Groth16 zk-SNARKs: The Math Behind DarkNet Architecture

DarkNet Protocol utilizes the Groth16 proving system, the most widely deployed and battle-tested zk-SNARK construction in production blockchain systems. This choice was driven by the need for a protocol that is both highly secure and gas-efficient for end-users.

Why Groth16?

Groth16 produces proofs of a specific cryptographic form where validity is verified by a pairing equation. The choice of Groth16 over alternatives like PLONK or STARKs reflects three primary considerations:

1. Minimal Proof Size: Groth16 produces the smallest proofs of any major zk-SNARK system: approximately 192 bytes. This is critical for on-chain verification costs, where proof size directly determines gas expenditure.
2. Verification Efficiency: Verification requires exactly three pairing operations, regardless of circuit complexity. This constant verification cost is essential for a zkEVM where proofs must be verified on Ethereum L1.
3. Tooling Maturity: The ecosystem spanning snarkjs and Noir's native backend is mature and has demonstrated production security across Zcash and Tornado Cash.

Circuit Language: Noir

DarkNet Protocol's proving circuits are written in Noir, a domain-specific language for ZK development. Noir was selected for its Rust-inspired type system, which reduces the risk of constraint undercounting bugs — a common source of vulnerabilities in early ZK systems.

The Proving Workflow

When a user initiates a shielded transfer, the wallet locally generates a Groth16 proof. This proof demonstrates knowledge of a "note" preimage without revealing the note itself. This process, which used to take minutes, now occurs in less than 2 seconds on modern hardware, enabling a user experience indistinguishable from standard DeFi.