A browser based snark proof generation library for integrating zk proofs in only a few lines of code

I’ve packaged snarkjs proof generation for knowledge of the preimage of a hash into a library.

Using the library, the developer only has to write 5 lines of code on javascript front end and 5 lines on Solidity to integrate a zero knowledge proof of preimage to their dapp.

Would love to have a critical code review here!


Going to be absolutely hell to audit this (like most JS stuff):

You could take an easy win and drop assert as a dependency. That would get rid of a pretty large set of dependencies. The bigger problem though is snarkjs which should be written in plain JS and used as a core library, but instead it has heaps of dependencies.

The problem with having this many dependencies is that it makes auditing incredibly hard, introduces potential supply chain attacks, and leads to problems with licensing:

1 Like

very cool concept! I long thought about something similar. Are you planning to extend it to support other circuits? Using snarkJS in the browser is always painful and it would be great to have an easy-to-use library to extract the most common circuits. I can think of semaphore and zk efficient sig => GitHub - personaelabs/efficient-zk-sig: Lowering client-side proving cost for private ZK signatures as good candidates!

1 Like

Absolutely that’s the goal. Making circuits and onchain verifiers for most important zk proof verticals.

Next on my radar is semaphore :white_check_mark:

Thanks for the critical feedback @MicahZoltu !
This is something I hacked together in a day - so surely not optimised. But I hear you - when dealing with security/privacy - there is no slack we can afford.

However, in particular, would like a review of the circom

And the corresponding solidity verifier to ensure that one proof is used only once

FYI - since snarkjs uses GPLv3 (and does not plan to change), it’s not actually usable, since GPLv3 is incompatible with libraries (hence the existence of LGPL).

Don’t use snarkjs until they fix this. You legally can’t, anyway.