To protect end users and ensure your zkApps are secure, consider the information at Security and zkApps while architecting your solution and consider a third-party security audit before deploying to Mina mainnet.
Introduction to o1js
o1js is a TypeScript library for:
- Writing general-purpose zero knowledge (zk) programs
- Writing zk smart contracts for Mina
This is TypeScript code that you might write when using o1js:
import { Field, Poseidon } from 'o1js';
function knowsPreimage(preimage: Field) {
let hash = Poseidon.hash([preimage]);
hash.assertEquals(expectedHash);
}
const expectedHash =
0x1d444102d9e8da6d566467defcc446e8c1c3a3616d059facadbfd674afbc37ecn;
In a zkApp, this code can be used to prove that you know a secret value whose hash is publicly known without revealing the secret. The code is plain TypeScript and is executed as normal TypeScript. You might call o1js an embedded domain-specific language (DSL).
o1js provides data types and methods that are provable: You can prove their execution.
In the example code, Poseidon.hash()
and Field.assertEquals()
are examples of provable methods. Proofs are zero knowledge, because they can be verified without learning their inputs and execution trace. Selected parts of the proof can be made public, if it suits your application.
o1js is a general-purpose zk framework that gives you the tools to create zk proofs. It lets you write arbitrary zk programs leveraging a rich set of built-in provable operations, like basic arithmetic, hashing, signatures, boolean operations, comparisons, and more. Use the o1js framework to write zkApps on Mina, smart contracts that execute client-side and have private inputs.
All of the o1js framework is packaged as a single TypeScript library that can be used in major web browsers and Node.js. The best way to get started with o1js is using the zkApp CLI. You can also install o1js from npm with npm i o1js
.
Start your o1js journey by learning about basic zk programming concepts.
Audits of o1js
Third-party audit (Q1/Q2 2024). An audit by an external security firm is ongoing and on track to complete in Q2 2024. Results will be shared when available.
Internal audit (Q1 2024). In March 2024, the o1js team spent roughly two person-weeks to conduct an internal audit of parts of the o1js code base. The audit focused on reviewing core provable code. A number of issues were found and fixed.
Please see our page on Security and zkApps for more information on ensuring your zkApp is secure.