#zk-snarks #zero-knowledge #circom #snark #data-privacy #lego-snark

no-std legogroth16

An implementation of the LegoGroth16, the Legosnark variant of Groth16 zkSNARK proof system

10 breaking releases

new 0.13.0 May 10, 2024
0.12.0 Mar 4, 2024
0.11.0 Oct 2, 2023
0.9.0 Jun 23, 2023
0.2.0 May 2, 2022

#252 in Cryptography

Download history 3/week @ 2024-02-19 13/week @ 2024-02-26 159/week @ 2024-03-04 42/week @ 2024-03-11 4/week @ 2024-03-18 14/week @ 2024-03-25 31/week @ 2024-04-01 2/week @ 2024-04-08 27/week @ 2024-04-15 7/week @ 2024-04-22 127/week @ 2024-05-06

161 downloads per month
Used in 3 crates


11K SLoC


This repository contains an implementation of the LegoGroth16, the LegoSNARK variant of Groth16 zkSNARK proof system.
This project started as fork of this but is updated to

  • commit to a subset of the witnesses by specifying the count, say n, of the witnesses to commit during CRS generation. By convention, it commits to the first n variables allocated for witnesses in the circuit and the proof contains that commitment
  • either contain CP_link as well or omit it but only have the proof contain the commitment. The proof here contains 2 commitments (one is same as above) to the witness variables but with different commitment keys and randomness.
  • creating and verifying proofs for Circom circuits
  • proof aggregation using Snarckpack

The zkSNARK for Linear Subspaces from appendix D of LegoSNARK paper is here.

This library is released under the MIT License and the Apache v2 License (see License).

Build guide

Build the library:

cargo build --release

This library comes with unit tests for each of the provided crates. Run the tests with:

cargo test

To build without std but with Circom support and proof aggregation, run

cargo build --no-default-features --features=circom,aggregation,wasmer-sys

To build for WASM with Circom support and proof aggregation, run

cargo build --no-default-features --features=circom,aggregation,wasmer-js --target wasm32-unknown-unknown

To run all tests without std, run

cargo test --no-default-features --features=std,circom,aggregation,wasmer-sys


This library is licensed under either of the following licenses, at your discretion.

Unless you explicitly state otherwise, any contribution submitted for inclusion in this library by you shall be dual licensed as above (as defined in the Apache v2 License), without any additional terms or conditions.


This work was supported by: a Google Faculty Award; the National Science Foundation; the UC Berkeley Center for Long-Term Cybersecurity; and donations from the Ethereum Foundation, the Interchain Foundation, and Qtum.

An earlier version of this library was developed as part of the paper "ZEXE: Enabling Decentralized Private Computation".


~249K SLoC