Thanks to visit codestin.com
Credit goes to github.com

Skip to content

brudnevskij/r1cs-qap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

43 Commits
src
src
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Cargo.lock
Cargo.lock
Β 
Β 
Cargo.toml
Cargo.toml
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸ’‘ R1CS β†’ QAP β†’ Pinocchio β†’ Groth16, A zk-SNARK Study Project

This project implements the core proving pipeline used in zk-SNARKs, progressing step-by-step from Rank-1 Constraint Systems (R1CS) to Quadratic Arithmetic Programs (QAP), to Pinocchio, and finally toward the Groth16 proving system.

πŸš€ Features

  • βœ… R1CS representation with variable and constraint definitions
  • βœ… Conversion from R1CS β†’ QAP using Lagrange interpolation
  • βœ… Pinocchio implementation
  • βœ… Groth16 implementation
  • βœ… Tested with toy circuits (e.g., cubic polynomial)

πŸ”¬ Background

This project was created as a deep learning exercise to understand and implement the Groth16 zk-SNARK proving system from the ground up. Starting with the formulation of arithmetic circuits and their transformation into Rank-1 Constraint Systems (R1CS), I then implemented the conversion to Quadratic Arithmetic Programs (QAP) using Lagrange interpolation. From there, I built the Pinocchio protocol to understand how pairing-based zk-SNARKs work, and finally extended it to support the Groth16 protocol, optimizing proof generation and verification with a compressed Common Reference String (CRS). The goal was to reconstruct the full proving pipeline almost from scratch using the Rust arkworks ecosystem, with a focus on clarity, correctness, and hands-on understanding of each transformation layer.

"The idea behind zk-SNARKs is to transform computation into a form where proving and verifying correctness can be done with polynomials, pairings, and commitments."

πŸ“ Architecture Overview

  Arithmetic Circuit (e.g., xΒ³ + x + 5 = 35)
        ↓
      R1CS
        ↓
      QAP (A(x), B(x), C(x), Z(x))
        ↓
  Witness Evaluation: A(s), B(s), C(s)
        ↓
     Compute H(x) = (AΒ·B - C)/Z
        ↓
  β†’ Pinocchio: Pairing-based proof with 3 pairings
  β†’ Groth16: Optimized zk-SNARK with 1 pairing + compressed CRS

πŸ§ͺ Running the Demo

This project includes a complete end-to-end example in main.rs for both the Pinocchio and Groth16 zk-SNARK protocols. It builds a toy arithmetic circuit:

xΒ² - x + 132 = out

Then it:

  1. Translates the circuit to R1CS
  2. Converts R1CS β†’ QAP
  3. Generates a trusted setup (Pinocchio & Groth16)
  4. Constructs a witness
  5. Produces a proof
  6. Verifies it

πŸ›  Running

cargo run

You should see output like:

βœ… QAP is satisfied by witness
πŸ“¦ Pinocchio setup...
πŸ” Generating Pinocchio proof...
πŸ“„ Pinocchio proof: ACCEPTED βœ…
πŸ“¦ Groth16 setup...
πŸ” Generating Groth16 proof...
πŸ“„ Groth16 proof: ACCEPTED βœ…

πŸ“¦ Dependencies

πŸ“š Learning Resources

About

R1CS-QAP-Pinocchio-Groth16 study project

Topics

cryptography r1cs qap zk zk-snarks pinocchio groth16

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages