The constant product formula in Uniswap v3 Our goal is to derive the constant product formula based on real reserves for a segment, given by $$ L^2 = (x_r+\frac{L}{\sqrt{p_u}})(y_r+L\sqrt{p_l}) $$...

Circle FFT — Part 1: Building the Circle Domain Circle STARKs is a new zk-STARK scheme that has been implemented in Stwo and Plonky3, and it has been adopted by several zkVM projects. Its key...

Multiplicative Subgroups and Primitive Elements Introduction This chapter continues our study of group theory by exploring subgroups and generators. The concept of a primitive element will be...

ZK Proof of Selection Sort Most computations of interest are generally “stateful” — that is, they need to go through a series of steps to produce the final result. Sometimes, we do not need to show...

How a ZKVM Works A Zero-Knowledge Virtual Machine (ZKVM) is a virtual machine that can create a ZK-proof that verifies it executed a set of machine instructions correctly. This allows us to take a...

Swapping Two Items in an Array in Circom This chapter shows how to swap two signals in a list of signals. This is an important subroutine for a sorting algorithm. More generally, lists are a...

The Permutation Argument A permutation argument is a proof that two lists hold the same elements, but possibly in a different order. For example, is a permutation of and vice-versa. The permutation...

Introduction to Stateful Computations in ZK When carrying out iterative computations such as powers, factorials, or computing the Fibonacci sequence, we need to “stop the computation” after a certain...

32-Bit Emulation in ZK The default datatype in ZK is the field element, where all arithmetic is done modulo a large prime number. However, most “real” computation is done using 32, 64, or 256-bit...

Quin Selector The Quin Selector is a design pattern that allows us to use a signal as an index for an array of signals. As a prerequisite, we assume the reader has read the chapter on Conditional...

Conditional Statements in Circom Circom is very strict with the usage of if-statements. The following rules must be followed: Signals cannot be used to alter the behavior of an if-statement. A signal...

Modeling the Stack Data Structure in ZK This tutorial shows how to create a stack in Circom. Be warned — this chapter is long. However, the strategy for creating ZK proofs about stacks will be...