# Zero-Knowledge Proof Guide: 110+ Resources

A curated list of resources regarding Zero-Knowledge Proofs including articles, videos, podcasts, academic research, websites, libraries, tools, plugins, comparison tables, tutorials, and, examples.

This is a curated list of resources regarding Zero-Knowledge Proofs including articles, videos, podcasts, academic research, websites, libraries, tools, plugins, comparison tables, tutorials, and, examples.

*Please check the contribution guidelines for info on formatting and writing pull requests.*

## General introduction

Zero-Knowledge Proofs Starter Pack: alternative introductory list for beginners (more videos).

- Zero Knowledge Proofs: An illustrated primer by Matthew Green
- Demystifying zero-knowledge proofs (math-heavy, awesome introduction into underlying cryptography)
- Introduction to SNARKs/STARKs by Eli Ben-Sasson (YouTube)
- [Podcast] Zero Knowledge FM: Intro to Zero-Knowledge Proofs with Anna Rose & Fredrik Harrysson
- On Interactive Proofs and Zero-Knowledge: A Primer
- [Video] What Are Zero-Knowledge Proofs
- [Video] Elad Verbin: Zero-Knowledge Proofs and Their Future Applications at Web3 Summit 2018
- [StackExchange] Comparison between SNARKs, STARKs and Bulletproofs

A Hands-On Tutorial for Zero-Knowledge Proofs by Shir Peled (StarkWare):

More complete curated list of implementations and scientific resources: https://zkp.science

## Courses

## Applications

### Ethereum

- ZK Sync by Matter Labs

ZK SDK

ZK Sync code

ZK Sync live demo - SNARK-based permissioned database: rollup by BarryWhitehat
- Gnosis dFusion: DEX on SNARKs
- Loopring DEX Protocol (v3)
- zkPoD: A Practical Decentralized System for Data Exchange

### Other blockchains

- Zcash: Privacy-Protecting Digital Currency (SNARKs)

chatroom - Monero: Private Digital Currency (Bulletproofs)
- Coda: A Constant-Size Blockchain (recursive SNARKs)

YouTube introduction - Grin: Simple, privacy-focused, scalable MimbleWimble chain implementation (Bulletproofs)
- Beam: Private and Scalable Coin based on MimbleWimble

## Comparison of the most popular zkp systems

SNARKs | STARKs | Bulletproofs | |
---|---|---|---|

Algorithmic complexity: prover | O(N * log(N)) | O(N * poly-log(N)) | O(N * log(N)) |

Algorithmic complexity: verifier | ~O(1) | O(poly-log(N)) | O(N) |

Communication complexity (proof size) | ~O(1) | O(poly-log(N)) | O(log(N)) |

- size estimate for 1 TX | Tx: 200 bytes, Key: 50 MB | 45 kB | 1.5 kb |

- size estimate for 10.000 TX | Tx: 200 bytes, Key: 500 GB | 135 kb | 2.5 kb |

Ethereum/EVM verification gas cost | ~600k (Groth16) | ~2.5M (estimate, no impl.) | N/A |

Trusted setup required? | YES | NO | NO |

Post-quantum secure | NO | YES | NO |

Crypto assumptions | Strong | Collision resistant hashes | Discrete log |

## Bulletproofs

- Introduction and collection of resources
- From Zero (Knowledge) to Bulletproofs - a long and very nice gradual explanation
- Bulletproofs - succinct and complete description of the protocol
- [Podcast] Zero Knowledge FM: Benedikt Bünz on Bulletproofs and Verifiable Delay Functions
- [Video] Bulletproofs: Short Proofs for Confidential Transactions and More
- [Video] Benedikt Bünz at SF Bitcoin Devs
- [Paper] Bulletproofs: Short Proofs for Confidential Transactions and More

### Try

### Proof system implementations:

### Halo

## SNARKs

SNARK =SuccinctNon-interactiveARguments ofKnowledge

### Learn

**Get started:**

- Introduction to zk-SNARKs with examples
- What are zk-SNARKs (Zcash blog)
- BabySNARK- The simplest possible SNARK for NP. You know, for kids!
- [Podcast] Zero Knowledge FM: Intro to zkSNARKs with Howard Wu
- [Video] Howard Wu: Rise of the SNARKs

**Why and How zk-SNARK Works:**

- Why and How zk-SNARK Works 1: Introduction & the Medium of a Proof
- Why and How zk-SNARK Works 2: Proving Knowledge of a Polynomial
- Why and How zk-SNARK Works 3: Non-interactivity & Distributed Setup
- Why and How zk-SNARK Works 4: General-Purpose Computation
- Why and How zk-SNARK Works 5: Variable Polynomials
- Why and How zk-SNARK Works 6: Verifiable Computation Protocol
- Why and How zk-SNARK Works 7: Constraints and Public Inputs
- Why and How zk-SNARK Works 8: Zero-Knowledge Computation

**ZkStudyClub:**

- ZkStudyClub Part 1: Polynomial Commitments with Justin Drake
- ZkStudyClub Part 2: Polynomial Commitments with Justin Drake
- ZkStudyClub Part 3: Polynomial Commitments with Justin Drake

**Electric Coin blog series:**

- Explaining SNARKs Part I: Homomorphic Hidings
- Explaining SNARKs Part II: Blind Evaluation of Polynomials
- Explaining SNARKs Part III: The Knowledge of Coefficient Test and Assumption
- Explaining SNARKs Part IV: How to make Blind Evaluation of Polynomials Verifiable
- Explaining SNARKs Part V: From Computations to Polynomials
- Explaining SNARKs Part VI: The Pinocchio Protocol
- Explaining SNARKs Part VII: Pairings of Elliptic Curves

**Vitalik Buterin's blog series on SNARKs:**

- Part 1: Quadratic Arithmetic Programs: from Zero to Hero
- Part 2: Exploring Elliptic Curve Pairings
- Part 3: Zk-SNARKs: Under the Hood

**Protocol descriptions:**

- zkSNARKs in a Nutshell
- Groth16 protocol (original paper)
- Zcash Sapling protocol spec (very useful as detailed cheat-sheet of all cryptography used)

### Try

- libsnark (C++): great tutorial
- bellman (rust): demo circuit
- jsnark (Java, bindings to libsnark)
- snarky (Ocaml, from authors of Coda)
- zokrates (toolbox for zkSNARKs on Ethereum)

ZoKrates Remix plugin tutorial

Zero Knowledge Proof Application Demo, with libsnarks, truffle and docker - ethsnarks by HarryR (alternative toolkit for viable zk-SNARKS on Ethereum, Web, Mobile and Desktop)
- gnark - library for zero-knowledge proof protocols written in Go
- circom and snarkjs tutorial: Roll-up tutorial using Circom and SnarkJS by Ying Tong

### Scaling the prover

- DIZK: Java library for distributed zero knowledge proof systems with Apache Spark (see the research paper)
- SnarkyGPU: distributed GPU based zkSNARKs prover (work in progress)

### Multi-Party Ceremony (MPC) for Trusted Setup

- “Powers of Tau” protocol for scalable generation of structured reference string
- Implementation of ZCash MPC Ceremony, Part I: "Powers of Tau"

Archived independent implementation in Go - Implementation of ZCash MPC Ceremony, Part I: "Sapling Circuit"

## SNORKs

SNORK =SuccinctNon-interactiveOecumenical (Universal) aRguments ofKnowledge

SNORKs are SNARKs with universal and updateable trusted setup.

### Sonic

- Introducing Sonic: A Practical zk-SNARK with a Nearly Trustless Setup
- Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updateable Structured Reference Strings
- Sonic MPC implementation by Matter Labs

### PLONK

(This is a recent development. Contributions are welcome!)

### Marlin

(This is a recent development. Contributions are welcome!)

## STARKS

STARK =Succinct (Scalable)TransparentARguments ofKnowledge

STARKs are SNARKs without Trusted Setup.

### FRI-STARKs

Introduction:

- Transparent Succinct Arguments by Alessandro Chiesa (Oct 2018)
- State of the STARK by Eli Ben-Sasson (Devcon IV, Oct 2018) (video)
- Introduction to ZK-STARKs by remco@0x.org

Vitalik Buterin's blog series on STARKs:

Academic resources:

- The STARK paper
- libstark implemenation
- Scalable, transparent, and post-quantum secure computational integrity

More resources available at starkware.co

### SuperSonic

(This is a recent development. Contributions are welcome!)

- Transparent SNARKs from DARK Compilers (Dec 2019)
- Introducing Sonic: A Practical zk-SNARK with a Nearly Trustless Setup

### Fractal

(This is a recent development. Contributions are welcome!)

### AZTEC

- [Article] Zachary Williamson: A dive into the AZTEC protocol
- [Podcast] The Smartest Contract: Confidential transactions on Ethereum via range proof
- [Paper] The AZTEC Protocol

### MimbleWimble

- [Video] Jackson Palmer: What is MimbleWimble33
- [Video] Andreas Antonopoulos: Bitcoin Q&A: MimbleWimble and Schnorr signatures
- [Article] Conor O’Higgins: MimbleWimble explained like you’re 12
- [Paper] MimbleWimble

### Zerocash

## Social media

Stay tuned!