which has a private field keyword, checks if the math a * a = b is satisfied, then exits.

this later gets translated to a solidity contract like


contract TestContract {
  function hi(x, y) {
    verifier.input(x, y)

overall this is simpler than writing circuits by hand and that’s why it’s useful for cases where you want to hide inputs on EVM networks.