# Chapter 1: Introduction to Zokrates

Zokrates is a toolbox for zkSNARK, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.

We extend it to generate and verify proofs on Bitcoin.

## Install

### From binary

``curl -Ls https://scrypt.io/scripts/setup-zokrates.sh | sh -s -``

### From source

You can build our extended version from source with the following commands:

``````git clone https://github.com/sCrypt-Inc/zokrates
cd ZoKrates
cargo +nightly build -p zokrates_cli --release
cd target/release``````

Note Zokrates itself was written in Rust Language, you may need to set up the Rust environment first before trying to build it.

## Workflow

The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin. Generally speaking, it contains the following steps: ### 1. Design a circuit

Implement the circuit in the Zokrates language. For example, this simple circuit/program named `factor.zok` proves one knows the factorization of an integer `n` into two integers, without revealing the integers. The circuit has two private inputs named `p` and `q` and one public input named `n`. You can refer to https://zokrates.github.io/ for more information on how to use Zokrates.

``````// p and q are factorization of n
def main(private field p, private field q, field n) {
assert(p * q == n);
assert(p > 1);
assert(q > 1);
return;
}``````

### 2. Compile the circuit

Compile the circuit with the following command:

``zokrates compile -i my_circuit.zok``

### 3. Setup

This generates a proving key and a verification key for this circuit.

``zokrates setup``

### 4. Calculating a witness

A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called a witness. In the following example, 7 and 13 are the witnesses, as they are factors of 91.

``zokrates compute-witness -a 7 13 91``

### 5. Create a proof

It produces a proof, using both the proving key and the witness.

``zokrates generate-proof``

### 6. Export an sCrypt verifier

This outputs a smart contract file `verifier.scrypt`, containing all the necessary code to verify a proof on chain.

``zokrates export-verifier-scrypt``

### 7. Verify the proof

You can verify it off-chain locally:

``zokrates verify``

## Put it to the test

Complete the circuit on the right to ensure that the square of the private input `x` equals `y` .