A complete implementation of the Groth16 zk-SNARK protocol from scratch in Python, demonstrating zero-knowledge proofs for graph bipartite coloring. Final project of RareSkills ZK bootcamp cohort 8.
This project implements the Groth16 zero-knowledge proof system, one of the most efficient zk-SNARK constructions used in practice. The implementation demonstrates proving that a graph is bipartite (2-colorable) without revealing the actual coloring.
- Complete Groth16 Implementation: From constraint generation to proof verification
- Educational Focus: Well-documented code with clear explanations of each step
- BN128 Elliptic Curve: Uses the standard curve for Ethereum-compatible proofs
- Solidity Verifier: Includes an on-chain verifier contract for Ethereum deployment
python3 groth16.pycd verifier_contract
forge test
The implementation solves a graph bipartite problem for a 4-vertex graph:
- Vertices: x₁, x₂, x₃, x₄
- Edges: (x₁,x₂), (x₁,x₄), (x₂,x₃)
- Goal: Prove the graph can be 2-colored (bipartite) without revealing the coloring
The problem is encoded as arithmetic constraints and converted to R1CS matrices, then processed through the Groth16 protocol to generate a succinct, zero-knowledge proof.
-
Color Constraints: Each vertex must be colored 1 or 2
(xᵢ - 1)(xᵢ - 2) = 0for i ∈ {1,2,3,4}
-
Edge Constraints: Adjacent vertices have different colors
xᵢ × xⱼ = 2for each edge (i,j)
The R1CS matrices are converted to polynomials via Lagrange interpolation, enabling efficient proof generation through polynomial arithmetic.
The prover generates three group elements:
- A: Encodes the left side of constraints
- B: Encodes the right side of constraints
- C: Encodes the output with quotient polynomial
The verifier checks a single pairing equation:
e(A, B) = e(α, β) · e(public_inputs, γ) · e(C, δ)
Groth16/
├── groth16.py # Main Groth16 implementation
├── requirements.txt # Python dependencies
├── README.md # Documentation
├── asset/ # Proof verification screenshots
│ ├── Prover_success.png
│ └── Verifier_success.png
└── verifier_contract/ # Solidity verifier
├── src/
│ └── VerifierPairingCheck.sol
├── test/
│ └── VerifierPairingCheck.sol
└── foundry.toml
- Python 3.8+
- pip package manager
- Foundry (for Solidity testing)
- Clone the repository:
git clone <repository-url>
cd Groth16- Install Python dependencies:
pip install -r requirements.txt- Install Foundry (for contract testing):
curl -L https://foundry.paradigm.xyz | bash
foundryup- Generates powers of tau:
[τ⁰]₁, [τ¹]₁, ..., [τⁿ]₁ - Creates shifted elements:
[α]₁, [β]₂ - Produces hiding factors:
[γ]₂, [δ]₂
- Computes witness polynomial evaluations
- Applies random blinding factors (r, s)
- Generates proof tuple (A, B, C)
- Uses elliptic curve pairings
- Checks single equation for proof validity
- Supports on-chain verification via Solidity
- Implement secure random number generation
- Use proper toxic waste disposal protocols
- Add comprehensive input validation
- Consider using audited libraries
- numpy: Numerical computations and matrix operations
- galois: Finite field arithmetic over large primes
- py_ecc: BN128 elliptic curve operations and pairings
Contributions are welcome! Please submit issues or pull requests for improvements.
MIT License
- Jens Groth for the original Groth16 construction
- RareSkills for the excellent ZK bootcamp
- Ethereum Foundation for BN128 curve specifications