Skip to content

brudnevskij/r1cs-qap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

💡 R1CS → QAP → Pinocchio → Groth16, A zk-SNARK Study Project

This project implements the core proving pipeline used in zk-SNARKs, progressing step-by-step from Rank-1 Constraint Systems (R1CS) to Quadratic Arithmetic Programs (QAP), to Pinocchio, and finally toward the Groth16 proving system.

🚀 Features

  • ✅ R1CS representation with variable and constraint definitions
  • ✅ Conversion from R1CS → QAP using Lagrange interpolation
  • ✅ Pinocchio implementation
  • ✅ Groth16 implementation
  • ✅ Tested with toy circuits (e.g., cubic polynomial)

🔬 Background

This project was created as a deep learning exercise to understand and implement the Groth16 zk-SNARK proving system from the ground up. Starting with the formulation of arithmetic circuits and their transformation into Rank-1 Constraint Systems (R1CS), I then implemented the conversion to Quadratic Arithmetic Programs (QAP) using Lagrange interpolation. From there, I built the Pinocchio protocol to understand how pairing-based zk-SNARKs work, and finally extended it to support the Groth16 protocol, optimizing proof generation and verification with a compressed Common Reference String (CRS). The goal was to reconstruct the full proving pipeline almost from scratch using the Rust arkworks ecosystem, with a focus on clarity, correctness, and hands-on understanding of each transformation layer.

"The idea behind zk-SNARKs is to transform computation into a form where proving and verifying correctness can be done with polynomials, pairings, and commitments."

📐 Architecture Overview

  Arithmetic Circuit (e.g., x³ + x + 5 = 35)
        ↓
      R1CS
        ↓
      QAP (A(x), B(x), C(x), Z(x))
        ↓
  Witness Evaluation: A(s), B(s), C(s)
        ↓
     Compute H(x) = (A·B - C)/Z
        ↓
  → Pinocchio: Pairing-based proof with 3 pairings
  → Groth16: Optimized zk-SNARK with 1 pairing + compressed CRS

🧪 Running the Demo

This project includes a complete end-to-end example in main.rs for both the Pinocchio and Groth16 zk-SNARK protocols. It builds a toy arithmetic circuit:

x² - x + 132 = out

Then it:

  1. Translates the circuit to R1CS
  2. Converts R1CS → QAP
  3. Generates a trusted setup (Pinocchio & Groth16)
  4. Constructs a witness
  5. Produces a proof
  6. Verifies it

🛠 Running

cargo run

You should see output like:

✅ QAP is satisfied by witness
📦 Pinocchio setup...
🔏 Generating Pinocchio proof...
📄 Pinocchio proof: ACCEPTED ✅
📦 Groth16 setup...
🔏 Generating Groth16 proof...
📄 Groth16 proof: ACCEPTED ✅

📦 Dependencies

📚 Learning Resources

About

R1CS-QAP-Pinocchio-Groth16 study project

Topics

cryptography r1cs qap zk zk-snarks pinocchio groth16

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy