Introduction to ZK
Description​
In this session, we cover the goals of the Applied ZK Learning Group, and make a conceptual introduction to zero-knowledge proofs. We discuss zkSNARKs and a few of their applications.
🔑 Zero-knowledge proofs are a way to prove a statement is true without revealing anything beyond the truthiness of the statement. In the map 3-coloring problem, ZK allows you to prove that you can color in each region on a map using one of three colors, such that no two adjacent regions are the same color, without having to show how you colored the map.
Pre-Session Reading/Setup​
To ensure that we can hit the ground running, we have a handful of readings and tutorials for you to check out over the weekend. If you want to dig deeper, feel free to check out the pre-program topic sampler.
Introduction to Zero-Knowledge​
If you aren't already familiar with zero-knowledge proofs conceptually, take a look at some of the articles below, and try out the interactive demo applet.
Readings​
ZKPs for Engineers: Introduction (read sections "What are ZKPs" and "What are SNARKs")
[Optional] Zero Knowledge Proofs: An Illustrated Primer (section with hat example is good)
[Optional] Privacy in Cryptocurrencies: An Overview - only briefly touches on ZKPs, but helpful context for why blockchains care about this kind of privacy tech
Quests​
Play with this Interactive ZK 3-coloring demo (after reading the "illustrated primer" reading). Try to answer Exercises 1 and 2 at the bottom of the page.
Development Environment​
- Make sure that you have node.js version 14 or above installed on your system. Node version manager is a helpful tool that allows you to install and manage different node versions.
- Most of our materials and sample repos use circom 1.0, but a new release of circom (2.0) was recently published. If you wish to use circom 2.0 in your projects, you'll want Rust available on your system.
- If you have extra time, you may also be interested in playing around with Ethereum smart contracts, which are written in Solidity. Check out Austin Griffith's scaffold-eth resources.
Slides Link(s)
https://docs.google.com/presentation/d/1Z-aYG9y-UbYnK1yh58W4a1KdOqevmxPEOJiZkHfyAW8/edit?usp=sharing
Introduction to Ethereum​
One reason that zkSNARKs are exciting is because they enable a new class of decentralized applications—applications which are able to maintain a meaningful notion of private state. This is traditionally difficult on decentralized systems because many of these systems, by design, have completely open and transparent data layers.
Some examples of decentralized applications that are made possible by zkSNARKs include marketplaces for encrypted data, "mixer" smart contracts that allow for anonymous cryptocurrency transfers, and message boards that allow for anonymous but reputation-proving message signatures.
In this program, we'll generally focus on zkSNARK applications on the Ethereum smart contract platform (though the same concepts are applicable to applications built on top of any "programmable blockchain"). If you aren't familiar with Ethereum, we highly recommend that you go through the tutorial and article series below (takes about 2-3hr).
Read About ZK Applications​
If you have extra time and are curious to read about applications of zkSNARKs that currently exist in production, check out some of the articles below. We'll have an "overview of ZK Apps" session in our first week as well.
ZK Rollup: Making Scalable Blockchains Possible
Loopring Lauches zkRollup Exchange
Introducing Private Transactions on Ethereum Now
To Mixers and Beyond: presenting Semaphore, a privacy gadget built on Ethereum
Announcing Dark Forest (talk video)
Check-in Questions​
(1) Prover & Verifier: In a general ZK protocol, what is the goal of the prover? How about the verifier?
(2) zk-SNARK Properties: What does the zero-knowledge property of a zkSNARK mean? How about the succinctness property?
Sample Answers
(1) Prover & Verifier: The goal of the prover is to provide a proof that some statement is true, without revealing anything further than the truthiness of the statement. The goal of the verifier is to either accept a valid proof or reject an invalid proof with very high probability. Also note that in an interactive protocol, the prover and the verifier interact by sending messages back-and-forth. zkSNARKs are non-interactive, which means there is no back-and-forth communication: the prover just sends the proof to the verifier.
The lecture video walks through the map 3-coloring problem, which is an example of an interactive protocol. The goal of the prover is to show that they know how to color a map such that no colors touch each other without revealing the colored map to the verifier. If the prover has a valid coloring solution, then the verifier should accept the proof (a concept called completeness). However, if the prover doesn’t have a valid coloring solution, then the verifier should reject the proof (called soundness). Because this communication is interactive, the prover reveals two countries at a time to the verifier, over and over again.
(2) zk-SNARK Properties: Zero-knowledge means that the prover’s private inputs to the protocol are hidden from the verifier. Succinct means that the prover can construct short proofs that the verifier can verify quickly, which is important because the verifier’s computation resources (like a browser) are often quite limited.