Announcing breakthrough advancements in using zkSNARKs for Proof of Video Transcoding

Jun 4 · 7 min read

Ram Penke, Devadutta Ghat, and Taras Shchybovyk

A few months back, we shared our initial research into performing on-chain video transcode verification using zkSNARKs. Today, we are super excited to announce and demonstrate breakthrough advancements in our quest to perform on-chain proof of transcoding verification.

We have successfully implemented an on-chain proof of transcoding that uses a smart contract to verify proof of transcoding. This is achieved by using a verifiable outsourced computation circuit which constructs mechanisms for proving correct execution of proof of transcoding and generates zero knowledge succinct proofs.

In this initial implementation, we’ve accomplished verifiable outsourced SSIM computation using ffmpeg and TinyRAM and the corresponding smart contracts that use the precompiled contracts from EIP196 and EIP197.

There’s a lot to unpack here, so lets go over step by step. Here is a quick refresher on the path we took to get here.

  1. Proof of Transcoding (PoT) using bitstream analysis — as described in the VideoCoin Whitepaper

Our first implementation of PoT was based on analyzing a part of the video bitstream and performing a bit precise matching of the GoP.

This had a major drawback — encoders had to be homogenous. This meant that only one type of encoder could ever be used on the network and any small drift in encoder versions would cause a lot of problems on the network with false positives on PoT failures.

2. Perceptual Hash-based Proof of Transcoding

In our second iteration which we demonstrated during our Testnet Launch, we showed how PoT can be performed with perceptual hash functions. You can read all about it here, including detailed performance benchmarks.

The problem here was that the verifier node needed access to the source stream, which while not unreasonable, meant that the verifier node had to establish a connection with the source

3. Zero Knowledge Transcode Verification with zkSNARKS

In February, we published our first attempts to remove the need for having a verifier node and perform all transcode verification on-chain. In this initial implementation, we were using pHash from the stream.

You can read all about our first publications here

zkSNARKs for VideoCoin Proof-of-Transcode

zkSNARKs(Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) is a very powerful tool for verification of outsourced computation. The the correctness of computations can be verified without having to re-execute it.

Core support for zkSNARKS in Ethereum is enabled through precompiled contracts EIP196 and EIP197 that provide elliptic curve operations for addition, scaling and pairing check. Refer[4],[5] for details of the Ethereum precompiled contracts.

VideoCoin uses zkSNARKs for proof-of-transcode by using a video quality metric called SSIM(Structural Similarity Index). zkSNARKs facilitates to move compute intensive proof calculations off-chain and light-weight on-chain verification in a smart-contract. Refer [7] for detailed description of zkSNARks and for a lighter reading refer to the blog post [12]

zkSNARKs uses Elliptic curve pairing for homomorphic hiding / encoding / encryption. In addition to elliptic curve pairing, a stage in the zk-SNARKS involves translation of computations into polynomials called a Quadratic Arithmetic Program (QAP). Computations are first converted to an Arithmetic circuit. An arithmetic circuit consists of gates computing arithmetic operations like addition and multiplication, with wires connecting the gates.

The following diagram shows an overview of video-coin proof-of-transcode using zkSNARKS. We use SSIM generated by the proof system from a macroblock at random offsets in the committed transcoded stream.

zk-SNARKS in VideoCoin

The proof-of-transcode includes the following modules:

  1. Library for Setting up Transcode proof system

Computation (algorithm) that performs the following

  • Extracts MBs at random offsets

Key Generation

  • Generation of Proving Key

2. Library for proof generation:

  • Extraction of witness (public and private inputs) which consists macroblocks from source and transcoded streams.

3. A smart contract that performs the following:

  • Maintains escrow records for video segment transcode requests. Each escrow record contains the precomputed challenge supplied by the client library along with mining reward amount,\

Performance and scalability of proof-of-transcode

The zero-knowledge feature of zkSNARKS property allows the prover to hide details about the computation from the verifier in the process, and so they are useful for both privacy and performance. This enables a embedding verifier in a smart-contract and offload most of the computation to prover. As the smart-contract runs on all the blockchain nodes and prover runs only on one client, this helps achieve scalability.

Implementation Overview

Our implementation uses libsnark and front-end libraries

An ffmpeg based custom tool retrieves the macroblocks from the streams and feeds it to the proof generation system.

The following diagram (excerpted from [26]) shown below gives a an overview of libsnark stack:

Source [26]

Key generation, proof generation and verification

zkSnarks includes three steps:

  • A one-time setup phase where required Computation is transformed to zkSNARKs prover key and verification key through several internal steps that include Algebraic circuit generation, R1CS and QAP. It also includes generation of random values that are used in generation of the keys and discarded (anyone accessing these random values, if not properly discarded, can create attacks).


TinyRAM [23] is used to support general computations written in high level languages. So, we can apply macro-block decoding as tinyRAM program to get computational proofs. To achieve this we have to go though few steps:

  • Macro-block decoding algorithm should be converted into tinyRAM assembly code.


We used the core implementation of SSIM from x264 and adapted for Pepper compiler [24]

Verification time for all cases ~5 ms.


  • Key-pair generation — one-time action


1. Exploring Elliptic Curve Pairings, by Vitalik Buterin

2. Having Fun With BN-curves, by Prof Bill Buchanan OBE

3. Pairings for beginners, by Craig Costello

4. Precompiled contracts for addition and scalar multiplication on the elliptic curve alt_bn128, by Vitalik Buterin

5. Precompiled contracts for optimal ate pairing check on the elliptic curve alt_bn128, by Vitalik Buterin

6. Mathematical Foundations of Elliptic Curve Cryptography, by C Koppensteiner

7. Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture,by Eli Ben-Sasson et al.

8. Scalable, transparent, and post-quantum secure computational integrity, by Eli Ben-Sasson et al

9. Bulletproofs: Short Proofs for Confidential Transactions and More, by Benedikt B¨unz et al

10. Pinocchio: Nearly Practical Verifiable Computation, by Bryan Parno et al

11. A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK, by Sean Bowe et al

12. zkSNARKs in a nutshell, by Christian Reitwiessner

13. Reducing Shielded Proving Time in Sapling, by Paige Peterson

14. Zcash Protocol Specification, by Sean Bowe et al

15. Zcash Protocol Specification, by Jacob Eberhardt et al

16. zk-SNARK explained: Basic Principles, by Hartwig Mayer

17.ZoKrates Opensource tool for zkSNARKs, by Sean Bowe et al

18.Verified computation and its applications,course conclusion, by Eran Tromer

19.A scalable verification solution for blockchains, by Jason Teutsch et al

20.WIP PoC verification system for the Livepeer protocol using Truebit

21. PhotoProof: Cryptographic Image Authentication for Any Set of Permissible Transformations, by Assa Naveh et al

22. Code performance improvement scheme for X264 based on SSIM, by Weilin Wu et al

23. Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture

24. The Pepper Project

25. Analysis and Implementation of the H.264 CABAC entropy decoding engine, by Martinus Johannes Pieter Berkhof

26. On Deploying Succinct Zero-Knowledge Proofs, by Madars Vizra


Powering the Internet's Largest Ecosystem


Written by


Video Infrastructure for the Blockchain-Enabled Internet Telegram Website



Powering the Internet's Largest Ecosystem

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade