About this Book

Zero-knowledge cryptography is a fascinating area, where a party can prove a statement without revealing any extra information about it; proving that something is true without revealing what makes that "something" true.

Circom is a hardware description language (HDL) specifically designed for creating zero-knowledge proofs. It enables developers to create arithmetic circuits, which are then used to generate proofs that demonstrate a certain statement is true, without revealing any additional information about the inputs used to make that statement.

Circom has opened up new possibilities for creating privacy-preserving applications, such as digital identities, voting systems, and financial transactions, where proving the validity of a statement is necessary, but keeping the underlying data private is critical.

On the other hand, zero-knowledge proofs can serve as proofs of honest computation, without necessarily hiding the data underneath. This paves the way on new methods of off-loaded computation, most notable example being the zk-rollup ecosystem.

Organization

The book is organized as follows:

  • Preliminary has some preliminary theory for those who are interested in it. It is not 100% required to know the theory & math behind the relevant cryptography areas to write good Circom code; however, it could allow the reader to:
    • Write more efficient code by utilizing mathematical tricks.
    • Understand certain low-level code.
    • Consider more edge cases & write more secure code.
  • Basics has several hello-world level Circom programs, to get the reader started. The reader is free to skip this part & come back later, however it is strongly recommended to understand how the programs here work.
  • Bits describe methods related to bits, which are signals with value 0 or 1; you can think of them as booleans as well.
  • Comparators describe comparators such as equality, less-than, greater-than-or-equal and such. It also describes some more specialized methods like alias-check and sign-check.
  • Control-Flow describes how if-else works in the circuit world.
  • Arrays describe array methods.
  • Hashing describe circuit-friendly hashes, such as Poseidon and MiMC.
  • Merkle Trees describe Merkle Trees and their usage in Circom circuits.
  • Advanced section has some advanced concepts such as alternative provers, or large circuits.

Follow Along

You can clone the repository and examine the circuits yourself, we provide documentation within the code as well. We also provide tests via Circomkit that demonstrate each circuit described here. In the repository, you can run the command below to run all tests:

yarn test

Alternatively, you can play around with the circuits without ever leaving your browser, just visit zkrepl.dev!

Resources

There are many resources about Circom & ZK out there, to list a few: