diff --git a/powersoftau.go b/powersoftau.go
index 301718d..444620b 100644
--- a/powersoftau.go
+++ b/powersoftau.go
@@ -1,13 +1,15 @@
 package kzgceremony
 
 import (
+	"fmt"
 	"math/big"
 
 	"github.com/ethereum/go-ethereum/crypto/bls12381"
 )
 
 type Contribution struct {
-	SRS *SRS
+	SRS   *SRS
+	Proof *Proof
 }
 
 type SRS struct {
@@ -20,6 +22,11 @@ type toxicWaste struct {
 	TauG2 *bls12381.PointG2
 }
 
+type Proof struct {
+	G2P    *bls12381.PointG2 // g₂ᵖ
+	G1PTau *bls12381.PointG1 // g₂^τ' = g₂^{p ⋅ τ}
+}
+
 // newEmptySRS creates an empty SRS
 func newEmptySRS(nG1, nG2 int) *SRS {
 	g1s := make([]*bls12381.PointG1, nG1)
@@ -56,10 +63,12 @@ func computeContribution(t *toxicWaste, prevSRS *SRS) *SRS {
 	g2 := bls12381.NewG2()
 	Q := g1.Q() // Q = |G1| == |G2|
 
+	fmt.Println("Computing [τ'⁰]₁, [τ'¹]₁, [τ'²]₁, ..., [τ'ⁿ⁻¹]₁, for n =", len(prevSRS.G1s))
 	for i := 0; i < len(prevSRS.G1s); i++ {
 		tau_i := new(big.Int).Exp(t.tau, big.NewInt(int64(i)), Q)
 		g1.MulScalar(srs.G1s[i], prevSRS.G1s[i], tau_i)
 	}
+	fmt.Println("Computing [τ'⁰]₂, [τ'¹]₂, [τ'²]₂, ..., [τ'ⁿ⁻¹]₂, for n =", len(prevSRS.G2s))
 	for i := 0; i < len(prevSRS.G2s); i++ {
 		tau_i := new(big.Int).Exp(t.tau, big.NewInt(int64(i)), Q)
 		g2.MulScalar(srs.G2s[i], prevSRS.G2s[i], tau_i)
@@ -68,6 +77,14 @@ func computeContribution(t *toxicWaste, prevSRS *SRS) *SRS {
 	return srs
 }
 
+func genProof(toxicWaste *toxicWaste, prevSRS, newSRS *SRS) *Proof {
+	g1 := bls12381.NewG1()
+	G1_p := g1.New()
+	g1.MulScalar(G1_p, prevSRS.G1s[1], toxicWaste.tau) // g_1^{tau'} = g_1^{p * tau}, where p=toxicWaste.tau
+
+	return &Proof{toxicWaste.TauG2, G1_p}
+}
+
 // Contribute
 func Contribute(prevSRS *SRS, randomness []byte) (Contribution, error) {
 	// set tau from randomness
@@ -75,5 +92,19 @@ func Contribute(prevSRS *SRS, randomness []byte) (Contribution, error) {
 
 	newSRS := computeContribution(tw, prevSRS)
 
-	return Contribution{SRS: newSRS}, nil
+	proof := genProof(tw, prevSRS, newSRS)
+
+	return Contribution{SRS: newSRS, Proof: proof}, nil
+}
+
+func Verify(prevSRS, newSRS *SRS, proof *Proof) bool {
+	g1 := bls12381.NewG1()
+
+	// check proof.G1PTau == newSRS.G1s[1]
+	if !g1.Equal(proof.G1PTau, newSRS.G1s[1]) {
+		return false
+	}
+
+	// WIP!
+	return true
 }
diff --git a/powersoftau_test.go b/powersoftau_test.go
index 47ec836..37234af 100644
--- a/powersoftau_test.go
+++ b/powersoftau_test.go
@@ -14,6 +14,9 @@ func TestContribute(t *testing.T) {
 	contr_1, err := Contribute(srs_0, []byte("1111111111111111111111111111111111111111111111111111111111111111"))
 	c.Assert(err, qt.IsNil)
 
-	_, err = Contribute(contr_1.SRS, []byte("2222222222222222222222222222222222222222222222222222222222222222"))
+	c.Assert(Verify(srs_0, contr_1.SRS, contr_1.Proof), qt.IsTrue)
+
+	contr_2, err := Contribute(contr_1.SRS, []byte("2222222222222222222222222222222222222222222222222222222222222222"))
 	c.Assert(err, qt.IsNil)
+	c.Assert(Verify(contr_1.SRS, contr_2.SRS, contr_2.Proof), qt.IsTrue)
 }