ZK Proof of Selection Sort Most computations of interest are generally “stateful” — that is, they need to go through a series of steps to produce the final result. Sometimes, we do not need to show...

How a ZKVM Works A Zero-Knowledge Virtual Machine (ZKVM) is a virtual machine that can create a ZK-proof that verifies it executed a set of machine instructions correctly. This allows us to take a...

32-Bit Emulation in ZK The default datatype in ZK is the field element, where all arithmetic is done modulo a large prime number. However, most “real” computation is done using 32, 64, or 256-bit...

Introduction to Stateful Computations in ZK When carrying out iterative computations such as powers, factorials, or computing the Fibonacci sequence, we need to “stop the computation” after a certain...

MD5 Hash In Circom In this tutorial, we will implement the MD5 hash in Circom both to compute the hash and to constrain in Circom that it was computed correctly. Although the MD5 hash function is not...

Conditional Statements in Circom Circom is very strict with the usage of if-statements. The following rules must be followed: Signals cannot be used to alter the behavior of an if-statement. A signal...

Quin Selector The Quin Selector is a design pattern that allows us to use a signal as an index for an array of signals. As a prerequisite, we assume the reader has read the chapter on Conditional...

The Permutation Argument A permutation argument is a proof that two lists hold the same elements, but possibly in a different order. For example, is a permutation of and vice-versa. The permutation...

Swapping Two Items in an Array in Circom This chapter shows how to swap two signals in a list of signals. This is an important subroutine for a sorting algorithm. More generally, lists are a...

Modeling the Stack Data Structure in ZK This tutorial shows how to create a stack in Circom. Be warned — this chapter is long. However, the strategy for creating ZK proofs about stacks will be...

Circom Template Parameters, Variables, Loops, If Statements, Assert This chapter covers essential syntax, which you'll see in most Circom programs. With Circom, we're able to define a Rank 1...

Circom Components in a Loop Circom does not allow for components to be directly instantiated in a loop. For example, compiling the following code results in the error below. The workaround is to...