# Chapter 1: Introduction to Zokrates

Zokrates is a toolbox for zkSNARK, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.

We extend it to generate and verify proofs on Bitcoin.

## Install

### From binary

`curl -Ls https://scrypt.io/scripts/setup-zokrates.sh | sh -s -`

### From source

You can build our extended version from source with the following commands:

```
git clone https://github.com/sCrypt-Inc/zokrates
cd ZoKrates
cargo +nightly build -p zokrates_cli --release
cd target/release
```

Note Zokrates itself was written in Rust Language, you may need to set up the Rust environment first before trying to build it.

## Workflow

The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin. Generally speaking, it contains the following steps:

### 1. Design a circuit

Implement the circuit in the Zokrates language. For example, this simple circuit/program named `factor.zok`

proves one knows the factorization of an integer `n`

into two integers, without revealing the integers. The circuit has two private inputs named `p`

and `q`

and one public input named `n`

. You can refer to https://zokrates.github.io/ for more information on how to use Zokrates.

```
// p and q are factorization of n
def main(private field p, private field q, field n) {
assert(p * q == n);
assert(p > 1);
assert(q > 1);
return;
}
```

### 2. Compile the circuit

Compile the circuit with the following command:

`zokrates compile -i my_circuit.zok`

### 3. Setup

This generates a proving key and a verification key for this circuit.

`zokrates setup`

### 4. Calculating a witness

A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called a witness. In the following example, 7 and 13 are the witnesses, as they are factors of 91.

`zokrates compute-witness -a 7 13 91`

### 5. Create a proof

It produces a proof, using both the proving key and the witness.

`zokrates generate-proof`

### 6. Export an sCrypt verifier

This outputs a smart contract file `verifier.scrypt`

, containing all the necessary code to verify a proof on chain.

`zokrates export-verifier-scrypt`

### 7. Verify the proof

You can verify it off-chain locally:

`zokrates verify`

## Put it to the test

Complete the circuit on the right to ensure that the square of the private input `x`

equals `y`

.