Complete Guide to zkLLVM and

Proof of Market - Streamlining

zk-enabled Ethereum apps with
zkLLVM

TL;DR:
• Provers are required to generate proofs for ZK applications. Though currently
centralized, most ZK apps will decentralize proof generation in the future.
• With zkLLVM you can build your zkEVM rollups fast and cheap by simply
compiling already existing EVM implementation code in C++ or Rust. zkLLVM
provides a seamless integration with Proof Market that guarantees fast proof
generation.
• Proof Markets can either give custom circuits for each application or a single
general-purpose zkVM. Custom circuits have a larger integration and financial
overhead yet provide better application performance.
Over the past few weeks. I’ve been learning and researching a lot about Zero-
Knowledge proofs systems. My enthusiasm stems from the increased interest in
zero-knowledge (zk) proofs as they are now been used in several real-world
applications.
=nil; Foundation is building a trustless data management protocol that provides
seamless read and write access from and to various databases (e.g. Ethereum)
through state and query proofs: =nil; Foundation has also established a ‘proof
market’ where provers vie to prove computation for users who will pay them to do
so.
This article, I want to cover:
• Zero Knowledge Proofs
• Introduction to zkLLVM: Proof of Market and Custom Circuits
• Building with zkLLVM: Setting up the environment and project using the
zkLLVM compiler in your project toolchain
Zero Knowledge Proofs
Zero-knowledge Proofs are cryptographic protocols that allow one party (the
prover) to prove to another party (the verifier) that they possess specific
knowledge or information without revealing any details about that information.
ZKPs can be interactive, in which a prover convinces a specific verifier but must
repeat the process for each individual verifier, or non-interactive, in which a prover
generates a proof that can be confirmed by anyone using the same proof.
This innovative concept has become a cornerstone in the rapidly growing Web3
ecosystem, where confidentiality and security are of the utmost importance.
How do zero-knowledge proofs work?
Zero-knowledge proofs were first described in a 1985 MIT paper from Shafi
Goldwasser and Silvio Micali called “The Knowledge Complexity of Interactive
Proof-Systems”.
To understand how zero-knowledge works, let’s consider a popular simple
example. Imagine Grace wants to prove to Zander that she has sent funding to an
orphanage, without revealing the exact amount. Here’s a simple explanation of
how a zero-knowledge proof could be illustrated:
Setup: Initially, Grace and Zander agree on a set of rules and protocols for the
zero-knowledge proof. These protocols guarantee the security and reliability of
the process.
• Commitment: Grace chooses a random number and computes a commitment
based on her solution. She presents the commitment to Zander without
revealing the amount itself.
 • Challenge: Zander randomly selects a challenge (a question or request)
related to the solution and presents it to Grace.
Response: Grace answers the challenge using her knowledge of the solution. She
does this without disclosing the actual solution but providing enough evidence to
convince Zander that she indeed possesses the solution.
• Verification: Zander verifies the response provided by Grace. If the response is
correct, Zander gains confidence in Grace's knowledge of the solution without
learning any additional information about it.
Zero-Knowledge proofs must have 3 distinct features:
1. Completeness: If a statement is true then an honest prover can persuade an
honest verifier that they are aware of the proper input.
2. Soundness: No dishonest prover may unilaterally persuade an honest verifier
that they have knowledge of the proper input if the statement is false.
3. Zero-knowledge: If the state is accurate, the verifier only learns that the
statement is accurate from the prover.
Types of Zero Knowledge Proofs
PLONK: also refers to “Permutations over Lagrange-bases for Oecumenical
Noninteractive Arguments of Knowledge,” PLONK is a versatile and scalable
cryptographic proving system used in Zero-knowledge Proofs. PLONK leverages
permutation-based techniques that efficiently verify the accuracy of computations
by rearranging data items in established patterns.
zk-STARKs: also refers to “Zero-Knowledge Scalable Transparent Argument of
Knowledge” which is an incredible cryptographic tool that enables the verification
of computations' authenticity and correctness without disclosing any underlying
data. These proofs, which fall under the category of zero-knowledge proof
systems, allow a prover to convince a verifier that a statement is true while
keeping all information about the statement itself or the associated data
completely hidden.
The term "Succinct Non-Interactive" in zk-STARKs signifies that these proofs are
concise and can be generated without engaging in continuous back-and-forth
interactions between the prover and verifier once the initial setup is complete. It's
truly remar
zk-SNARKs: also referred to as “Zero-Knowledge Succinct Non-Interactive
Argument of Knowledge”, serve as a cryptographic tool that plays a vital role in
offering efficient and concise proofs for the accuracy of computations while
safeguarding sensitive information. By allowing provers to generate succinct
proofs that can be swiftly verified by verifiers without any need for continuous
communication, SNARKs ensure strong privacy guarantees. These proofs disclose
minimal details about the underlying computation, making them highly valuable in
various applications like secure authentication and confidential transactions within
blockchains.
Benefits of Zero Knowledge Proofs
Zero-knowledge proofs feature amazing benefits from Data security to secure
authentication & identity and cross-verification. In this section, we will explore
some of the amazing benefits of Zero-knowledge proofs
• Increased Efficiency
Zero-knowledge proofs have the potential to enhance the efficiency of blockchain
transactions by minimizing the requirement for extra information or processing
power. This, in turn, can lead to a reduction in transaction time, resource
utilization, and transaction fees.
Take, for instance, the application of zero-knowledge proofs in verifying product
authenticity. By eliminating the need for additional verification steps or paperwork,
this technology proves valuable in supply chain management scenarios where
authenticating products can be both time-consuming and expensive.
• Scalability
Scalability is a major concern in various technological systems, especially those
that handle large amounts of data, transactions, or computations. Zero-
Knowledge Proofs (ZKPs) provide a promising solution to address scalability
challenges.
By leveraging ZKPs, complex computations or verifications can be transformed
into concise proofs that are relatively small in size. These proofs can be
transmitted and verified efficiently, minimizing the need for transmitting and
processing the underlying data. This efficiency is particularly advantageous in
decentralized systems like blockchains, where numerous nodes require validation
of transactions or other actions. ZKPs can help alleviate congestion, reduce
processing times, and enable systems to handle a greater number of transactions
or computations without compromising security. Essentially, ZKPs offer a pathway
to achieve enhanced scalability while upholding the integrity of the verification
process.
 • Supply Chain Transparency
When it comes to modern business operations, supply chain transparency plays a
vital role. It allows consumers to make informed choices and ensures ethical and
responsible sourcing of products. An innovative solution called Zero-Knowledge
Proofs (ZKPs) enhances supply chain transparency while safeguarding sensitive
proprietary information held by companies.
In traditional supply chain tracking, companies often have to share detailed
information about their production processes, suppliers, and intermediaries to
verify the authenticity and origin of their products. However, this level of
transparency can put at risk proprietary techniques, recipes, or manufacturing
methods that give a company a competitive advantage. ZKPs offer a fresh
approach by enabling companies to prove the legitimacy of their products without
revealing the intricacies of their processes.
By utilizing ZKPs, a company can generate cryptographic proof that verifies the
authenticity and origin of a product. This proof can be shared with stakeholders,
customers, or regulatory bodies as evidence that the product has followed all
necessary steps within the supply chain without disclosing specific details or
proprietary information. For instance, let's consider a cereal manufacturer who
wants to demonstrate that their product contains ethically sourced maize without
divulging information about the exact farms or suppliers involved in the process.
What is zkLLVM?
zkLLVM is a circuit compiler that transforms applications written in C++, Rust,
JavaScript, or other mainstream development languages into zk apps. This allows
developers transform high-level programming code into a circuit representation,
which serves as the foundational input for various provable computation
protocols, including zero-knowledge proof systems.
At its core, zkLLVM acts as a bridge between traditional high-level programming
languages and the complex world of cryptographic protocols. It empowers
developers to express intricate computational tasks using familiar programming
languages beyond just Solidity, which is commonly associated with blockchain
development. Through this capability, zkLLVM enables the creation of algebraic
circuits that encapsulate these computations, ensuring their effective processing
within zero-knowledge-proof systems or protocols.
In essence, zkLLVM represents a groundbreaking advancement in the fields of
blockchain and cryptography. By empowering developers to utilize diverse
programming languages in creating circuit representations, zkLLVM enhances
privacy, security, and flexibility in blockchain applications.
How does zkLLVM work? Any Benefits??
The zkLLVM is designed as an extension to the well-established LLVM
infrastructure, which is widely used in the industry to support various high-level
programming languages such as Rust, C, and C++.
To understand how zkLLVM works we need to take a look at the zkLLVM workflow:
• Users who wish to prove a certain computation would do so using a language
like C++ or Rust and an intermediate representation of the circuit is generated
by the modified clang compiler that currently supports C++. To enable on-
chain verification developers would generate in-EVM applications that consist
of gate representation of the circuit
• The circuit generated needs to be made available in the proof market where
individuals who want to create a proof for the circuit will be connected with
counterparties based on various factors including price and other conditions.
To accommodate dynamic inputs, zkLLVM incorporates an assigner
component. This assigner generates an assignment table that preprocesses
and prepares all inputs and witnesses for proof alongside the circuit. So now,
the circuit is set up for testing with dynamic inputs and is ready to be proven.
• Users can then retrieve proofs from the proof of market and then verify them
on-chain. Integrating the verification interface developers can use generated
verifiers on-chain.
A graphical summary of how the zkLLVM Architecture
What makes zkLLVM unique?
Effortless Integration
Developers can now take advantage of pre-defined, top-notch circuits that are
automatically generated based on their existing code, saving them valuable time
and effort. By eliminating the need for manual circuit maintenance using zkLLVM,
developers can avoid the tedious task of continuous optimization in case of
protocol changes that could affect manually constructed circuits.
Computation Definition
zkLLVM is a revolutionary tool that breaks down barriers and makes it much easier
for developers to get involved. It allows developers who are skilled in C/C++ or
Rust programming to effortlessly harness the power of zkLLVM without having to
delve into the intricate details of cryptographic protocols or circuitry. This opens
up new possibilities and empowers developers to create amazing things without
any unnecessary complications.
Proof Generation
zkLLVM is efficient and saves developers a lot of time it would normally take to
launch zk-enabled apps.  By seamlessly merging with Proof Market, it facilitates
decentralized proof generation and harnesses its advantages. This
groundbreaking integration not only liberates proof requesters from the arduous
task of delving into intricate technology but also empowers proof generators with
enhanced circuit quality and performance. Consequently, they can accomplish the
same computational tasks with reduced computational power compared to
manually developed inefficient circuits.
Custom Circuits & Proof Generation
• Designing complex circuits is hard
When it comes to the realm of building circuits, defining the computation that the
circuit aims to verify is a constantly evolving and subjective matter. There is no
definitive "correct approach" at this stage. Additionally, practicality plays a crucial
role in circuit design, as they need to be written efficiently to minimize the number
of steps required while still meeting the requirements of the verifier. However,
constructing a zkEVM (zero-knowledge Ethereum Virtual Machine) presents an
additional challenge due to the scarcity of individuals possessing the specialized
skills necessary for building its intricate components.
• Generating proofs, especially state proofs is difficult
When it comes to the costs involved in generating proofs, there is an additional
factor to consider - the complexity of the verification process. This complexity
leads to higher expenses when utilizing ZKP technology in various applications.
Even with the most concise zkSNARKs proofs currently available, verifying these
proofs still requires a significant amount of resources. For example, when using
ZK-rollups on Ethereum, substantial gas fees are incurred, with approximately
500,000 gas needed to verify a single ZK-SNARK proof.
Getting started with zkLLVM
Here we would go through the zkLLVM template provided in this GitHub
repository, we would go through how circuits are written, their workflow, and
workflow for application developers. This tutorial uses CPP based on Crypto3, a
C++ library designed to be a one-stop solution for all cryptographic operations.
How can I build on zkLLVM?
First, here are your go-to resources to learn more:
• zkLLVM Docs
 • zkLLVM GitHub Repository
• Visit Discord for your questions
Let’s Build
Step 1: Clone the Repository
Clone the repository and all sub-modules by running the command below in your
terminal:
git clone --recurse-submodules
[email protected]:NilFoundation/zkllvm.git

Step 2: Getting the Docker Images

In this section we’ll we'll be utilizing Docker images that include various
components of the =nil; toolchain.
nilfoundation/zkllvm-template image contains the necessary zkLLVM compiler
(clang), assigner, and transpiler binaries. Run the following:
docker pull ghcr.io/nilfoundation/zkllvm-template:0.0.86

The nilfoundation/proof-market-toolchain image also contains all you need to

make an account on the =nil; Proof Market, put your circuit on it, and order a
proof. Run the following
docker pull ghcr.io/nilfoundation/proof-market-toolchain:0.0.37

Step 3: Review of .src/main.cpp

Next, open the .src/main.cpp file, the repo contains some circuit code, let's go
over it together.
 #include <nil/crypto3/algebra/curves/pallas.hpp> using namespace
nil::crypto3::algebra::curves;

First, we include a header file from nil::crypto3::algebra::curves that provides

definitions and functionalities related to Pallas. The next line allows us to use the
classes and types defined within the nil::crypto3::algebra::curves namespace
without explicitly specifying the namespace each time.
typename pallas::base_field_type::value_type pow(typename
pallas::base_field_type::value_type a, int n) { return 1; typename
pallas::base_field_type::value_type res = 1; res *= a; return res;

The pow function uses a loop to compute the power of an element as in the Pallas
curve's base field by iteratively multiplying it by itself n times. If the exponent is 0,
it returns 1 effectively calculating a^n. This function provides a basic method to
calculate powers within the finite field of the curve. Next,  a variable res is
declared and initialized to 1. This variable will be used to store the result of
exponentiation and the function returns the calculated result stored in the variable
res.
[[circuit]] typename pallas::base_field_type::value_type typename
pallas::base_field_type::value_type b) { }

This line defines another function named `field_arithmetic_example`. This

function also takes two arguments `a` and `b`, both of typename
pallas::base_field_type::value_type.
typename pallas::base_field_type::value_type c = (a + b) * a + b *
(a + b) * (a + b); return c * c * c / (b - a) + pow(a, 2) +
constant;
In this line, a variable `c` is declared and initialized with a complex expression
involving arithmetic operations on the field elements `a` and `b`. The expression
calculates `(a + b) * a + b * (a + b) * (a + b)`. Next, a constant is declared and
initialized with a specific value 0x1… The function returns the result of a complex
expression involving arithmetic operations:
Altogether we have
#include <nil/crypto3/algebra/curves/pallas.hpp> using namespace
nil::crypto3::algebra::curves; if (n == 0) for (int i = 0; i < n;
++i) { } } [[circuit]] typename pallas::base_field_type::value_type
typename pallas::base_field_type::value_type b) { typename
pallas::base_field_type::value_type c = (a + b) * a + b * (a + b) *
(a + b); return c * c * c / (b - a) + pow(a, 2) + constant;

In summary, this code defines two functions. The first function, pow, calculates
the exponentiation of a field element to an integer power. The second function,
field_arithmetic_example, performs a series of field arithmetic operations on two
input field elements a and b, and returns a complex expression involving those
operations and a constant. The code is likely part of a larger system that involves
cryptographic operations on the Pallas curve's field.
Step 4: Compile the Circuit
We will use the zkLLVM compiler to make a byte-code representation of the circuit
in step 3
scripts/run.sh --docker compile

This command starts a docker container based on the template, creates a new
./build directory, and compiles the code into a circuit. A byte-code file is
generated and is the binary file in the LLVM's intermediate representation format.
Next, compile the code in the container area
cd /opt/zkllvm-template rm -rf build && mkdir build && cd build
cmake -DCIRCUIT_ASSEMBLY_OUTPUT=TRUE .. make template
Step 5: Build the Circuit Statement
When it comes to the Proof Market, we work with circuits in the form of circuit
statements. These statements are essentially JSON files that contain the circuit
itself along with additional metadata to identify it. To create a circuit statement
from the compiled circuit, you can use the build_statement command.
scripts/run.sh --docker build_statement

Now, we have the circuit statement file ./build/template.json.

Step 6: Produce and Verfity Proof Locally
Now, we want to produce a zk-SNARK - zero-knowledge succinct non-interactive
argument of knowledge. From the previous step, we have the essentials for our
first proof. We want to confirm our circuit is working by running locally using the
proof-generator CLI
scripts/run.sh --docker prove

The proof generator creates a proof and verifies it

Step 7: Make an Account on the Proof of Market
Next, we need to create an account for publishing circuit statements, firstly we run
a container with the Proof Market toolchain with the command below:
cd /opt/zkllvm-template scripts/run.sh run_proof_market_toolchain

Great, now you're in the container's console, next we create an account

cd /proof-market-toolchain python3 scripts/signup.py user \ -u

<username> \ -p <password> \ -e <email>

It should produce this:

//
//
Step 8: Publish the Circuit Statement
To publish the circuit statement run the command below
python3 scripts/statement_tools.py push \

You should see the following together with your statement key:
Statement from /opt/zkllvm-template/build/template.json was pushed with key
12345678.
Step 9: Check Information about Statement
Lastly, we can run the command below to see how the statement is published:
python3 scripts/statement_tools.py get \

You should see all the details of your statement in response.

//
//
Limitations
There are some obvious limitations to this model highlighted by Mikhail Komarov
which include block space limitation and calldata limitation.
• Block space is limited
The availability of block space in the EVM (Ethereum Virtual Machine) environment
is limited. Developers need to prioritize optimizing their smart contracts and
transactions to make the most efficient use of this resource and minimize their
impact on the blockchain's capacity. Several factors, including data storage,
computational complexity, and gas consumption, must be strategically considered
in this process.
• Calldata limitations
The constraints on input data for smart contracts, known as calldata limitations,
pose a significant challenge. Smart contracts frequently interact with external data
sources and user inputs, making it necessary to carefully handle and process the
data. Developers must be mindful of managing data passing and storage within
the defined boundaries to ensure effective communication between contracts
while maintaining security and functionality. This involves thoughtful consideration
to prevent exceeding calldata boundaries and compromising security and
functionality
What is =nil; Foundation
=nil; Foundation was established in April 2018 with focus on research and
development into database management systems, and cryptography. =nil;
Foundation is also the team working on =nil;DBMS that provides a unified way to
allow both reading and writing of data across blockchains. zkLLVM is also being
developed by the team and is essentially a compiler that can convert any LLVM
frontend language into an intermediate representation that can be proven within a
SNARK.
Conclusion
In this article, we had a brief overview of Zero-knowledge proofs, how they work,
and then a detailed explainer on zkLLVM. zkLLVM allows you to build zkEVM
rollups fast and cheaply by simply compiling already existing EVM implementation
code in C++ or Rust. This game-changing solution paves the way for the
widespread adoption of zk technology by streamlining processes and optimizing