Skip to content

nixprotocol/ultrahonk-go

BranchesTags

Repository files navigation

ultrahonk-go

Pure-Go implementation of the Aztec UltraHonk proof verification protocol over the BN254 curve.

Developed by NixProtocol as part of its privacy infrastructure. This is the first standalone Go implementation of UltraHonk verification.

Features

  • Full UltraHonk proof verification (sumcheck + Shplemini/KZG pairing)
  • Fiat-Shamir transcript generation (Keccak256-based)
  • 8 relation accumulators: arithmetic, permutation, lookup, delta range, elliptic curve, auxiliary, Poseidon2 external/internal
  • Verification key serialization/deserialization
  • Compatible with proofs generated by Aztec's Barretenberg library
  • Zero external dependencies beyond gnark-crypto and golang.org/x/crypto

Installation

go get github.com/nixprotocol/ultrahonk-go

Requires Go 1.23+.

Usage

package main

import (
    "fmt"
    honk "github.com/nixprotocol/ultrahonk-go"
    "github.com/consensys/gnark-crypto/ecc/bn254/fr"
)

func main() {
    // Load your verification key
    vk := honk.DepositVerificationKey()

    // Parse proof bytes (ProofSize * 32 = 14592 bytes)
    proofBytes := []byte{...} // your proof

    // Parse public inputs as BN254 field elements
    var inputs []fr.Element
    // ... populate inputs ...

    verified, err := honk.Verify(&vk, proofBytes, inputs)
    if err != nil {
        fmt.Printf("verification error: %v\n", err)
        return
    }
    fmt.Printf("proof valid: %v\n", verified)
}

Verification Key Serialization

// Serialize a VK to bytes (1752 bytes)
data, err := honk.SerializeVK(&vk)

// Deserialize from bytes
vk, err := honk.DeserializeVK(data)

API

Function Description
Verify(vk, proofBytes, publicInputs) Verify an UltraHonk proof against a verification key
LoadProof(proofBytes) Deserialize raw bytes into a structured Proof
SerializeVK(vk) Serialize a VerificationKey to bytes
DeserializeVK(data) Deserialize bytes into a VerificationKey
DepositVerificationKey() Returns the built-in deposit circuit VK

Proof Format

Proofs are 14,592 bytes (456 field elements x 32 bytes each), containing:

  • Pairing point object (16 field elements)
  • Wire commitments (W1-W4, ZPerm, lookup helpers) as split-limb G1 points
  • Sumcheck univariates (28 rounds x 8 evaluations)
  • Sumcheck evaluations (40 entities)
  • Gemini fold commitments and evaluations
  • Shplonk and KZG quotient commitments

Circuit Parameters

Parameter Value
Circuit size (N) 8192
Log circuit size 13
Max proof size log N 28
Number of entities 40
Subrelations 26
Curve BN254

Benchmarks

Apple M1 Pro:

BenchmarkVerify            705    1.65 ms/op    78 KB/op    539 allocs/op
BenchmarkLoadProof       99094   12.3 us/op     16 KB/op      1 allocs/op
BenchmarkSerializeVK   1000000    1.0 us/op    1.8 KB/op      1 allocs/op

Compatibility

This verifier is compatible with UltraHonk proofs generated by Aztec's Barretenberg library. The Fiat-Shamir transcript, relation evaluations, and pairing check match the Solidity verifier specification.

License

Apache License 2.0 - see LICENSE and NOTICE.

About

Pure-Go UltraHonk proof verifier for BN254. Verify Noir circuit proofs natively in Go without Barretenberg.

nixprotocol.com

Topics

golang zero-knowledge bn254 ultrahonk proof-verification barretenberg

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages