Proving schemes supported by ZoKrates require a pairing-friendly elliptic curve. The options are the following:

Default: ALT_BN128

When not using the default, the CLI flag has to be provided for the following commands:

• universal-setup
• compile
• export-verifier
• verify

ZoKrates supports different proving schemes. We identify the schemes by the reference to the paper that introduced them. Currently the options available are:

All schemes have a circuit-specific setup phase called setup. Universal schemes also feature a preliminary, circuit-agnostic step called universal-setup. The advantage of universal schemes is that only the universal-setup step requires trust, so that it can be run a single time and reused trustlessly for many programs.

Default: G16, except for universal-setup for which the default is Marlin

When not using the default, the CLI flag has to be provided for the following commands:

• universal-setup
• setup
• export-verifier
• generate-proof
• verify

ZoKrates supports multiple backends. The options are the following:

Default: ark

When not using the default, the CLI flag has to be provided for the following commands:

• universal-setup
• setup
• generate-proof
• verify

When using G16, developers should pay attention to the fact that an attacker, seeing a valid proof, can very easily generate a different but still valid proof. Therefore, depending on the use case, making sure on chain that the same proof cannot be submitted twice may not be enough to guarantee that attackers cannot replay proofs. Mechanisms to solve this issue include:

• signed proofs
• nullifiers
• usage of an ethereum address as a public input to the program
• usage of non-malleable schemes such as GM17