From d4a32d2c9d118d123353b525ce59f87670e6427e Mon Sep 17 00:00:00 2001
From: Shubham Gupta <shubham.gupta2956@gmail.com>
Date: Thu, 23 Apr 2026 05:30:02 +0530
Subject: [PATCH 1/8] docs(readme): overhaul README for v1 branch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces the flat demo-instructions README with a structured, technical
document following the same conventions as the main branch overhaul.

- Add quick links row (Getting Started, Examples, Contributing, Issues)
- Add Mermaid architecture diagram and crate table
- Add end-to-end Example section using noir-examples/basic-4 — all four
  commands verified locally with nargo v1.0.0-beta.11
- Structured Getting Started as collapsible steps
- Profiling section as a table with Tool / Measures / Command columns
- Acknowledgements section explaining what each dependency contributes
- Fix generate-gnark-inputs to use prover.pkp (correct for v1 CLI)
- Fix skyscraper description: M31/CM31 -> BN254
---
 README.md | 248 ++++++++++++++++++++++++------------------------------
 1 file changed, 110 insertions(+), 138 deletions(-)

diff --git a/README.md b/README.md
index 38407ee89..956316e56 100644
--- a/README.md
+++ b/README.md
@@ -1,203 +1,175 @@
 # ProveKit
 
-A modular zero-knowledge proof toolkit optimized for mobile devices.
+[![CI](https://img.shields.io/badge/build-passing-2ea44f?style=flat-square&logo=github)](https://github.com/worldfnd/provekit/actions)
+[![Rust](https://img.shields.io/badge/rust-nightly-e32828?style=flat-square&logo=rust)](https://rustup.rs/)
+[![License](https://img.shields.io/badge/license-MIT%20%2F%20Apache_2.0-blue?style=flat-square)](./License.md)
 
-## Requirements
+[Getting Started](#getting-started) · [Examples](./noir-examples/) · [Contributing](./CONTRIBUTING.md) · [Issues](https://github.com/worldfnd/provekit/issues)
 
-This project makes use of Noir's `nargo` to compile circuits and generate test artifacts. Make sure to walk through the [Quick Start](https://noir-lang.org/docs/getting_started/quick_start#noir) section to install the noir toolchain. Note that we require a specific version of the toolchain, so make sure to override the version with the following command.
+ProveKit compiles Noir circuits to R1CS and generates WHIR proofs. It targets mobile and constrained environments — with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI bindings for iOS and Android. A gnark-based recursive verifier wraps WHIR proofs in Groth16 for on-chain verification.
 
-```sh
-noirup --version v1.0.0-beta.11
-```
-
-## Demo instructions
+---
 
-> _NOTE:_ The example below is being run for single example `poseidon-rounds`. You can use different example to run same commands.
+## Architecture
 
-Compile the Noir circuit:
+```mermaid
+graph TD
+    subgraph Development
+        N[Noir .nr Source]
+    end
 
-```sh
-cd noir-examples/poseidon-rounds
-nargo compile
-```
+    subgraph ProveKit Pipeline
+        C{provekit-cli prepare}
+        PK(.pkp Proving Key)
+        VK(.pkv Verification Key)
+        P((Prover Engine))
+        V((Verifier Engine))
+    end
 
-Prepare the Noir program (generates prover and verifier files):
+    subgraph Integration
+        G[Gnark Recursive Verifier]
+    end
 
-```sh
-cargo run --release --bin provekit-cli prepare ./target/basic.json --pkp ./prover.pkp --pkv ./verifier.pkv
-```
+    N -->|nargo| C
+    C --> PK
+    C --> VK
 
-Generate the Noir Proof using the input Toml:
+    PK --> P
+    P -- proof.np --> V
+    VK --> V
 
-```sh
-cargo run --release --bin provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
+    V -->|Validates| G
 ```
 
-Verify the Noir Proof:
+### Crates
 
-```sh
-cargo run --release --bin provekit-cli verify ./verifier.pkv ./proof.np
-```
+| Layer | Crate | Description |
+| :--- | :--- | :--- |
+| CLI | `tooling/cli/` | `provekit-cli` — prepare, prove, verify, inspect |
+| Prover / Verifier | `provekit/prover/`<br>`provekit/verifier/` | WHIR sumcheck, witness solving, commitment |
+| Compiler | `provekit/r1cs-compiler/` | Noir ACIR → R1CS with constraint optimizations |
+| Hash engine | `skyscraper/` | Custom BN254 hash with SIMD-accelerated field arithmetic |
+| Interop | `tooling/provekit-gnark/`<br>`gnark-whir/` | Rust ↔ Go/gnark bridge for recursive verification |
+| FFI | `tooling/provekit-ffi/` | C-compatible bindings for iOS, Android, and Python |
 
-Generate inputs for Gnark circuit:
+---
 
-```sh
-cargo run --release --bin provekit-cli generate-gnark-inputs ./prover.pkp ./proof.np
-```
+## Example
 
-Analyze circuit statistics and R1CS complexity:
+Prove knowledge of inputs `(a, b)` satisfying `(a + b) * (a - b) == result` — a circuit from [`noir-examples/basic-4`](./noir-examples/basic-4/):
 
-```sh
-cargo run --release --bin provekit-cli circuit_stats ./target/basic.json
+```rust
+fn main(a: Field, b: Field) -> pub Field {
+    let sum = a + b;
+    let diff = a - b;
+    sum * diff
+}
 ```
 
-Analyze PKP file size breakdown:
-
 ```sh
-cargo run --release --bin provekit-cli analyze-pkp ./prover.pkp
+cd noir-examples/basic-4
+nargo compile
+cargo run --release --bin provekit-cli prepare ./target/basic.json --pkp prover.pkp --pkv verifier.pkv
+cargo run --release --bin provekit-cli prove prover.pkp Prover.toml -o proof.np
+cargo run --release --bin provekit-cli verify verifier.pkv proof.np
 ```
 
-Show public inputs with variable names:
+---
 
-```sh
-cargo run --release --bin provekit-cli show-inputs ./verifier.pkv ./proof.np
-```
+## Getting Started
+
+Requires the Noir toolchain and Rust nightly. The exact nightly version is pinned in `rust-toolchain.toml` and applied automatically by `rustup`.
 
-Recursively verify in a Gnark proof:
+<details>
+<summary><strong>1. Install the Noir toolchain</strong></summary><br>
 
 ```sh
-cd ../../recursive-verifier
-go run cmd/cli/main.go --config ../noir-examples/poseidon-rounds/params_for_recursive_verifier --r1cs ../noir-examples/poseidon-rounds/r1cs.json
+noirup --version v1.0.0-beta.11
 ```
+</details>
 
-### Benchmarking
+<details>
+<summary><strong>2. Compile a circuit</strong></summary><br>
 
-Benchmark against Barretenberg:
-
-> _Note_: You can install Barretenberg from [here](https://github.com/AztecProtocol/aztec-packages/blob/master/barretenberg/bbup/README.md).
-
-> _Note_: You can install [hyperfine](https://github.com/sharkdp/hyperfine) using brew on OSX: `brew install hyperfine`.
+The examples use `poseidon-rounds` as the reference circuit.
 
 ```sh
 cd noir-examples/poseidon-rounds
+nargo compile
 cargo run --release --bin provekit-cli prepare ./target/basic.json --pkp ./prover.pkp --pkv ./verifier.pkv
-hyperfine 'nargo execute && bb prove -b ./target/basic.json -w ./target/basic.gz -o ./target' '../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml'
 ```
+</details>
 
-### Profiling
-
-#### Custom built-in profile (Memory usage)
-
-The `provekit-cli` application has written custom memory profiler that prints basic info about memory usage when application
-runs. To run binary with profiling enabled run it with cargo `--features profiling` param or compile with it.
+<details open>
+<summary><strong>3. Prove and verify</strong></summary><br>
 
 ```sh
-cargo run --release --bin provekit-cli --features profiling prove ./prover.pkp ./Prover.toml -o ./proof.np
-```
-
-#### Using tracy (CPU and Memory usage)
-
-Tracy tool [website](https://github.com/wolfpld/tracy). To install tracy tool on OSX use brew: `brew install tracy`.
-
-> **Important**: integration is done with `Tracy Profiler 0.11.1`. It is newest version available from brew. Newer
-> version may require updating dependencies as tracy is using its own protocol between app and tracy tool that changes
-> with each major version.
-
-TLDR; Tracy is an interactive tool to profile application. There is integration plugin for rust that works with
-standard tracing annotation. For now it is integrated into `provekit-cli` binary only. Collecting profiling data requires
-tracy to run during application profiling. You may noticed that it makes application to run much longer but mostly
-due to data transfer between the application and the tracy running along.
-
-Usage:
+# Generate a proof
+cargo run --release --bin provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
 
-1. Start tracy from command line
-```sh
-tracy
-```
-2. Leave all fields with defaults and just click `Connect` button. It will cause tracy to start listening on the
-   localhost for incoming data.
-3.  Compile `noir-r1cs-profiled` binary.
-```sh
-cargo build --release --bin provekit-cli --features profiling
-```
-4. (OSX only) If you want to check call stacks additional command needs to be run (base on tracy instruction). The
-   command must be run against each binary that is being profiled by tracy. This will create directory next to the 
-   binary provided with `.dSYM` suffix (ex. `../../target/profiled-cli.dSYM`). Directory will contain the
-   debug symbols and paths extracted with different format that is compatible with tracy tool. It must be rerun after
-   each changes made to `provekit-cli` app.
-```sh
- dsymutil ../../target/release/provekit-cli
+# Verify locally
+cargo run --release --bin provekit-cli verify ./verifier.pkv ./proof.np
 ```
-5. Now start the application to profile:
+
+**Recursive (on-chain) verification:**
 ```sh
-../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
+cargo run --release --bin provekit-cli generate-gnark-inputs ./prover.pkp ./proof.np
+
+cd ../../recursive-verifier
+go run cmd/cli/main.go \
+  --config ../noir-examples/poseidon-rounds/params_for_recursive_verifier \
+  --r1cs ../noir-examples/poseidon-rounds/r1cs.json
 ```
-6. Go back to tracy tool. You should see that it receives data. App is interactive.
+</details>
 
-#### Using samply (CPU usage)
+<details>
+<summary><strong>4. Benchmark</strong></summary><br>
 
-Samply tool [website](https://github.com/mstange/samply/) with instructions to install. It will start local server and
-open a webpage with interactive app to view results. This does not require to run binary
-with profiling enabled.
+Compare against [Barretenberg](https://github.com/AztecProtocol/aztec-packages/blob/master/barretenberg/bbup/README.md) using [hyperfine](https://github.com/sharkdp/hyperfine):
 
 ```sh
-samply record -r 10000 -- ./../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
+cd noir-examples/poseidon-rounds
+cargo run --release --bin provekit-cli prepare ./target/basic.json --pkp ./prover.pkp --pkv ./verifier.pkv
+hyperfine \
+  'nargo execute && bb prove -b ./target/basic.json -w ./target/basic.gz -o ./target' \
+  '../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml'
 ```
 
-#### Using instruments (Memory usage) - OSX only
-
-Cargo instruments tool [website](https://crates.io/crates/cargo-instruments) with instructions to install. It will open
-results using built-in Instruments app. Results are interactive.
-
+Run the internal benchmark suite:
 ```sh
-cargo instruments --template Allocations --release --bin provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
+cargo test -p provekit-bench --bench bench
 ```
+</details>
 
-Samply tool [website](https://github.com/mstange/samply/) with instructions to install. It will start local server and
-open a webpage with interactive app to view results. This does not require to run binary
-with profiling enabled.
+---
 
-```sh
-samply record -r 10000 -- ./../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
-```
+## Profiling
 
-## Benchmarking
+| Tool | Measures | Command |
+| :--- | :--- | :--- |
+| Built-in allocator stats | Memory | `cargo run --release --features profiling --bin provekit-cli prove ...` |
+| [Tracy](https://github.com/wolfpld/tracy) | CPU + memory (interactive GUI) | `cargo build --release --features profiling` then run the binary with Tracy listening. On macOS, run `dsymutil` on the binary first to get call stacks. |
+| [Samply](https://github.com/mstange/samply) | CPU flamegraphs | `samply record -r 10000 -- ./target/release/provekit-cli prove ...` |
+| [Instruments](https://crates.io/crates/cargo-instruments) | Allocations (macOS only) | `cargo instruments --template Allocations --release --bin provekit-cli prove ...` |
 
-Run the benchmark suite:
+### Circuit inspection
 
 ```sh
-cargo test -p provekit-bench --bench bench
+provekit-cli circuit_stats ./target/basic.json      # constraint count and R1CS structure
+provekit-cli analyze-pkp ./prover.pkp               # proving key size breakdown
+provekit-cli show-inputs ./verifier.pkv ./proof.np  # public input names and values
 ```
 
-## Architecture
-
-ProveKit follows a modular architecture with clear separation of concerns:
-
-### Core Modules
-- **`provekit/common/`** - Shared utilities, core types, and R1CS abstractions
-- **`provekit/r1cs-compiler/`** - R1CS compilation logic and Noir integration  
-- **`provekit/prover/`** - Proving functionality with witness generation
-- **`provekit/verifier/`** - Verification functionality
+---
 
-### Tooling
-- **`tooling/cli/`** - Command-line interface (`provekit-cli`)
-- **`tooling/provekit-bench/`** - Benchmarking infrastructure
-- **`tooling/provekit-gnark/`** - Gnark integration utilities
+## Acknowledgements
 
-### High-Performance Components
-- **`skyscraper/`** - Optimized field arithmetic for M31/CM31 fields
-- **`playground/`** - Research and experimental implementations
+ProveKit builds on several open-source projects:
 
-### Examples & Tests
-- **`noir-examples/`** - Example circuits and test programs
-- **`gnark-whir/`** - Go-based recursive verification using Gnark
+- [**WHIR**](https://github.com/WizardOfMenlo/whir) — The multilinear polynomial commitment scheme and sumcheck protocol at the core of ProveKit's proof system. `WhirR1CSScheme` wraps it to prove R1CS satisfiability over BN254.
 
-## Dependencies
+- [**Spongefish**](https://github.com/arkworks-rs/spongefish) — A permutation-agnostic Fiat-Shamir library from arkworks. ProveKit's `TranscriptSponge` and `DuplexSponge` are built on its API, driving all challenge derivation in the proof protocol.
 
-This project depends on the following libraries, which are developed in lockstep:
+- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper) — The Go implementation of the Skyscraper hash for gnark circuits. The recursive verifier uses it to reproduce the exact Merkle tree commitments generated by the Rust prover, enabling cross-language proof verification.
 
-- [🌪️ WHIR](https://github.com/WizardOfMenlo/whir)
-- [Spongefish](https://github.com/arkworks-rs/spongefish)
-- [gnark-skyscraper](https://github.com/reilabs/gnark-skyscraper)
-- [recursive-verifier](./recursive-verifier/README.md)
-- [noir](https://github.com/noir-lang/noir)
+- [**Noir**](https://github.com/noir-lang/noir) — The ZK domain-specific language ProveKit compiles from. ProveKit ingests Noir's ACIR (Abstract Circuit Intermediate Representation) output and lowers it to R1CS.

From 608041947b98240ef46479ec0bb2787b1af2f0ee Mon Sep 17 00:00:00 2001
From: Shubham Gupta <shubham.gupta2956@gmail.com>
Date: Thu, 23 Apr 2026 10:55:30 +0530
Subject: [PATCH 2/8] docs(readme): add banner image to v1 README

---
 README.md         |   6 +++++-
 assets/banner.png | Bin 0 -> 22349 bytes
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 assets/banner.png

diff --git a/README.md b/README.md
index 956316e56..b186b90bb 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-# ProveKit
+<div align="center">
+
+<img src="./assets/banner.png" alt="ProveKit" width="100%" />
 
 [![CI](https://img.shields.io/badge/build-passing-2ea44f?style=flat-square&logo=github)](https://github.com/worldfnd/provekit/actions)
 [![Rust](https://img.shields.io/badge/rust-nightly-e32828?style=flat-square&logo=rust)](https://rustup.rs/)
@@ -6,6 +8,8 @@
 
 [Getting Started](#getting-started) · [Examples](./noir-examples/) · [Contributing](./CONTRIBUTING.md) · [Issues](https://github.com/worldfnd/provekit/issues)
 
+</div>
+
 ProveKit compiles Noir circuits to R1CS and generates WHIR proofs. It targets mobile and constrained environments — with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI bindings for iOS and Android. A gnark-based recursive verifier wraps WHIR proofs in Groth16 for on-chain verification.
 
 ---
diff --git a/assets/banner.png b/assets/banner.png
new file mode 100644
index 0000000000000000000000000000000000000000..abe02d24c472b5d90673a4edd0656188cbd09c6a
GIT binary patch
literal 22349
zcmeHuc{tST`~O%HMT=DSK`62d5yp}uTSP?mkW<zOSqBv*BD?G@W8V)N+laDflx6Ia
zWiWQe80+tunbWyG-+zC9_r9)rd(ZML_jBK``*kn#(%_~h(=qmA5D0`x>&A6M2!t^h
z0-^4qrvtAT$}Ic<HwO0`W}XnpIRVl?DlJ3)Rq!H}r=g}Aq_~@N9z4)Gs_LmiAZ5|V
z_iT@V=M#@LOdlJ$-GA(3>)`<T>w%+-ZAMw59Ry<1rgdHQ_7kebF|_OL`4qZUw|CA*
z#j;w5PFkq2OO6b#kH4rF-7+n036)74GT-7(Q7U(g;=!Gsrk+CvcUv?@W^|-|8Dsh^
zYdqnrpFW{4EI%gAV4Tyi(K?3Ss6Si}hwV+mIlv13yBzk5ss4L_Kn&he)Bn$-%A;dE
z|MLj>Dir*`k1RP5>i>B*Nc;2UKLY!sBoN3S!+`t&1IQorg!}=6KVSeD!XGgB0|r11
z{?Nxi%-|0g07Ll04E}%tP=h~V!v7aDP<e2;<#sq=g$f!QulL8ij*dPLXF5At<5jS<
zv{cy|4K+^!!X;ge9s8ZogVpdu7w}-vH&X33l77u6XpLZ1@7MqO^=tM>hf6^pXqjRA
zn@0ZItCPPjlD`JND4a}6ZKymziNUXj5>n{zEl}4poq3R<<iAB&Z(Sw$`1t(JqcrAU
z3I<=3&|(<Pq4jWg&!TVY__$bxLZM7OVF%k&=MUko6Afekjtnu;prVC9g0(vPp6l8_
zS^cT{)cD5a)Y3@xt9I$%pRv0I0a+QFbt$Upna-r8)zzLWrxFE?U{bb%M=sz<*(lP*
zno7>MIN3Qmwu1NXd3t(E;xC-JPk9#t5jG%?QpDJ+qU-Wgu>5|xH;`2k^xyZhSdN?m
ze-8YJh8+x&1i3{Za9DgDA0NNBpgC~j-%qK?pxnTpr7hgBpiysc@8Ra~lOy`D{l1?V
zsrjkZRf9E};Gx|go0rl0ly7*ErBS-Ye81~TOmA<m_v6QX2Rj&)>?beW02o<Y4O05r
zqomWb2OPyYn4GNa!2w}iy5aWD_S<;XbxxT&W%$A9!7l31e@*(ZT0c`+hBB~;CRuPp
zgJWYZsi~<;{RMZH78eU8ty8w%<UuhE^&VdG=r9{e)Rn~#uxB|-h44UmH@!vT$4=aw
zhf1a|TX$5v((-tH?KX1JY0Y>!RVc)sD`;=KEO2|(b`9fc9xcC&Jiiq?<^Sl>_fHMF
z#}?<mrOFk_p&fc-a5JXp=k*yyEvAS4x1YS`!uiiV677(W_k6$@q-h4rC;>~%)g`ab
ztQ{2(C$7)@vhH$Zf3b?M<99Cyx^Ri6Od+L^Z_mR^{j~jdO8RCvq;hN%?sUn0&BaW;
zd03kjzKxToTgTkWcu-YUbq;&o%9wgwC}Y|S33(%vgdq}%e96dVoOtHS=ch+4SDufI
zj4ZQZ;@36NyIN`(JK7SZB)#Uii~4^ZpT!3Kn6gOrr{ZrV;&GVwE^0CUz3(-nhfVz~
zUad#2txh(}(xKiLX6}uDAZxiXIm_2&NNr6#zljLx(hSW#dh{qF$l#{h2!js%n*p6x
z*8Ki1fx5xMtk|bnW(CtrAI8^~mUBh-R)*!eCBj1DBiDYoVVi^tuaj6v4U5`9Wn?P0
zGb4Mq@HinH*Y4Zb+up84Gb==BjEA+<_+Z(@ztR&JfY5^RS)?U2Iy3dEF#px{x&RSU
zm}9GHehn&Zj2hR2Q5EwlrmMYhIxi;~uP%08JuLQC(5wcNk!awabaP*<BRWI0DK{r4
z$H_;jQ$_)UvzjpTHbFnSJzewG;?Pf-<AlaFo1l0YNrOyf$@+d@e6qx6Wn2^y!pX%Y
zGoaZN6Agt~r8bIOAMkAYsqPN9Z0_BZd$w+utPm$e*TJ(tqo_Z50ZXho&w3_Ok5_KI
z&bLAq>~cgmU~po>P09Y-hrYC3s)<Bwb4Gbp2=UedX)>F$K^Slgeop(@khcAGqpo>F
zGp$Q`#i#Y7I9Gao>`sDLX3y1t5(~{Ug6Ov$!yWj({YQ9@NYBD>JLT$m<0Q<ef<>pF
z{`BDR@I#Al_5Osr;zE5N2Wh)H2WO%!{3%-+h$AC_MeI)pwQz7`5j1BK(yJyK0<YEf
zfc@-)gL`t<Cexu!q2v0;!h+^zbqwZgn<RJl7$*)1dupM~jZD<TKl!ltU3wet8*$P)
z>D?{#t{sArdgI+5DKFe8OwRZ=o?l#E7SpEn{*n2bmir9LH~#Z8T(e*w7oQ{=#(Rc3
zunAt77Wn&MKgja&&!n&^=^4lJSFc_T^v=%SpUTu}&rgaE9!J3^f{D3?2W@1a_;=|6
zUr#A?xnjM)mt6k*R@Ygpt%X2~iudIEc<H%pqA1v@&)5YwK|-<Zy#&vV5rjoN5oqtP
z{?7P|h|L%qZ>#zb5dLRO8*i91){m0pUVtE}6J$bS(OWFbOrN@q0e%18@l~&+=H8|q
z5u@cdW_N_7-DMcUXU84x_2Zc^<x^8rT9%!_8Qc{&Gs<|?P)sPBCyvofb-={i_O*yK
zV6<RkBNCDZUuLBaN9gv&tnf^-PaL(-?>=uEXu|72cjP@>tW}Uul$UT`So`IDZA`f?
zWS*^U3>@8_Nq23=^JO`=ar%4By3@n4a4U&(Gbc%d`jSCD*s1Lc!{q!U;JQS;Z|ZNK
z`IPbue>N8=>-!Q8M9{Q+=uC>?+8h8nya%?M%W3JjA2cpwLSBNKJPO2*vNVp;USD`~
z_dGg7$*J0P>|rB8>y!z@GvhX;^`AepzMmr$aK6&rcVD?1WzlR{JTE^qDR@&~f5iH5
z2Q%=BZ@>+&D9CWnas7DdI7PEqpOQ6ev<HkEny!{!kkFWs-fK$?`}vROD~FM>G0Vat
z`3Y$F#^u(~{tg8lNVUg2?@V-DT-<<8F)l;@khk@{<K!B^XeLuPyCj%$;7(svb#(&S
z67Sz2Atj`t_moFb!^S3yKw(m>o_E~&d(ZmYkO^8m#kL|OKYh;0={06$6t(Vb({$6?
z*D5z)RQkw=i!<-xgF{0P>iHuBy}bv5@y6MEZ`z?s7j;MqYY<Lew}@(J7(*~8H}^4r
zG1aD~l)~7brBe)n)9eV^rt)uPwB^;+awETVjx@h5*xrlDS`I%61;_ttZ%Mu$yTA17
z*E=fQ<zB?UqM#U=$Sv>lRdELdHgCOZCz(yc;!uUg6ZS+Qr-kk9Pv2D4vgM;$?@%8a
z>+oo5Y8EBM$E;h(_$cMTzmSk`z-W0RMOG#;o}MBBvS$t!;6Q{VTRl>eH({W^<|>i#
z?71hm!cnuTXFbwG57MK!j?E;6G2f^(G;gX^$_ci&?6yST+e(#l8z%YRV7&BJ;KAae
zE=5I;kipIL%`?l1djE@0e2)10`@hPA0!PWjiZN)>W}{6Mic25xs)<|I)B}rTSlf!l
zewWwx?%0gZ_}G$h#ws{SI3AXv95@Wb2;pH-0sq^4WoFSj{pIxzN`_WCQ^{Y@`NVU6
zk;1wbVSCG>k$nT=`zl52+o@uSLZ_8{+%r8tS7A4!b-g9`X$GPx_SjEm11d)uxDaG+
zG`D)l{Gq)sdQq3DFHVc8TR%~h(AeDETqPC{LuB7$n4X^gfREL3@(eiWB8+V)C*C_*
zYDGDR+&KahSks(f$iiaN-a>zYMzY;&<}W(inCmRL;@Ab?pg4eq(+nlR7YLt6(K&Yy
z+TufXv$i+qjdqFH%tPg<Upl?V!*=m4EiLb^$J{~C>J=GC=yHvWk1s0(PB{UCs68va
z?zp(PD00vxKkpkfJDP&4P%11a>x6<seFb*~^Ftsg3dW=h1aGg;bZS6kvtNrp7scFa
z3TOEKftF_Ca`sFe!k+#X7JK`cfo~>5!#B}@MEC8lUo}!gZAE9;Qx6pr3=S$B(ZfWd
z?@OKoy=hZ@huC(YgTsKl9tMqZc0ebbE`^TP`}?fv#vNMh4<{0Q0s=<4l>-J_5?6Sh
zhs3M+0mtyxl4=?dx1uCu_&=VODV-}<3Vv<(zuWulHPevcSe(a}fi-c7Xl?Og18~zp
zIZ^(hm+~R)^13vV_@@p!?g0zgxwc35)1VA_CS$i?lhe<_a@hM&F9QZH>Sz2TRKwYE
zNPr&_zM{Fai*X&hy1ecY*hl03f?BslM;O0`#wQzYoAx8G(Q<7l$jh7U)sJF5^>l`K
z&KL@J>|VQi^>1`0%+0RTr>_7Ki%!R|&?L*f!7f^%(-~egzz-X~nH9@7EfgM~IqAwr
z*vw;T6Yt#j=>Ir7dhv3+8;Jp@lhvp3Mc4x#V$w1LN6E;Er^EmTGZUtersOaNL58Ul
zyd}>(J(X_oe$cjk*rB>F50(tQ%`~H5X%Rm!(0?o{Ne602x3|H$G5am`>t)RA!s??Z
zxkU!71&|1VQkb`a=hZv@T$uq-PodyV;eqR~^DLWel`g?a2Q6^~<pgexbIg1Ggyk_l
z_i{1jI{)3RqV=N|>S`YVHFY7ZOo$sF>m*uu4O30XK3j(>`Tb*R&T!tu)ZENSNKsF#
z`#B4H{-=O%Pu6~E<hjGOh0J`0*5p^jk0faG5{2X1J(Ra%E3bt+`69USX#ss3*Jw>N
zDHfea0SPtct6HZ&40r#+ydfOy;BjA1%u`RfdotX-BNVDDnTt+x5EZbv%A(qmn8$DQ
zW_Kj{b5Ez?=8ZDG5|+#P`nTF^bZ!Z(RBIzeF_rNuKzlrr=_?;LU(fNvY)H>qx$GR(
z&7_#B(L1v1{K{|hmbvZo=g-r}SQxtP7c>RmLOLbE_$P4sLb>REMvWNBoWG`nBoqAq
z>Y%opNIG)`8Ual}1X}b<L<z2-)To4<O4NAy1Tw4!_U~q3=Q51^{DOQMA5IfoDJ~0f
zoecjG+B}jD5gEKysoKF(9}{RDb@zk&Z%8bDf3Nv|X%qG_OZko*%dr;5DK}Twss$-3
z$3=YR%HIIiV!uXP*DAiezle@oUl@$T7)H!{xu86;-FK}!{e!9sr@XF0ZMzMZIV<S5
z_lTa9NsIN!?EDAG5zUH(d`S|w77G=!3qOP6cZgn0-T{)0T`9={`YLBy3Al>}L@~Qp
z@=|bN$+MHK!XdZC6=n|-V;fC98nAU}pDQL*&c<QXhSa5YY#9zM@hf-|Zb{AhSyg6a
z>ix}u5JlPL{FF~584-wqNZkSu%ttcWelWBYRG8%{z<~H*e@lozmFJ0Id?eED;aRiy
zL-ibftkk`Bw4ZY%-n>ZVD4>mn1kHHdLYPMxd*}-B%tU*Me-VVFKH#xa+Hg4bZP2OI
zk^X9?7uUtA8Be^zoeC3lcQ?C)-q{Xl5S-*;e<H|6e@S#QpO(6HIH4}qmc4DTS9aYI
z3WcWbtR05A7r$dxa;X2vgE8+WMny%n>}WH5!19NF2LAW1hS`SQ*-WXkQ(s@5cap<T
zIfZ$QkWh-XB_ra^3KHvR-Ae6-mLRZVv~1)lAf2p0_CtcaA$^iQVa5El92ftQN@RhR
z8*Pm;srJi1_skPeouvKZzuTL6&}Zs~#BMcAxVpGhMo8_yuO2lrTwRbq{Vrm1T;Z=z
z%IG_G`c(5~PsT?^oNym}%y1;f+$(*bX!i+qnQWn}_2dmEgAn(?wy>Q;C@6VntvdKV
zA}F#_N1l=S)Jpw{mGSx!Q#Xc7_k9*Jgl|IF>~=I?2Oc}+c`_--LcV2Ve9%b6LutiJ
z4+Y}Wx#vj^3v6>YpO_1AAp|gW0Qi?zNQWo#ip(qGq;+XdH>`+%PLc0?tFv~&si*H`
z{v21VRZgRXHAeacHxlLS?EH_mpZ+0hQ+B3u;KRKo-x30U%rPSszo6N&<Kmrt6@?!o
zPxQt*M(UPv*6vLnkRt8I@_%y(Ltb*c5sL<{N3Bdmv(vHY%;U=jhAUY?2)?d*M%nZA
z>fP|YDX95bJKe)J=_vm$aR=tMp&>KegGIyZ-r+08QhGxle{H7Yv~z1Q&uT{9_Lr%8
zB}p;YfDl<=rN_vzp6)Q95$8f8#wS%~?UHvM`S}fJ<&UfGd(ks)xYR%GPKeN`&w)>K
z-dxR`01Dyg?(J%%A}c31(uWsun(;Yl!`>nWXG}Gr;AE*YWl*cov!rmH>Dk8`MSOG3
zyBb=&{}L;--utd&fYR|q5Ouj2kJkE>;A2&Y1$Ro=trML_KwMg5HMO<1HJogyu!Q&B
zFw0Tw7b3j3dY-O$QaHW&%D+=|lMmVyFs4$Gq38Pt`@4uB2_dDDK*8WH%?^$F+d}6+
zHsG<pIKvBsa~mvaD*m0DxDZRES;P(EdyI@yrnFN~zTZvUt-jC)AP6aaNjg<X0U7fe
z@3J96=q=pOsGH^xZcddlD*3QB1nzp<ar+e)2p@?74&xsy!-wuD<lA^@?CppfWyqwW
zq9R%2dIWx&ZEbI_j;fL(UWub*NfdruG|gZ*0XPFw@h^Z3E^cl<V@uqL4_?Qyo7Tsl
znPs`xHQc=!&dt2)gGOeY7q@zRxhv8VEHxjq)An|yaycmv`%gx|`Hs5==EX<dCK`+>
zQRNaj94j3F`K!uHq4c(^GU^67j=3x*yiQ0Ay9p#E$%@c(43~e0Ub*$Q7JkPg3g<Oi
zeoj_ab~xFu_|3O(-(+O~f)<^}UhYeDe4%^5iZfHAxSI@$fc+V4lj)k0?Ddj&J}aD7
zusci2#?1Z#IftTf-E@zJ@viy#2i10j9N2zdlo0x23hfW|frBFR>fzh=;fGeWdyaRb
zH_k2?Qr7EAG0!Ml_7|lvGa8{F%D9qLw60>fnpWBv+UrL5e$Hkn`u-phnum7Ru3d9d
z`mk44TRVbyhxK2=b3rgUlu(qDymyJq>M9pLtMWz>wXPlzH?Xf{dYm*}<{sRPW49Ud
z(>rs67_$<`=NOIs#1cw^srfVY9f9?NKLbi=>;3C7isHi2>Utm`@d#`~P#+-4{Y&+f
zk#!h)KhoN0P7qlUL4#gg!Qw-sqs|41Jcql46^@A&62kWsux`qjN!Keol?Yv(D8Tw}
zj?&8*UxH6(UQ8Aw<ue*tDLXD&>>~o+*{d=zI+F)&a16%P0)<L_TI;h?WnBB|le_rc
zSgSZmKbEHr9~~KN;c%2O2B$P@VSFy!?_VUXosa_qCL?L-rMZ5sO|>q8Gl;^!$#OZS
z+$0Z?^T7=iRV}Zx`Rn?f612`39r08o04oy4U!n`tQFh9B;1_>O%JKqMz27mX4rP_S
zVik91K(#wAJw3f8X=V?<+vY(rtzb&T1R&IqPF_)wQ`DfzV|rJ2?ZQ{?<T&6G=sE{*
z8CPfRBe`dy1C$9LXS8$u`j5nLJ5322{xv5PW$)utUGIm_H}0#jkHLTKw|6l~PBiL=
z@3q1&F^YT!>5BLh8)!z7x!E{V2-So@vhU%+J}EVrjG*POuC9LWobu5sj=hC(q4&<f
z?UJmS<jFzZv!*g&x=u+;d`-K&LAFH_df17nsOGk(5%L`V?Ld;@Cx5QKY_fJh4#{~W
zh;@u*v=Qy;y|=Fe?wo`wJBwS@l{Sl2$b@Gp2jbI$BxY-B{0Xk+GQG4WQ^0PEhM|Ys
zttP4^p&r`eO4_$D{hmAFQdfTuiX!L7Al7fxLLTt+#;mmUotzcR{$zDVg+*ody(9hJ
zRBN=0h?3gJl?jxa$V85Q=5T)0S%rg2?lbyyySuwZZ>@S^9%%`U*>n^ZvMow>kK19u
zAUsr+h&K)Q+I;w9x<~P8eLSq!pyuZ0MM;vF{(N+1Jj-Z~$@^CO1aJf<UqKLw<DDtV
zASAf8Z$?{Dt&&(pq}$@UrYxHQ+19f7$U}b$eP##+aRM+YzHJK?wSNGku@1PX<b4n(
zGzj#$KHy*vS$4quX^{;A#rch2FkP^!RPYru_d+5JPxH+@vvPPBFP1+ivws0MPeQh-
z4le@8PQOotmA8}55OSL$6wE3h)Ee_YNh#RZwhQ57DU(UdW3?DRVyE@N4^ueEs<|o^
zc~VUS8AbJ*dC3z7ip+~5;$ePD;fTk#CM&R<->%1U(>B-!2*K^wTTL-gij49p84V}x
zw$=IG97M=tZ{LORsS~Jp8)r0EtRBP+Zl+)FJsQnz#Myw*Z0w_r>A&ms`F<hS97^!{
zG`ENA?PTg71(Aukm{_?;9WuB<8p!Mq;@Wm4CP++73@}ajJ0F!h$$|U$j04HpXOY~K
z2W1_ip5NcI)|8cf&u^2tdgeO?k#I7T`54I~4U{+=Qv4SschM}t^yPL$f170B=G^yR
zGuur`_>4Xtp4tPylDuv7;T~Exkz3V>P}=`?YE91o8Lpe$;Upq-b?a^84_q=e>LW#K
z?@&4@bz)RDLHK&4HF0iw+8!kFdtt#Psl6ZQOvF`jv=aXQhX;Y?j)K93Cec&7%_m|1
zXs<606~t5{kwYyYm4WeVvxjMjvW8QLyhSv{qHl#>5DKM_8MAn8DVSgPWKGTHT!U?-
z78CqnBa;J%18Iv9*WIVUV@LT-Sm3dE-BLf#K&z`Tn48kHvh-gP*RogZ{H_8(R)HfM
zBFzq-0L`Jy5ci%OD(EC;<vie#lh)mzt9&n`YZmGuC{rq8rXL<2KGrml#9*~i?-%b(
zDt_d*_eF5eBw0YceSFN_>JPdydT$5AZxE+IdE<Qo%wzxYGAYp}p+R<^rF_j-PG!fs
zbuO=v2p!d(q|%@jEhc1!ye39};8w?V;3Zrb&!0c<k}mH!(2P33p{gF1R~cq3WfT6%
z%Q#bP_<?GNy#s2;-qB|lZ%xVz{q(0qlE)l07XXE=0>u3BP`ckkW(!~s#CLmdnCabR
zfW^9adRE{C`D=rM_SRZ&HAf4bE!y3`MfJ>BK}pF)=|jvLoQ8P)L7@d)mp8Nl<V)z(
z89w;rv6Jkgfs%T99MkhSf`|J4VN8!(1hhW%RjJsC6DNj&6^yWUqtP5V-jLS9k7er7
zo}Z4=CzNXovEu!Ja+M}o!A%6WsP=CQ!x`gMNCPIblP!9V{~9AKaOd$>uS!@RROm}`
z1ofRHgS$-+YHMp<7=_AH>?Hyj<ONOlf%SbK_`ySfeB?vCTbI@;nb%F}c;j><8kTeC
z)Gp93rn&d`h;|Z+j+aA7<4YVNOS@+%Ehogn!U70dt`un0ctc<<{nyuDY2QES9QNH>
z9D29?hCxb6ZFJ%uHZaj)Ib=-NxU(Rf`)e6+B?Iai?FnzPGxKMnLzu~}!$#R;-MGLC
z3JDI!{!*R-4DXz{>a|Zb&$iB7zox9rEmJxnZPDeyUzdE!OB;HKw?3>i)dZ|WAOiZv
zUp2w-d;Z0d+w!x8)$iZGA5bs8P!R6~ay6ShxMUKSRT-@%9cb<%IUB^PN8Jx%aO=gE
z1{7*y;Cp*}`@JNB@lj{n^bgx_oSKr)z{EPm<~^mKk7b^@*>!mZzqK^76b=pgn}dU6
zsXP7J%mn;cjPd5B;OQCVPYOx{{`eJfbi8kL!3j|;97aGGCs6zA9k%V>(WYy#zZ5cU
z_O+f=_zR98`}wS37JlZ^n?3f&vZo4e<Sw_zT}03|o)s{tMIw=d#JV5F%^(O6md?vg
zvIqx>IgDx4=!)=>68~q{jCxM<S*CNNZys*I4tw);=BqTbufkjMwJi{E-CmF^x&{m}
zU<eI698FG)f3Q(Y+}iRcXQLldrhf6v7URJFA`iOi)%+!lwsReLw&h=rAAhtuL~|=W
zEEPdwjE`FpKHZt&JOp8|os1ug3SxCXJtL#4zP>(TLf_D|>+MZd_Y@F$wfdysVnWwF
z0{6BbCH6LfxU8Ftn_EnlTzU)Erc9V@%YLItkYP|yD>Rs)P2}1sdQ>7;(+a?R1fT6_
zXGvbJY+lHGr_#IOw+m}QLEDqzEeoV*$oQ>xw#-Teh9xFm#;Weg_ryHRX0)OcjfF<B
zS2it)fvE_PHPOJJDHk|x3)-8^zjpDiZT+Dyd|^Z1m9FWlpOnAox5%vQc=n=<go~N}
zS)Z|$Tafk-P?L+b|CIcQk0=sa#$O8lP*~RWzzvy0xTK5?fC1!!+)0>dS2|A;n?d^u
z$xIDQ)B=P;El%V!IlPhtTE8bamn5;WwN<r#v@nGh9JP&^$6;;_E-2coVIj0BZDz38
zulxt;6cBtkq~>?w)__4aI2)-N>X&P(Mzhc<ldp*+S4)eVXh{XtOJb@GfC-3o@C<Pg
zbp#@<*0G4iH;^viM9;5$73(MsGL-Uktq?&*EBUT}Fis?V>c~@5*UBEIE%EAkZz27W
zf#;3WHV#uVlJDZ;B3c9q01@oKQ?9*`RQ8C6#TUR7kVuL@6MWb4`l~wc5mS8zg*)ke
zjhoXMZ?sJMU!61~6o>?0k2r=nDKbGS@0u)$!-+bnv4s_NCV|fDs7wr@7^ll@h9{mE
zGD>wm5^z$0v~-B@wk1hckiX%_aWKEl+|N>sGtok{#V`;An2@lsEI>(6bJG;s=^Yd_
z?q}LkLyFCn($dnd1g|78w>>?2l8l9s<RUkKu-m4YJBX?bDJuJZP}OAbOqf6O?*NGp
z&MOJ7@Y4nY9_wwC5*dfdchGKUL1|_oKyF5uf>0C$ge1$)oJ<r_#epJ;R#8qJ)>!8j
z@AD&xj*gBwMZ>psXoTRK$xq&_w=OTc*5<7cSFALTNjCcBt_QqfezB`S+K?SNnFa}F
zGdi$IVZMs?Tafg%Nhv?@ufu|%sAZiLmKF^IqCavQ7>IW&wZ|DD4g8=g3`+pvH4Q@i
zV_m#%G$;}sX>Dz_M6i+|sL_F}wGauT4ycHZ+N_xlV4Hs%c>&3oh}sf#b${+U>}VdN
zE!e`s4v~7s-JRUH9Yn8--%{EkNMF<GT1Qx@w_m|}J!ihLJYQmsGNC37n{}B&<PgvL
znb)5XmMyO-DgxC{tEF`!g~`B?aJiYrKAS6lTE2dCf|L^(L%~s?h@Gux=6%+>aujW7
z@pE?unH3HwSe20f#;hKW6ku3l^bW3J60)}Ab3Q@fao7Q%qzCu%Z)x+KMeI(GXK3*R
z>63n)l69Uk|2x`iz;T@e^j(E{^~MWncsf_TSrjL(+HInWRCf&x6&jz;;p&^5%>e3=
zdTQ*j(g#*=Jn9Gyhewr*mOy^g-`aXzceL!}J-6w4(TbLGjOkWQVtw=~_oJ=TLwD9V
zUhGi6YX~-(IHRW>%6s71-K8Xr5it8lQD3Nw4b3>epTgl<Fv3$&Q6c@(Q;1gwx^wJ2
zLIh10Sm&a2t7q^6@|juS7c-)+>xT1yl1_<vL&@{k60VkekJ9%7p40PVD)v07PLq97
z;HhBJc`+&auG_P5JG;5T*WsNptsn=&7*J>$Mi29`s9@l~)z+J%&*ARLcE5Wd8l(W}
zd=dty03TyEhbbrWt|`-f_0&J}dR!lxdf}dM>V@_F;c#3=94x0q?`q)wPzZk8aPRwR
zir&gmlgw#5)b+&_s3wR{JWP{g^BEEPlv&56)Vi)iQ%-a~Afn+_Q&V>8va9E7LiWEv
zU#k2RQ$7JBmE~CQGAeIlz6%!AYF&+SELOI#vZ@lgk=w61`nY#VHc-O=#2eN7G=GVp
zIpJsFkJk?|7{L;8%G^CisYrVc_$zF%+~HT1dKlY+Zk^5C)K*PM3Z}$*;)#Up(<~zT
zNveW{I87G=453hp-f?)M_%vZ6Xm@E{QJY@MIMC%v`~I@*2=g|oL2cw2jnT2$ofoO=
zi{5eA*@i0kp!bofgzc#+bTME|0>vZ9)`{sO%wST8`yI;0<7%(dWA@o!ssIgQ3>xjR
ze45&}7PK)N<-)W2hOr#=WbK|jBbI4yw10APa$Rx3NxG$HXE^>8as}x)cJo(s!)voD
zO<k>fFO+{3rP3+{Uauu8FJGRcHo=LlX-=~zIVK)E-3H1y>zP8^jwGXj6h4KJGM>sF
zne>wizO_C<N;Dan)e%1tb{zDcNuR5o_u5v?8yHa@)=2SgmnUT<g95EGlYDY<*yqk>
zxX!*R&FKSoV7UXL=pMF!gEYkg{F;R`?rdbQ<y7>|N_u|rXQXL@jn4#wo64@s)eG4z
z!hFwQoiXNWr;3wo?2JF_Jswe6#~pJ^epNTGNaG2Dxy~qP(@7Hn%=gr~?{MuM&OP)#
zTDs}mbi;U(vfSrQp%5D=vv0sn>k-&&c_lq!x?xQ-=aq`EMXRS0i$BRTmOdm4^uB1B
z=6FZS_LPp><%SYaC6ZH4_>A$=U?*0>0Z|=d5|f6Gjf_hFOkBM{<4Ke^t)x9xz=+T9
zB;3k8ZJeP#`#4~QuQeB)TTx>0&W$Z>d200L^dn1ybaZL7XJDD>6&ni^ph)=|JhEg3
zF4eXsCm-?{vu0e<s;=vfEH5v6%pp1;r$#mDd|(0FrF-8Kqw)Cx0pTx>c%T9RO?2ja
z&-iW&`G~I-6S&~VAip~rD}`S=9hf%q61KjG$GRx^3gXm%-LO$Saq=XlJn%ARW7Pbz
zb68iP2-*NiNAf$3feb3(mYmM`5wE1%Rw}g`=fdM#P?*ip^3LCAx4++*RLDz$4X=KW
zcC{(Z2hgxJ-5xiP1KKErfT8^(KgU<la4(f}f-$#Ss2uq+4I8LIlWyD)((taKdkFwu
zkW|n9n9oF|SLfC_-m{Ud2L}gttHq2XRBCopP|+lbyIWHv{&gVQ7grTx-_y258x~Ks
zvV8gJ1JvHS&MpCUI2N>z$2iQr$&{w;#!j;*=8CG?WlBY6mVCYUeKu=Fl*f`bR@Hdo
zu*k*PStN64C*H}eN<`06Hm&d)q`f4wWZCyJ+B#4X&QTb)X6o}FYRFJ#=2b6e<6GQ~
zn(ymn8oWPv>8ac}v(im07ModT7Qk3DN3(nZYY-+_!SKNinFMm@-+n1B`yao-?{_L>
z@9^p-m%Kn^a<iu@UvZi>PPqZZ|A$HtU*fuhdG(%;Z}HPdbC(b1Zog7t4vbz~kper0
z^zr=LZswlI`>G+FK2Ox`UAMu?{QSJf&$vhPvW|@w4#C%~1H+?`NrH;)r)D@e>yPl)
zY}*0{oQOeQrvbiec^@g-T7$No=AGew8{^^TR#IeCtWV^Wc23{$8=GAxeomg*iQ64H
zHNtvXg9r4gEWr+m(Wr2;$S+!xh-PxGYj5)@^=Fal-ETm{gvi9-u+3Aa8eL|VhSZ&3
z-cYQruOFMu8lnDCEk>O(QZMw~b-7brv08vW-N-#o4qdXl^9C)6iBK*+Ph4a)RChtn
z@;9>nY8am9i#cXq<$==KBs+s@0rGBRrBt>-#55BlyqDli)1FmC#c87}RhLX}Pd~&d
zk#v>UTqP`KD%CMX{);Tb5oSBVVXh|5sSpd;&bBl*r7jv<K&z<Y!XRE;Ts+((tigj^
z!I$xpTbdr64hFlC5E|pCaM}M^RpY|r88D?FVfE_ky%@O%J~X?YF;o5kYQXRT?(P!v
zdd4rk&eZU?aCTUb#vdq(#;!3wf&+(6RcZVJra-K}{X)efs%rwK!2<?{jE0e*F1WqT
z#y;$#^Zrj|kAuDKspusTd@$KCmLIWyLDga*jx9~+W2R@6=U4cuXKXnt_4tXeudjUV
z5;Xmbo;t04L1K)6+vd?vQQD_L0U;%cO#j^N$Qmekfo8WVs8ra~w?auGh%G=_UjBjl
z;K)eo*T#Ec>Su--^G0qbxUkv5X2q==ELsxPk6u>~TDdLx9I#}V`p;$N5Rxrsdx=+^
zBBP1>8OpHgd!L2nGlM0OpFXip>m49Xx&@Lu6GH-+T<q-Z*z~7AMY|YWN!4BVhwtxr
zz1(${t?df*yk5*<r%X5W^WN@JcPR422`=9-dJ@tHr!ohVqyf=Y2|Hhr_s$KpIy`mr
znA3UvD8Y6^4AEBlcU6{gLeGWNdk6RuctV5;h`vWa3n&MQ>s8r08+AcUvMxFLXf&l)
zA&(@;W7`B0Z5(QJdsvCW<VHkO@LVhN&$RUP{RXoO9BN^Sa~Du0jAgTg%Gz4<hZQCb
zcgpvlPS~&dzId|Our7b1j7Xo1&^~=*87FH<QtVZE^2Q;-FF%1T+w&->N3fZsJ>{GL
z9S<gYbbnbl1Pp-!KEa<cmj1oC{L%6ReskrTZ~VlS64}PLJ(HmB_MVY@K%n(rq`As<
z#m0OA>OA*o{jQYVT#5{E0hGSd<jA^uh0`h%>QC8Bx)9;=j1Cw7Y0o5p{CLqjF}n6U
z{CA0D;JiP0xUjHbMRh%Be~(D2Rqsh=x0=c}PVZhwy|Dd0t#@cz`W%rFbdZhY@?zfR
zW17o`Kw6&hGNxHkoheYSYhUJ(%R3E{w6>E;S_pEwYErC$9v(k{r@uQPC4w{+Neubi
z$Hm1(>cka4dZj=o>rIIm{YzRN`8zexDU3CIU!66!@qJw51#7klE*wYuM&O%`IQ<z<
zeV#t-K=SS>c%RfPj@lyUm09>}6%W1c`$b<~k!I>4+Z8x)-Eph^&G}x{Fr;*Da<%b<
zWAhi*X>@f(MK3An{O*j}HVvz6JylYu{VQ7DIR_cd`92M8=kDt}1R2QFrd{7BOo+o-
z$g0^x%qP<a33)aaPQIoaw<R`9?XAn@FO=z2t3G`TROTyGE{2JRm@l>#z9OG>66wSL
zn&U2C3{ugY^u<*SEe~mJkTdaA^VwnNKq~v_kg^o*=^HMfYU2VbKvAjfYx%`Z60#Cd
zW4;*BI7OkPI=?le2581&)By-9NC|$I6W4iU1nxh<FBnhFmRs7r_@*kCfJ<4C&T`|U
zL}<T-FbG^156u{em(%)V-qC+ZWL$`VEzg3Kt#N|N5gYoKfJQ(mfbm<sMO2#%+=@Vh
zuPd+>7qJ@p>4k-S$+WZ;w!RtHa{1g}=VAij4h6>>4M01bwnaE|h$8%;j<ih){ol*&
zR3VVMkHXwZ{V0l0dS?057eLe5<$4X<d}dMmsi^I#AP>&VVds?ZWQ95><-11(0NO{^
zRvW~>vXYMZyv;kla0puYKu;KER?v+B`f#Iz(`)38n7B9xq1sgBt^hG$0(1;QgmYO!
zKoa2!Nyf7p<kS*Gf`%=NTlmJ{zZ-EaFSBuSa`Ig?%lvX|sK&#~tKT%rnUVdWQ;*lW
zKO3J7&34*#p0mYqu)Wo%l$G57y^=?d9!U<C{#sjm<PTc0Q&U}~HJ-~o*VhXTCN(8h
zR9rY=`c#|4*}0cWxMSaOZd(Fv@=~Sz5vdU=*q0ntK%Pn#GW4MK_xDwcQEa-pv{ITc
zRn`%!oc<#!CKq^(s)G0*-c$03yzFd@tgG7$q=}Em=3URAoaPQcxv`KtEi)4^I$Pz_
z^eQNiC9VaR9sLYNv!HLrbVDvQ$V^2!enk5tmLrAM&prDI#|_L9==s;eDO=$tZ>97v
zHr+0XwtHoN2jp`kN;Wd|lsN0PjqHcVi1PRv;VryIR6zVqx69aa3C+lm<S|N1wXgNh
z75l=}mGcu9RlJN3tS*zI&tyvYP^eWEr0BoZ)iZ3}mTFkf#FYgHT>mMf_r(KJM%WXh
z@s7y(EXF#Ko)>)^^xw*c<3(Ei+w{DNT~sYucWI@tgXe&ZY!)c1yT_m`_2J3m$M!eY
z!fL9sN9d?~GA-OHZrRe4G|}I`cFlY=rs$knjK0@oxSez%I6XCG&kzX-LCaAg^15u&
zDI@W{R08xdi3U3K@bi*DM*FEn1DbY-XWZxIY*}Mc6Xj7B;<r}bwzTT-8DC*E)mYi8
zu1sBk;H$6i@GfoNE<k*Y1*nGx2PvLOH=Yb)CRrmpl6@SpIkTIakL9=LT_zy7B;H+K
zSrZ4IHIOG?(_~PUy83q4rV85SkZPLov0O<MzN~ok30<zk3s$=qbF?;Rg~_ajtQZsm
z(5Mtphi}gM^>F6Nefle{K4Q%!5cM{^ckVZx-<!@05G%2&e@F_v?5jhk4>C%5(6@*k
zC~tI$5Y{>qYom4vJ<ynJ{8FXi@WB7GD3EC57qT_~d@YrnsPcIr8sD+@%{!s)2v;z^
zt<pQU(FQOtB|y*De4%bfv>0Q*(c3WzNYRgIKwp}d<Lx3Ib+X`*N9=PiG1(-5CHsz(
z{FDuQ1F5yGvB>_3UB26|;(Y((ey@?LwqVSbkDzQ{*`V}f)rNR~f$_$=0}?6-Jc|8O
z?S_Wk<=U#UvNFZQ{%JzmE&=d!P^qXdI&op(xh75-?a^>mKR9oWFGkUh$v1NxVBf)|
zQWDQ+MWF&WzR8h)mLWmK_O~g)Ty$f03e>c|H+cCUV}?&x1Rd=8npcyW9im2XcJ%U3
zZ-=R4g)qThnl{K5N7KO9VUhID5(r6v_W6ON<w~YwaVK${IFn=@6s>Ggkn=IxQy3fN
zxYVD=9{#AFclo(I%p;?4WOQXCP_cRZi$SJ36!T6V);y7bA^~~hRZ8R$=|#swgcfYv
zf83nsH64ZZwcAq&KMPbZ(o$|P6$)HtANaWfN*unpoJk}`AC;=jM3;`Ys&9{>RzhE2
z=O$vt3^IGjIW&mPK1HgI4!LWfcx-85apj>_WJP6Vf9LFZ2y202C%q}z`9Khp1*8@s
zi_6Wi087unS$zEbY8X}Pd^y3Zq$^p99Mtb=jmHN*c`^vHsJz0gF9U7@q(RPXP^JT)
zVyA@u_GP9b>eS}27NJb@s;auc-73m7z;(VP>-(@92Y>k*>31V^FW+=J5<xbq3Waie
zdYm#FM1qYB_xD%!_5zSHzj88z9_qHv%*;qFlrfQ=K50qR<jE?$yu2zIX@SFV-UkGp
z<A!YQARS4kNLOSEX}aJct;I(k9`|sqks{|_RaI72?v4IlP|FPxq&F7wZ{OG^b)h6@
z1}rnEI@A33{$J$xMeK2{lasdoYrmdP9;S3+CtPUSeSd#Of{wge!70z?J;1T$SK;6X
z99bZ89HNW+Pc~T!<mJXa0xSSf_Mk(;&}K{&6jYLAmE4QcF37{c&tG6ejBy(z4o|wW
zBK}87d4b6;O*V&jeml{0(p4DS1yYUvn{&5zfe-Vri`*bLpMx*us!?1Nc?6Jc9=$_C
zgx^>24>E}TeuR7_E8TyO5#-#$e~&B|NzUQF>(b5tJ9HZPD1X15b(Oro-;XMfC=UDI
z=ipy|CRX_^8`AxcsQ)O}A9MPR<s^&v10a7O^N*8IA(_JO>yMN8<0Sq#i9b%_Hy(id
xA71?@lK2y}1^<slK>mcOe**LWn~L~!NTqTne9|mEj@%TYrE&9mv6@Zj{{z@6YpwtQ

literal 0
HcmV?d00001


From 90733cb916b032b477c65ef722315c5bdc038ab2 Mon Sep 17 00:00:00 2001
From: Shubham Gupta <shubham.gupta2956@gmail.com>
Date: Fri, 24 Apr 2026 04:56:43 +0530
Subject: [PATCH 3/8] docs(readme): polish language and pin nargo version

Remove filler intro from Acknowledgements, break the uniform capitalisation
pattern in dependency bullets, add explicit nargo version pin, and replace
the ### Circuit inspection heading with a contextual prose line.
---
 README.md | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index b186b90bb..34fdbfe60 100644
--- a/README.md
+++ b/README.md
@@ -82,10 +82,10 @@ cargo run --release --bin provekit-cli verify verifier.pkv proof.np
 
 ## Getting Started
 
-Requires the Noir toolchain and Rust nightly. The exact nightly version is pinned in `rust-toolchain.toml` and applied automatically by `rustup`.
+Requires nargo `v1.0.0-beta.11` and Rust nightly. The Rust toolchain version is pinned in `rust-toolchain.toml` and applied automatically by `rustup`.
 
 <details>
-<summary><strong>1. Install the Noir toolchain</strong></summary><br>
+<summary><strong>1. Install nargo</strong></summary><br>
 
 ```sh
 noirup --version v1.0.0-beta.11
@@ -115,7 +115,7 @@ cargo run --release --bin provekit-cli prove ./prover.pkp ./Prover.toml -o ./pro
 cargo run --release --bin provekit-cli verify ./verifier.pkv ./proof.np
 ```
 
-**Recursive (on-chain) verification:**
+**Recursive on-chain verification:**
 ```sh
 cargo run --release --bin provekit-cli generate-gnark-inputs ./prover.pkp ./proof.np
 
@@ -156,8 +156,7 @@ cargo test -p provekit-bench --bench bench
 | [Samply](https://github.com/mstange/samply) | CPU flamegraphs | `samply record -r 10000 -- ./target/release/provekit-cli prove ...` |
 | [Instruments](https://crates.io/crates/cargo-instruments) | Allocations (macOS only) | `cargo instruments --template Allocations --release --bin provekit-cli prove ...` |
 
-### Circuit inspection
-
+Static inspection without running a proof:
 ```sh
 provekit-cli circuit_stats ./target/basic.json      # constraint count and R1CS structure
 provekit-cli analyze-pkp ./prover.pkp               # proving key size breakdown
@@ -168,12 +167,10 @@ provekit-cli show-inputs ./verifier.pkv ./proof.np  # public input names and val
 
 ## Acknowledgements
 
-ProveKit builds on several open-source projects:
-
-- [**WHIR**](https://github.com/WizardOfMenlo/whir) — The multilinear polynomial commitment scheme and sumcheck protocol at the core of ProveKit's proof system. `WhirR1CSScheme` wraps it to prove R1CS satisfiability over BN254.
+- [**WHIR**](https://github.com/WizardOfMenlo/whir) — the multilinear polynomial commitment scheme and sumcheck protocol at the core of ProveKit's proof system. `WhirR1CSScheme` wraps it to prove R1CS satisfiability over BN254.
 
-- [**Spongefish**](https://github.com/arkworks-rs/spongefish) — A permutation-agnostic Fiat-Shamir library from arkworks. ProveKit's `TranscriptSponge` and `DuplexSponge` are built on its API, driving all challenge derivation in the proof protocol.
+- [**Spongefish**](https://github.com/arkworks-rs/spongefish) — a permutation-agnostic Fiat-Shamir library from arkworks. ProveKit's `TranscriptSponge` and `DuplexSponge` are built on its API, driving all challenge derivation in the proof protocol.
 
-- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper) — The Go implementation of the Skyscraper hash for gnark circuits. The recursive verifier uses it to reproduce the exact Merkle tree commitments generated by the Rust prover, enabling cross-language proof verification.
+- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper) — Go implementation of the Skyscraper hash for gnark circuits. The recursive verifier uses it to reproduce the exact Merkle tree commitments generated by the Rust prover, enabling cross-language proof verification.
 
-- [**Noir**](https://github.com/noir-lang/noir) — The ZK domain-specific language ProveKit compiles from. ProveKit ingests Noir's ACIR (Abstract Circuit Intermediate Representation) output and lowers it to R1CS.
+- [**Noir**](https://github.com/noir-lang/noir) — the ZK domain-specific language ProveKit compiles from. Circuits are authored in Noir, compiled to ACIR via nargo, and lowered to R1CS by ProveKit's compiler.

From 908527ea75a6d4828e0f19129bbcab688a88aba6 Mon Sep 17 00:00:00 2001
From: Shubham Gupta <shubham.gupta2956@gmail.com>
Date: Fri, 24 Apr 2026 14:56:38 +0530
Subject: [PATCH 4/8] docs(readme): rewrite prose for natural developer tone

---
 README.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 34fdbfe60..991a8d79d 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@
 
 </div>
 
-ProveKit compiles Noir circuits to R1CS and generates WHIR proofs. It targets mobile and constrained environments — with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI bindings for iOS and Android. A gnark-based recursive verifier wraps WHIR proofs in Groth16 for on-chain verification.
+ProveKit takes a Noir circuit, lowers it to R1CS, and proves it with WHIR. Built for mobile and constrained environments — ships with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI for iOS and Android. There's also a gnark recursive verifier that wraps WHIR proofs in Groth16 for on-chain verification.
 
 ---
 
@@ -82,7 +82,7 @@ cargo run --release --bin provekit-cli verify verifier.pkv proof.np
 
 ## Getting Started
 
-Requires nargo `v1.0.0-beta.11` and Rust nightly. The Rust toolchain version is pinned in `rust-toolchain.toml` and applied automatically by `rustup`.
+You need nargo `v1.0.0-beta.11` and Rust nightly. Toolchain is pinned in `rust-toolchain.toml`; rustup picks it up automatically.
 
 <details>
 <summary><strong>1. Install nargo</strong></summary><br>
@@ -95,7 +95,7 @@ noirup --version v1.0.0-beta.11
 <details>
 <summary><strong>2. Compile a circuit</strong></summary><br>
 
-The examples use `poseidon-rounds` as the reference circuit.
+Using `poseidon-rounds` as the example:
 
 ```sh
 cd noir-examples/poseidon-rounds
@@ -129,7 +129,7 @@ go run cmd/cli/main.go \
 <details>
 <summary><strong>4. Benchmark</strong></summary><br>
 
-Compare against [Barretenberg](https://github.com/AztecProtocol/aztec-packages/blob/master/barretenberg/bbup/README.md) using [hyperfine](https://github.com/sharkdp/hyperfine):
+Benchmark against [Barretenberg](https://github.com/AztecProtocol/aztec-packages/blob/master/barretenberg/bbup/README.md) with [hyperfine](https://github.com/sharkdp/hyperfine):
 
 ```sh
 cd noir-examples/poseidon-rounds
@@ -139,7 +139,7 @@ hyperfine \
   '../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml'
 ```
 
-Run the internal benchmark suite:
+Internal benchmark suite:
 ```sh
 cargo test -p provekit-bench --bench bench
 ```
@@ -156,7 +156,7 @@ cargo test -p provekit-bench --bench bench
 | [Samply](https://github.com/mstange/samply) | CPU flamegraphs | `samply record -r 10000 -- ./target/release/provekit-cli prove ...` |
 | [Instruments](https://crates.io/crates/cargo-instruments) | Allocations (macOS only) | `cargo instruments --template Allocations --release --bin provekit-cli prove ...` |
 
-Static inspection without running a proof:
+To inspect without running a proof:
 ```sh
 provekit-cli circuit_stats ./target/basic.json      # constraint count and R1CS structure
 provekit-cli analyze-pkp ./prover.pkp               # proving key size breakdown
@@ -167,10 +167,10 @@ provekit-cli show-inputs ./verifier.pkv ./proof.np  # public input names and val
 
 ## Acknowledgements
 
-- [**WHIR**](https://github.com/WizardOfMenlo/whir) — the multilinear polynomial commitment scheme and sumcheck protocol at the core of ProveKit's proof system. `WhirR1CSScheme` wraps it to prove R1CS satisfiability over BN254.
+- [**WHIR**](https://github.com/WizardOfMenlo/whir) — the polynomial commitment scheme and sumcheck protocol the proof system is built on. `WhirR1CSScheme` wraps it for R1CS satisfiability over BN254.
 
-- [**Spongefish**](https://github.com/arkworks-rs/spongefish) — a permutation-agnostic Fiat-Shamir library from arkworks. ProveKit's `TranscriptSponge` and `DuplexSponge` are built on its API, driving all challenge derivation in the proof protocol.
+- [**Spongefish**](https://github.com/arkworks-rs/spongefish) — Fiat-Shamir library from arkworks. All transcript construction and challenge derivation goes through its `DuplexSponge` API.
 
-- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper) — Go implementation of the Skyscraper hash for gnark circuits. The recursive verifier uses it to reproduce the exact Merkle tree commitments generated by the Rust prover, enabling cross-language proof verification.
+- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper) — Go implementation of the Skyscraper hash. The recursive verifier needs it to reproduce the same Merkle commitments as the Rust prover.
 
-- [**Noir**](https://github.com/noir-lang/noir) — the ZK domain-specific language ProveKit compiles from. Circuits are authored in Noir, compiled to ACIR via nargo, and lowered to R1CS by ProveKit's compiler.
+- [**Noir**](https://github.com/noir-lang/noir) — the ZK DSL we compile from. Write your circuit in Noir, run nargo to get ACIR, and ProveKit handles the rest.

From 02b4875517edc8dde54119aaddf1f0ed634ec3d2 Mon Sep 17 00:00:00 2001
From: Shubham Gupta <shubham.gupta2956@gmail.com>
Date: Wed, 29 Apr 2026 00:45:49 +0530
Subject: [PATCH 5/8] docs(readme): remove em dashes and apply direct
 reader-facing tone

---
 README.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 991a8d79d..6cc96aeee 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@
 
 </div>
 
-ProveKit takes a Noir circuit, lowers it to R1CS, and proves it with WHIR. Built for mobile and constrained environments — ships with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI for iOS and Android. There's also a gnark recursive verifier that wraps WHIR proofs in Groth16 for on-chain verification.
+ProveKit lets you take a Noir circuit, compile it to R1CS, and generate a WHIR proof. It's built for mobile and constrained environments and ships with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI for iOS and Android. If you need on-chain verification, there's a gnark recursive verifier that wraps proofs in Groth16.
 
 ---
 
@@ -49,7 +49,7 @@ graph TD
 
 | Layer | Crate | Description |
 | :--- | :--- | :--- |
-| CLI | `tooling/cli/` | `provekit-cli` — prepare, prove, verify, inspect |
+| CLI | `tooling/cli/` | `provekit-cli`: prepare, prove, verify, inspect |
 | Prover / Verifier | `provekit/prover/`<br>`provekit/verifier/` | WHIR sumcheck, witness solving, commitment |
 | Compiler | `provekit/r1cs-compiler/` | Noir ACIR → R1CS with constraint optimizations |
 | Hash engine | `skyscraper/` | Custom BN254 hash with SIMD-accelerated field arithmetic |
@@ -60,7 +60,7 @@ graph TD
 
 ## Example
 
-Prove knowledge of inputs `(a, b)` satisfying `(a + b) * (a - b) == result` — a circuit from [`noir-examples/basic-4`](./noir-examples/basic-4/):
+Here's [`noir-examples/basic-4`](./noir-examples/basic-4/), which proves knowledge of inputs `(a, b)` satisfying `(a + b) * (a - b) == result`:
 
 ```rust
 fn main(a: Field, b: Field) -> pub Field {
@@ -95,7 +95,7 @@ noirup --version v1.0.0-beta.11
 <details>
 <summary><strong>2. Compile a circuit</strong></summary><br>
 
-Using `poseidon-rounds` as the example:
+The steps below use `poseidon-rounds` as the example circuit.
 
 ```sh
 cd noir-examples/poseidon-rounds
@@ -156,7 +156,7 @@ cargo test -p provekit-bench --bench bench
 | [Samply](https://github.com/mstange/samply) | CPU flamegraphs | `samply record -r 10000 -- ./target/release/provekit-cli prove ...` |
 | [Instruments](https://crates.io/crates/cargo-instruments) | Allocations (macOS only) | `cargo instruments --template Allocations --release --bin provekit-cli prove ...` |
 
-To inspect without running a proof:
+If you want to inspect without running a proof:
 ```sh
 provekit-cli circuit_stats ./target/basic.json      # constraint count and R1CS structure
 provekit-cli analyze-pkp ./prover.pkp               # proving key size breakdown
@@ -167,10 +167,10 @@ provekit-cli show-inputs ./verifier.pkv ./proof.np  # public input names and val
 
 ## Acknowledgements
 
-- [**WHIR**](https://github.com/WizardOfMenlo/whir) — the polynomial commitment scheme and sumcheck protocol the proof system is built on. `WhirR1CSScheme` wraps it for R1CS satisfiability over BN254.
+- [**WHIR**](https://github.com/WizardOfMenlo/whir): the polynomial commitment scheme and sumcheck protocol the proof system is built on. `WhirR1CSScheme` wraps it for R1CS satisfiability over BN254.
 
-- [**Spongefish**](https://github.com/arkworks-rs/spongefish) — Fiat-Shamir library from arkworks. All transcript construction and challenge derivation goes through its `DuplexSponge` API.
+- [**Spongefish**](https://github.com/arkworks-rs/spongefish): Fiat-Shamir library from arkworks. All transcript construction and challenge derivation goes through its `DuplexSponge` API.
 
-- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper) — Go implementation of the Skyscraper hash. The recursive verifier needs it to reproduce the same Merkle commitments as the Rust prover.
+- [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper): Go implementation of the Skyscraper hash. The recursive verifier needs it to reproduce the same Merkle commitments as the Rust prover.
 
-- [**Noir**](https://github.com/noir-lang/noir) — the ZK DSL we compile from. Write your circuit in Noir, run nargo to get ACIR, and ProveKit handles the rest.
+- [**Noir**](https://github.com/noir-lang/noir): the ZK DSL we compile from. Write your circuit in Noir, run nargo to get ACIR, and ProveKit handles the rest.

From 96ee7a25eaa1aa28e70d2d8db05827276faa2c4c Mon Sep 17 00:00:00 2001
From: Aditya Bisht <adityabisht64@gmail.com>
Date: Thu, 7 May 2026 17:04:23 +0530
Subject: [PATCH 6/8] Align v1 README positioning

The v1 README now carries over the product-positioning fixes from the README PR while keeping v1-specific facts intact: Noir compiles to R1CS, WHIR proofs are generated and verified through the Spartan-style R1CS path, SIMD field arithmetic and memory-efficient behavior are highlighted without calling ProveKit mobile-optimized, FFI host languages are named, and recursive verification is described in terms of the v1 prover-key/proof export flow for on-chain Groth16 wrappers.\n\nConstraint: PR #421 targets v1 and uses generate-gnark-inputs with a prover key, not a verifier key.\nRejected: Cherry-pick the main-branch README commits verbatim | the v1 README structure and CLI facts differ.\nConfidence: high\nScope-risk: narrow\nTested: git diff --check -- README.md\nNot-tested: Full README example pipeline; rendered GitHub Markdown preview.
---
 README.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6cc96aeee..35aae0462 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,14 @@
 
 </div>
 
-ProveKit lets you take a Noir circuit, compile it to R1CS, and generate a WHIR proof. It's built for mobile and constrained environments and ships with a custom BN254 hash engine ([Skyscraper](skyscraper/)), swap-to-disk memory management, and C FFI for iOS and Android. If you need on-chain verification, there's a gnark recursive verifier that wraps proofs in Groth16.
+ProveKit is a zero-knowledge proof system toolkit that compiles [Noir](https://noir-lang.org/) programs to R1CS constraints and generates and verifies [WHIR](https://github.com/WizardOfMenlo/whir) proofs using a Spartan-style R1CS protocol. It includes custom SIMD-accelerated field arithmetic, memory-efficient algorithms for resource-constrained environments, C-compatible FFI, and recursive verification support for on-chain Groth16 applications.
+
+## Why ProveKit
+
+- **Noir frontend:** write circuits in Noir and use ProveKit to prepare keys, prove, and verify with one CLI.
+- **Post-quantum secure proofs:** produce WHIR proofs designed around post-quantum security assumptions.
+- **Integration-ready surface:** use ProveKit from Rust or from C-compatible FFI hosts such as Swift, Kotlin, Python, and JavaScript.
+- **Recursive verifier for on-chain Groth16:** export prover-key/proof data for the gnark recursive verifier when an on-chain Groth16 wrapper is required.
 
 ---
 
@@ -54,7 +61,7 @@ graph TD
 | Compiler | `provekit/r1cs-compiler/` | Noir ACIR → R1CS with constraint optimizations |
 | Hash engine | `skyscraper/` | Custom BN254 hash with SIMD-accelerated field arithmetic |
 | Interop | `tooling/provekit-gnark/`<br>`gnark-whir/` | Rust ↔ Go/gnark bridge for recursive verification |
-| FFI | `tooling/provekit-ffi/` | C-compatible bindings for iOS, Android, and Python |
+| FFI | `tooling/provekit-ffi/` | C-compatible bindings for Swift/iOS, Kotlin/Android, Python, JavaScript, and other FFI hosts |
 
 ---
 

From d65c7d1ccc19585af6d126582816834e0adf374a Mon Sep 17 00:00:00 2001
From: Aditya Bisht <adityabisht64@gmail.com>
Date: Thu, 7 May 2026 17:18:39 +0530
Subject: [PATCH 7/8] Expand v1 README repository map

The v1 README now maps the requested workspace crates and relevant repository surfaces explicitly: common, r1cs compiler, prover, verifier, CLI, benchmark, FFI, gnark export, verifier server, NTT, recursive verifier, Skyscraper, and Noir examples. The old combined rows were split and the stale gnark-whir path was replaced with real v1 paths.\n\nConstraint: User requested the repository-map additions for PR #421 and v1 correctness.\nRejected: Keeping a Crates-only heading | noir-examples and recursive-verifier are relevant repository surfaces but not Rust crates.\nConfidence: high\nScope-risk: narrow\nTested: git diff --check -- README.md; verified requested paths exist in v1 worktree.\nNot-tested: Rendered GitHub Markdown preview.
---
 README.md | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 35aae0462..c34794bdf 100644
--- a/README.md
+++ b/README.md
@@ -52,16 +52,23 @@ graph TD
     V -->|Validates| G
 ```
 
-### Crates
-
-| Layer | Crate | Description |
-| :--- | :--- | :--- |
-| CLI | `tooling/cli/` | `provekit-cli`: prepare, prove, verify, inspect |
-| Prover / Verifier | `provekit/prover/`<br>`provekit/verifier/` | WHIR sumcheck, witness solving, commitment |
-| Compiler | `provekit/r1cs-compiler/` | Noir ACIR → R1CS with constraint optimizations |
-| Hash engine | `skyscraper/` | Custom BN254 hash with SIMD-accelerated field arithmetic |
-| Interop | `tooling/provekit-gnark/`<br>`gnark-whir/` | Rust ↔ Go/gnark bridge for recursive verification |
-| FFI | `tooling/provekit-ffi/` | C-compatible bindings for Swift/iOS, Kotlin/Android, Python, JavaScript, and other FFI hosts |
+### Repository Map
+
+| Layer | Path | Crate/package | Description |
+| :--- | :--- | :--- | :--- |
+| Common types | `provekit/common/` | `provekit-common` | Shared R1CS, witness, proof, key, serialization, and transcript utilities |
+| Compiler | `provekit/r1cs-compiler/` | `provekit-r1cs-compiler` | Noir ACIR → R1CS with constraint optimizations |
+| Prover | `provekit/prover/` | `provekit-prover` | WHIR proving, witness solving, R1CS compression, and commitments |
+| Verifier | `provekit/verifier/` | `provekit-verifier` | WHIR verification, transcript replay, sumcheck checks, and public input binding |
+| CLI | `tooling/cli/` | `provekit-cli` | Commands for prepare, prove, verify, inspection, and gnark input generation |
+| Benchmarks | `tooling/provekit-bench/` | `provekit-bench` | Benchmark utilities and regression coverage for proving workflows |
+| FFI | `tooling/provekit-ffi/` | `provekit-ffi` | C-compatible bindings for Swift/iOS, Kotlin/Android, Python, JavaScript, and other FFI hosts |
+| Gnark export | `tooling/provekit-gnark/` | `provekit-gnark` | Rust-side export/config bridge for recursive verification artifacts |
+| Verifier server | `tooling/verifier-server/` | `verifier-server` | HTTP server that orchestrates Rust proof handling and Go verifier execution |
+| NTT | `ntt/` | `provekit-ntt` | Number Theoretic Transform implementation for BN254 polynomial evaluation paths |
+| Hash engine | `skyscraper/` | first-party Skyscraper crates | Custom BN254 hash and SIMD-accelerated field arithmetic support |
+| Recursive verifier | `recursive-verifier/` | Go module | Go + gnark recursive verifier for on-chain Groth16 wrappers |
+| Examples | `noir-examples/` | Noir packages | Noir example circuits and R1CS compiler test programs |
 
 ---
 

From ba8797e3d69b194a42f715d0d2d324010797ff2c Mon Sep 17 00:00:00 2001
From: Aditya Bisht <adityabisht64@gmail.com>
Date: Thu, 7 May 2026 17:28:18 +0530
Subject: [PATCH 8/8] Harmonize v1 README structure

The v1 README now follows the same public structure as the main README: title, product positioning, Why ProveKit, Quick Start, command reference, How It Works, example circuit, repository map, advanced usage, project status, contributing, acknowledgements, and license. The content keeps v1-specific CLI facts intact, including nargo v1.0.0-beta.11, explicit compiled-artifact prepare input, circuit_stats, and generate-gnark-inputs using a prover key plus proof.\n\nConstraint: PR #421 targets v1, whose CLI differs from main and does not use the main branch zero-arg prepare/prove/verify flow.\nRejected: Copy main README verbatim | would introduce incorrect v1 CLI claims such as main-style defaults and verifier-key recursive export wording.\nConfidence: high\nScope-risk: narrow\nTested: git diff --check -- README.md; verified referenced local links and v1-specific CLI command names/arguments.\nNot-tested: Full nargo/provekit example execution; rendered GitHub Markdown preview.
---
 README.md | 207 +++++++++++++++++++++---------------------------------
 1 file changed, 81 insertions(+), 126 deletions(-)

diff --git a/README.md b/README.md
index c34794bdf..421e8a815 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+# ProveKit
+
 <div align="center">
 
 <img src="./assets/banner.png" alt="ProveKit" width="100%" />
@@ -6,11 +8,11 @@
 [![Rust](https://img.shields.io/badge/rust-nightly-e32828?style=flat-square&logo=rust)](https://rustup.rs/)
 [![License](https://img.shields.io/badge/license-MIT%20%2F%20Apache_2.0-blue?style=flat-square)](./License.md)
 
-[Getting Started](#getting-started) · [Examples](./noir-examples/) · [Contributing](./CONTRIBUTING.md) · [Issues](https://github.com/worldfnd/provekit/issues)
+[Quick Start](#quick-start) · [How It Works](#how-it-works) · [Examples](./noir-examples/) · [Repository Map](#repository-map) · [Contributing](./CONTRIBUTING.md)
 
 </div>
 
-ProveKit is a zero-knowledge proof system toolkit that compiles [Noir](https://noir-lang.org/) programs to R1CS constraints and generates and verifies [WHIR](https://github.com/WizardOfMenlo/whir) proofs using a Spartan-style R1CS protocol. It includes custom SIMD-accelerated field arithmetic, memory-efficient algorithms for resource-constrained environments, C-compatible FFI, and recursive verification support for on-chain Groth16 applications.
+ProveKit is a zero-knowledge proof system toolkit that compiles [Noir](https://noir-lang.org/) programs to R1CS constraints and generates and verifies [WHIR](https://github.com/WizardOfMenlo/whir) proofs using a Spartan-based protocol. It includes custom SIMD-accelerated field arithmetic, memory-efficient algorithms for resource-constrained environments, C-compatible FFI, and recursive verification support for on-chain Groth16 applications.
 
 ## Why ProveKit
 
@@ -19,70 +21,21 @@ ProveKit is a zero-knowledge proof system toolkit that compiles [Noir](https://n
 - **Integration-ready surface:** use ProveKit from Rust or from C-compatible FFI hosts such as Swift, Kotlin, Python, and JavaScript.
 - **Recursive verifier for on-chain Groth16:** export prover-key/proof data for the gnark recursive verifier when an on-chain Groth16 wrapper is required.
 
----
+## Quick Start
 
-## Architecture
+### Prerequisites
 
-```mermaid
-graph TD
-    subgraph Development
-        N[Noir .nr Source]
-    end
-
-    subgraph ProveKit Pipeline
-        C{provekit-cli prepare}
-        PK(.pkp Proving Key)
-        VK(.pkv Verification Key)
-        P((Prover Engine))
-        V((Verifier Engine))
-    end
-
-    subgraph Integration
-        G[Gnark Recursive Verifier]
-    end
-
-    N -->|nargo| C
-    C --> PK
-    C --> VK
-
-    PK --> P
-    P -- proof.np --> V
-    VK --> V
-
-    V -->|Validates| G
-```
+Install Rust with `rustup`. This repository includes `rust-toolchain.toml`, so Cargo picks the pinned nightly automatically.
 
-### Repository Map
+Install nargo `v1.0.0-beta.11`:
 
-| Layer | Path | Crate/package | Description |
-| :--- | :--- | :--- | :--- |
-| Common types | `provekit/common/` | `provekit-common` | Shared R1CS, witness, proof, key, serialization, and transcript utilities |
-| Compiler | `provekit/r1cs-compiler/` | `provekit-r1cs-compiler` | Noir ACIR → R1CS with constraint optimizations |
-| Prover | `provekit/prover/` | `provekit-prover` | WHIR proving, witness solving, R1CS compression, and commitments |
-| Verifier | `provekit/verifier/` | `provekit-verifier` | WHIR verification, transcript replay, sumcheck checks, and public input binding |
-| CLI | `tooling/cli/` | `provekit-cli` | Commands for prepare, prove, verify, inspection, and gnark input generation |
-| Benchmarks | `tooling/provekit-bench/` | `provekit-bench` | Benchmark utilities and regression coverage for proving workflows |
-| FFI | `tooling/provekit-ffi/` | `provekit-ffi` | C-compatible bindings for Swift/iOS, Kotlin/Android, Python, JavaScript, and other FFI hosts |
-| Gnark export | `tooling/provekit-gnark/` | `provekit-gnark` | Rust-side export/config bridge for recursive verification artifacts |
-| Verifier server | `tooling/verifier-server/` | `verifier-server` | HTTP server that orchestrates Rust proof handling and Go verifier execution |
-| NTT | `ntt/` | `provekit-ntt` | Number Theoretic Transform implementation for BN254 polynomial evaluation paths |
-| Hash engine | `skyscraper/` | first-party Skyscraper crates | Custom BN254 hash and SIMD-accelerated field arithmetic support |
-| Recursive verifier | `recursive-verifier/` | Go module | Go + gnark recursive verifier for on-chain Groth16 wrappers |
-| Examples | `noir-examples/` | Noir packages | Noir example circuits and R1CS compiler test programs |
-
----
-
-## Example
+```sh
+noirup --version v1.0.0-beta.11
+```
 
-Here's [`noir-examples/basic-4`](./noir-examples/basic-4/), which proves knowledge of inputs `(a, b)` satisfying `(a + b) * (a - b) == result`:
+### Run a proof
 
-```rust
-fn main(a: Field, b: Field) -> pub Field {
-    let sum = a + b;
-    let diff = a - b;
-    sum * diff
-}
-```
+The smallest v1 end-to-end path is the [`noir-examples/basic-4`](./noir-examples/basic-4/) package:
 
 ```sh
 cd noir-examples/basic-4
@@ -92,99 +45,101 @@ cargo run --release --bin provekit-cli prove prover.pkp Prover.toml -o proof.np
 cargo run --release --bin provekit-cli verify verifier.pkv proof.np
 ```
 
----
+`prepare` reads the compiled Noir artifact and writes a **ProveKit Prover** key (`.pkp`) and a **ProveKit Verifier** key (`.pkv`). `prove` reads the PKP plus `Prover.toml` and writes `proof.np`. `verify` reads the PKV and the proof.
 
-## Getting Started
+### Command reference
 
-You need nargo `v1.0.0-beta.11` and Rust nightly. Toolchain is pinned in `rust-toolchain.toml`; rustup picks it up automatically.
-
-<details>
-<summary><strong>1. Install nargo</strong></summary><br>
-
-```sh
-noirup --version v1.0.0-beta.11
-```
-</details>
-
-<details>
-<summary><strong>2. Compile a circuit</strong></summary><br>
+| Command | Purpose | Key options |
+| :--- | :--- | :--- |
+| `prepare` | Read a compiled Noir artifact and write prover/verifier keys | positional compiled artifact, `--pkp`/`-p`, `--pkv`/`-v` |
+| `prove` | Produce `proof.np` from a prover key and inputs | positional prover key, positional `Prover.toml`, `--out`/`-o` |
+| `verify` | Verify a proof against a verifier key | positional verifier key, positional proof |
+| `generate-gnark-inputs` | Export recursive-verifier inputs | positional prover key, positional proof, `--proof`, `--params`, `--r1cs` |
 
-The steps below use `poseidon-rounds` as the example circuit.
+## How It Works
 
-```sh
-cd noir-examples/poseidon-rounds
-nargo compile
-cargo run --release --bin provekit-cli prepare ./target/basic.json --pkp ./prover.pkp --pkv ./verifier.pkv
+```mermaid
+graph LR
+    Noir[Noir source<br/>.nr] -->|nargo compile| ACIR[ACIR artifact<br/>target/*.json]
+    ACIR -->|provekit-cli prepare| R1CS[R1CS<br/>+ witness builders]
+    R1CS --> PKP[(.pkp<br/>prover key)]
+    R1CS --> PKV[(.pkv<br/>verifier key)]
+    Inputs[Prover.toml] --> Prover((Prover))
+    PKP --> Prover
+    Prover --> Proof[proof.np]
+    PKV --> Verifier((Verifier))
+    Proof --> Verifier
+    PKP -.-> GnarkInputs[generate-gnark-inputs]
+    Proof -.-> GnarkInputs
+    GnarkInputs -.-> Recursive[Go/gnark<br/>recursive verifier]
+    Recursive --> Groth16[Groth16 proof]
 ```
-</details>
 
-<details open>
-<summary><strong>3. Prove and verify</strong></summary><br>
+The v1 frontend starts from a Noir artifact produced by `nargo compile`. `provekit-cli prepare` lowers that artifact into R1CS, constructs witness builders, and writes `.pkp`/`.pkv` key files. Recursive verification exports use the `.pkp` prover key plus `proof.np` because the v1 CLI needs prover-side WHIR/R1CS parameters to create the gnark input files.
 
-```sh
-# Generate a proof
-cargo run --release --bin provekit-cli prove ./prover.pkp ./Prover.toml -o ./proof.np
+## Example Circuit
 
-# Verify locally
-cargo run --release --bin provekit-cli verify ./verifier.pkv ./proof.np
-```
-
-**Recursive on-chain verification:**
-```sh
-cargo run --release --bin provekit-cli generate-gnark-inputs ./prover.pkp ./proof.np
+[`noir-examples/basic-4`](./noir-examples/basic-4/) proves knowledge of inputs `(a, b)` satisfying `(a + b) * (a - b) == result`:
 
-cd ../../recursive-verifier
-go run cmd/cli/main.go \
-  --config ../noir-examples/poseidon-rounds/params_for_recursive_verifier \
-  --r1cs ../noir-examples/poseidon-rounds/r1cs.json
+```rust
+fn main(a: Field, b: Field) -> pub Field {
+    let sum = a + b;
+    let diff = a - b;
+    sum * diff
+}
 ```
-</details>
 
-<details>
-<summary><strong>4. Benchmark</strong></summary><br>
+For larger circuits and integration experiments, see [`noir-examples/`](./noir-examples/).
 
-Benchmark against [Barretenberg](https://github.com/AztecProtocol/aztec-packages/blob/master/barretenberg/bbup/README.md) with [hyperfine](https://github.com/sharkdp/hyperfine):
+## Repository Map
 
-```sh
-cd noir-examples/poseidon-rounds
-cargo run --release --bin provekit-cli prepare ./target/basic.json --pkp ./prover.pkp --pkv ./verifier.pkv
-hyperfine \
-  'nargo execute && bb prove -b ./target/basic.json -w ./target/basic.gz -o ./target' \
-  '../../target/release/provekit-cli prove ./prover.pkp ./Prover.toml'
-```
+| Layer | Path | Crate/package | Purpose |
+| :--- | :--- | :--- | :--- |
+| Common types | `provekit/common/` | `provekit-common` | Shared R1CS, witness, proof, key, serialization, and transcript utilities |
+| Compiler | `provekit/r1cs-compiler/` | `provekit-r1cs-compiler` | Noir ACIR -> R1CS with constraint optimizations |
+| Prover | `provekit/prover/` | `provekit-prover` | WHIR proving, witness solving, R1CS compression, and commitments |
+| Verifier | `provekit/verifier/` | `provekit-verifier` | WHIR verification, transcript replay, sumcheck checks, and public input binding |
+| CLI | `tooling/cli/` | `provekit-cli` | Commands for prepare, prove, verify, inspection, and gnark input generation |
+| Benchmarks | `tooling/provekit-bench/` | `provekit-bench` | Benchmark utilities and regression coverage for proving workflows |
+| FFI | `tooling/provekit-ffi/` | `provekit-ffi` | C-compatible bindings for Swift/iOS, Kotlin/Android, Python, JavaScript, and other FFI hosts |
+| Gnark export | `tooling/provekit-gnark/` | `provekit-gnark` | Rust-side export/config bridge for recursive verification artifacts |
+| Verifier server | `tooling/verifier-server/` | `verifier-server` | HTTP server that orchestrates Rust proof handling and Go verifier execution |
+| NTT | `ntt/` | `provekit-ntt` | Number Theoretic Transform implementation for BN254 polynomial evaluation paths |
+| Hash engine | `skyscraper/` | first-party Skyscraper crates | Custom BN254 hash and SIMD-accelerated field arithmetic support |
+| Recursive verifier | `recursive-verifier/` | Go module | Go + gnark recursive verifier for on-chain Groth16 wrappers |
+| Examples | `noir-examples/` | Noir packages | Noir example circuits and R1CS compiler test programs |
 
-Internal benchmark suite:
-```sh
-cargo test -p provekit-bench --bench bench
-```
-</details>
+## Advanced Usage
 
----
+- **Recursive verifier inputs:** `provekit-cli generate-gnark-inputs <prover.pkp> <proof.np>` writes `proof_for_recursive_verifier`, `params_for_recursive_verifier`, and `r1cs.json` by default; use `--proof`, `--params`, and `--r1cs` to override those paths.
+- **Inspection commands:** use `circuit_stats` for Noir ACIR/R1CS structure, `analyze-pkp` for prover-key size breakdowns, and `show-inputs` for public inputs.
+- **FFI integration:** start in [`tooling/provekit-ffi/`](tooling/provekit-ffi/) for C ABI headers, mobile build targets, and host-language examples.
+- **Benchmarking:** use [`tooling/provekit-bench/`](tooling/provekit-bench/) for internal benchmark coverage, or compare CLI proof generation with external tools using `hyperfine`.
 
-## Profiling
+### Profiling
 
 | Tool | Measures | Command |
 | :--- | :--- | :--- |
 | Built-in allocator stats | Memory | `cargo run --release --features profiling --bin provekit-cli prove ...` |
-| [Tracy](https://github.com/wolfpld/tracy) | CPU + memory (interactive GUI) | `cargo build --release --features profiling` then run the binary with Tracy listening. On macOS, run `dsymutil` on the binary first to get call stacks. |
+| [Tracy](https://github.com/wolfpld/tracy) | CPU and memory | `cargo build --release --features profiling` then run the binary with Tracy listening. On macOS, run `dsymutil` on the binary first to get call stacks. |
 | [Samply](https://github.com/mstange/samply) | CPU flamegraphs | `samply record -r 10000 -- ./target/release/provekit-cli prove ...` |
-| [Instruments](https://crates.io/crates/cargo-instruments) | Allocations (macOS only) | `cargo instruments --template Allocations --release --bin provekit-cli prove ...` |
+| [Instruments](https://crates.io/crates/cargo-instruments) | Allocations on macOS | `cargo instruments --template Allocations --release --bin provekit-cli prove ...` |
 
-If you want to inspect without running a proof:
-```sh
-provekit-cli circuit_stats ./target/basic.json      # constraint count and R1CS structure
-provekit-cli analyze-pkp ./prover.pkp               # proving key size breakdown
-provekit-cli show-inputs ./verifier.pkv ./proof.np  # public input names and values
-```
+## Project Status
+
+This README documents the `v1` branch, the current stable ProveKit interface. The `main` branch may differ while new proof and key formats are being developed.
 
----
+## Contributing
+
+Contributions are welcome. See [`CONTRIBUTING.md`](./CONTRIBUTING.md) for development guidelines and use the [issue tracker](https://github.com/worldfnd/provekit/issues) for bugs, feature requests, and design discussion.
 
 ## Acknowledgements
 
 - [**WHIR**](https://github.com/WizardOfMenlo/whir): the polynomial commitment scheme and sumcheck protocol the proof system is built on. `WhirR1CSScheme` wraps it for R1CS satisfiability over BN254.
-
 - [**Spongefish**](https://github.com/arkworks-rs/spongefish): Fiat-Shamir library from arkworks. All transcript construction and challenge derivation goes through its `DuplexSponge` API.
-
 - [**gnark-skyscraper**](https://github.com/reilabs/gnark-skyscraper): Go implementation of the Skyscraper hash. The recursive verifier needs it to reproduce the same Merkle commitments as the Rust prover.
-
 - [**Noir**](https://github.com/noir-lang/noir): the ZK DSL we compile from. Write your circuit in Noir, run nargo to get ACIR, and ProveKit handles the rest.
+
+## License
+
+Released under the [MIT / Apache 2.0 licenses](./License.md). Copyright (c) 2026 World Foundation.