This bootcamp exclusively teaches the Circom language — however what you learn will be applicable to other ZK circuit languages, such as GNARK from Consensys or oljs from Mina.
Writing circuits is very different from writing imperative code (such as Javascript) or functional programming (such as Haskell).
Our curriculum spends significant time building a foundational understanding of the circuit programming paradigm rather than simply giving you a list of quirks and gotchas to memorize.
With a strong mental model for the subject, you will easily grasp how applications like Tornado Cash or Semaphore work, and how security vulnerabilities specific to ZK happen — we’ll even teach you how to create proof of concept exploits for ZK circuits.
You should be familiar with the following before starting
Last Updated : May 2024
Circuit programming is counterintuitive to programmers. Rather than computing a solution, we assume we already have a proposed solution. Then, we write constraints that pass only if the solution is valid.
Having understood the theory of arithmetic circuits, we learn how to express them in code. We also learn how to incorporate ZK into smart contracts.
Circom's concept of an "output" confuses a lot of developers. We will clarify the purpose of an output and how to selectively reveal information from a computation.
The thin arrow operator in Circom has been a significant source of underconstraint bugs — but the language includes it for a reason. We will learn when to use this operation and what to look out for when doing so.
This week we will write POCs (Proof of Concepts) for exploits of under constrained ZK circuits. We will also review other ZK specific vulnerabilities.
ZK circuits are stateless and immutable, but we also want to prove knowledge of inputs to algorithms that have multiple steps. In this week we will learn more advanced designed patterns in ZK.
ZK allows you to prove you know the preimage of a non-secret hash output — without revealing the input. This week we will learn how to implement a cryptographic hash function from scratch and prove we know the preimage. What we learn this week will motivate why "ZK friendly" hash functions exist.
The nullified scheme is a design pattern to prevent double-voting or double-withdrawing in a ZK application. Learning this pattern makes the circuits Semaphore and Tornado Cash easy to understand.
We will teach how to implement the RARE-VM (Reduced Architecture for Ratified Execution Virtual Machine) in Circom to see how ZK VMS work end-to-end. Motivated students can easily add features to RARE-VM as practice.
Jeffrey is the instructor of the only two expert-level Ethereum development courses on Udemy, both of which are bestsellers. His blog on Ethereum development has significantly influenced major projects in the web3 space.
Think about is as the difference between studying Solidity and how the EVM works. You could get by developing smart contracts with no understanding of how the EVM works, but you won’t be able to understand certain categories of security vulnerabilities and why some algorithms are more efficient than others in the context of ZK.
They can be taken in either order.
Modern day ZK applications are written as low-level circuits, which Circom enables. Modern ZK programming languages still cannot achieve the efficiency that a well-designed circuit can achieve.
We strongly recommend you not do this. Based on our experience, the difficulty of learning ZK is the time required for new and unfamiliar concepts to sink in. Cramming unfamiliar knowledge is not helpful in the long run.
Read the following articles: P vs NP and its application to zero knowledge proofs, Arithmetic Circuits for ZK, Finite Fields for Arithmetic Circuits (in that order). And apply below!
