A Go-based implementation of a Zero-Knowledge verifier for the Stwo STARK proving system, built using the Gnark SNARK library.
This project implements a SNARK circuit designed to verify Cairo STARK proofs generated by Stwo Cairo (Starknet's next-generation Circle STARK prover). By porting the Stwo Circle STARKs verifier logic into a Groth16 or Plonk circuit, it enables efficient on-chain verification of Cairo ZKVM execution traces.
Directly verifying Circle STARK proofs on-chain can be computationally expensive. This repository bridges that gap by providing:
- Recursive Proofs: Wrap a high-performance Stwo STARK proof into a constant-size SNARK proof.
- EVM Compatibility: Verify large Cairo ZKVM execution traces with minimal gas costs on Ethereum.
- Go-Powered Verification: Leverage the speed of Go and the Gnark framework for robust verifier implementations.
The project is structured to mirror the core components of the Stwo prover:
m31/: Core arithmetic for the Mersenne-31 field.qm31/: Implementation of the quartic extension field used for statistical soundness and security.circle/: Circle curve operations, including domain definitions, group laws, and vanishing polynomials over the circle group.fri/: Implementation of the Circle FRI (Fast Reed-Solomon Interactive Oracle Proof of Proximity) protocol and high-performance Merkle verification using Blake2s.components/cairo_components/: AIR constraint evaluation logic for Cairo ZKVM opcodes and built-in functions.variables/: Optimized data structures for proof deserialization and Gnark circuit variables.
- Go 1.24+
- Rust/Cargo (only for generating custom shape files)
The entry point main.go demonstrates the full pipeline: loading a proof, compiling the circuit, performing a setup, generating a witness, and finally producing and verifying a Groth16 proof.
go run main.go
This repo includes a ready-to-run fixture for development:
test_data/all_components_one_query.jsontest_data/all_components_one_query_shape.json
Run the verifier test directly:
go test -v --short ./verifier
Shape JSON files define the circuit structure. They are produced by cairo-prove in the stwo-cairo ecosystem. To generate them, you need the circuit-data-gen branches:
- Clone and link these repositories in the same parent directory:
- Navigate to
stwo-cairo/cairo-proveand run:
cargo run -- circuit-data \
--path /path/to/stwo-gnark-verifier/test_data/all_components_one_query.json \
--queries 1
Use --queries to match the proof’s stark_proof.config.fri_config.n_queries value.
The project contains extensive unit tests for individual field arithmetic, Cairo opcodes, and the end-to-end verification flow.
# Run all tests
go test ./...
# Run tests with the short flag (skips heavy setup)
go test -short ./...
This project has been tested with:
stwo@c95edc65e3af652db0eda433dfa1b92831ca2b64stwo-cairo@5247e786a2c32299d653a5e8d1e5be65c0c219fe
This implementation is currently under active development.
- Audit Status: This code has not yet been audited.
- Stwo — StarkWare's Rust implementation of the Circle STARK protocol.
- Stwo-Cairo — An adapter to compile and prove execution traces of the Cairo ZKVM using the Stwo backend.
- Gnark — A fast ZK-SNARK library providing high-level APIs for designing arithmetic circuits in Go.