Proving Setup

Proving Setup

Groth16 Trusted Setup Coordination • Circuit Parameterization for Gas-Optimized Output

SnarkSide relies on zero-knowledge succinct non-interactive arguments of knowledge (zkSNARKs) to enforce private execution without compromising verifiability. In its current architecture, the protocol uses Groth16 as the primary proving system due to its succinct proof size (~192 bytes), fast verification times, and native compatibility with EVM-based verifier contracts.

While Groth16 offers exceptional performance, it requires a structured reference string (SRS) or trusted setup—a one-time, coordinated cryptographic ceremony that generates trapdoor parameters for circuit-specific proving and verification. This section describes SnarkSide’s setup flow, circuit parameterization strategies, and how we optimize SNARK outputs for deployment on-chain.

Why Groth16?

SnarkSide currently selects Groth16 over other SNARKs for:

  • Compact proof size (<200 bytes, ideal for calldata)

  • Constant-size verifier contracts

  • Extremely fast EVM verification gas (~400k for complex circuits)

  • Mature tooling (SnarkJS, Circom, Arkworks)

While recursive systems like Halo2 are under exploration, Groth16 remains the most performant and mature zkSNARK for production use.

Trusted Setup Overview

Each zkSNARK circuit in SnarkSide (e.g., intent matching, vault update, liquidation, funding) requires a trusted setup ceremony, producing two key outputs:

  1. Proving Key (.zkey)

  2. Verification Key (on-chain verifier input)

These are derived from a Common Reference String (CRS) generated via a Powers of Tau (PoT) ceremony.

Step 1: Powers of Tau

snarkjs powersoftau new bn128 16 pot16_0000.ptau
snarkjs powersoftau contribute pot16_0000.ptau pot16_0001.ptau --name="SnarkSide Contributor 1"
...
snarkjs powersoftau prepare phase2 pot16_final.ptau

  • Uses BN254 elliptic curve (alt_bn128)

  • 16 powers (~65,536 constraints) supports all base circuits

  • Multiple contributions validated via hash transcript

Step 2: Circuit-Specific Setup

circom vaultUpdate.circom --r1cs --wasm --sym
snarkjs groth16 setup vaultUpdate.r1cs pot16_final.ptau vaultUpdate.zkey
snarkjs zkey contribute vaultUpdate.zkey vaultUpdate_final.zkey --name="SnarkSide Dev"
snarkjs zkey export verificationkey vaultUpdate_final.zkey verification_key.json

  • Generates .zkey for proof generation

  • Verification key exported for Solidity integration

Each .zkey is circuit-specific, tightly bound to the R1CS constraint graph.

Setup Audits and MPC Coordination

To eliminate centralization or trapdoor concerns:

  • Each setup ceremony is open to public contributors.

  • Transcripts and entropy hashes are published to IPFS and Arweave.

  • Circuit digests are fingerprinted and linked to verifier deployments.

Optional: Integration with third-party MPC tooling like Perpetual Powers of Tau for mass-coordinated ceremonies.

Circuit Parameterization for Gas Optimization

Groth16 verifiers on EVM are sensitive to:

  • Number of public inputs

  • Constraint ordering

  • Constant reuse optimization

SnarkSide employs:

  • Constraint reordering in Circom to prioritize linear constraints early.

  • Signal minimization by avoiding unnecessary public inputs.

  • Witness minimization: circuits are flattened and auxiliary signals removed.

  • Binary field optimizations (e.g., bool selectors via AND/OR constraint fusion)

Example:

signal selector;       // binary flag
signal result;

result <== selector * (a - b);   // branching constraint

This ensures branching logic is compressed into a single constraint instead of full conditional gates.

Output Optimization

Target Outputs per Circuit:

Circuit
Proof Size
Verifier Gas
Public Inputs

Intent Matching

192 bytes

~410,000

5

Vault Update

210 bytes

~470,000

6

Liquidation Trigger

200 bytes

~450,000

4

Oracle Commit-Prove

180 bytes

~390,000

3

All circuits maintain <230 bytes proof size and <500k gas verification budget.

Solidity Verifier Integration

Verification keys are converted into Solidity contracts:

snarkjs zkey export solidityverifier vaultUpdate_final.zkey VaultVerifier.sol

Custom wrapper logic ensures:

  • Input formatting (big-endian → little-endian)

  • Public calldata mapping

  • Intent ID → vault linkage → Merkle root validation

  • Proof reuse prevention via event logs and input nullifiers

Summary

SnarkSide’s Groth16 proving system is built for:

  • Production-readiness

  • Auditable trust minimization

  • Modular ceremony execution

  • Gas-optimized verifier deployment

All circuits are compiled, verified, and fingerprinted with public transcripts, providing long-term cryptographic guarantees across the ZK execution lifecycle.

Future iterations of the protocol aim to upgrade to Halo2 or Plonky2 for recursive proof support and trusted-setup-free verification — but Groth16 remains the performant and battle-tested standard powering SnarkSide today.

PreviousHashing StandardsNextVerifier Contracts

Last updated