Skip to content

Latest commit

 

History

History
94 lines (67 loc) · 3.22 KB

README.md

File metadata and controls

94 lines (67 loc) · 3.22 KB

BitVM ZK Verifier

With the goal of being able to prove anything on Bitcoin, this repository is a toolkit for generating a Groth16 verifier in BitVM. The full flow includes:

  1. Creating STARK proof from a RISC Zero guest program (written in Rust)
  2. Wrapping the STARK proof into a Groth16 proof
  3. Crafting its corresponding Groth16 verifier in C
  4. Compiling the verifier to rv32i instruction set
  5. Transpiling the verifier from rv32i to BitVM instruction set
  6. Running the BitVM simulation (To be run on-chain once BitVM is ready)

Warning

BitVM ZK Verifier is still work-in-progress. It has not been audited and should not be used in production under any circumstances. It also requires a full BitVM implementation to be run fully on-chain.

Instructions

To clone this repo with submodules:

git clone --recurse-submodules https://github.com/chainwayxyz/bitvm-zk-verifier.git
cd bitvm-zk-verifier

Transpile The Verifier into BitVM Instruction Set

We have an example groth16 verifier here groth16-verifier/main.c

To transpile it to BitVM, you need to install rv32i-to-bitvm transpiler first:

cd rv32i-to-bitvm
yarn
cd ..

To compile the groth16 verifier you will need the clang and riscv32 toolchains. You can follow the instructions in https://github.com/sifive/riscv-llvm. This will install riscv64 targeted riscv-llvm, which also has support for riscv32 targets. You also need to set RISCV_GCC variable if install path of riscv-llvm is not in PATH.

Note: You can skip this step if you don't want to build the zk verifier binary.

export RISCV_GCC=/path/to/riscv64-unknown-elf-gcc
make zkverifier

Transpile it to the BitVM instruction set and save the program:

npx ts-node --files rv32i-to-bitvm/main.ts bin/zkverifier

Run the BitVM simulation:

cargo run --bin bitvm --release

Expected output:

step count: 17087788659
result: 1, 0

To Generate Your Own Proof in RISC Zero:

You need RISC Zero tools to generate your own proof. You can follow the instruction in RISC Zero installation documentation.

RISC0_DEV_MODE=0 cargo run --bin risc0tobitvm --release

This will generate a RISCZero proof and save the input.json file to work_dir.

We already placed a valid proof for Bitcoin proof of work in work_dir/proof.json

In order to generate groth16 proofs, follow steps in RISCZero repository.

References

Thanks to the BitVM team for their BitVM implementation and Carsten Munk for their transpiler work

The BitVM emulator used in this repo is forked from the BitVM repository, with additional RSHIFT8 and LSHIFT8 instructions.

TODOs

  • Rewrite the transpiler with rust
  • Get rid of dummy instructions in the transpiler for jump operations
  • Skip initializations to reduce the step count

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details. By using, distributing, or contributing to this software, you agree to the terms and conditions of the GPLv3.