An outline of a protocol for implementing a decentralized version of zk Mafia with no trusted third party. Setup The game setup requires building a Semaphore membership group, creating a deck with the desired distribution of roles, shuffling & dealing the cards, allowing each user to peek at their role, and setting up the state that must be tracked & updated during gameplay. Creating the game a user clicks "Start new game" a new Semaphore group is created (set parameters at this point) the player joins the game (all steps from Joining the game below)

March 07, 2022 This puzzle was called "There's something in the AIR", and was based around a STARK Prover and Verifier built with Winterfell that used a broken AIR. There were two possible solutions that exploited two different sets of missing constraints within the AIR. The puzzle involves the following: private key: 4 field elements (priv_key) public key: hash(priv_key, [0, 0, 0, 0]) access set: a merkle tree whose leaves are the public keys in the set. Membership in the access set can be verified by computing the merkle root of the access set from a member's public key and the corresponding merkle path. topic: a string representing the topic on which members of the access set can vote

Goal: be able to explain, build, and build on top of STARKs. Method: each section (reading/watching/doing) is ordered, but mix & match between sections to optimize for focus, repetition, and direct practice. Thanks to Miden, Winterfell and ZK Hack discord for excellent resource curation. Reading By StarkWare: STARK 101 Mathematical Primer (wayback machine) STARK Math: The Journey Begins

by grjte This puzzle, built by Aleo, marks the halfway point of the incredibly fun learning experience that is ZK Hack. If you haven't had a chance to participate yet, I highly recommend jumping in, even if you are completely new to zero knowledge and cryptography. Speaking as someone who hadn't explored either one prior to ZK Hack, the background resources, events, and puzzle challenges provide a fantastic bootcamp. Onwards to the puzzle! The Setup You can get access the puzzle repo here. The puzzle description describes the setup for a new "zero-knowledge inner-product proof" and challenges us to recover the prover's secret $\vec{a}$. Here it is for reference:

by grjte Another week, another fun ZK Hack puzzle to solve! This week's puzzle comes from the team at Anoma. The puzzle repo with the description is here. For this puzzle, there were a few resources that I found particularly helpful for learning about the roots of unity (aka the evaluation domain): PLONK By Hand Part 1 and Part 2 Vitalik's article on PLONK

by grjte Welcome back for ZK Hack Puzzle #5, by Aleo! This week's puzzle went straight to the core of non-interactive proof constructions with a focus on the Fiat-Shamir heuristic, the most efficient and most common way of transforming interactive proofs into non-interactive ones. The puzzle repository is here, and this is the puzzle description for reference: Shallan recently found a proof system (see below) that enables proving that two Pedersen commitments commit to the same message (but with potentially different