Skip to main content

Pre-Program Topic Sampler

This resource collection contains several subtopics; some will be more interesting to math/theory-oriented readers (i.e. sections 4 and 5), while others will be more interesting to engineers and builders (i.e. sections 1 and 2).

Each subtopic has a reading list (note that we don't expect you to read everything in any given reading list!) and one or more "quests" to help solidify your understanding.

Section 1 focuses on real production use cases of ZK, including mixers/games/rollup on Ethereum, and ZCash / privacy coins.

Section 2 focuses on resources for building decentralized applications with zkSNARKs.

Section 3 covers trusted setup, a process needed to generate the public parameters of a zkSNARK securely. We include some resources on the underlying mathematics and some resources on actually participating in an MPC.

Section 4 covers the mathematics behind zero knowledge cryptography, which has been studied for a few decades. A basic number theory background will be helpful for understanding this section.

Section 5 touches on the mathematics behind zkSNARKs, a powerful new zero-knowledge gadget first invented in 2012. zkSNARKs first became viable in production in blockchain systems in the last few years; they are something of a "cryptographic nuke." Before approaching this track, you should feel comfortable with everything in Section 4.

Section 0: Introduction​

Everyone looking to understand zero-knowledge cryptography should read this!

Readings​

Quests​

  • Play with this Interactive ZK 3-coloring demo (after reading the "illustrated primer" reading). Try to answer Exercises 1 and 2 at the bottom of the page.

Section 1: ZK Applications in Blockchain​

This is probably the friendliest section for engineering-minded readers.

Readings​

Quests​

  • Post an anonymous message on zkmessage.xyz.
  • Make a private transaction using Tornado.cash.
  • Bring assets onto and make a transaction on the Loopring decentralized exchange.
  • Make a shielded transaction on ZCash.
  • Conquer a planet on Dark Forest. (ask us for an invite key if you're doing this quest!)

Section 2: Building with ZK​

Readings​

Quests​

  • Complete the snarkjs tutorial. Don't worry if steps 1-8 and 15-20 don't make sense just yet; if you want to understand them, section 3 of this Notion document provides more context.
  • Run the circom-starter, zk-browser, and poseidon-tornado repositories.
  • Checkout the puzzle branch of poseidon-tornado, and try to fix the withdraw circuit and smart contractβ€”there are a few errors and intentionally missing pieces!
    • You can check your work by running npm run test to see if unit tests pass.
  • Write a zkSNARK using circom and snarkjs for the MiMC hash function (info). You'll probably want to reference the circomlib library of useful circuits (which includes a MiMC function you can import). Feel free to check out this circuit in the Dark Forest open-source repo, which imports and uses circomlib's MiMC circuit.
  • Take a look at the Dark Forest Modulo circuit. Try to understand why each part is necessary!

Section 3: Trusted Setup and Multi-Party Computation​

Readings​

Radioactive Material From Chernobyl Will Help Secure the Next Version of ZCash (pop science article but a fun read)

The design of the ZCash trusted setup ceremony

Announcing the Perpetual Powers of Tau Ceremony

How the AZTEC Multi-Party Computation Ceremony Works (and a more technical explanation)

Tornado Cash Trusted Setup Ceremony and Completion Announcement

Scalable Multi-party Computation for zk-SNARK Parameters: Math heavy. If you're glancing at this, I'd recommend prioritizing sections 1 and 2 of this paper.

VDFs, or "Proof-of-Time": Not directly related to zkSNARKs, but this is a useful cryptographic gadget used to finalize trusted setup parameters.

Quests​

  • Participate in the Semaphore zkSNARK (Phase 2) Trusted Setup ceremony from your own computer! Follow these instructions to participate. If you're curious, more detailed information about the ceremony can be found here.
  • Participate in the Perpetual Powers of Tau (Phase 1) Trusted Setup ceremony. NOTE: This quest will likely require you to have dedicated hardware and some more technical experience. Documentation on the ceremony is available here.

Section 4: Zero Knowledge Protocols (math-heavy)​

Readings​

MIT 6.857 Lecture 11

Zero-Knowledge Proofs for discrete logs (first section)

Zero-Knowledge Proofs - full formal definition of ZKPs, including quadratic residue example. You probably don't need to go through this whole thing.

Fiat-Shamir Heuristic - a technique that can be used to make interactive zero-knowledge protocols into non-interactive protocols.

Quests​

  • Implement a non-interactive ZKP for discrete log in code! Specifically, you should implement:
    • a function dlogProof(x, g, p) that returns (1) a residue y, evaluated as g^x (mod p) and (2) a proof of knowledge pf that you know x that is the discrete log of y.
    • a function verify(y, g, p, pf) that evaluates to true if pf is a valid proof of knowledge, and false otherwise. The prover should only be able to compute a valid proof with non-negligible probability if they do indeed know valid x.
    • if you need help, a reference implementation in Javascript with comments can be found here.

Understanding Questions

Section 5: zkSNARK Theory (very math-heavy!)​

For those approaching zkSNARKs from a more theoretical perspective.

Readings​