Garaga

Report a Bug - Request a Feature - Ask a Question

About

State-of-the-art Elliptic Curve tooling and SNARKS verification for Cairo & Starknet 🐺.

Garaga enables efficient elliptic curve operations on Starknet. It achieves state of the art performance by

• using a dedicated builtin made by Starkware for emulated modular arithmetic
• using a suite of non-deterministic techniques for extension field multiplication, pairings, and multi scalar multiplication to reduce the number of steps to verify results.

Garaga currently supports:

• Scalar & Multi-scalar multiplication for any Weirstrass curve, including BN254, BLS12_381, SECP256/R1, and ED25519. You can add the one you need by specifying the curve parameters.
• Pairing operations for BN254 and BLS12_381.
• Groth16 smart contract verifiers generators for BN254 and BLS12_381.
• Noir smart contract verifiers generators for ultra keccak honk flavour.

Architecture overview

Garaga consists of a Pythonic backend with Rust bindings and CairoZero / Cairo libraries.

• The Pythonic backend is here to define emulated modular arithmetic circuits that can be compiled to Cairo or Cairo1 code. It also handles witnesses generation for the non-deterministic computations, smart contract contract generation for a given proof system and elliptic curve, and calldata generation from a given proof.
• The CairoZero / Starknet interfaces are responsible for composing and calling the circuits, as well as adding all the extra logic needed to make the algorithms work (Fiat-Shamir heuristic, SNARKS verifiers algorithms, etc).

Quickstart : deploying a SNARK verifier on Starknet

Currently, only Groth16 on BN254 and BLS12_381 is supported with automatic support for json files coming from SnarkJS and Gnark.

1. Create a new directory for you project, and bring the jsons files for verification key, proof file and public inputs inside it.
2. Install the garaga pip package with pip install garaga. Python3.10 is mandatory and a virtual environment is recommended. Enter garaga in your terminal to get started.
3. Run the garaga gen command in your terminal to generate the code for the SNARK verifier given your verification key.
4. Edit the generated smart contract to fit the needs of your dapp.
5. Create an environment file .secrets following the .secrets.template file in the root of this repository, containing the Starkner RPC url, your account address, and the private key.
6. Run the garaga declare command in your terminal to declare the smart contract on Starknet and obtain its class hash. Note that this is an expensive operation.
7. Run the garaga deploy command in your terminal using the class hash obtained in the previous step to get the contract address.
8. Run the garaga verify-onchain command in your terminal using the contract address, the verification key, the proof and the public inputs to verify the proof against the SNARK verifier contract.

For more details, please refer to the documentation.

Developer setup

To get started with Garaga, you'll need to have some tools and dependencies installed. Here's everything you need:

Prerequisites

Ensure you have the following installed:

• Python 3.10 - /!\ Make sure python3.10 is a valid command in your terminal. The core language used for development. Make sure you have the correct dependencies installed (in particular, GMP) for the fastecdsa python package. See here for linux and here for macos.
• Scarb 2.14.0 - The Cairo package manager. Comes with Cairo inside. Requires Rust.

Optionally :

• pprof - A tool for visualization and analysis of profiling data. Requires Go.
• graphviz - Necessary for generating graphical representations of profiling data.

Setup

Once you have the prerequisites installed, clone the repository, and set up your development environment with the following command. Be sure to run this command from the root of the repository.

make setup

At this point, you should have everything you need to start developing with Garaga. Before proceeding, make sure to activate the virtual environment by running source venv/bin/activate.

Cairo Benchmarks

📊 Click on any section below to expand and view detailed benchmark tables with test performance metrics.

Note: Click on the test name to view the profiling image. Resources shown in the table for contracts include extra costs due to the foundry logic. Check the profile file for more details.

contracts └── groth16_example_bls12_381_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Poseidon Add Mod Mul Mod Sierra Gas test_verify_groth16_proof_bls12_381 353,527 10,972 90,280 586 7,506 10,868 49,754,798 └── groth16_example_bn254_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Poseidon Add Mod Mul Mod Sierra Gas test_verify_groth16_proof_bn254 228,557 9,785 67,149 509 5,401 8,754 34,080,559 └── noir_ultra_keccak_honk_example_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Bitwise Poseidon Add Mod Mul Mod Sierra Gas test_verify_ultra_keccak_honk_proof 1,213,031 65,539 412,656 3,180 461 45,756 43,585 187,929,077 └── noir_ultra_keccak_zk_honk_example_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Bitwise Poseidon Add Mod Mul Mod Sierra Gas test_verify_ultra_keccak_zk_honk_proof 1,306,049 70,398 451,651 3,476 461 49,914 47,993 203,546,067 └── noir_ultra_starknet_honk_example_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Poseidon Add Mod Mul Mod Sierra Gas test_verify_ultra_starknet_honk_proof 1,127,871 61,433 412,522 992 45,742 43,569 177,512,050 └── noir_ultra_starknet_zk_honk_example_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Poseidon Add Mod Mul Mod Sierra Gas test_verify_ultra_starknet_zk_honk_proof 1,221,360 66,173 451,576 1,044 49,911 47,987 193,032,648 └── risc0_verifier_bn254_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Bitwise Poseidon Add Mod Mul Mod Sierra Gas test_verify_r0_groth16_proof_bn254 264,545 12,069 74,896 6,698 509 6,303 9,541 42,860,813 └── sp1_verifier_bn254_integrationtest::test_contract Test Name Steps Range Check Range Check 96 Bitwise Poseidon Add Mod Mul Mod Sierra Gas test_verify_sp1_groth16_proof_bn254 244,680 11,127 75,027 2,230 509 6,314 9,555 38,221,851 garaga └── apps │ └── drand::tests Test Name Steps Range Check Range Check 96 Bitwise Add Mod Mul Mod Sierra Gas test_decrypt_at_round 289,447 3,919 385,790 14,506 57,320 28,871 89,901,952 test_hash_to_curve 26,526 971 4,559 12,289 422 602 10,601,029 test_hash_to_two_bls_felts 23,557 900 74 12,289 2 8 9,592,623 test_drand_quicknet_public_key 12,861 68 14,864 0 1,490 1,674 3,477,040 test_isogeny 1,844 58 878 0 51 111 316,402 test_map_to_curve 647 11 264 0 6 39 105,190 │ └── noir │ │ └── honk_transcript::tests Test Name Steps Range Check Bitwise Poseidon Sierra Gas test_transcript_keccak 71,084 5,035 3,180 1 9,315,281 test_transcript_starknet 19,758 1,103 0 532 2,314,222 │ │ └── zk_honk_transcript::tests Test Name Steps Range Check Bitwise Poseidon Sierra Gas test_zk_transcript_keccak 73,392 5,241 3,476 1 9,733,069 test_zk_transcript_starknet 21,173 1,185 0 584 2,486,994 │ └── risc0::risc0_utils_tests Test Name Steps Range Check Bitwise Sierra Gas test_receipt_claim 11,117 433 5,591 4,401,563 test_output_digest 4,424 171 2,230 1,754,460 │ └── sp1::tests Test Name Steps Range Check Sierra Gas test_convert_u32_to_u128 58 3 6,010 └── crypto::mmr::tests Test Name Steps Range Check Sierra Gas test_trailing_ones 441 51 47,670 └── ec::ec_ops_g2::tests Test Name Steps Range Check Range Check 96 Add Mod Mul Mod Sierra Gas test_ec_mul_g2 105,060 1,074 87,664 8,551 9,755 23,349,114 └── hashes::poseidon_bn254::tests Test Name Steps Range Check Range Check 96 Add Mod Mul Mod Sierra Gas test_run_poseidon_grumpkin_circuit_1 9,913 327 6,393 353 919 2,008,464 └── tests │ └── autogenerated │ │ └── ecdsa_tests Test Name Steps Range Check Range Check 96 Add Mod Mul Mod Sierra Gas test_ecdsa_SECP256R1 14,099 1,072 20,022 2,367 2,184 4,469,718 test_ecdsa_SECP256K1 18,723 2,082 15,629 1,810 1,592 4,271,132 │ │ └── eddsa_tests Test Name Steps Range Check Range Check 96 Bitwise Add Mod Mul Mod Sierra Gas test_eddsa_32_64B 88,025 13,786 20,762 3,288 2,412 2,276 14,776,560 test_eddsa_16_32B 52,391 7,643 20,840 1,656 2,418 2,284 9,842,274 test_eddsa_0_0B 51,814 7,549 20,865 1,656 2,419 2,286 9,780,832 │ │ └── msm_tests Test Name Steps Range Check Range Check 96 Add Mod Mul Mod Sierra Gas test_msm_SECP256R1_3P 20,115 1,576 29,835 3,546 3,252 6,572,368 test_msm_SECP256K1_3P 26,954 3,087 23,194 2,707 2,359 6,257,800 test_msm_SECP256R1_2P 13,465 1,053 19,865 2,363 2,166 4,384,404 test_msm_SECP256K1_2P 17,919 2,061 15,369 1,799 1,564 4,155,260 test_msm_SECP256R1_1P 6,991 530 9,945 1,182 1,084 2,219,716 test_msm_SECP256K1_1P 9,221 1,037 7,697 900 783 2,105,654 │ │ └── pairing_tests Test Name Steps Range Check Range Check 96 Poseidon Add Mod Mul Mod Sierra Gas test_BN254_mpcheck_3P_2F_with_extra_miller_loop_result 59,916 472 59,008 509 4,469 7,922 15,391,765 test_BLS12_381_mpcheck_3P_2F_with_extra_miller_loop_result 54,316 356 44,885 586 3,482 5,791 12,556,430 test_BN254_mpcheck_2P_2F 47,930 393 33,047 460 1,731 4,665 10,112,792 test_BLS12_381_mpcheck_2P_2F 45,132 308 25,250 544 1,420 3,340 8,559,824 │ │ └── schnorr_tests Test Name Steps Range Check Range Check 96 Add Mod Mul Mod Sierra Gas test_schnorr_SECP256K1 18,321 2,082 15,512 1,808 1,580 4,216,672 │ │ └── tower_pairing_tests Test Name Steps Range Check Range Check 96 Add Mod Mul Mod Sierra Gas test_tower_pairing_BN254_3P 268,869 474 626,255 94,555 50,514 114,248,466 test_tower_pairing_BLS12_381_3P 248,951 556 538,321 86,187 37,849 97,763,802 test_tower_pairing_BN254_2P 219,367 398 486,548 73,494 38,661 89,466,112 test_tower_pairing_BLS12_381_2P 207,121 493 422,516 67,911 28,926 77,498,340 test_tower_pairing_BN254_1P 169,865 322 346,841 52,433 26,808 64,683,758 test_tower_pairing_BLS12_381_1P 165,291 430 306,711 49,635 20,003 57,232,878 test_tower_final_exp_BN254 120,363 246 207,134 31,372 14,955 39,901,404 test_tower_final_exp_BLS12_381 123,509 367 190,906 31,359 11,080 36,972,216 │ └── calldata_tests Test Name Steps Range Check Sierra Gas test_deserialize_full_proof_with_hints_bls12_381 22,272 4,714 2,557,180 │ └── sha512_tests Test Name Steps Range Check Bitwise Sierra Gas test_sha512_lorem_ipsum 102,856 18,169 4,904 14,416,462 test_size_zero 37,579 6,404 1,640 5,162,300 test_sha512_size_one 37,564 6,403 1,640 5,160,730 └── utils::neg_3::tests Test Name Steps Range Check Sierra Gas test_scalar_to_epns 6,103 928 675,260 test_scalar_to_epns_single 1,940 297 214,790

---

🔄 To regenerate these benchmarks: Run make profile-test from the project root.

Support & How to Contribute

We warmly welcome contributions and support from the community! Here's how you can help Garaga grow and improve:

Reporting Issues & Requesting Features

• Spot a bug? Have a feature request? Check out our issues page to see if it's already been reported or to open a new issue.

Contributing to Garaga

• Interested in contributing? Please take a moment to read our contribution guidelines for details on how to get started. Your contributions make the open-source community an incredible place for learning, inspiration, and creation.

Showing Support

• Love Garaga? Give us a star on GitHub to show your support.
• Spread the word: Share your excitement about Garaga on social platforms like Twitter, Dev.to, Medium, or your personal blog.
• Join the conversation: Connect with us and other Garaga enthusiasts on our Telegram group.

Every contribution, whether it's code, feedback, or spreading the word, greatly benefits everyone and is deeply appreciated. Thank you for being a part of Garaga's journey!

Security

Garaga follows good practices of security, but 100% security cannot be assured. Garaga is provided "as is" without any warranty. Use at your own risk.

For more information and to report security issues, please refer to our security documentation.

License

This project is licensed under the MIT license.

See LICENSE for more information.

Acknowledgements

• Huge props to tekkac and feltroidprime for their initial work on provable pairing-based cryptography in StarkNet.
• Credits to Nethermind for their initial work on optimized modular arithmetic.
• Herodotus for supporting this project.
• Gnark project and team, especially yelhousni for his amazing knowledge and support.
• OnlyDust and Starkware.
• Liam Eagen and Andrija Novakovic for their support and amazing research.

Resources

• Craig Costello, Pairing for beginners
• Y. El Housni, "Pairings in Rank-1 Constraint Systems," Cryptology ePrint Archive, Report 2022/1162, 2022. Available: https://eprint.iacr.org/2022/1162.
• feltroidprime. "Faster Extension Field multiplications for Emulated Pairing Circuits." HackMD, https://hackmd.io/@feltroidprime/B1eyHHXNT.
• Liam Eagen, "Zero Knowledge Proofs of Elliptic Curve Inner Products from Principal Divisors and Weil Reciprocity," Cryptology ePrint Archive, Report 2022/596, 2022. Available: https://eprint.iacr.org/2022/596
• Andrija Novakovic and Liam Eagen, "On Proving Pairings," Cryptology ePrint Archive, Paper 2024/640, 2024. Available: https://eprint.iacr.org/2024/640
• Liam Eagen, Youssef El Housni, Simon Masson, and Thomas Piellard, "Fast elliptic curve scalar multiplications in SN(T)ARK circuits," Cryptology ePrint Archive, Paper 2025/933, 2025. Available: https://eprint.iacr.org/2025/933

Note: This list is not exhaustive, and is not intended to be.

Contributors

For a full list of all authors and contributors, see the contributors page.

Thanks goes to these wonderful people (emoji key):

_{Feltroid Prime}
💻 _{Abdel @ StarkWare}
💻 _{Tarik K.}
💻 _{Bachir Arif}
💻 _{Renaud Dubois}
💻 _{Rodrigo Ferreira}
💻 _{Luiz Vasconcelos Júnior}
💻 _{Shramee Srivastav}
💻 _{Andrija Novakovic}
💻 _{Liam Eagen}
💻 _{Paul Etscheit}
💻 _{stefanMadzharov}
💻 Add your contributions

This project follows the all-contributors specification. Contributions of any kind welcome!