A bit late to the party, but I've been catching up with how @darkforest_eth works under the hood.
If you are new to the world of zero-knowledge proofs as I am, I recommend their intro post. It helped me a lot in understanding all the moving pieces! https://blog.zkga.me/intro-to-zksnarks
If you are new to the world of zero-knowledge proofs as I am, I recommend their intro post. It helped me a lot in understanding all the moving pieces! https://blog.zkga.me/intro-to-zksnarks
All zkSNARK magic is powered by circom and snarkjs from @identhree. First, circom will compile your circuit into stuff that snarkjs can manage.
"Stuff" here is a r1cs constraint system and wasm code, but you don't really need to worry about it.
"Stuff" here is a r1cs constraint system and wasm code, but you don't really need to worry about it.
Then, snarkjs will use the compiled circuit to let you generate the proof for a secret input, as well as verify the proof against the circuit.
In other words, you can implement the prover and the verifier using this same library.
In other words, you can implement the prover and the verifier using this same library.
And as cherry-on-top, snarkjs will also autogenerate a Solidity verifier contract for your circuit, as well as build the eth CALL for a given proof to be verified.
All of this is explained brilliantly by @jbaylina in the circom and snarkjs tutorial. Don't miss it! https://github.com/iden3/circom/blob/master/TUTORIAL.md