Trusted Setup Verification

Clementine, Citrea’s BitVM‑based bridge, proves execution with RISCZero (STARK) and wraps those receipts in a Groth16 SNARK so that it can be verified on Bitcoin efficiently.

The Citrea Risc0‑to‑BitVM trusted setup ceremony establishes the public parameters for a Groth16 verifier that checks RISCZero STARK receipts via BitVM, enabling a single compact proof to be verified on Bitcoin without consensus changes and moving BitVM‑based bridges into their implementation phase.

Verification below matters to confirm the setup wasn’t manipulated and that Clementine points to the exact parameters produced. By rebuilding the circuit, fetching the precise Powers of Tau and final zkey, and checking the transcript, you can reproduce the commitments and compare them to the published parameter and verifying‑key hashes.

A copy of the verification logs are available on Github.

You can also find each individual attestation by visiting gist pages of the contributors (unless it's removed/hidden by the contributor). An example can be found here.

The commands below show the exact steps for verification and should conclude with snarkJS: ZKey Ok!.

1) Setup Circom & SnarkJS

# deps
sudo apt-get update
sudo apt-get install -y build-essential git npm

# Rust (for building circom)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
. "$HOME/.cargo/env"

# circom (v2.2.x)
git clone https://github.com/iden3/circom.git
cd circom
cargo install --path circom          # installs the 'circom' binary into ~/.cargo/bin
circom --version                     # sanity check (expect v2.2.x)
cd ..

# snarkjs
npm install -g snarkjs
snarkjs --version

2) Clone Citrea RiscZero to BitVM repository

3) Install git-lfs and pull larger files in the repository

4) Generate r1cs file

5) Install Powers of Tau and the final zkey

6) Run snarkJS for verification

You can also compare the result with our published logs.