feat(Groth16): add working examples of Groth16 verification

[delovoyhomie]

Closes #1840

Summary by CodeRabbit

• Documentation
  • Added comprehensive guide for running and verifying Groth16 proof examples on TON with support for multiple proving stacks (Circom, Noname, Gnark, Arkworks).
  • Updated zero-knowledge documentation with links to upstream proof verification examples.
  • Reorganized documentation navigation to group zero-knowledge resources under a dedicated section for easier discovery.

[github-actions]

Thanks for the updates to contract-dev/privacy-zk and the docs navigation; I’ve left several suggestions to align the frontmatter, safety guidance, snippet labeling, and sidebar text—please apply the inline suggestions.

[github-actions]

Thanks for expanding the ZK docs; I’ve left several suggestions in contract-dev/privacy-zk/groth16-examples.mdx plus a couple of small navigation and cross-link tweaks—please apply the inline suggestions to align with the content and safety guidelines.

[coderabbitai]

Warning

Rate limit exceeded

@delovoyhomie has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 45 minutes before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d59f5d66-b391-4634-ab03-f74cbb570fd5

📥 Commits

Reviewing files that changed from the base of the PR and between aed69b3 and becd79a.

📒 Files selected for processing (4)

• contract-dev/privacy-zk/groth16-examples.mdx
• contract-dev/techniques/zero-knowledge.mdx
• docs.json
• resources/dictionaries/custom.txt

📝 Walkthrough

Walkthrough

This PR adds comprehensive Groth16 verification example documentation with four proving-stack tutorials (Circom, Noname, Gnark, Arkworks), restructures zero-knowledge navigation into a dedicated ZK proofs section, and extends the spell-check dictionary to recognize new technical terms.

Changes

Groth16 Verification Examples & ZK Documentation

Layer / File(s)	Summary
Page Structure & Introduction contract-dev/privacy-zk/groth16-examples.mdx	Page frontmatter and introductory content explain the purpose: run upstream Groth16 examples and verify proofs both locally and on-chain.
Setup & Prerequisites contract-dev/privacy-zk/groth16-examples.mdx	Objectives and prerequisites (Node.js, Blueprint, one proving stack), plus commands to clone the zk-ton-examples repository and install dependencies.
Examples Mapping & Sandbox Context contract-dev/privacy-zk/groth16-examples.mdx	Table mapping four examples (Multiplier, Sudoku, cubic-gnark, MulCircuit) to stacks, circuits, outputs, and Blueprint test commands; clarifies verification runs in Blueprint sandbox.
Example Flows: Multiplier, Sudoku, Gnark, Arkworks contract-dev/privacy-zk/groth16-examples.mdx	Step-by-step instructions for each proving stack: input generation, Powers of Tau setup, proof generation, contract export via export-ton-verifier, Blueprint test execution, and expected snapshots.
Verification Conditions & Troubleshooting contract-dev/privacy-zk/groth16-examples.mdx	Runtime success conditions (local snarkjs verification, on-chain getVerify, Blueprint test exit), example Tolk test snippet, and troubleshooting for export/test/proof mismatches.
Navigation Reorganization & Cross-references contract-dev/zero-knowledge.mdx, docs.json	Updated <Aside> in zero-knowledge overview to link to the new Groth16 examples page and upstream repository; reorganized docs.json to group zero-knowledge and groth16-examples under a new ZK proofs section.
Spell-Check Dictionary Updates resources/dictionaries/custom.txt	Added terms: Gnark, gnark, Groth16, MulCircuit, and subgrids.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• ton-org/docs#2128: Both PRs modify zero-knowledge documentation and overlap in resources/dictionaries/custom.txt by adding zk-related spell-check terms.
• ton-org/docs#2102: Both PRs address zero-knowledge documentation and export-ton-verifier usage patterns.

Suggested reviewers

• novusnota
• aigerimu

Poem

🐰 A rabbit hops through proofs so tight,
Groth16 beams now shine so bright,
Four stacks in harmony, we learn to test,
From Circom to Arkworks, all the best!
Verification flows complete the quest. 🧮✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely captures the main change: adding working examples of Groth16 verification, which is the primary objective of this pull request.
Linked Issues check	✅ Passed	The PR fully addresses issue #1840 by creating working Groth16 verification examples, establishing a ZK subsection in documentation with references to multiple proving stacks, and incorporating examples from zk-ton-examples.
Out of Scope Changes check	✅ Passed	All changes are directly related to the linked issue: new Groth16 documentation, updated ZK reference page, reorganized navigation structure, and spell-check dictionary updates for technical terms.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch Groth16-examples

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

♻️ Duplicate comments (2)

contract-dev/privacy-zk/groth16-examples.mdx (2)

53-65: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a safety warning about the test-only entropy in the trusted setup commands.

Lines 57 and 60 use hard-coded "some random text" for entropy contributions. Readers who copy-paste these commands for production use will create an insecure trusted setup that allows proof forgery.

Add a caution block before the commands

+<Aside type="caution" title="Test-only setup">
+  The commands below use weak entropy (`"some random text"`) suitable only for local testing.
+  For production, use high-entropy sources and participate in a multi-party ceremony.
+</Aside>
+
 ```bash
 cd circuits/Multiplier

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contract-dev/privacy-zk/groth16-examples.mdx` around lines 53 - 65, Add a
clear caution block before the setup commands warning that the hard-coded
entropy string "some random text" in the npx snarkjs powersoftau contribute and
npx snarkjs zkey contribute commands is for tests only and must not be used in
production; instruct readers to supply secure, high-entropy randomness (e.g.,
use a secure RNG, OS-provided entropy, or explicit interactive/random-file
contribution) and never reuse weak or copy-pasted entropy for trusted-setup
contributions, and mention that using test-only entropy makes the ceremony
insecure and enables proof forgery.

---

44-46: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use type="caution" for environment warnings when examples involve fund transfers.

Line 174 shows a sendVerify call with value: toNano('0.15'), which transfers TON. Environment separation is a safety concern, not a tip, when fund movement is involved.

Suggested fix

-<Aside type="tip">
+<Aside type="caution" title="Run in sandbox or testnet">
   This page follows the upstream Tolk verifier tests and runs locally in the Blueprint sandbox, not on TON mainnet.
 </Aside>

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contract-dev/privacy-zk/groth16-examples.mdx` around lines 44 - 46, The Aside
currently uses type="tip" but the example includes a sendVerify call that
transfers funds (sendVerify with value: toNano('0.15')), so change the Aside
component's type from "tip" to "caution" and update its text to clearly flag the
environment and fund-transfer risk; locate the Aside instance surrounding the
verifier example and the sendVerify usage to make this change (search for Aside
and the sendVerify / toNano('0.15') symbols).

🧹 Nitpick comments (1)

contract-dev/privacy-zk/groth16-examples.mdx (1)

82-83: ⚡ Quick win

Move placeholder definitions before their first use.

Line 83 uses <SOLUTION_JSON> and <GRID_JSON>, but their definitions don't appear until lines 96-99. Readers encounter undefined placeholders and must scroll down to understand what they mean.

Reorder the content

Move lines 96-99 to appear immediately before line 82, or integrate them into an Aside above the command block:

<Aside>
  Before running `noname run`, prepare two JSON files:
  
  - `<SOLUTION_JSON>` — the private solved grid in the format expected by `circuits/Sudoku/src/main.no`
  - `<GRID_JSON>` — the public partially filled grid in the format expected by `circuits/Sudoku/src/main.no`
</Aside>

```bash
cd circuits/Sudoku
noname check
noname run --backend r1cs-bls12-381 --private-inputs '<SOLUTION_JSON>' --public-inputs '<GRID_JSON>'

Also applies to: 96-99

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contract-dev/privacy-zk/groth16-examples.mdx` around lines 82 - 83, Place the
placeholder definitions for <SOLUTION_JSON> and <GRID_JSON> before they are used
in the `noname run` example: move the existing descriptive lines about those
placeholders (the definitions currently at lines 96-99) to immediately above the
`noname check` / `noname run` block or wrap them as an Aside right above that
command so readers see what `<SOLUTION_JSON>` and `<GRID_JSON>` mean before
encountering `noname run --backend r1cs-bls12-381 --private-inputs
'<SOLUTION_JSON>' --public-inputs '<GRID_JSON>'`.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@contract-dev/privacy-zk/groth16-examples.mdx`:
- Around line 53-65: Add a clear caution block before the setup commands warning
that the hard-coded entropy string "some random text" in the npx snarkjs
powersoftau contribute and npx snarkjs zkey contribute commands is for tests
only and must not be used in production; instruct readers to supply secure,
high-entropy randomness (e.g., use a secure RNG, OS-provided entropy, or
explicit interactive/random-file contribution) and never reuse weak or
copy-pasted entropy for trusted-setup contributions, and mention that using
test-only entropy makes the ceremony insecure and enables proof forgery.
- Around line 44-46: The Aside currently uses type="tip" but the example
includes a sendVerify call that transfers funds (sendVerify with value:
toNano('0.15')), so change the Aside component's type from "tip" to "caution"
and update its text to clearly flag the environment and fund-transfer risk;
locate the Aside instance surrounding the verifier example and the sendVerify
usage to make this change (search for Aside and the sendVerify / toNano('0.15')
symbols).

---

Nitpick comments:
In `@contract-dev/privacy-zk/groth16-examples.mdx`:
- Around line 82-83: Place the placeholder definitions for <SOLUTION_JSON> and
<GRID_JSON> before they are used in the `noname run` example: move the existing
descriptive lines about those placeholders (the definitions currently at lines
96-99) to immediately above the `noname check` / `noname run` block or wrap them
as an Aside right above that command so readers see what `<SOLUTION_JSON>` and
`<GRID_JSON>` mean before encountering `noname run --backend r1cs-bls12-381
--private-inputs '<SOLUTION_JSON>' --public-inputs '<GRID_JSON>'`.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 185007b0-9d2d-4299-8e53-497f68e588eb

📥 Commits

Reviewing files that changed from the base of the PR and between 45160fd and aed69b3.

📒 Files selected for processing (4)

• contract-dev/privacy-zk/groth16-examples.mdx
• contract-dev/zero-knowledge.mdx
• docs.json
• resources/dictionaries/custom.txt