# Modern ZK Crypto - Session 1 Exercises
Today's exercises are mostly taken from this [ZK Topic Sampler](https://learn.0xparc.org/materials/circom/prereq-materials/topic-sampler/).
## ZKP for 3-coloring Demo
Visit http://web.mit.edu/~ezyang/Public/graph/svg.html and play around with the interactive demo. This is a programmatic version of the 3-coloring example we went over in class.
- Answer Exercise 1 at the bottom of the page.
## Optional - ZKP for DLOG
Implement a non-interactive ZKP for discrete log in code! To do this, you'll need to read and understand the first section of [this handout](https://people.eecs.berkeley.edu/~jfc/cs174/lecs/lec24/lec24.pdf), as well as the [Fiat-Shamir heuristic](https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic).
Specifically, you should implement:
- a function dlogProof(x, g, p) that returns (1) a residue y, evaluated as g^x (mod p) and (2) a proof of knowledge pf that you know x that is the discrete log of y.
- a function verify(y, g, p, pf) that evaluates to true if pf is a valid proof of knowledge, and false otherwise. The prover should only be able to compute a valid proof with non-negligible probability if they do indeed know valid x.
If you need help, a reference implementation in Javascript with comments can be found [here](https://github.com/gubsheep/zk-beginner). This exercise may take you a few hours.
For an additional challenge, try implementing a non-interactive ZKP for proof of 3-coloring as well!
## zkmessage.xyz
Create an account and post a message on [zkmessage](https://zkmessage.xyz), a zkSNARK-powered anonymous message board.
- Explain why you need to generate and save a "secret" value.
- Write out a plain-English explanation of what statement is being proven in ZK.
- Log into the same zkmessage account, from a different browser or computer. Explain why zkmessage can't just use a simple "username/password" system like most social apps.
If you're curious, we go much deeper into the construction of zkmessage [here](https://0xparc.org/blog/zk-group-sigs).

For this week's exercise, you will write a spec for one of the following proposed applications. If you are working on a project, you're automatically "exempt," as you'll already be building one of these! In your spec, you should: Outline precisely the ZK circuit(s) you'll be using. You can use our template from class if you'd like. Describe the business logic of the major components of the application: the server (what it stores, what it verifies, etc.) smart contracts (if applicable), clients (what they store, what they prove, etc.), and any additional services (for example, an auxiliary server that stores, verifies, and serves Merkle groups). WhaleChat

6/14/2023ZK Passwords In this exercise, you will implement a ZK-based password verifier! Instructions can be found in the README of the scaffolding repo. You are aiming to produce something that looks like this video demo. You can start with the scaffolding repo, or you can roll your own from scratch. If you use the scaffold repo, make sure to check out circom-starter, the base repo which this is based on! Extension: make proving happen in-browser. We’ll go over this during next week’s Monday optional session. You may also find this circom and snarkjs diagram useful.

6/6/2023This week's exercises are hands-on coding exercises. Try writing the following circuits on your own. If you get stuck, you can check the solutions. We'll go over these circuits in the second Optional Session in Week 2. If you need to look up circom language features or syntax, take a look at the circom docs. I recommend trying to build these circuits in zkREPL, for fast iteration. I recommend doing these exercises in order, as later circuits may build on previous ones. References Field Size All signals in circom are treated as numbers modulo this big prime:

6/1/2023Zupass Official Repo: https://github.com/proofcarryingdata/zupass The README provides a starting point for devs. Usage Examples for Devs: https://consumer-client.onrender.com This page contains examples for devs on how to integrate Zupass into various application flows, such as authentication, proof generation/consumption. Code for these examples is in the official Zupass repo. Example Application: Zuzalu Confessions: https://confessions-client.onrender.com/ This is a fully-functional anonymous message board built on Zupass, demonstrating authentication and identity-hiding proofs. For development/demonstration/reference purposes only! Zuzalu Confessions Reference Code: https://github.com/proofcarryingdata/zuzalu-confessions

4/11/2023
Published on ** HackMD**