Quickstart
Get from zero to a verified ZK proof in four steps. No cryptography knowledge required.
Get an API key
Sign up for a free account (100 proofs/month, no credit card). Your API key (tzk_...) will be emailed instantly.
Submit a proof
Use a proof template to prove something without revealing secrets. This example proves you know a number between 0 and 100 — without showing the number.
The witness_steps are internal computation values that encode your secret. The verifier never sees them — they stay private.
curl -X POST https://api.tinyzkp.com/prove/template/range_proof \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"min":0,"max":100,"witness_steps":[42,44]}}'
Response:
// Save the job_id — you'll need it next
{"job_id":"prf_a1b2c3","status":"proving","eta_ms":1200}
Poll until complete
Proof generation takes 1–5 seconds. Poll the job ID until status is "completed":
curl https://api.tinyzkp.com/prove/prf_a1b2c3 \ -H "Authorization: Bearer tzk_..."
Response when done:
{"status":"completed","proof":{"version":4,"bytes":"0x6a8f...","size_kb":12.4}}
If status is still "proving", wait a second and try again. When it’s "completed", copy the entire proof object.
Verify the proof
Pass the proof object from step 3 to the verify endpoint. Verification is always free — no charge. Auth is required only to prevent abuse.
curl -X POST https://api.tinyzkp.com/verify \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"proof":{"version":4,"bytes":"0x6a8f...","size_kb":12.4}}'
Response:
// The verifier confirmed the proof without learning your secret
{"valid":true,"verified_in_ms":2.8}
Common errors
| Status | Meaning | Fix |
|---|---|---|
401 | Missing or invalid API key | Check your Authorization: Bearer tzk_... header |
409 | Proof not ready yet | Poll GET /prove/:job_id until status is "completed" |
429 | Rate limit exceeded | Wait and retry. Free plan: 10 requests/min. See plan limits |
402 | Monthly spending cap reached | Wait for next billing cycle or contact us to upgrade |
Client-Side Verification
Verify proofs entirely client-side with the @tinyzkp/verify WASM package. No server roundtrip, no API key required for verification.
npm install @tinyzkp/verify
Browser
import init, { verify } from '@tinyzkp/verify'; await init(); // load WASM binary (~785 KB) const result = verify({ version: 4, bytes: proofBytes }); console.log(result.ok); // true console.log(result.version); // 4
Node.js
const { verify_json } = require('@tinyzkp/verify'); const result = verify_json(JSON.stringify(proofObject)); console.log(result.ok); // true
- Offline verification — no network request, no API key needed
- Edge-compatible — runs in Cloudflare Workers, Deno, Vercel Edge Functions
- ~785 KB WASM binary (gzips to ~300 KB)
- Returns
{ ok: bool, error?: string, version?: number }
Authentication
All endpoints (including /verify) require a Bearer token in the Authorization header:
Authorization: Bearer tzk_...
- Your API key is delivered via email after signing up.
- The
/verifyendpoint is free (no charge) but requires your API key to prevent abuse. - Keep your API key secret. Do not expose it in client-side code or public repositories.
Key Rotation
Rotate your API key at any time. Your old key is immediately invalidated and a new key is returned. Limited to once per 24 hours.
curl -X POST https://api.tinyzkp.com/api/rotate-key \ -H "Authorization: Bearer tzk_YOUR_CURRENT_KEY"
Response:
{
"api_key": "tzk_NEW_KEY_HERE...",
"prefix": "tzk_a3b2...",
"message": "Key rotated successfully. Your old key is now invalid."
}
API Endpoints
All endpoints are served from https://api.tinyzkp.com.
| Method | Path | Auth | Description |
|---|---|---|---|
| TEMPLATE DISCOVERY | |||
| GET | /templates |
None | List all proof templates |
| GET | /templates/:id |
None | Get template schema + example |
| POST | /estimate |
None | Estimate cost, time, and proof size |
| PROVING | |||
| POST | /prove/template/:id |
Required | Submit proof via template (recommended) |
| POST | /prove |
Required | Submit proof via workload_id or program |
| POST | /prove/batch |
Required | Submit multiple prove jobs |
| GET | /prove/:job_id |
Required | Get job status and result |
| GET | /prove/:job_id/inspect |
Required | Detailed proof breakdown + timing |
| POST | /prove/:job_id/cancel |
Required | Cancel a running job |
| DELETE | /prove/:job_id |
Required | Delete a completed job |
| GET | /prove |
Required | List jobs (with ?status, ?limit, ?offset) |
| VERIFICATION | |||
| POST | /verify |
Required | Verify a proof (free, no charge) |
| POST | /aggregate |
Required | Aggregate multiple proofs into one digest |
| BILLING & OPS | |||
| GET | /usage |
Required | View usage and estimated costs |
| GET | /proof/:job_id/calldata |
Required | Get EVM on-chain calldata |
| GET | /healthz |
None | Liveness check |
| GET | /metrics |
None | Prometheus metrics |
| GET | /docs |
None | Interactive Swagger UI |
| ACCOUNT | |||
| POST | /api/rotate-key |
Required | Rotate API key (once per 24h). Details |
Proof Templates
TinyZKP ships with six proof templates that cover common zero-knowledge use cases. Templates handle all the cryptographic complexity — you just provide your data. Use POST /prove/template/:id to prove, or browse templates with GET /templates.
| Template | What It Proves (Plain English) | Key Parameters |
|---|---|---|
range_proof |
“I know a number between X and Y” — without revealing the number. Use for age verification, credit score ranges, balance checks. | min, max, witness_steps[] |
hash_preimage |
“I know the secret that produces this hash” — without revealing the secret. Use for password proofs, commitment schemes. | digest, preimage_steps[] |
computation_attestation |
“Running this function on my secret inputs gives this public result” — without revealing the inputs. Use for ML inference proofs, auditing. | steps[], expected_output |
accumulator_step |
“Starting from X, applying these deltas reaches Y” — proves a chain of additions is correct. Use for balance updates, state transitions. | initial, final, deltas[] |
policy_compliance |
“These actions stayed within the allowed limit” — proves spending or quota compliance. Use for budget enforcement, regulatory reporting. | actions[], threshold |
data_integrity |
“These data elements add up to this checksum” — proves data hasn’t been tampered with. Use for audit trails, supply chain verification. | elements[], checksum |
Template Examples
Each template below is a complete, copy-paste working example. Replace tzk_... with your API key and run.
The Python and TypeScript snippets use the official TinyZKP HTTP-API client SDKs. Install once, then any subsequent example just works:
pip install tinyzkp # Python (PyPI) npm install tinyzkp # TypeScript / JS (npm, ESM + CJS) cargo add tinyzkp # Rust (Cargo)
range_proof — prove a value is in [min, max]
Proves an integer V satisfies min ≤ V ≤ max without revealing V. Encode (V - min) as additive witness_steps. Example: prove a balance is between $0 and $10,000 by encoding the actual value $4,237 as [2000, 2237] (or any decomposition that sums to 4,237).
curl -X POST https://api.tinyzkp.com/prove/template/range_proof \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"min":0,"max":10000,"witness_steps":[2000,2237]}}'
from tinyzkp import TinyZKPSync
with TinyZKPSync("https://api.tinyzkp.com", api_key="tzk_...") as c:
job = c.prove_template("range_proof", params={"min":0,"max":10000,"witness_steps":[2000,2237]})
proof = c.wait_for_proof(job)
assert c.verify(proof).ok
import { TinyZKP } from "tinyzkp";
const c = new TinyZKP("https://api.tinyzkp.com", { apiKey: "tzk_..." });
const job = await c.proveTemplate("range_proof", { min:0, max:10000, witness_steps:[2000,2237] });
const proof = await c.waitForProof(job);
console.log((await c.verify(proof)).ok); // true
hash_preimage — prove knowledge of a secret behind a hash
Proves you know a preimage whose iterative arithmetic hash equals a public digest. The preimage stays hidden when ZK is enabled. Use for password attestations and commitment opening.
curl -X POST https://api.tinyzkp.com/prove/template/hash_preimage \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"digest":12,"preimage_steps":[7,3,2]},"zk":true}'
job = c.prove_template("hash_preimage",
params={"digest":12, "preimage_steps":[7,3,2]}, zk=True)
computation_attestation — prove f(secret) = public_output
Proves that applying a secret sequence of additive steps produces a public output. The steps stay hidden; only the output is revealed. Use for ML inference receipts or attesting an agent did the work it claims.
curl -X POST https://api.tinyzkp.com/prove/template/computation_attestation \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"steps":[3,5,7,11],"expected_output":26}}'
job = c.prove_template("computation_attestation",
params={"steps":[3,5,7,11], "expected_output":26})
accumulator_step — prove a chain of state transitions
Proves that applying a sequence of additive deltas to initial reaches final. Use for balance updates, ledger reconciliation, or rollup transition attestation.
curl -X POST https://api.tinyzkp.com/prove/template/accumulator_step \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"initial":1000,"final":1450,"deltas":[100,200,150]}}'
job = c.prove_template("accumulator_step",
params={"initial":1000, "final":1450, "deltas":[100,200,150]})
policy_compliance — prove cumulative actions stayed under a threshold
Proves that sum(actions) ≤ threshold without revealing individual actions. Classic agent receipt: prove the agent's spending stayed under a daily cap, or its requests stayed under a rate limit, without exposing each transaction.
curl -X POST https://api.tinyzkp.com/prove/template/policy_compliance \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"actions":[150,200,75,300,180],"threshold":1000},"zk":true}'
job = c.prove_template("policy_compliance",
params={"actions":[150,200,75,300,180], "threshold":1000}, zk=True)
data_integrity — prove a dataset matches a committed checksum
Proves that sum(elements) == checksum. Use for dataset audits, ledger balance attestation, or proving a batch of records is complete.
curl -X POST https://api.tinyzkp.com/prove/template/data_integrity \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{"params":{"elements":[100,250,75,500,125],"checksum":1050}}'
job = c.prove_template("data_integrity",
params={"elements":[100,250,75,500,125], "checksum":1050})
Plan Tiers
Rate limits, concurrency, and per-proof discounts vary by plan. All plans include free verification. Self-serve signup ships Free, Developer, and Scale directly. Team is documented here for completeness because the per-proof rate sheet supports it — provisioned via contact as a custom contract.
| Free | Developer | Team | Scale | |
|---|---|---|---|---|
| Monthly Base | $0 | $19 | $49 | $199 |
| Per-Proof Discount | — | Base rates | 25% off | 40% off |
| Prove RPM | 10 | 100 | 300 | 500 |
| Verify RPM | 30 | 300 | 900 | 1,500 |
| Max Inflight Jobs | 1 | 4 | 8 | 16 |
| Monthly Spend Cap | $5 | $500 | $2,500 | $10,000 |
| Max Prove Time | 5 min | 10 min | 30 min | 60 min |
Per-Proof Pricing
Pay per proof based on trace complexity. Team and Scale plans receive automatic discounts on every proof. These rates are 10–40x lower than running traditional provers, thanks to our O(√N) memory architecture (where N is the number of computation steps).
| Trace Steps | Developer | Team (-25%) | Scale (-40%) |
|---|---|---|---|
| < 10K | $0.05 | $0.04 | $0.03 |
| 10K – 100K | $0.50 | $0.38 | $0.30 |
| 100K – 1M | $2.00 | $1.50 | $1.20 |
| 1M – 10M | $8.00 | $6.00 | $4.80 |
| > 10M | $30.00 | $22.50 | $18.00 |
Verification is always free
Parameters
Security Parameters
These parameters control the cryptographic strength of your proof.
| Parameter | Description | Default | Notes |
|---|---|---|---|
query_count |
Number of FRI oracle queries | 80 | Server minimum: 80 |
lde_blowup_factor |
Low-degree extension blowup | 2 | Valid values: 2, 4, 8, 16 |
zk_mask_degree |
Zero-knowledge mask degree | 0 | Set > 0 to enable zero-knowledge proofs (v4 format) |
Performance Parameters
These parameters control trace layout and proving speed.
| Parameter | Description | Default | Notes |
|---|---|---|---|
block_size |
Trace rows per block | — | Must be a power of 2. Server max: 1,048,576 |
fri_final_poly_size |
Final FRI polynomial size | — | Typical values: 1–4 |
Zero-Knowledge Mode
By default, TinyZKP proofs prove that a computation is correct, but the proof structure reveals information about the trace. To hide the computation entirely, enable zero-knowledge masking by setting zk_mask_degree in your prove request.
curl -X POST https://api.tinyzkp.com/prove/template/range_proof \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{
"params": {"min": 0, "max": 100, "witness_steps": [42, 44]},
"zk_mask_degree": 1
}'
zk_mask_degree: 0(default) — standard proof, no zero-knowledge maskingzk_mask_degree: 1or higher — ZK-masked proof (protocol v4). The verifier learns nothing except that the statement is true.- When using templates, you can also pass
"zk": trueas a shorthand for"zk_mask_degree": 1. - ZK masking adds minimal overhead. Proofs are slightly larger but verification time is unchanged.
Cost Estimation
Estimate cost, proving time, and proof size before generating a proof. This endpoint is public — no authentication required.
# Estimate cost for a range proof
curl -X POST https://api.tinyzkp.com/estimate \
-H "Content-Type: application/json" \
-d '{
"template_id": "range_proof",
"params": {"min": 0, "max": 100, "witness_steps": [42, 44]}
}'
Response:
{
"estimated_trace_length": 128,
"tier": "Tiny",
"estimated_cost_cents": 5,
"estimated_time_ms": { "min": 50, "max": 200 },
"estimated_proof_size_bytes": { "min": 7000, "max": 15000 }
}
- No auth required — use this to preview costs without an API key.
- You can also estimate by program length:
{"program_length": 500}. - The
tierfield maps to the pricing tiers (Tiny, Standard, Large, Enterprise, XL).
Batch Proving
Submit 1–100 prove jobs in a single request. Each job is billed individually by trace length.
curl -X POST https://api.tinyzkp.com/prove/batch \
-H "Authorization: Bearer tzk_..." \
-H "Content-Type: application/json" \
-d '{
"requests": [
{"workload_id": "range_proof", "params": {"min": 0, "max": 100, "witness_steps": [20, 22]}},
{"workload_id": "range_proof", "params": {"min": 0, "max": 50, "witness_steps": [10, 12]}},
{"workload_id": "data_integrity", "params": {"elements": [1, 2, 3], "checksum": 6}}
]
}'
Response:
{
"job_ids": ["a1b2c3...", "d4e5f6...", "g7h8i9..."]
}
- Job IDs are returned in the same order as the requests.
- Atomic rate limiting — if the batch would exceed your RPM quota, the entire batch is rejected (no partial submission).
- Maximum batch size: 100 requests.
- Poll each job individually via
GET /prove/:job_id.
Proof Inspection
Get a detailed breakdown of a completed proof, including trace metadata, commitment digests, and verification timing.
curl https://api.tinyzkp.com/prove/JOB_ID/inspect \ -H "Authorization: Bearer tzk_..."
Response:
{
"trace_commitment_digest": "a1b2c3d4...",
"initial_acc": 0,
"final_acc": 42,
"trace_length": 128,
"query_commitments": {
"trace_commitment": "a1b2c3d4...",
"composition_commitment": "e5f6a7b8...",
"fri_commitment": ""
},
"commitment_scheme": "STARK",
"version": 4,
"verify_time_ms": 3
}
- The proof must be completed before inspection is available (returns 409 if still proving).
commitment_schemeis"STARK"for standard proofs or"KZG"for recursively aggregated proofs.verify_time_msis the server-side verification time, useful for benchmarking.
EVM Calldata
Extract ABI-encoded calldata for on-chain verification. Use this to submit proofs to a Solidity verifier contract.
curl https://api.tinyzkp.com/proof/JOB_ID/calldata \ -H "Authorization: Bearer tzk_..."
Response:
{
"calldata": "0x6a8f3b2c...",
"size_bytes": 1248
}
Workflow:
- Generate a proof via
POST /prove/template/:id - Wait for completion via
GET /prove/:job_id - Retrieve calldata via
GET /proof/:job_id/calldata - Submit the calldata to a Solidity verifier contract on-chain
- The calldata is ABI-encoded and ready to submit directly to the verifier contract’s
verify()function. - Note the path:
/proof/:job_id/calldata(not/prove/).
On-Chain Verification (Solidity)
The StarkVerifier contract verifies proofs on-chain using recursive KZG verification via the BN254 pairing precompile (~300K gas). The contract is open source at contracts/StarkVerifier.sol.
const verifier = new ethers.Contract(VERIFIER_ADDRESS, [ "function verifyRecursiveProof(bytes calldata) view returns (bool)" ], provider); // Get calldata from TinyZKP API const { calldata } = await fetch(`https://api.tinyzkp.com/proof/${jobId}/calldata`, { headers: { Authorization: `Bearer ${apiKey}` } }).then(r => r.json()); // Verify on-chain const valid = await verifier.verifyRecursiveProof(calldata); console.log("On-chain verified:", valid); // true
- ~300K gas per verification via recursive KZG/Halo2 wrapping
- Accepts 3 public inputs:
initial_acc,final_acc,trace_length - The contract interface is at
IHcStarkVerifier.sol
MCP Integration
TinyZKP ships as an MCP server so AI agents can generate and verify proofs natively.
Install
Download the hc-mcp binary from the GitHub releases page, or build from source:
cargo install --path crates/hc-mcp
Configure
Add to your claude_desktop_config.json:
{
"mcpServers": {
"tinyzkp": {
"command": "hc-mcp",
"args": ["--api-key", "tzk_..."]
}
}
}
Available MCP Tools
Remote Access (HTTP)
Connect to TinyZKP’s MCP server remotely — no binary installation required:
claude mcp add --transport http tinyzkp https://mcp.tinyzkp.com
# Run the HTTP MCP server locally HC_MCP_HTTP_PORT=3001 cargo run -p hc-mcp --bin hc-mcp-http # Connect Claude Code to your local server claude mcp add --transport http tinyzkp http://localhost:3001/mcp
- The hosted server at
https://mcp.tinyzkp.comrequires your TinyZKP API key - Supports both SSE streaming and JSON responses
- Works with any MCP-compatible client (Claude Code, Cursor, VS Code, etc.)
Glossary
Key terms used throughout this documentation, explained in plain English.
| Term | What It Means |
|---|---|
proof | A short piece of data that proves a computation was done correctly — without revealing the inputs. Anyone can verify it quickly. |
witness_steps | The private values that encode your secret in a proof template. These are never revealed to the verifier — they stay on the server during proving and are discarded after. Think of them as your secret answer that the proof vouches for. |
trace | The step-by-step record of a computation. Each instruction the prover executes creates a row in the trace. A longer trace = more computation = higher cost. |
trace_length | How many steps the computation has. This determines which pricing tier your proof falls into (e.g., <10K steps = Tiny tier at $0.05). |
template | A pre-built proof program for a common use case (range proof, hash preimage, etc.). Templates handle all the complexity — you just provide parameters. |
zk_mask_degree | Set to 1 or higher to enable zero-knowledge mode. This hides the computation itself, not just the inputs. Default (0) = the proof reveals trace structure. |
block_size | Internal parameter controlling how the trace is divided into chunks. The API sets this automatically — you almost never need to change it. |
FRI | Fast Reed–Solomon Interactive Oracle Proof of Proximity. The core cryptographic protocol TinyZKP uses. You don’t need to understand it to use the API. |
lde_blowup_factor | Controls how much the trace is expanded for error detection. Higher = stronger security but larger proofs. Default (2) is fine for most use cases. |
initial_acc / final_acc | The starting and ending accumulator values of a computation. For templates, these are set automatically from your parameters. For raw programs, they define the expected input→output. |
STARK | Scalable Transparent ARgument of Knowledge. The type of proof system TinyZKP uses. “Transparent” means no trusted setup ceremony is needed. “Scalable” means verification is fast regardless of computation size. |
KZG | Kate–Zaverucha–Goldberg polynomial commitment. Used in recursive proof aggregation for efficient on-chain verification (~300K gas vs. millions). |
Interactive API Reference
Explore the full API interactively with our Swagger UI. Try endpoints directly from your browser.