With the goal of being able to prove anything on Bitcoin, this repository is a toolkit for generating a Groth16 verifier in BitVM. The full flow includes:
- Creating STARK proof from a RISC Zero guest program (written in Rust)
- Wrapping the STARK proof into a Groth16 proof
- Crafting its corresponding Groth16 verifier in C
- Compiling the verifier to rv32i instruction set
- Transpiling the verifier from rv32i to BitVM instruction set
- Running the BitVM simulation (To be run on-chain once BitVM is ready)
Warning
BitVM ZK Verifier is still work-in-progress. It has not been audited and should not be used in production under any circumstances. It also requires a full BitVM implementation to be run fully on-chain.
To clone this repo with submodules:
git clone --recurse-submodules https://github.com/chainwayxyz/bitvm-zk-verifier.git
cd bitvm-zk-verifier
We have an example groth16 verifier here groth16-verifier/main.c
To transpile it to BitVM, you need to install rv32i-to-bitvm transpiler first:
cd rv32i-to-bitvm
yarn
cd ..
To compile the groth16 verifier you will need the clang and riscv32 toolchains.
You can follow the instructions in https://github.com/sifive/riscv-llvm. This
will install riscv64 targeted riscv-llvm, which also has support for riscv32
targets. You also need to set RISCV_GCC variable if install path of riscv-llvm
is not in PATH
.
Note: You can skip this step if you don't want to build the zk verifier binary.
export RISCV_GCC=/path/to/riscv64-unknown-elf-gcc
make zkverifier
Transpile it to the BitVM instruction set and save the program:
npx ts-node --files rv32i-to-bitvm/main.ts bin/zkverifier
Run the BitVM simulation:
cargo run --bin bitvm --release
Expected output:
step count: 17087788659
result: 1, 0
You need RISC Zero tools to generate your own proof. You can follow the instruction in RISC Zero installation documentation.
RISC0_DEV_MODE=0 cargo run --bin risc0tobitvm --release
This will generate a RISCZero proof and save the input.json file to work_dir.
We already placed a valid proof for Bitcoin proof of work in work_dir/proof.json
In order to generate groth16 proofs, follow steps in RISCZero repository.
Thanks to the BitVM team for their BitVM implementation and Carsten Munk for their transpiler work
The BitVM emulator used in this repo is forked from the BitVM repository, with additional RSHIFT8 and LSHIFT8 instructions.
- Rewrite the transpiler with rust
- Get rid of dummy instructions in the transpiler for jump operations
- Skip initializations to reduce the step count
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details. By using, distributing, or contributing to this software, you agree to the terms and conditions of the GPLv3.