feat: improve zksnark wording

julio4 · julio4 · commit dde42d01576b · 2025-04-09T13:33:00.000+08:00
diff --git a/pages/advanced-concepts/verify_proofs.md b/pages/advanced-concepts/verify_proofs.md
@@ -1,187 +1,182 @@
-# Verify ZK proofs
+# Verify ZK Proofs on Starknet
 
-This example shows how to verify SNARK proofs on Starknet.
+This example shows how to verify SNARK proofs on Starknet using a practical example of a token minting system that requires proof of knowledge of a secret.
 
-**zk-SNARKs** (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) are cryptographic proofs that allow one party (the prover) to prove to another party (the verifier) that they know a specific piece of information (ex: a solution to a computational problem) without revealing the information itself.
+## ZK-SNARKs
 
-## Key Properties
+**zk-SNARKs** (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) are cryptographic proofs that enable one party (the *prover*) to demonstrate knowledge of specific information to another party (the *verifier*) without revealing the information itself.
 
--   **Zero-Knowledge (privacy)**: zk-SNARKs ensure that the inputs to a computation remain private while proving correctness. In other words, the proof does not disclose any information beyond the validity of the statement.
--   **Succinctness**: zk-SNARKs proofs size is small, regardless of the complexity of the statement, with the verification being computationally much cheaper than proof generation. It can be used to verify lots of computation in a much cheaper way than re-doing the computation, allowing for scalability for example.
--   **Non-Interactivity**: Once generated, the proofs require no further communication between the prover and verifier, reducing complexity in decentralized environments.
--  **Integrity**: Verifiers are guaranteed the correctness of the computation without having to re-execute it.
+- **Zero-Knowledge (Privacy)**: Ensures computation inputs remain private while proving correctness. The proof only reveals the statement's validity, not the underlying data.
+- **Succinctness**: Proofs remain small regardless of statement complexity, with verification being computationally cheaper than proof generation. This enables efficient verification of large computations.
+- **Non-Interactivity**: Proofs require no further communication between prover and verifier after generation, ideal for decentralized environments.
+- **Integrity**: Guarantees computation correctness without requiring re-execution.
 
-## Examples of Use Cases
+### Common Use Cases
 
-- **Identity Verification**
-Prove attributes like age, nationality, or membership without revealing the actual details. Instead of scanning the user's ID card or passport for example, online platforms could verify users' eligibility trustlessly without accessing nor storing sensitive data.
+- **Identity Verification**: Prove attributes (age, nationality, membership) without revealing actual details. Enables trustless verification without storing sensitive data.
+- **Scalable Rollups**: Bundle multiple transaction proofs into a single proof, eliminating the need for re-execution.
+- **Proof of Reserves**: Demonstrate sufficient funds for service eligibility without disclosing actual balances.
 
-- **Scalable Rollups (Layer 2 Solutions)**
-Zk proofs could be used to prove the validity and correct computation of multiple transactions execution into a single proof, eliminating the need to re-execute them to verify. zk-Rollups on Ethereum, like Starknet, leverage zk-STARKs to improve transaction throughput while reducing costs. This enables efficient and scalable off-chain computation with secure on-chain verification.
+## Example: Proof of Secret with Replay Attack Protection
 
-- **Proof of Reserves**
-Prove you have above enough money, without disclosing actual account balances, to be eligible to apply to a certain service (loan, etc).
+This example shows how to implement a token minting system where users can mint tokens by proving knowledge of a secret password without revealing it. The system includes protection against replay attacks, ensuring each proof is unique to its generator.
 
-# Use Case Example: proof of secret (resistant to replay attacks)
+We will use the following:
+- **Circom**: Domain-specific language for defining arithmetic circuits, the foundation of zk-SNARKs.
+- **Groth16**: A pairing-based zk-SNARK system that provides the mathematical framework for proof generation and verification.
+- **Snarkjs**: JavaScript library for generating and verifying zk-SNARK proofs.
+- **Garaga**: Enables efficient elliptic curve operations on Starknet, including Groth16 smart contract verifier generation.
 
-This specific use case is about granting access to tokens after having proven you a know secret without actually revealing it. In this example, any user can mint free tokens if they submit a valid proof unique to them to a specific contract. The proof needs to have been generated by the user submitting it, copy-pasting a proof from another user will not work. (More about it later)
+### 1. Circuit Definition
 
+Create a circuit that:
+- Takes 3 inputs:
+  - User address (public)
+  - Password hash (public)
+  - Password in plain text (private)
+- Computes the hash of the plain text password
+- Compares it with the public hash
+- Generates a user-specific proof to prevent replay attacks
 
-## Stack used: Circom, Groth16, Snarkjs, Garaga
-
--   **Circom**: A domain-specific language for defining arithmetic circuits, which are the foundation of zk-SNARKs. These circuits describe the computation to be proven in a zk-SNARK.
-
-- **Groth16**: Groth16 is a famous pairing-based zk-SNARK system. In other words, it is a cryptographic protocol, or more precisely a proving scheme for zk-SNARKs. It defines the mathematical framework and the core logic for generating and verifying zk-SNARK proofs. Its principal function is to allow a prover to validate the accuracy of a statement to a verifier, without revealing any additional data. A distinct feature of Groth16 is its succinctness; the proofs generated are concise, occupying minimal storage and transmission space.
-
--   **Snarkjs**: A JavaScript library acting as an implementation layer of proving systems by providing tools and utilities for generating and verifying zk-SNARK proofs. It currently supports 3 proving systems: Groth16, PLONK, and FFLONK. It integrates with the circom compiler used for compiling circom circuits.
-
-- **Garaga**: Garaga enables efficient elliptic curve operations on Starknet. Among them, one that was particularly useful for this use case, was the Groth16 smart contract verifiers generator. This functionality helps in generating verifier contracts allowing on-chain proof verification. Instead of verifying locally using snarkjs, Garaga allows the proof verification directly on-chain by anyone.
-
-## How it works:
-
-In this section, the example workflow is explained. As this repository consists of examples, each command is briefly explained to give a gist of it. If you wish to learn about those, please refer to the documentation of those technologies:
-- [Circom](https://docs.circom.io/)
-- [Snarkjs](https://github.com/iden3/snarkjs)
-- [Garaga](https://garaga.gitbook.io/garaga)
-
-1. Write a circuit using `Circom` that will correspond to the program you are proving. In the circuit, you can set constraints (aka assertions) that the program needs to respect. Otherwise, the proof generation will fail.
-
-- 1.1. Circuit
-
-```circom
+```solidity
 // [!include ~/listings/advanced-concepts/verify_proofs/src/circuit/circuit.circom]
 ```
 
-This circuit takes 3 inputs:
-- user address (public)
-- password hash (public)
-- password in plain text (private)
+### 2. Circuit Compilation
 
 The circuit computes the hash of the plain text password and compares the result to the publicly known hash of the password. This equality assertion is one of the constraints set by the circuit. The rest of the code is to generate a proof unique to the user to avoid replay attacks (more about it later).
 
-- 1.2. Circuit inputs
-
-```json
-// [!include ~/listings/advanced-concepts/verify_proofs/src/circuit/input.json]
-```
-> In my example, the secret password is 2468. You should input the same user address with which you will submit your proof to the ZkERC20Token to mint free tokens.
-
-2. Compile the circuit (in binary and web assembly formats)
-
 ```bash [Terminal]
 mkdir target
-circom src/circuit/circuit.circom  -l  node_modules  --r1cs  --wasm  --output  target
+circom src/circuit/circuit.circom -l node_modules --r1cs --wasm --output target
 ```
 
-3.  Trusted setup -- phase 1 (independent of the circuit)
+### 3. Trusted Setup
 
-> The **trusted setup** is a phase in the zk-SNARK protocol where cryptographic parameters, known as a **proving key** and a **verification key**, are generated. These keys are essential for the prover to create proofs and for the verifier to validate them.
+The **trusted setup** is a phase in the zk-SNARK protocol where cryptographic parameters, known as a *proving key* and a *verification key*, are generated. These keys are essential for the prover to create proofs and for the verifier to validate them.
 
-- 3.1. Start a new `powers of tau` ceremony
-```bash [Terminal]
-mkdir  target/ptau && cd  target/ptau
-snarkjs  powersoftau  new  bn128  12  pot12_0000.ptau  -v
-```
+#### Phase 1: "Powers of Tau" Ceremony
 
-- 3.2. Contribute to phase 1 of ceremony
+:::info
+A trusted setup ceremony is a collaborative process where multiple participants contribute randomness to create the cryptographic parameters for a proof system (the proving and verification keys), with the goal to provide additional security. You can provide additional contributions if you wish to do so.
+:::
 
-> A trusted setup ceremony is a collaborative process where multiple participants contribute randomness to create the cryptographic parameters for a zk-SNARK system (the proving and verification keys), with the goal to provide additional security. You can therefore provide additional contributions if you wish to do so.
+- Initialize powers of tau ceremony:
 
 ```bash [Terminal]
-snarkjs  powersoftau  contribute  pot12_0000.ptau  pot12.ptau  --name="My contribution to part 1"  -v  -e="some random text for the contribution to part 1"
+mkdir target/ptau && cd target/ptau
+snarkjs powersoftau new bn128 12 pot12_0000.ptau -v
 ```
 
-4. Trusted setup -- phase 2 (circuit dependent)
+```bash [Terminal]
+snarkjs powersoftau contribute pot12_0000.ptau pot12.ptau --name="My contribution to part 1" -v -e="some random text for the contribution to part 1"
+```
 
-- 4.1. Finalize ptau file
+#### Phase 2: Circuit Dependent
+
+- Finalize ptau file:
 
 ```bash [Terminal]
-snarkjs  powersoftau  prepare  phase2  pot12.ptau  pot12_final.ptau  -v
+snarkjs powersoftau prepare phase2 pot12.ptau pot12_final.ptau -v
 ```
 
-- 4.2. Generate a zkey file
+- Generate a zkey file:
 
 ```bash [Terminal]
-cd  ..
-snarkjs  groth16  setup  circuit.r1cs  ptau/pot12_final.ptau  circuit_0000.zkey
+cd ..
+snarkjs groth16 setup circuit.r1cs ptau/pot12_final.ptau circuit_0000.zkey
 ```
 
-- 4.3. Contribute to phase 2
+- Contribute to Phase 2:
 
 ```bash [Terminal]
-snarkjs  zkey  contribute  circuit_0000.zkey  circuit_0001.zkey  --name="My contribution to part 2"  -v  -e="some random text for the contribution to part 2"
+snarkjs zkey contribute circuit_0000.zkey circuit_0001.zkey --name="My contribution to part 2" -v -e="some random text for the contribution to part 2"
 ```
-After 4.3., we have our proving key (`circuit_0001.zkey`) that we will use, along with the compiled circuit and the input to the circuit, to generate proofs.
 
-- 4.4. Export verification key
+We now have our proving key (`circuit_0001.zkey{:md}`) that we will use, along with the compiled circuit and the input to the circuit, to generate proofs.
+
+- Export verification key:
 
 ```bash [Terminal]
-snarkjs  zkey  export  verificationkey  circuit_0001.zkey  circuit_verification_key.json
+snarkjs zkey export verificationkey circuit_0001.zkey circuit_verification_key.json
 ```
-After 4.4., we have our verification key (`circuit_verification_key.json`) that we will use, along with the generated proof and its outputs, to verify proofs.
 
-5. Proof Generation
+We have our verification key (`circuit_verification_key.json{:md}`) that we will use, along with the generated proof and its outputs, to verify proofs.
+
+### 4. Proof Generation
 
-- 5.1. Generate witness
+#### Generate witness
 
 The **witness** refers to the private input and intermediate values that the prover knows and uses to generate the proof. The intermediate values correspond to the values computed during the circuit execution. These are also part of the witness and are necessary for proving the correctness of the computation. In short, the witness is a complete set of values that satisfies the constraints defined by the zk-SNARK circuit.
 
 ```bash [Terminal]
-node  circuit_js/generate_witness.js  circuit_js/circuit.wasm  ../src/circuit/input.json  witness.wtns
+node circuit_js/generate_witness.js circuit_js/circuit.wasm ../src/circuit/input.json witness.wtns
 ```
 
-- 5.2 Generate proof
+#### Generate proof
 
 ```bash [Terminal]
-snarkjs  groth16  prove  circuit_0001.zkey  witness.wtns  proof.json  public.json
+snarkjs groth16 prove circuit_0001.zkey witness.wtns proof.json public.json
 ```
 
-> To generate a proof, 3 information are needed:
-> - compiled circuit
-> - circuit inputs
-> - proving key
+:::note
+To generate a proof, 3 information are needed:
+- compiled circuit
+- circuit inputs
+- proving key
 
-> To verify a proof, 3 information are also needed:
-> - proof
-> - circuit outputs (obtained when generating proof)
-> - verification key
+To verify a proof, 3 information are also needed:
+- proof
+- circuit outputs (obtained when generating proof)
+- verification key
+:::
 
-
-- 6. Generate verifier contract
+### 5. Generate verifier contract
 
 ```bash [Terminal]
-garaga  gen  --system  groth16  --vk  circuit_verification_key.json
+garaga gen --system groth16 --vk circuit_verification_key.json
 ```
 
-This above command will generate a cairo project with the verifier contract, with the main endpoint `verify_groth16_proof_[curve_name]`.
+This above command will generate a cairo project with the verifier contract, with the main endpoint `verify_groth16_proof_[curve_name]{:md}`.
 
-> Garaga also provides some command utilities to deploy it on-chain. Else, you can deploy it like any other contract (using starkli or sncast for example).
+:::info
+Garaga also provides some command utilities to deploy it on-chain. Else, you can deploy it like any other contract (using starkli or sncast for example).
+:::
 
 Here is the generated starknet contract:
 
 ```cairo
 // [!include ~/listings/advanced-concepts/verify_proofs/src/verifier/groth16_verifier.cairo]
 ```
 
-7. Generate calldata & call on-chain verifier contract
+### 6. Generate calldata & call on-chain verifier contract
 
-This step is useful for generating calldata from the proof & circuit execution outputs, which can then be sent to the verifier contract to verify the proof on-chain. In this example, there is an intermediary contract, ZkERC20Token, which will itself call the verifier contract (more about it below).
+This step is useful for generating calldata from the proof & circuit execution outputs, which can then be sent to the verifier contract to verify the proof on-chain. In this example, there is an intermediary contract, `ZkERC20Token`, which will itself call the verifier contract (more about it below).
 
 ```bash [Terminal]
-garaga  calldata  --system  groth16  --vk  circuit_verification_key.json  --proof  proof.json  --public-inputs  public.json  --format  starkli  |  xargs  starkli  invoke  --account  ~/.starkli-wallets/deployer/account.json  --keystore  ~/.starkli-wallets/deployer/keystore.json  --network  sepolia  --watch  0x00375cf5081763e1f2a7ed5e28d4253c6135243385f432492dda00861ec5e58f  mint_with_proof
+garaga calldata --system groth16 --vk circuit_verification_key.json --proof proof.json --public-inputs public.json --format starkli | xargs starkli invoke --account ~/.starkli-wallets/deployer/account.json --keystore ~/.starkli-wallets/deployer/keystore.json --network sepolia --watch 0x00375cf5081763e1f2a7ed5e28d4253c6135243385f432492dda00861ec5e58f mint_with_proof
 ```
 
-> Garaga also provides some command utilities to call the verifier contract directly abstracting the calldata generation part, simplifying the above command.
+:::info
+Garaga also provides some command utilities to call the verifier contract directly abstracting the calldata generation part, simplifying the above command.
+:::
 
-8. ZkERC20Token contract
+### 7. `ZkERC20Token` contract
 
-This contract allows anyone to mint free tokens if they know a secret password (2468). You can submit your proof calldata to this contract, which will itself call the generated verifier contract. If the proof verification passes and the proof is indeed unique to you (ie, you generated it yourself), you can receive the free tokens. Otherwise, the endpoint execution will revert. You can mint free tokens only once per user.
+This contract allows anyone to mint free tokens if they know a secret password (`2468`). You can submit your proof calldata to this contract, which will itself call the generated verifier contract. If the proof verification passes and the proof is indeed unique to you (ie, you generated it yourself), you can receive the free tokens. Otherwise, the endpoint execution will revert. You can mint free tokens only once per user.
 
-Here is the address of this contract (on Sepolia testnet) : 0x00375cf5081763e1f2a7ed5e28d4253c6135243385f432492dda00861ec5e58f
+The final contract allows users to mint tokens by submitting a valid proof of knowledge of the secret password (`2468`). Each user can mint tokens only once.
 
-Here is the code of this ZkERC20Token contract :
+Contract Address (Sepolia testnet): `0x00375cf5081763e1f2a7ed5e28d4253c6135243385f432492dda00861ec5e58f{:md}`
 
 ```cairo
 // [!include ~/listings/advanced-concepts/verify_proofs/src/contract.cairo]
 ```
 
+:::info
+For more detailed information about the technologies used, refer to:
+- [Circom Documentation](https://docs.circom.io/)
+- [Snarkjs GitHub](https://github.com/iden3/snarkjs)
+- [Garaga Documentation](https://garaga.gitbook.io/garaga)
+:::
+
