.witness
.circuit
v0.1.0-beta.1 | Public beta

Write code. Generate proofs.

A zero-knowledge DSL with dual execution — run your code in a full VM or compile it to arithmetic circuits. Same syntax, two targets.

Get Started
View on GitHub
commitment.ach
> Proof verified ✓ (Groth16, 192 bytes, 0.84s)
.metrics
1,000+
Tests passing
2
Security audits
2
Proof backends
0
External deps
.modules
Capabilities

Why Achronyme

Other ZK tools force you to choose between expressiveness and efficiency. Achronyme gives you both.

Dual Execution

One language, two targets. Write closures, recursion, and GC-managed collections in VM mode. The same syntax compiles to R1CS or Plonkish circuits. No separate circuit language needed.

First-Class Proofs

prove {} blocks return real proof objects. Chain them, extract components with proof_json(), verify with verify_proof(). Proofs are values, not CLI artifacts.

Native Provers

Groth16 and PlonK run in-process — a single Rust binary, zero external dependencies. No Node.js, no snarkjs ceremony dance, no 5-step CLI workflow.

Compile-Time Safety

Under-constrained circuits are catastrophic ZK bugs. Achronyme's taint analysis detects unproven witness variables before a single proof is generated.

On-Chain Verification

Export .r1cs and .wtns files for snarkjs. Generate Solidity verifier contracts with --solidity and verify proofs directly on Ethereum.

Optimized Circuits

Boolean propagation tracks proven-boolean variables and skips redundant constraints. Constant folding and dead code elimination shrink circuits automatically.

.diff
Compare

The difference

Proving a Poseidon commitment: Circom + snarkjs vs Achronyme.

Circom + snarkjs
7 steps, 3 tools, 2 languages 
// 1. Write the circuit (Circom DSL)
template Commitment() {
    signal input secret;
    signal input blinding;
    signal output cm;
    component h = Poseidon(2);
    h.inputs[0] <== secret;
    h.inputs[1] <== blinding;
    cm <== h.out;
}

// 2. Compile to R1CS
$ circom commitment.circom --r1cs --wasm

// 3. Write witness generator (JavaScript)
const input = { secret: "12345", blinding: "98765" };
const w = await circuit.calculateWitness(input);

// 4. Download Powers of Tau
$ wget ptau.hermez.io/powersOfTau28_12.ptau

// 5. Trusted setup ceremony
$ snarkjs groth16 setup commitment.r1cs pot.ptau key.zkey
$ snarkjs zkey contribute key.zkey final.zkey

// 6. Generate proof
$ snarkjs groth16 prove final.zkey witness.wtns proof.json

// 7. Verify
$ snarkjs groth16 verify vkey.json public.json proof.json
Achronyme
6 lines, 1 file, 1 command
1
2
3
4
5
6
7
8
9
10
11
12
let secret = 0p12345
let blinding = 0p98765

prove {
    witness secret
    witness blinding
    public commitment
    let cm = poseidon(secret, blinding)
    assert_eq(cm, commitment)
}

// ✓ Proof generated + verified (Groth16)
.repl
Examples

See it in action

From simple programs to zero-knowledge proofs — all in one language.

secret_vote.ach
ZK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
// Secret voting — eligibility + privacy + anti-double-vote
public merkle_root
public nullifier
public vote
public election_id
witness secret
witness path[2]
witness indices[2]: Bool

// 1. Voter commitment (hidden)
let commitment = poseidon(secret, 0)

// 2. Prove voter is in the registry
merkle_verify(merkle_root, commitment, path, indices)

// 3. Nullifier prevents double-voting
let expected = poseidon(secret, election_id)
assert_eq(expected, nullifier)

// 4. Vote must be 0 or 1
range_check(vote, 1)

// ~2,179 constraints — ready for on-chain verification