Context

The POD/GPC system was designed to make ZK proofs accessible and efficient in all contexts, including mobile apps and smart contracts. The underlying ZK proof system is Groth16, which generates small proofs which can be efficiently verified. This makes on-chain verification of proofs generated off-chain feasible.

Doing so requires bypassing some of the user-friendliness provided by the GPC configuration compiler, making for more complex development steps.

Note that this is a work in progress and might not be complete. I (the author = Andrew) am an expert on PODs but not on-chain apps. I welcome input from a Solidity dev to help fill in details.

Example App

FrogJuice (source) is a working prototype app performing on-chain verification. It accepts as input a Frog POD collected from Frogcrypto, stored in Zupass.

Source code is here: https://github.com/BuidlGuidl/frogcrypto-squeeze

The Solidity contract which sets up verification is here: https://github.com/BuidlGuidl/frogcrypto-squeeze/blob/main/packages/hardhat/contracts/FrogCryptoSqueeze.sol

The TypeScript code which pre-processes the inputs for on-chain verification is here: https://github.com/BuidlGuidl/frogcrypto-squeeze/blob/main/packages/hardhat/contracts/FrogCryptoSqueeze.sol#L144

Assumptions and References

• On-chain verification of an off-chain proof is the target use case here
  • On-chain proving is assumed to be too expensive to be feasible
  • On-chain parsing and manipulation of PODs is feasible, but a separate problem (involving JSON parsing, and EdDSA/Poseidon cryptography).
• These instructions assume you will have a TypeScript app to pre-process the proof and generate input to your smart contract for final verification
  • This is a developer aid, but not a trusted security property. Your smart-contract needs to double-check any inputs from the off-chain app.
• These instructions assume familiarity with the POD and GPC libraries in TypeScript
  • Pre-processing will also require diving into the lower-level @pcd/gpcircuits package which implements the circuits behind GPC proofs
• Smart contract programming in Solidity is also assumed
• Some familiarity with the circom circuit compiler and SnarkJS prover/verifier is also required

Steps

This is a summary from memory, as guidance for the dedicated hacker. I can help fill in more details as needed.

1 Try it in TypeScript first

Debug off-chain before you try on-chain. Write a prover and verifier in TypeScript and make sure you can make them work together. Make sure the TypeScript verifier provides all the data you need to pass through to the next stage of your app using only the public parts of the proof.

This is a good time to capture some samples of your proof and BoundConfig output you can use for later steps.