🚩 Challenge #7 : ZKP - Password Verifier
⚠️ Important: Please complete Challenge #6 first if you haven't already, as it contains essential instructions related to all upcoming challenges.
🎫 Build a Password Verifier using Zero-Knowledge Proofs (ZKP) on Arbitrum Stylus:
👷♀️ In this challenge, you'll build and deploy a smart contract that utilizes Zero-Knowledge Proofs for private password verification. You'll work with ZKP circuits, deploy them to an Arbitrum Stylus dev node, and create a frontend that allows users to generate and verify proofs! 🚀
🌟 The final deliverable is a full-stack application featuring password verification. Deploy your contract to a testnet, then build and upload your app to a public web server.
How ZKP Integration Works
This project leverages Zero-Knowledge Proofs (ZKPs) to enable private verification of passwords on Arbitrum Stylus. Here's the workflow:
- Circuit Design: The ZKP logic is defined in
.circomfiles (e.g.,PasswordVerifier.circom) using the Circom language. These circuits encode the rules for verification (e.g., "does the password match the expected hash?") without revealing the inputs. - Proof System Setup: We use the
snarkjslibrary with the Groth16 proving system to generate proving and verification keys. The trusted setup is simulated using a pre-existingpot12_final.ptaufile. - Contract Generation: The verification key is exported to a Solidity contract (e.g.,
PasswordVerifier.sol) that runs on Arbitrum Stylus, allowing on-chain verification of zk-proofs. - Frontend Interaction: The Next.js frontend uses WebAssembly (
.wasm) outputs from Circom to generate proofs locally, which are then submitted to the deployed contract for verification. - Arbitrum Stylus Advantage: Stylus' Rust-based environment enables efficient execution of the verifier contract, reducing gas costs compared to traditional EVM-based ZKP verification.
This integration ensures privacy (inputs remain off-chain) and scalability (proof verification is lightweight on-chain).
Checkpoint 0: 📦 Environment Setup 📚
Before starting, ensure you have the following installed:
Clone the Repository
git clone -b stylus-zkp-password-verifier https://github.com/abhi152003/speedrun_stylus.git
cd speedrun_stylus
Install Dependencies
Run the following command to install all necessary dependencies:
yarn install
Checkpoint 1: 🚀 Start Your Dev Environment
Step 1: Start the Nitro Dev Node
-
Ensure Docker is running on your machine. You can start Docker Desktop if it's not already running.
-
Navigate to the
cargo-stylusfolder:cd packages/cargo-stylus -
Run the
run-dev-node.shscript:bash run-dev-node.shThis script:
- Spins up an Arbitrum Stylus Nitro dev node in Docker.
- Deploys the
PasswordVerifier.solcontract. - Generates the ABI for interacting with the contract.
The dev node will be accessible at
http://localhost:8547.
Important: After deploying a contract, update the contract address in packages/nextjs/app/passwordVerifier/page.tsx:
const CONTRACT_ADDRESS = "<your_new_contract_address>";
Step 2: Start the Frontend
⚠️ Before running the frontend:
Go to the
packages/nextjsdirectory:cd packages/nextjs cp .env.example .envOpen the
.envfile and set:NEXT_PUBLIC_RPC_URL=http://localhost:8547 NEXT_PUBLIC_PRIVATE_KEY=0xb6b15c8cb491557369f3c7d2c287b053eb229daa9c22138887752191c9520659
Start the development server:
yarn run dev
The app will be available at http://localhost:3000/passwordVerifier.
Checkpoint 2: 💫 Explore the Features
Password Verifier
- Purpose: Prove that a user knows a secret password (or combination) matching an expected hash without revealing the password itself.
- Circuit Logic: The
PasswordVerifier.circomcircuit takes a private input (the user's password or combination) and a public input (the expected hash). It computes the hash of the password using a hash function (e.g., MiMC or Poseidon, chosen for ZKP compatibility) within the circuit and checks if it equals the expected hash. The circuit outputs a proof if the hashes match, ensuring the password remains confidential. - On-Chain Verification: The generated proof is submitted to
PasswordVerifier.solon the Stylus dev node. The contract verifies the proof using the Groth16 verification key, confirming that the user's input matches the expected hash without exposing the password. This enables secure, private authentication on-chain.
Password verification interface and process flow
- Navigate to the "Password Verifier" tab in the frontend.
- This feature interacts with the Password Verifier contract, which was generated from the
PasswordVerifier.circomcircuit located inpackages/circuits. - Circuit generation commands:
circom PasswordVerifier.circom --r1cs --wasm --sym npx snarkjs groth16 setup PasswordVerifier.r1cs pot12_final.ptau PasswordVerifier_0000.zkey npx snarkjs zkey contribute PasswordVerifier_0000.zkey PasswordVerifier_final.zkey --name="Contributor" -v npx snarkjs zkey export verificationkey PasswordVerifier_final.zkey verification_key.json npx snarkjs zkey export solidityverifier PasswordVerifier_final.zkey PasswordVerifier.sol - Example inputs:
- Combination:
1234 - Expected Hash:
4321
- Combination:
- The app generates a zk-proof to verify if the provided combination matches the expected hash.
Checkpoint 3: 🛠 Modify and Deploy Contracts
You can tinker with circuit logic by modifying files in the packages/circuits folder. After making changes, regenerate contracts using these commands:
circom PasswordVerifier.circom --r1cs --wasm --sym
npx snarkjs groth16 setup PasswordVerifier.r1cs pot12_final.ptau PasswordVerifier_0000.zkey
npx snarkjs zkey contribute PasswordVerifier_0000.zkey PasswordVerifier_final.zkey --name="Contributor" -v
npx snarkjs zkey export verificationkey PasswordVerifier_final.zkey verification_key.json
npx snarkjs zkey export solidityverifier PasswordVerifier_final.zkey PasswordVerifier.sol
Deploy new contracts by placing them in packages/cargo-stylus/contracts and running:
bash run-dev-node.sh
🛠️ Debugging Tips
Fixing Line Endings for Shell Scripts on Windows (CRLF Issue)
If you encounter errors like Command not found, convert line endings to LF:
sudo apt install dos2unix
dos2unix run-dev-node.sh
chmod +x run-dev-node.sh
Run the script again:
bash run-dev-node.sh
Checkpoint 4: 🚢 Ship your frontend! 🚁
To deploy your app to Vercel:
vercel
Follow Vercel's instructions to get a public URL.
For production deployment:
vercel --prod
Checkpoint 5: 📜 Contract Verification
You can verify your deployed smart contract using:
cargo stylus verify -e http://127.0.0.1:8547 --deployment-tx "$deployment_tx"
Replace $deployment_tx with your deployment transaction hash.
🚀 Deploying to Arbitrum Sepolia
If you want to deploy your Password Verifier contract to the Arbitrum Sepolia testnet, follow these steps:
-
Add private key to the .env file in the cargo-stylus folder
PRIVATE_KEY=your_private_key_of_your_ethereum_wallet -
Run the Sepolia Deployment Script
cd packages/cargo-stylus bash run-sepolia-deploy.shThis will deploy your contract to Arbitrum Sepolia and output the contract address and transaction hash.
-
Configure the Frontend for Sepolia
- Go to the
packages/nextjsdirectory:cd packages/nextjs cp .env.example .env - Open the
.envfile and set the following variables:
ReplaceNEXT_PUBLIC_RPC_URL=https://sepolia-rollup.arbitrum.io/rpc NEXT_PUBLIC_PRIVATE_KEY=your_private_key_of_your_ethereum_walletyour_private_key_of_your_ethereum_walletwith your actual Ethereum wallet private key (never share this key publicly).
- Go to the
-
Start the Frontend
yarn run devYour frontend will now connect to the Arbitrum Sepolia network and interact with your deployed contract.
🏁 Next Steps
Explore more challenges or contribute to this project!
🏃 Head to your next challenge here.