ZK Circuit Registry

Core Circuits

These circuits are hardcoded in the bootloader (highest trust level):

BOOT_AUTHORITY Circuit

Name:         BOOT_AUTHORITY
Category:     Core
Permissions:  BootAuthority, Attestation

Program Hash: fa02d10e8804169a47233e34a6ff3566248958adff55e1248d50304aff4ab230
VK Hash:      bf6d8ae8b77c2c0bb9ee46c8a847dfba9114363738cb22f28703a6cd9451a584

Domain:       "NONOS:ZK:PROGRAM:v1"

UPDATE_AUTHORITY Circuit

Name:         UPDATE_AUTHORITY
Category:     Core
Permissions:  UpdateAuthority

Program Hash: 8b3ca7195ef2710adc4592b86d33aa4f17e9285c447bf6913ace08d5621f73e4
VK Hash:      bf6d8ae8b77c2c0bb9ee46c8a847dfba9114363738cb22f28703a6cd9451a584

Domain:       "NONOS:ZK:PROGRAM:v1"

RECOVERY_KEY Circuit

Verifying Key (VK)

The BOOT_AUTHORITY verifying key (584 bytes, BLS12-381):

Permission Flags

Each circuit has a permission bitmap:

Circuit Categories

Section Magic

ZK circuit sections are identified by magic bytes:

Groth16 Proof Format

Proof Limits

Domain Separators

Hash Derivation

Program hashes are derived using BLAKE3:

Capsule Metadata

ZK proofs are wrapped in capsules:

Verification Flow

Adding New Circuits

System Circuit

1. Define circuit constraints

2. Run trusted setup ceremony

3. Compute program hash

4. Embed VK in kernel

5. Register in SYSTEM_CIRCUITS

Community Circuit

1. Define circuit and run setup

2. Submit to governance

3. Collect N-of-M signatures

4. Register via community process

User Circuit

1. Define circuit locally

2. Run setup locally

3. Install via user API

4. Runs sandboxed (limited permissions)

Circuit Tools