Projects
Links to Circom projects you can begin working from in your quest to apply ZK (click the Project's title for source code)
Identity
Semaphore
Semaphore is a primitive object for anonymous set membership "signaling" (voting, spending, etc). A set membership proof is incredibly versatile, and you should seriously consider how you can use it to build out your own applications.
Minimal Anti-Collusion Infrastructure (MACI)
Example Application (DoraHacks)
Behind Tornado Cash, MACI is perhaps the second most widely used Circom application as of 2022. Originally proposed by Vitalik Buterin, MACI is a mechanism that (with a trusted centralized operator) facilitates a vote where it incredibly difficult for voters to see the votes of their peers. This has been employed in many contexts already, including hackathon judging and grant funding.
HeyAnon
HeyAnon is an exciting application of set membership in social media. By generating a valid ZK proof of membership in some group, a user can forward a message to the HeyAnon back end which is eventually relayed to the HeyAnon Twitter. One proposed use-case is whistle blowing. An individual could theoretically prove their employment in some institution without revealing anything about their personal identities.
Census/ "Franchise" Proof
Aragon's Vocdoni service is run on top of an incredibly simple Circom circuit. It serves as a great example of how small a Circom app can be while having real-world application.
Games
Dark Forest
Dark Forest is one of the best ways to understand what applied ZK looks like today. This real-time strategy game utilizes procedural generation and zero knowledge to create an expansive world for players to explore with a fog of war unique to each player. If you are having issues getting a key, join the discord and mention your interest in Circom development!
BattleZips
BattleZips V1 is a simple demonstration of the execution of private business logic verified on a public blockchain. While it does not offer any novel contributions to the ZK space, it does make a point of being as readable and usable as possible. It is a gentle introduction to the world of applied ZK as it does not involve much cryptography beyond what is already facilitated by Circom.
Scaling
RollupNC
Skeleton L2 non-custodial ZK Roll-Up with a single sequencer, capable only of transfers between accounts. RollupNC (Non-Custodial) is likely the ancestor to Hermez- you will find many of the features left unfinished in this repository would appear in the Hermez code base. BattleZips has a fork updated for 2022 as code/docs are well out of date.
Hermez Network
V1 Documentation - API Docs (for retrospective analysis)
Hermez Network was built by many of Circom's creators. Version 1, built before it was acquired by Polygon, demonstrates a L2 non-custodial ZK Roll-Up that can facilitate asset swaps (essentially uniswap). Beyond swaps, Hermez improves over RollupNC by decentralizing block production rights and adding network incentives in the form of transfer fees. This is among the most fully formed production Circom repositories.
circom-pairing
Devconnect Amsterdam 2022 circom-pairing Demo
circom-pairing is different from the other two projects listed for scaling. This project also could be categorized as a Cryptography project, as this project verifies elliptical curve pairings within Circom. However, this allows proofs inside of proofs - recursive proofs. This can be used to verify many L2 interactions in one L1 transaction. This is still in an experimental phase and is still limited by computational boundaries.
Cryptography
Make sure you visit circomlib, where 90% of circom cryptographic utilities are!
Circom-ECDSA
Devconnect Amsterdam 2022 Circom-ECDSA Demo
Circomlib provides everything you could need if you choose to use EdDSA. For context, EdDSA is much more efficient to compute in a circuit than ECDSA. Nonetheless there are cases where ECDSA may be needed inside a snark for which this project provides necessary Circom components.
ed25519-circom
Circom generally uses Baby Jubjub, a Twisted Edwards curve over the BLS12-381 scalar field. If you don't understand what this means, chances are you won't need this library. If you have a specific need to use the Curve25519, this library will facilitate research and testing. The project is not rated for production use, and employing it as is for critical applications may result in failures of the cryptosystem.
keccack256-circom
Like ECDSA, the keccak-256 hash function standard on Ethereum is inefficient to compute, and algorithms like MiMC or Poseidon have arisen as circuit-friendly alternatives. If your snark is dependent on the keccak-256 hash built into Solidity, this project provides a capable component.
DeFi
Miscellaneous
Tornado Cash
Tornado Cash was a formative application for Circom and the ZK space. It is a very simple implementation of a Merkle tree to facilitating coin mixing on EVM blockchains. You should understand how it works if you want to understand more complex applications.
Rate Limiting Nullifier (RLN)
RLN is another exciting up and coming project in the Circom space. RLN provides decentralized and anonymous environments with spam prevention. Let's take a service that wishes to enforce a 1 message/ second cap. Using Shamir's Secret Sharing scheme, RLN creates a system where messaging over this rate exposes a secret key that anyone can use to kick the spammer from the set.
ZK Proof of Buffiness (Proof of NFT)
Zero Knowledge Proof of Buffiness (zkPoB) is a very simple circuit demonstrating ownership of an NFT token. This implementation proves ownership over the Bufficorn Buidl Brigade NFT (EthDenver 2022), however you should be able to quickly adapt the code for any purpose.
Further, this code base demonstrates the use of Circom/ SnarkJS/ Solidity stack in a mobile context.
Last updated