This post was first published on Medium.
We are proud to announce that Bitcoin now supports PLONK. For a detailed description of how PLONK works, you can refer to our previous explanations, Part 1 and Part 2.
We previously implemented Groth16, the smallest and most efficient SNARK build. However, this requires a trusted configuration for each circuit. By eliminating the need for a per-circuit trusted configuration, PLONK both alleviates concerns about the security of this process and ensures that no secure multiparty computation (MPC) configuration ceremonies will be needed again if the circuit changes in the future due to, for example, critical bug fixes. Universal and updatable configuration ceremonies, such as Perpetual Powers of Tau, can be reused for any PLONK circuit. This makes deploying new circuits and upgrading existing circuits much easier and safer.
Run your first PLONK on Bitcoin
We added support for PLONK in our existing snarkJS library, which is fully compatible with Circom. All Circom circuits developed for Groth16 can be directly reused in PLONK without any changes. The complete PLONK checker code can be found here, along with a Javascript test. Generating a PLONK verifier is similar to developing a Groth16 verifier in snarkJS.
First you need to install the Circom compiler and our snarkJS.
1. Design a circuit
Implement circuits in Circom language. For example, this simple circuit/program called ‘factor.cicom’ proves that people know how to factor the integer ‘n’ into two integers without revealing the integers. The circuit has two private inputs named “p” and “q” and one public input named “n”. For more information on using Circom, you can refer to https://docs.cicom.io.
2. Compile the circuit
Compile the circuit with the following command:
3. Start a new ceremony of **tau powers**
The ‘new’ command is used to initiate the **tau powers** ceremony.
Finally, we check the protocol so far:
4. Setup
This will generate a proof key for the circuit and verify this key using PLONK.
5. Export Verification Key
We export the verification key from “circuit_final.zkey” to “verification_key.json”.
6. Calculation of a witness
First, we create an ‘input.json’ file containing the circuit inputs with the following content:
Next, we use the ‘factor.wasm’ obtained from the circuit compilation to calculate the witnesses:
7. Create Evidence
It uses the proof key and the witnesses to generate a proof, using PLONK.
8. Export a sCrypt checker
This generates a “verifier.scrypt” smart contract file that contains all the code needed to verify the on-chain proof.
You can check it locally:
9. Deploy Verifier
You can now deploy the checker to Bitcoin. Wrap verifier.scrypt in a trial contract PlonkVerifier as below.
Now you can use sCrypt IDE to deploy it.
Right click and select Deploy the contract: debug.
Once the contract is compiled, which will complete in a few minutes, the following panel should appear. Click on Deploy.
If all goes well, the verifier contract should have been deployed.
10. Check the evidence
Then you will need to copy and paste from proof.json in Call panel and click Cunlock all().
If all is well, you should see evidence posted in an expense transaction.
What is the next?
Congratulations! You have just created your first PLONK proof on Bitcoin. So far we have implemented both Groth16 and PLONK. Any proof system can be implemented similarly to a smart contract, thanks to Bitcoin’s programmability and scalability. Now is the time to implement your favorite proof systems including Marlin, Sonic, Halo, Bulletproof and STARK.
Watch: Presentation of the BSV Global Blockchain Convention, Smart Contracts and Computation on BSV
width=”560″ height=”315″ frameborder=”0″ allowfullscreen=”allowfullscreen”>
New to Bitcoin? Discover CoinGeek bitcoin for beginners section, the ultimate resource guide to learn about bitcoin – as originally envisioned by Satoshi Nakamoto – and blockchain.