feat(groth16): support export of verification key and proof to snarkjs-compatible JSON

[mysteryon88]

Description

Issue: #1582

• added snarkjs backend
• added ExportVerifyingKey(io.Writer) for VerifyingKey
• added ExportProof([]string, io.Writer) for Proof
• supported curves: BLS12-381 and BN254

Type of change

• New feature (non-breaking change which adds functionality)

How has this been tested?

For testing, I’m using the package: https://github.com/mysteryon88/gnark-to-snarkjs.

To verify the changes I implemented the following integration test workflow:

1. Clone the demo repository

git clone https://github.com/mysteryon88/gnark-example

2. Install npm dependencies (for snarkjs tests)

npm install

3. Replace gnark with the updated version (containing the new export methods). (only for branch gnark-fork)

Either by using the fork/branch directly in go.mod:

replace github.com/consensys/gnark => github.com/<your-username>/gnark

4. Run Go tests to generate JSON files

go test ./cubic -v -run TestCubicBLS12_381
go test ./cubic -v -run TestCubicBN254

After this step, the following files are produced:

• keys/verification_key_.json
• proofs/proof_.json

5. Run npm test to verify proofs with snarkjs

npm test

How has this been benchmarked?

The newly added export functions are only used when explicitly called and do not affect the core proving or verification logic. They perform simple serialization to JSON and therefore should not impact the overall performance of the library.

Environment:

• Windows 10 Pro (64-bit)
• Intel i7-12700H
• 32 GB RAM

Checklist:

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I did not modify files generated from templates
• golangci-lint does not output errors locally
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

---

Note

Medium Risk
Adds new serialization APIs on core groth16 Proof/VerifyingKey interfaces and implements curve-specific JSON output; main risk is ecosystem breakage from expanded interfaces and potential incompatibilities with snarkjs expectations.

Overview
Adds a new backend/snarkjs interface and extends the public groth16.Proof and groth16.VerifyingKey interfaces to support exporting snarkjs-compatible JSON.

Implements ExportProof (proof JSON with pi_a/pi_b/pi_c + optional publicSignals) and ExportVerifyingKey (verification key JSON including IC and vk_alphabeta_12 via pairing) for BN254 and BLS12-381, and explicitly returns not implemented for BLS12-377 and **BW6-761` (including stub methods and imports).

^{Reviewed by Cursor Bugbot for commit c40b866. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

🚨 Bugbot Trial Expired

Your team's Bugbot trial has expired. Please contact your team administrator to turn on the paid plan to continue using Bugbot.

A team admin can activate the plan in the Cursor dashboard.

[ivokub]

Thanks for the submission.

[cursor]

ExportVerifyingKey silently exports incorrect data with commitments

Medium Severity

ExportVerifyingKey lacks the commitment check that ExportProof has. When vk.PublicAndCommitmentCommitted is non-empty, NbPublicWitness() returns a count that includes commitment hash elements, and the IC array includes extra commitment-related points. This silently produces an incorrect snarkjs-incompatible verification key with no error.

Additional Locations (1)

• backend/groth16/bls12-381/verify.go#L257-L333

 

^{Reviewed by Cursor Bugbot for commit 1f3423a. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit c40b866. Configure here.}

[cursor]

BN254 curve name incompatible with snarkjs format

High Severity

The curve name is set to "bn254", but snarkjs uses "bn128" as the curve identifier for this curve. snarkjs's own verification_key.json output uses "curve": "bn128", and its getCurveFromName function references bn128 (e.g., globalThis.curve_bn128). Since this PR's goal is to produce snarkjs-compatible JSON, using "bn254" may cause snarkjs verification to fail or produce output that isn't interoperable with other snarkjs-based tools.

Additional Locations (1)

• backend/groth16/bn254/verify.go#L310-L311

 

^{Reviewed by Cursor Bugbot for commit c40b866. Configure here.}