Create Your First Zero-Knowledge Proof Program on Bitcoin

A practical step-by-step guide

3 min readAug 2, 2022

Zokrates is a toolbox for zkSNARKs, hiding significant complexity inherent to zero-knowledge proofs (ZKP). It provides a python-like higher-level language for developers to code the computational problem they want to prove.

We extend it to generate and verify proofs on Bitcoin.

Install Zokrates

From binary

Run the following command to install released binaries:

curl -Ls | sh -s -

From source

git clone
cd ZoKrates
cargo +nightly build -p zokrates_cli --release
cd target/release

Zokrates workflow

The whole workflow is the same as the original ZoKrates, except that the verification step is done on Bitcoin.

1. Design a circuit

Create a new Zokrates file named factor.zok with the following content:

This simple circuit/program proves one knows the factorization of an integer n into two integers, without revealing the integers. The circuit has two private inputs named p and q and one public input named n.

2. Compile the circuit

Compile the circuit with the following command:

zokrates compile -i factor.zok

This generates two files that encode the circuit in binary and human-readable format.

3. Setup

This generates a proving key and a verification key for this circuit.

zokrates setup

4. Calculate a witness

A proof attests that a prover knows some secret/private information that satisfies the original program. This secret information is called witness. In the following example, 7 and 13 are the witnesses, as they are factors of 91.

zokrates compute-witness -a 7 13 91

A file witness is generated.

5. Create a proof

It produces a proof, using both the proving key and the witness.

zokrates generate-proof

A proof file proof.json looks like the following:

6. Export an sCrypt verifier

This outputs a smart contract file verifier.scrypt, a library containing all the necessary code to verify a proof.

zokrates export-verifier-scrypt

You can verify it off-chain locally:

zokrates verify

Next we will deploy the contract on Bitcoin and verify the proof on it.

7. Deploy the verifier

You can now deploy the verifier to Bitcoin. Wrap verifier.scrypt in a test contract ZKSNARKTest as below.


Now you can use sCrypt IDE to deploy it.

Right click and select Deploy Contract: Debug.

After the contract is compiled, which shall finish within a few minutes, the following panel should pop up. Click Deploy.

If everything goes right, the verifier contract should have been deployed.

8. Verify the proof

Next, you’ll need to copy and paste from proof.json into Call panel and click on Call unlock().

If everything works ok, you should see the proof validated in a spending transaction.

What is next

Congratulations! You have just created your first ZKP on Bitcoin. Next, you can extend the template verifier.scrypt and add your own business logic.




sCrypt ( is a web3 development platform specialized in UTXO-blockchains like Bitcoin