Garaga

State-of-the-Art Elliptic Curve Tooling & ZK Proof Verification for Starknet

Garaga enables efficient verification of zero-knowledge proofs and cryptographic operations on Starknet. It achieves state-of-the-art performance through:

A dedicated builtin from StarkWare for emulated modular arithmetic
Non-deterministic techniques for extension field multiplication, pairings, and multi-scalar multiplication
Precomputed verification hints that dramatically reduce on-chain computation

What Can You Build?

🛡️ ZK Proof Verification

Verify Groth16 and Honk proofs on-chain with production-ready verifier contracts.

Learn more →

🔗 zkVM Integration

Verify proofs from RISC Zero and SP1 using maintained, audited contracts.

Learn more →

✍️ Signature Verification

ECDSA, Schnorr, and EdDSA verification across multiple elliptic curves.

Learn more →

🎲 Verifiable Randomness

On-chain verification of drand beacon signatures for provably fair randomness.

Learn more →

🧮 Elliptic Curve Operations

Multi-scalar multiplication on 6 curves, pairing operations for BN254/BLS12-381.

Learn more →

🔒 Privacy-Preserving dApps

Build applications with Noir/Honk circuits for complex privacy logic.

Learn more →

Architecture Overview

┌──────────────────────────────────────────────────────────────────────────────┐
│                           YOUR STARKNET DAPP                                 │
├──────────────────────────────────────────────────────────────────────────────┤
│                                                                              │
│   Smart Contract Generators          │       Cairo Libraries                 │
│   ─────────────────────────          │       ───────────────                 │
│   • Groth16 Verifier (BN254/BLS)     │       • EC Operations (MSM)           │
│   • Noir/Honk Verifier               │       • Signatures (ECDSA/Schnorr)    │
│   • Custom circuit verifiers         │       • Pairing Checks                │
│                                      │       • Hashing (SHA-512, Poseidon)   │
│                                                                              │
├──────────────────────────────────────────────────────────────────────────────┤
│                       Maintained Contracts (Declared on Mainnet)             │
│   ─────────────────────────────────────────────────────────────              │
│   • Universal ECIP (MSM)  • RISC Zero Verifier  • SP1 Verifier  • Drand      │
│                                                                              │
├──────────────────────────────────────────────────────────────────────────────┤
│                         SDK (Python / Rust / TypeScript)                     │
│   ─────────────────────────────────────────────────────────────              │
│   Calldata generation • Proof preprocessing • Contract generation            │
│                                                                              │
├──────────────────────────────────────────────────────────────────────────────┤
│  Supported Curves                                                            │
│  ────────────────                                                            │
│  BN254 │ BLS12-381 │ SECP256K1 │ SECP256R1 │ ED25519 │ GRUMPKIN             │
│                                                                              │
└──────────────────────────────────────────────────────────────────────────────┘

Performance

Garaga achieves remarkable efficiency through optimized Cairo implementations. See the full benchmark suite for detailed metrics on all operations including:

Groth16 verification (BN254 & BLS12-381)
Honk/Noir proof verification
RISC Zero & SP1 proof verification
Signature verification (ECDSA, Schnorr, EdDSA)
Multi-scalar multiplication
Pairing operations

Version Compatibility

Important: Garaga SDK versions (Python, Rust, npm) must match across your toolchain to ensure calldata is correctly formatted for on-chain verification.

For generated contracts (Groth16, Noir): Use the same SDK version that generated your verifier contract
For maintained contracts (RISC Zero, SP1, drand): Use the SDK version matching the Garaga release that declared the contract class hashes

All packages are released together with matching version numbers (e.g., pip install garaga==1.0.1 + garaga = "1.0.1" in Scarb.toml + garaga_rs tag v1.0.1 + npm install garaga@1.0.1).

Quick Start

1. Install

pip install garaga

2. Generate a Verifier Contract

# Generate a Groth16 verifier from your verification key
garaga gen --system groth16 --vk your_vk.json

# Or generate a Noir/Honk verifier
garaga gen --system ultra_keccak_honk --vk target/vk

3. Deploy & Verify

# Declare and deploy your contract
garaga declare
garaga deploy --class-hash <CLASS_HASH>

# Verify a proof on-chain
garaga verify-onchain --address <CONTRACT_ADDRESS> \
  --vk your_vk.json --proof proof.json --public-inputs inputs.json

Production Ready

Garaga is used in production by teams building:

Validity rollups and L2 solutions
Cross-chain bridges with ZK verification
Privacy-preserving applications
Verifiable computation platforms

Security

✅ Audited by CryptoExperts
✅ Battle-tested on Starknet mainnet
✅ Open source under MIT license

Resources

GitHub: github.com/keep-starknet-strange/garaga
Telegram: t.me/GaragaPairingCairo
Academic Papers: See References below

References

Garaga's cryptographic implementations are based on peer-reviewed research:

Groth16: Groth, J. "On the Size of Pairing-Based Non-interactive Arguments." EUROCRYPT 2016. ePrint 2016/260
Efficient Pairings: El Housni, Y. "Pairings in Rank-1 Constraint Systems." ePrint 2022/1162
ECIP: Eagen, L. "Zero Knowledge Proofs of Elliptic Curve Inner Products." ePrint 2022/596
On Proving Pairings: Novakovic, A. & Eagen, L. ePrint 2024/640
Fast EC Scalar Multiplications: Eagen, L., El Housni, Y., Masson, S., Piellard, T. ePrint 2025/933

NextBuilding Powerful Applications

Last updated 14 hours ago

Was this helpful?