ZKDL Camp is a series of lectures on zero-knowledge (ZK) proofs, conducted at Distributed Lab, in which we explore "from scratch" how modern zk-SNARKs such as Groth16, PlonK, GKR work, including all the mathematical components they rely on.
Note that this course is designed for a full low-level understanding of these protocols and, accordingly, all the mathematics on which they are based. That is why the course covers not only ZK theory itself and its applications, but also the basic mathematics level needed to understand ZK and cryptography in general.
Based on the lecture material, we composed a book, which is available by the link below. Note that the book is still in active development, and we are looking forward to your feedback on it. If you want to contribute, visit our GitHub Repository and leave your comments or pull requests.
Speaker: Dmytro Zakharov
Content. Embedding lookup checks into Groth16 is unfortunately currently impossible. UltraGroth is a protocol designed to insignificantly modify Groth16 to introduce lookup checks that optimize arithmetical circuits written over R1CS. In this lecture, we consider the construction of UltraGroth, how to build interactive protocol over multi-round QAP, and efficiency of such construction.
Speaker: Dmytro Zakharov
Content. This lecture introduces a powerful tool to reduce the number of constraints in the arithmetical circuits representing complex non-native logic in the given zero-knowledge protocol. We consider two widely used lookup protocols: plookup and logup.
Speakers: Dmytro Zakharov and Anton Levochko
Content. This lecture introduces the first application of Sum-Check protocol for building SNARK over Circuit Satisfiability problem. Additionally, we specify how Sum-Check is used for Offline Memory Checking problem.
Speaker: Dmytro Zakharov
Content. This lecture introduces Sum-Check protocol which is a cornerstone of many modern zk-SNARKs. Additionally, we introduce the notion of multilinear polynomials and how to encode certain problems into the multilinear form.
Speaker: Yevhen Hrubian
Content. In this lecture, we consider Bulletproofs. This zero-knowledge proof system has logarithmic proof size, requires no trusted setup, and requires minimal cryptographic assumptions: only the discrete log assumption. In this lecture, we introduce inner-product argument and corresponding polynomial commitment scheme, and explain how to use it for range proofs and arithmetic circuits satisfiability.
Speaker: Dmytro Zakharov
Content. All previous lectures required (a) interpolation and (b) fast operations over polynomials. In this lecture, we consider the widely used technique to reduce the complexity of such tasks from quadratic to quasilinear. Namely, we consider:
Speaker: Nikita Masych
Content. Groth16 is not the only zk-SNARK protocol used in practice! In this lecture, we will consider the PlonK protocol, which is frequently used in various zkEVM implementations. Here, we cover:
Speaker: Kyrylo Riabov
Content. After covering the Groth16 zk-SNARK theory, we will move to the practical part of the course. Here, we will learn how to use Circom to create circuits and generate proofs. Here, we cover:
Speakers: Anton Levochko and Dmytro Zakharov
Content. Finally, we consider one of the most advanced zk-SNARKs: Pinocchio and Groth16. Here, we cover:
Speaker: Anton Levochko
Content. With R1CS in our hands, we are now ready to succintly represent it as a Quadratic Arithmetic Program (QAP). Additionally, we consider other basic theory before specifying the Groth16 protocol. Here, we cover:
Speaker: Anton Levochko
Content. This is an opening lecture on SNARKs: technology we are using daily in our projects. Here, we cover:
Speaker: Dmytro Zakharov
Content. Here, we will consider the most basic form of interactive proofs - Sigma Protocols. We will understand how to turn them into non-interactive proofs and how to use them in practice. Here, we cover:
Speaker: Dmytro Zakharov
Content. This lecture finally introduces the concept of Zero-Knowledge Proofs and their applications. Here, we cover:
Speaker: Denis Riabtsev
Content. In this lecture we will dive into the design and application of various cryptographic commit schemes that are often used in zero knowledge proof systems. All in all, here we cover:
Speaker: Dmytro Zakharov
Content. This lecture will touch the central part of SNARKs: elliptic curve pairing, its properties and applications. But first, we will cover projective coordinates and how they can be used to optimize elliptic curve operations. All in all, here we cover:
Speaker: Dmytro Zakharov
Content. Our primary focus will be on Finite Field Extensions, while also covering basics of Elliptic Curves. Here, we cover:
Speakers: Dmytro Zakharov and Denis Riabtsev
Content. In this lecture, we will continue covering the basic mathematics used in cryptography. Here, we cover:
Speaker: Dmytro Zakharov
Content. In this lecture, we will cover the basic mathematics required for understanding Zero-Knowledge Proving Systems. Here, we cover: