Arkworks bindings to Circom's R1CS, for Groth16 Proof and Witness generation in Rust.

Clone the repository and run cd ark-circom/ && cargo doc --open

[dependencies]
ark-circom = "0.5.0"

// Load the WASM and R1CS for witness and proof generation
let cfg = CircomConfig::<Bn254>::new(
    "./test-vectors/mycircuit.wasm",
    "./test-vectors/mycircuit.r1cs",
)?;
// Insert our public inputs as key value pairs
let mut builder = CircomBuilder::new(cfg);
builder.push_input("a", 3);
builder.push_input("b", 11);
// Create an empty instance for setting it up
let circom = builder.setup();
// Run a trusted setup
let mut rng = thread_rng();
let params = generate_random_parameters_with_reduction(circom, &mut rng)?;
// Get the populated instance of the circuit with the witness
let circom = builder.build()?;
let inputs = circom.get_public_inputs().unwrap();
// Generate the proof
let proof = prove(&params, circom, &mut rng)?;
// Check that the proof is valid
let pvk = process_vk(&params.vk)?;
let verified = verify_with_processed_vk(&pvk, &inputs, &proof)?;
assert!(verified);

Tests require the following installed:

1. solc. We also recommend using solc-select for more flexibility.
2. ganache-cli

• Witness generation using Circom's WASM witness code
• ZKey parsing into Arkworks Proving Key over BN254
• Compatibility layer for Ethereum types, so that proofs can be used in Solidity verifiers
• Proof generations and verification using Arkworks
• CLI for common operations

The prover key generated by circom differs from the one generated by arkworks' groth16 library. While the format is the same, it represents different values. Circom 'prepares' the powers of tau by converting them to Lagrange base, i.e. from s^i.G -> L_i(s).G. This affects the witness generation process, and the caller needs to ensure the correct R1CSToQAP implementer is used:

• use CircomReduction for working with circom-generated files,
• use LibsnarkReduction for setup produced using the arkworks backend.

This library would not have been possibly without the great work done in:

• zkutil
• snarkjs

Special shoutout to Kobi Gurkan for all the help in parsing SnarkJS' ZKey file format.