# Modern ZK Crypto - Session 2 Lecture Notes **How to use these notes**: These notes are meant to go along with slides and recordings. If you're following along with either the slides or the course recordings, and want to dig deeper into some topic mentioned, look for the appropriate header below for additional links or context. ## What is a zkSNARK? This will be covererd in more detail later, but there are plenty of great resources to understand how zkSNARKs work, their academic lineage, etc. - For folks coming from complexity theory: [a succinct story of zero-knowledge](https://nibnalin.me/dust-nib/a-succinct-story-of-zero-knowledge.html) - [ZCash: What are zkSNARKs?](https://z.cash/technology/zksnarks/) (intro section only; the rest of this starts going deeper into the math) ## circom/snarkjs/zkREPL Demo If you're interested in infrastructure or developer tools, zkREPL is a really cool example of a useful ZK dev tool. Read more about it [here](https://0xparc.org/blog/zkrepl), or watch Kevin Kwok's talk [here](https://www.youtube.com/watch?v=xoN3Ph836n4&list=PLJijNYoOwnssZzIIxfochRxo5QRW5Uvfg&index=16). ### circomlib [circomlib](https://github.com/iden3/circomlib/tree/master/circuits) contains a listing of audited, common circuit buidling blocks. You can find many of the circuits we're discussing today in this library. ### Field size and BN254 All signals in circom are field elements in the prime field of order ``` r = 21888242871839275222246405745257275088548364400416034343698204186575808495617 ``` This is a 254-bit prime known as the BabyJubJub prime. It's the curve order for BN254, a pairing-friendly elliptic curve used by Ethereum and (formerly) ZCash. You can read more about BN254 in Jonathan Wang's excellent document [here](https://hackmd.io/@jpw/bn254). ### (To be filled in after lecture) zkREPL links ## ZK Applications ### zkmessage More information on this is linked in the [Modern ZK Crypto - Session 1 Exercises](/Z7zmx-MLT_uxTd48x-mkoA). ### Dark Forest You can read more about Dark Forest in [this blog post](https://blog.zkga.me/announcing-darkforest). If you're interested in digging deeper, here's a [video](https://youtu.be/1C0z3bR-YdE) (30m) on the "decentralized incomplete information game" paradox, and some ZK constructions for decentralized games. Here's another [video](https://www.youtube.com/watch?v=z7V830zndoA) (30m) on why decentralized games are interesting. ### Tornado Cash Tornado Cash uses the same ZK construction as the anonymous voting app that we discussed in the first session. We dig deeper into how Tornado Cash works [here](https://learn.0xparc.org/materials/circom/learning-group-1/breaking-down-tornado), and we'll discuss it later in the course as well. ### ZKML You can check out a collection of resources for ZKML [here](https://0xparc.notion.site/public-ZK-resources-for-ML-specialists-70770f20778446d596aa340c2f47d4b2).
Last changed by  
gubsheep
1209

Read more

ZK Frontiers: Week 3 Exercises

For this week's exercise, you will write a spec for one of the following proposed applications. If you are working on a project, you're automatically "exempt," as you'll already be building one of these! In your spec, you should: Outline precisely the ZK circuit(s) you'll be using. You can use our template from class if you'd like. Describe the business logic of the major components of the application: the server (what it stores, what it verifies, etc.) smart contracts (if applicable), clients (what they store, what they prove, etc.), and any additional services (for example, an auxiliary server that stores, verifies, and serves Merkle groups). WhaleChat

6/14/2023
ZK Frontiers: Week 2 Exercises

ZK Passwords In this exercise, you will implement a ZK-based password verifier! Instructions can be found in the README of the scaffolding repo. You are aiming to produce something that looks like this video demo. You can start with the scaffolding repo, or you can roll your own from scratch. If you use the scaffold repo, make sure to check out circom-starter, the base repo which this is based on! Extension: make proving happen in-browser. We’ll go over this during next week’s Monday optional session. You may also find this circom and snarkjs diagram useful.

6/6/2023
ZK Frontiers: Week 1 Exercises

This week's exercises are hands-on coding exercises. Try writing the following circuits on your own. If you get stuck, you can check the solutions. We'll go over these circuits in the second Optional Session in Week 2. If you need to look up circom language features or syntax, take a look at the circom docs. I recommend trying to build these circuits in zkREPL, for fast iteration. I recommend doing these exercises in order, as later circuits may build on previous ones. References Field Size All signals in circom are treated as numbers modulo this big prime:

6/1/2023
Zupass Resources for Developers

Zupass Official Repo: https://github.com/proofcarryingdata/zupass The README provides a starting point for devs. Usage Examples for Devs: https://consumer-client.onrender.com This page contains examples for devs on how to integrate Zupass into various application flows, such as authentication, proof generation/consumption. Code for these examples is in the official Zupass repo. Example Application: Zuzalu Confessions: https://confessions-client.onrender.com/ This is a fully-functional anonymous message board built on Zupass, demonstrating authentication and identity-hiding proofs. For development/demonstration/reference purposes only! Zuzalu Confessions Reference Code: https://github.com/proofcarryingdata/zuzalu-confessions

4/11/2023
Read more from gubsheep
Published on HackMD