Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/noir-lang/noir/llms.txt

Use this file to discover all available pages before exploring further.

A Solidity verifier is a smart contract that can verify zero-knowledge proofs entirely on-chain, without any trusted intermediary. Once deployed to Ethereum (or any EVM-compatible chain), anyone can submit a proof and the contract will accept or reject it — trustlessly and non-interactively. Barretenberg generates these contracts automatically from your compiled Noir circuit.

Use cases

Private authentication

Prove you know a secret (a password hash, a private key derivation) without revealing it. The contract verifies the proof, not the secret.

On-chain voting

Prove you are an eligible voter and haven’t voted before, without linking your identity to your vote.

Identity verification

Prove membership in a set (e.g., KYC-approved addresses) without revealing which member you are.

Private transactions

Prove that a transaction is valid (inputs balance outputs, amounts are positive) without revealing the amounts or addresses.

How it works

The Barretenberg backend (bb) derives a Solidity contract from your circuit’s verification key. The verification key encodes the structure of your circuit — its public inputs, gate counts, and constraint system — without any private witness data. Any proof generated from the same circuit can be verified by the same contract. 
Noir source


nargo execute  ──▶  ACIR artifact + witness


bb write_vk    ──▶  verification key


bb write_solidity_verifier  ──▶  Verifier.sol


Deploy to Ethereum

Workflow

1

Compile your Noir program

Run nargo execute from inside your project directory. This compiles your Noir source to ACIR and generates a witness from your inputs. The compiled artifact is written to ./target/<project-name>.json.
nargo execute
2

Generate the verification key

Use bb write_vk to derive the verification key from the ACIR artifact:
bb write_vk -b ./target/<project-name>.json -o ./target/vk
The verification key captures everything about the circuit’s structure that a verifier needs.
3

Generate the Solidity verifier

Pass the verification key to bb write_solidity_verifier:
bb write_solidity_verifier -k ./target/vk -o ./Verifier.sol
Verifier.sol is a self-contained Solidity file. It exposes a verify function that accepts a proof and an array of public inputs, returning true if the proof is valid.
4

Deploy the contract

Deploy Verifier.sol to your target network using Hardhat, Foundry, or any other EVM deployment tool. The contract has no owner, no admin keys, and no upgradeable proxy — verification is purely mathematical.
5

Generate and submit proofs

Generate proofs using bb prove and submit them to the deployed contract:
bb prove -b ./target/<project-name>.json -w ./target/witness-name.gz -o ./proof
Call the contract’s verify function with the proof bytes and public inputs. The return value is true for a valid proof and the transaction reverts for an invalid one.

What the verifier contract receives

The verifier contract requires two inputs:
  • Proof bytes — the output of bb prove. These encode the cryptographic proof but reveal nothing about private inputs.
  • Public inputs — the values your Noir program declared as pub. These are the facts being proven (e.g., “the result of the computation is X”) and are visible to anyone.
Private inputs never appear on-chain.
If you change your Noir program, you must regenerate the verification key and redeploy the contract. A verifier contract is specific to the circuit version it was generated from.

Further reading

The exact bb command flags and options evolve with each release. Consult the Barretenberg documentation for the current command reference, including options for UltraPlonk vs Honk proof systems and recursive aggregation.

Build docs developers (and LLMs) love

Get started for freeTalk to us